From b2f4a6c4a2ba37eab69fedddc674c82f17a7bf50 Mon Sep 17 00:00:00 2001 From: badrapbot <77850952+badrapbot@users.noreply.github.com> Date: Thu, 8 Aug 2024 11:57:49 +0000 Subject: [PATCH] Update GitHub pages from 38ce8ad4fbeaecaed9c1bc14196d0227378b799a --- 404.html | 8 ++++---- apps/aws.html | 6 +++--- apps/azure.html | 6 +++--- apps/beacon.html | 6 +++--- apps/fraktal.html | 6 +++--- apps/gcp.html | 6 +++--- apps/gworkspace.html | 6 +++--- apps/https.html | 6 +++--- apps/o365.html | 6 +++--- apps/traficom.html | 6 +++--- assets/{404.html-BkdaAvsL.js => 404.html-Bi_JhFm0.js} | 2 +- ...html-iIrSMZM2.js => abandoned-server.html-CzZKkeOi.js} | 4 ++-- assets/{app-CxPUdK5a.js => app-DhWbOGxr.js} | 2 +- ...rce.html-D-YOJ_ca.js => attacksource.html-BFD2US_b.js} | 2 +- ...rce.html-ngYGtnxE.js => attacksource.html-D5ck4RPG.js} | 2 +- assets/{aws.html-BWuIiana.js => aws.html-Bh8gskLW.js} | 4 ++-- assets/{azure.html-B8TmmYq2.js => azure.html-CqSusn3v.js} | 4 ++-- .../{beacon.html-BOY3vzUm.js => beacon.html-BgJyRTZZ.js} | 2 +- ...ml-B-8ENF89.js => buildingautomation.html-CMUzwkIQ.js} | 2 +- ...ories.html-CqD7nnj-.js => categories.html-CHrhoUi9.js} | 2 +- ...ories.html-OrsqNfEb.js => categories.html-DHFdQeuC.js} | 2 +- ...reach.html-F5GAThpd.js => databreach.html-DFLl7qGa.js} | 2 +- assets/{dns.html-2vaC12-a.js => dns.html-BdTVvgOc.js} | 2 +- assets/{dns.html-DeQPmGB2.js => dns.html-o1Kj407y.js} | 2 +- ...erver.html-DJQCfw7N.js => eol-server.html-2fY2sfE2.js} | 2 +- assets/{esg.html-DDLsCKLE.js => esg.html-B-sXe0jX.js} | 2 +- ...l-DUS018mF.js => expired-certificate.html-DqdbSSoa.js} | 2 +- ....html-4WdTnU5-.js => exposed-service.html-B4B1NCQg.js} | 2 +- assets/{faq.html-Dc6FysBz.js => faq.html-CyrcwVJL.js} | 2 +- assets/{faq.html-BGXQxLi4.js => faq.html-fnlksrTh.js} | 2 +- ...{fraktal.html-BRW1YI_r.js => fraktal.html-BaGDwWI4.js} | 2 +- assets/{gcp.html-DeJ-0EHu.js => gcp.html-DA2lRM9g.js} | 2 +- ...space.html-dj_ceNJH.js => gworkspace.html-Cl4MsvXD.js} | 2 +- assets/{https.html-CWJprkwF.js => https.html-D9UwG-CF.js} | 4 ++-- assets/{index.html-CNZDpYWA.js => index.html-D-Eupwv8.js} | 2 +- assets/{index.html-BmS1BYUC.js => index.html-DYp44kH-.js} | 2 +- .../{locate.html-COlqpj_h.js => locate.html-BTg8wfWO.js} | 2 +- .../{locate.html-DR_pglPl.js => locate.html-FpRRIpQO.js} | 2 +- ....html-DIwgV1uK.js => malware-citeary.html-BxtxlIcc.js} | 2 +- ....html-BRCAvzSl.js => malware-citeary.html-Cs5r7x63.js} | 2 +- ...t.html-DctXYzKN.js => malware-ircbot.html-BTV0OL6y.js} | 2 +- ...t.html-Q2PqS_mH.js => malware-ircbot.html-BTulPxok.js} | 2 +- ...e.html-DzBe_BGP.js => malware-jadtre.html-B4Hl82W_.js} | 2 +- ...e.html-Ntw8n8Mq.js => malware-jadtre.html-d1ucKSZW.js} | 2 +- ...o.html-CouHPUTW.js => malware-palevo.html-BHD7L2m9.js} | 2 +- ...o.html-CtD3MC2a.js => malware-palevo.html-Boo1fU5v.js} | 2 +- ...o.html-CGHF6eXb.js => malware-pushdo.html-BXDXWC9K.js} | 2 +- ...o.html-BZmnH6YF.js => malware-pushdo.html-DONDTm8-.js} | 2 +- ...y.html-BQ0yV-V2.js => malware-sality.html-CrxZ6rRl.js} | 2 +- ...y.html-DGNzPdCQ.js => malware-sality.html-CzpdG8qs.js} | 2 +- ...i.html-CDiIp60-.js => malware-wapomi.html-Byrdd7CJ.js} | 2 +- ...i.html-BRTIabzZ.js => malware-wapomi.html-Df0oR1wU.js} | 2 +- assets/{mdns.html-DiGwY1J-.js => mdns.html-D4_cfIYR.js} | 2 +- assets/{mdns.html-Dk8kBqvO.js => mdns.html-XmN1K66O.js} | 2 +- ...cached.html-BZ6LpFUS.js => memcached.html-C0NSvPWW.js} | 2 +- ...cached.html-CwkZICD2.js => memcached.html-DsN1quKH.js} | 2 +- ...{netbios.html-BSFwTz8C.js => netbios.html-BEh2-T_X.js} | 2 +- ...{netbios.html-Drij6NbL.js => netbios.html-DlreNynM.js} | 2 +- assets/{ntp.html-BikPWrCz.js => ntp.html-CLvCuuuW.js} | 2 +- assets/{ntp.html-DvHApbp1.js => ntp.html-CkzsZXxg.js} | 2 +- assets/{o365.html-DYo0A0UP.js => o365.html-Cz9QI7tt.js} | 2 +- ...ortscan.html-LC0ffMCx.js => portscan.html-Celnu4C0.js} | 2 +- ...ortscan.html-BO9ugUES.js => portscan.html-MNpyhYS1.js} | 2 +- ....html-BNyM51Yv.js => privacy-company.html-BpFQf9Tm.js} | 2 +- ...{privacy.html-Bb0Nze7P.js => privacy.html-BS1mkR75.js} | 2 +- ...{privacy.html--nAiX17R.js => privacy.html-D6xKhr5P.js} | 2 +- assets/{rdp.html-Dltkm16M.js => rdp.html-BgPamftI.js} | 2 +- ...l-DepB6qo7.js => service-description.html-DJ6wIeal.js} | 2 +- assets/{smb.html-BT2tqUye.js => smb.html-BiahTyun.js} | 2 +- assets/{smb.html-BQll2f3l.js => smb.html-CN1PCiis.js} | 2 +- assets/{snmp.html-q7B2tUR0.js => snmp.html-BiBpPTxM.js} | 2 +- assets/{snmp.html-BUnVwCVL.js => snmp.html-Cb4kpTd6.js} | 2 +- ...pamlist.html-tke5fmdm.js => spamlist.html-DnKLsU8E.js} | 2 +- ...domain.html-BdkTII2J.js => subdomain.html-CHgc-oVW.js} | 4 ++-- .../{telnet.html-987288tA.js => telnet.html-C0BLJASu.js} | 2 +- .../{telnet.html-CFTfXnZz.js => telnet.html-CxdK7qUP.js} | 2 +- assets/{tftp.html-7lCbqBhd.js => tftp.html-3wvTG_p0.js} | 2 +- assets/{tftp.html-Ddm1bE5s.js => tftp.html-wLx--ROU.js} | 2 +- assets/{tos.html-CTPtZAS5.js => tos.html-BLHOeTQv.js} | 2 +- ...raficom.html-DFa_0WX1.js => traficom.html-Bes53oE1.js} | 2 +- assets/{vnc.html-D9LE4BKT.js => vnc.html-CKb8ICul.js} | 2 +- categories.html | 6 +++--- esg.html | 6 +++--- faq.html | 6 +++--- fi/categories.html | 6 +++--- fi/faq.html | 6 +++--- fi/index.html | 6 +++--- fi/locate.html | 6 +++--- fi/privacy.html | 6 +++--- fi/types/attacksource.html | 6 +++--- fi/types/buildingautomation.html | 6 +++--- fi/types/dns.html | 6 +++--- fi/types/malware-citeary.html | 6 +++--- fi/types/malware-ircbot.html | 6 +++--- fi/types/malware-jadtre.html | 6 +++--- fi/types/malware-palevo.html | 6 +++--- fi/types/malware-pushdo.html | 6 +++--- fi/types/malware-sality.html | 6 +++--- fi/types/malware-wapomi.html | 6 +++--- fi/types/mdns.html | 6 +++--- fi/types/memcached.html | 6 +++--- fi/types/netbios.html | 6 +++--- fi/types/ntp.html | 6 +++--- fi/types/portscan.html | 6 +++--- fi/types/smb.html | 6 +++--- fi/types/snmp.html | 6 +++--- fi/types/telnet.html | 6 +++--- fi/types/tftp.html | 6 +++--- index.html | 6 +++--- locate.html | 6 +++--- privacy-company.html | 6 +++--- privacy.html | 6 +++--- service-description.html | 6 +++--- tos.html | 6 +++--- types/abandoned-server.html | 6 +++--- types/attacksource.html | 6 +++--- types/databreach.html | 6 +++--- types/dns.html | 6 +++--- types/eol-server.html | 6 +++--- types/expired-certificate.html | 6 +++--- types/exposed-service.html | 6 +++--- types/malware-citeary.html | 6 +++--- types/malware-ircbot.html | 6 +++--- types/malware-jadtre.html | 6 +++--- types/malware-palevo.html | 6 +++--- types/malware-pushdo.html | 6 +++--- types/malware-sality.html | 6 +++--- types/malware-wapomi.html | 6 +++--- types/mdns.html | 6 +++--- types/memcached.html | 6 +++--- types/netbios.html | 6 +++--- types/ntp.html | 6 +++--- types/portscan.html | 6 +++--- types/rdp.html | 6 +++--- types/smb.html | 6 +++--- types/snmp.html | 6 +++--- types/spamlist.html | 6 +++--- types/subdomain.html | 6 +++--- types/telnet.html | 6 +++--- types/tftp.html | 6 +++--- types/vnc.html | 6 +++--- 141 files changed, 287 insertions(+), 287 deletions(-) rename assets/{404.html-BkdaAvsL.js => 404.html-Bi_JhFm0.js} (82%) rename assets/{abandoned-server.html-iIrSMZM2.js => abandoned-server.html-CzZKkeOi.js} (97%) rename assets/{app-CxPUdK5a.js => app-DhWbOGxr.js} (97%) rename assets/{attacksource.html-D-YOJ_ca.js => attacksource.html-BFD2US_b.js} (95%) rename assets/{attacksource.html-ngYGtnxE.js => attacksource.html-D5ck4RPG.js} (95%) rename assets/{aws.html-BWuIiana.js => aws.html-Bh8gskLW.js} (98%) rename assets/{azure.html-B8TmmYq2.js => azure.html-CqSusn3v.js} (99%) rename assets/{beacon.html-BOY3vzUm.js => beacon.html-BgJyRTZZ.js} (92%) rename assets/{buildingautomation.html-B-8ENF89.js => buildingautomation.html-CMUzwkIQ.js} (98%) rename assets/{categories.html-CqD7nnj-.js => categories.html-CHrhoUi9.js} (93%) rename assets/{categories.html-OrsqNfEb.js => categories.html-DHFdQeuC.js} (95%) rename assets/{databreach.html-F5GAThpd.js => databreach.html-DFLl7qGa.js} (97%) rename assets/{dns.html-2vaC12-a.js => dns.html-BdTVvgOc.js} (97%) rename assets/{dns.html-DeQPmGB2.js => dns.html-o1Kj407y.js} (96%) rename assets/{eol-server.html-DJQCfw7N.js => eol-server.html-2fY2sfE2.js} (82%) rename assets/{esg.html-DDLsCKLE.js => esg.html-B-sXe0jX.js} (98%) rename assets/{expired-certificate.html-DUS018mF.js => expired-certificate.html-DqdbSSoa.js} (96%) rename assets/{exposed-service.html-4WdTnU5-.js => exposed-service.html-B4B1NCQg.js} (97%) rename assets/{faq.html-Dc6FysBz.js => faq.html-CyrcwVJL.js} (99%) rename assets/{faq.html-BGXQxLi4.js => faq.html-fnlksrTh.js} (98%) rename assets/{fraktal.html-BRW1YI_r.js => fraktal.html-BaGDwWI4.js} (99%) rename assets/{gcp.html-DeJ-0EHu.js => gcp.html-DA2lRM9g.js} (97%) rename assets/{gworkspace.html-dj_ceNJH.js => gworkspace.html-Cl4MsvXD.js} (97%) rename assets/{https.html-CWJprkwF.js => https.html-D9UwG-CF.js} (98%) rename assets/{index.html-CNZDpYWA.js => index.html-D-Eupwv8.js} (96%) rename assets/{index.html-BmS1BYUC.js => index.html-DYp44kH-.js} (97%) rename assets/{locate.html-COlqpj_h.js => locate.html-BTg8wfWO.js} (98%) rename assets/{locate.html-DR_pglPl.js => locate.html-FpRRIpQO.js} (98%) rename assets/{malware-citeary.html-DIwgV1uK.js => malware-citeary.html-BxtxlIcc.js} (96%) rename assets/{malware-citeary.html-BRCAvzSl.js => malware-citeary.html-Cs5r7x63.js} (96%) rename assets/{malware-ircbot.html-DctXYzKN.js => malware-ircbot.html-BTV0OL6y.js} (95%) rename assets/{malware-ircbot.html-Q2PqS_mH.js => malware-ircbot.html-BTulPxok.js} (95%) rename assets/{malware-jadtre.html-DzBe_BGP.js => malware-jadtre.html-B4Hl82W_.js} (96%) rename assets/{malware-jadtre.html-Ntw8n8Mq.js => malware-jadtre.html-d1ucKSZW.js} (96%) rename assets/{malware-palevo.html-CouHPUTW.js => malware-palevo.html-BHD7L2m9.js} (96%) rename assets/{malware-palevo.html-CtD3MC2a.js => malware-palevo.html-Boo1fU5v.js} (96%) rename assets/{malware-pushdo.html-CGHF6eXb.js => malware-pushdo.html-BXDXWC9K.js} (96%) rename assets/{malware-pushdo.html-BZmnH6YF.js => malware-pushdo.html-DONDTm8-.js} (95%) rename assets/{malware-sality.html-BQ0yV-V2.js => malware-sality.html-CrxZ6rRl.js} (95%) rename assets/{malware-sality.html-DGNzPdCQ.js => malware-sality.html-CzpdG8qs.js} (95%) rename assets/{malware-wapomi.html-CDiIp60-.js => malware-wapomi.html-Byrdd7CJ.js} (96%) rename assets/{malware-wapomi.html-BRTIabzZ.js => malware-wapomi.html-Df0oR1wU.js} (96%) rename assets/{mdns.html-DiGwY1J-.js => mdns.html-D4_cfIYR.js} (94%) rename assets/{mdns.html-Dk8kBqvO.js => mdns.html-XmN1K66O.js} (94%) rename assets/{memcached.html-BZ6LpFUS.js => memcached.html-C0NSvPWW.js} (95%) rename assets/{memcached.html-CwkZICD2.js => memcached.html-DsN1quKH.js} (95%) rename assets/{netbios.html-BSFwTz8C.js => netbios.html-BEh2-T_X.js} (94%) rename assets/{netbios.html-Drij6NbL.js => netbios.html-DlreNynM.js} (94%) rename assets/{ntp.html-BikPWrCz.js => ntp.html-CLvCuuuW.js} (94%) rename assets/{ntp.html-DvHApbp1.js => ntp.html-CkzsZXxg.js} (94%) rename assets/{o365.html-DYo0A0UP.js => o365.html-Cz9QI7tt.js} (98%) rename assets/{portscan.html-LC0ffMCx.js => portscan.html-Celnu4C0.js} (95%) rename assets/{portscan.html-BO9ugUES.js => portscan.html-MNpyhYS1.js} (95%) rename assets/{privacy-company.html-BNyM51Yv.js => privacy-company.html-BpFQf9Tm.js} (99%) rename assets/{privacy.html-Bb0Nze7P.js => privacy.html-BS1mkR75.js} (98%) rename assets/{privacy.html--nAiX17R.js => privacy.html-D6xKhr5P.js} (99%) rename assets/{rdp.html-Dltkm16M.js => rdp.html-BgPamftI.js} (96%) rename assets/{service-description.html-DepB6qo7.js => service-description.html-DJ6wIeal.js} (97%) rename assets/{smb.html-BT2tqUye.js => smb.html-BiahTyun.js} (94%) rename assets/{smb.html-BQll2f3l.js => smb.html-CN1PCiis.js} (95%) rename assets/{snmp.html-q7B2tUR0.js => snmp.html-BiBpPTxM.js} (94%) rename assets/{snmp.html-BUnVwCVL.js => snmp.html-Cb4kpTd6.js} (95%) rename assets/{spamlist.html-tke5fmdm.js => spamlist.html-DnKLsU8E.js} (97%) rename assets/{subdomain.html-BdkTII2J.js => subdomain.html-CHgc-oVW.js} (98%) rename assets/{telnet.html-987288tA.js => telnet.html-C0BLJASu.js} (94%) rename assets/{telnet.html-CFTfXnZz.js => telnet.html-CxdK7qUP.js} (95%) rename assets/{tftp.html-7lCbqBhd.js => tftp.html-3wvTG_p0.js} (93%) rename assets/{tftp.html-Ddm1bE5s.js => tftp.html-wLx--ROU.js} (94%) rename assets/{tos.html-CTPtZAS5.js => tos.html-BLHOeTQv.js} (97%) rename assets/{traficom.html-DFa_0WX1.js => traficom.html-Bes53oE1.js} (95%) rename assets/{vnc.html-D9LE4BKT.js => vnc.html-CKb8ICul.js} (96%) diff --git a/404.html b/404.html index d24c33a7..0363f099 100644 --- a/404.html +++ b/404.html @@ -33,11 +33,11 @@ Badrap docs - - + + -

404

How did we get here?
Take me home
- +

404

That's a Four-Oh-Four.
Take me home
+ diff --git a/apps/aws.html b/apps/aws.html index 4ba1402d..c61f3961 100644 --- a/apps/aws.html +++ b/apps/aws.html @@ -33,8 +33,8 @@ Amazon Web Services (AWS) | Badrap docs - - + +

Amazon Web Services (AWS)

This app allows you to synchronize your AWS assets into Badrap and receive security notifications about them. The app needs to be installed and enabled under your Badrap user account to get started. The app fetches a list of your organization's public IP addresses from your AWS installation with your consent, and adds those assets under your Badrap user account. Below, we describe the actions needed in Badrap. We also explain what you need to do in AWS to grant the minimum permissions for Badrap to fetch the public IP addresses.

Install the AWS app in Badrap

  1. Open the AWS app page.
  2. Install the app.
  3. Take note of the External ID value that the app has generated for you. You'll need this later.

External Id

Create Required AWS Role & Policy

Setting up the Badrap app with Amazon Web Services requires configuring role delegation using AWS IAM.

  1. Create a new role in the AWS IAM console.

  2. Select Another AWS account for the role type.

  3. Enter 808384617942 (Badrap's Account ID) as the Account ID. Another AWS Acocount

  4. Check the Require external ID option, and enter the External ID that the app generated for you earlier as the External ID.

  5. Leave the Require MFA option unchecked.

  6. Click Next: Permissions. External Id

  7. If you've already created a policy, skip the following substeps. Otherwise click Create Policy, which opens a new window. Create Policy

    1. Select the JSON tab and enter the following policy snippet into the text box:
    {
@@ -56,6 +56,6 @@
   ]
 }
    1. Click Review policy.
    2. Name the policy (e.g., BadrapAppPolicy).
    3. Click Create policy
    4. Return to the Create role window.
    5. Refresh the list of policies

  8. Select the BadrapAppPolicy Create Policy

  9. Click Next: Tags.

  10. Click Next: Review.

  11. Name the role (e.g., BadrapAppRole).

  12. Click Create role.

Finish the Installation

  1. Return to the AWS app page.
  2. Enter your AWS Account ID into the Account ID field.
  3. Enter the name of the AWS role you created earlier. Note that the role name is case sensitive!
  4. Click Add.

Uninstalling the app

If you want to stop using the Badrap AWS app, you can uninstall it from your Badrap AWS app page.

Then you can clean up the app role and policy definitions from your AWS IAM console.

  1. Under the Roles section, search for the role you created earlier (e.g. "BadrapTestAppRole") and select Delete.
  1. Under the Policies section, search for the policy you created and connected to the role (e.g. "BadrapTestAppPolicy"), and from the Policy actions drop-down menu select Delete.

That's it, you have successfully uninstalled the Badrap AWS app and cleaned up its configuration from your AWS installation.

- + diff --git a/apps/azure.html b/apps/azure.html index 8448139c..8c3433c4 100644 --- a/apps/azure.html +++ b/apps/azure.html @@ -33,8 +33,8 @@ Microsoft Azure | Badrap docs - - + +

Microsoft Azure

This app allows you to synchronize your Microsoft Azure assets into Badrap and to receive security notifications about them. The app fetches a list of your organization's public network assets from your Azure installation with your consent, and adds those assets under your Badrap user account. The asset types listed are:

  • Public IP addresses from your Azure installation
  • DNS records (A, AAAA, CNAME, MX, NS) from all public DNS zones managed by Azure
  • Azure DNS alias records

Install the Azure app in Badrap

Anyone can install the Azure app in Badrap, but you will need Global Administrator, Application Administrator or Cloud Application Administrator level privileges to enable the app to access your Azure installation and to list your assets from there. If you do not have administrator role privileges, refer your administrator to these instructions and ask them to help you with the app configuration.

  1. Open the Azure app page.

  2. The app asks for your consent to create & manage new assets. Click Install the app.

    The Azure app is now installed. Next, you have to create a service principal for the app in your Azure installation, and to provide its configuration details to the app settings. You can do this either by using the Azure CLI (incredibly easy) or your Azure Portal (still easy).

Using the Azure CLI

Note that installing Azure CLI to your computer is outside of the scope of this guide. You can use Microsoft's Azure CLI installation instructions to get started if you haven't installed it previously.

  1. Log into Azure using your Azure CLI utility.

    az login
@@ -108,6 +108,6 @@
    The output of the command should look like this:
    Removing role assignments
  2. If you assigned a custom role for the service principal during the app registration, you can delete the custom role with this CLI command:
    az role definition delete --name "CustomReaderBadrapApp"
    You've now successfully cleaned up your Azure configuration.

Cleaning up via Azure Portal

  1. If you want to clean up your Azure configuration using your Azure Portal, first log into the portal and select Azure Active Directory from the sidebar.

  2. Navigate to App Registrations.

  3. Click on the app that you created earlier, e.g. "Badrap Azure App".

  4. Select Delete from the actions at the top.

  5. This action will disable the app registration and move the app under the Deleted applications list on the App Registrations page.

  6. To delete the app registration and all its dependencies permanently, go to "Deleted applications", select the application (e.g. "Badrap Azure App"), and then choose Delete permanently.

  7. If you created a custom role for your service principal instead of using the default Reader role, go to "Subscriptions" view, select your subscription, go to the "Access control (IAM)" menu, select "Roles", search for your custom role (e.g. "CustomReaderBadrapApp"), select the custom role, and click "Remove".

  8. You've now successfully cleaned up your Azure configuration.

- + diff --git a/apps/beacon.html b/apps/beacon.html index 27e5a33a..a41ec7cf 100644 --- a/apps/beacon.html +++ b/apps/beacon.html @@ -33,11 +33,11 @@ SensorFu Beacon | Badrap docs - - + +

SensorFu Beacon

Synchronize assets from SensorFu Beacon Home to Badrap.

Install App

  1. Open Beacon app page
  2. Click install
  3. Review the permission the app requests. Click Install the app
  4. Add home name and token you've received from SensorFu

Beacon App

  1. You're done

Uninstalling the app

  1. Open the Beacon app page and click Uninstall.
  2. Shut down and optionally erase beacons that you have been running.
  3. You're done!
- + diff --git a/apps/fraktal.html b/apps/fraktal.html index 84e8777a..85c99190 100644 --- a/apps/fraktal.html +++ b/apps/fraktal.html @@ -33,11 +33,11 @@ Fraktal AWS Audit | Badrap docs - - + +

Fraktal AWS Audit

This app allows you to audit and monitor your Amazon Web Services (AWS) assets for configuration weaknesses and security vulnerabilities automatically and continuously. It has been created in collaboration with our partner Fraktal Ltd, the experts in AWS security.

The app connects to your AWS account(s) with your consent. It then employs AWS Config, AWS Security Hub and Amazon GuardDuty to scan your AWS assets periodically, and provides you with alerts about any critical identified weaknesses and vulnerabilities in your configurations.

The instructions below explain the installation of the app, integration with your AWS environment, how to enable AWS Config, AWS Security Hub and AWS GuardDuty functionalities, and how to grant the minimum permissions for the app to scan your AWS assets.

When the app identifies vulnerabilities, it will provide you with details of the finding and a link to the AWS console to find out more. If you would like to receive expert assistance to mitigate or fix the findings, you can contact Fraktal Ltd for their professional services.

Install the Fraktal AWS Audit app

  1. Open the Fraktal AWS Audit app page.
  2. Install the app.
  1. The app asks for permission to connect to your AWS account and to create assets to Badrap based on your AWS environment.
  1. Enter your AWS Account ID into the Account ID field.
  2. Create a recognizable role name for the app, e.g. "AWSAuditRole".
  1. Note down the "External-ID" value that the app creates. You will need it later when creating a role delegation in the AWS console.

Create AWS role

Configure role delegation for the app with the AWS IAM console.

  1. Create a new role in the AWS IAM console.
  1. Select Another AWS account for the role type.
  2. Enter 816084135002 (AWS Audit app Account ID) as the Account ID.
  3. Check the Require external ID option, and enter the External ID that the app generated for you earlier.
  4. Leave the Require MFA option unchecked.
  1. Click Next: Permissions.
  2. Type ReadOnlyAccess to the policy search bar, scroll down to find the correct policy and select it.
  1. Type SecurityAudit to the policy search bar, scroll down to find the correct policy and select it.
  1. Click Next: Tags.
  2. Click Next: Review.
  3. Name the role (e.g., AWSAuditRole).
  4. Click Create role.

Enable AWS Config

The app integrates with Amazon's tools AWS Config, Security Hub and GuardDuty to monitor for weaknesses and vulnerabilities in your configurations. You need to enable these features in your AWS console for the app to function properly. First, let's go through how to enable AWS Config.

  1. Go to the AWS Config setup page in AWS Console.
  1. Select your AWS region (e.g. eu-north-1) from the drop-down menu in the right upper corner.
  1. Review the pricing for AWS Config, and then click on either "1-Click setup" or "Get started" to enable and configure AWS Config for your selected region.
  2. Review the configuration and click "Confirm" to enable AWS Config.

AWS Config is required before you can enable AWS Security Hub or Amazon GuardDuty (next steps).

Enable AWS Security Hub

AWS Security Hub performs checks for security best practices. It automatically detects services that are configured in a way that leaves them vulnerable to attacks. It categorizes its findings into those that need immediate attention and those that can be dealt with later. Let's go through how to enable AWS Security Hub for your AWS services.

  1. Go to the AWS Security Hub setup page in AWS Console.
  1. Select your AWS region (e.g. eu-north-1) from the drop-down menu in the right upper corner.
  1. Review the pricing, and then click on "Go to Security Hub" to enable and configure AWS Security Hub for your selected region. Make sure to turn on "Enable AWS Foundational Security Best Practices" and "Enable CIS AWS Foundations Benchmark".

Note that it may take up to a few hours before all of the compliance checks of AWS Security Hub are enabled.

Enable Amazon GuardDuty

Amazon GuardDuty continuously monitors your AWS account for malicious activity and unauthorised behaviour. Whereas AWS Security Hub is more concerned about compliance and configurations, GuardDuty is more concerned about the runtime behaviour of your systems. You should use both of them to get the best possible results on both configuration and runtime security of your environment. Let's see how to enable Amazon GuardDuty.

  1. Go to the Amazon GuardDuty setup page in AWS Console.
  1. Select your AWS region (e.g. eu-north-1) from the drop-down menu in the right upper corner.
  1. Click on "Get started" to configure Amazon GuardDuty for your selected region. Review the pricing and click "Enable GuardDuty".

AWS Regions and Accounts

All of the AWS and Amazon services for security monitoring and posture management are specific to a single AWS account and region.

If you have AWS services running in multiple regions or in multiple AWS accounts, and you want to audit all of them using the Fraktal AWS Audit app, you should repeat the steps above and enable AWS Config, AWS Security Hub and Amazon GuardDuty separately for each region and account that you are interested in.

Decide what accounts and regions you are interested in and start with those. You can start small and turn on checks on a test account or a single region to get acquainted with the AWS and Amazon security services before enabling them on all accounts and regions.

However, remember that it is a common security problem to assume that you have resources only on a specific AWS account or region. The resources that you don’t even know about, let alone have monitoring on, are often the ones that enable attackers to gain access to your environment.

Uninstalling the app

If you want to stop using the app, you can uninstall it and clean up the role delegation from your AWS IAM console.

  1. Go to the Fraktal AWS Audit app page and click Uninstall.
  1. Clean up the app role from your AWS IAM console.
  2. Under the Roles section, find and select the role you created earlier (e.g. "AWSAuditRole"), select Delete and confirm deletion.
  1. Turn off AWS Config, AWS Security Hub and Amazon GuardDuty in AWS Console for all of your accounts and regions, if you wish to stop using them.
  2. That's it, you have successfully uninstalled the Fraktal AWS Audit app and cleaned up its configuration from your AWS installation.
- + diff --git a/apps/gcp.html b/apps/gcp.html index 7c4d8526..41dfe28b 100644 --- a/apps/gcp.html +++ b/apps/gcp.html @@ -33,11 +33,11 @@ Google Cloud Platform App | Badrap docs - - + +

Google Cloud Platform App

This app allows you to synchronize your Google Cloud Platform (GCP) assets into Badrap and receive security notifications about them. If you are not the owner or your organization's GCP project or projects, you will need help from the owner.

First, the owner of your organization's GCP project(s) creates a service account, downloads a key for it, and delivers the key to the Badrap GCP app user. Badrap GCP app user loads the key to the Badrap GCP app. Once installed, the app maintains a list of your organization's assets and add those assets under your Badrap user account. Namely:

  • public IP-addresses from your GCP installation
  • domain names, if GCP also hosts your DNS
  • public IP-addresses of your Google Cloud SQL instances
  • public IP-addresses of your Google Kubernetes Engine clusters' control planes

I am the owner of the GCP project

Create a service account with limited access:

  1. Go to https://console.cloud.google.com/iam-admin/serviceaccounts (log in if necessary).
  2. Select the project which public assets are going to be shared
  3. Click on the Create service account button.
  1. On the Service account details area, give the account any name you want (for example "Service account for badrap.io").
    • Optionally add a description so you can remember what this service account is for.
    • Click the Create button.
  1. On the Service account permissions area, select the role Compute Viewer.
    • Click Add another role and add the DNS Reader role.
    • Click Add another role and add the Cloud SQL Viewer role.
    • Click Add another role and add the Kubernetes Engine Cluster Viewer role.
    • Click the Continue button.

  1. On the Grant users access to this service account area, leave the fields empty and click the Done button. You will be taken back to the project's Service accounts page.

  2. On the Service accounts page, find the row for the account you created, and click the three dots on the right.

    • Click Manage keys.
    • From the Add key drop-down menu, select Create new key.
    • When the key creation dialog opens, select JSON as the key type and click Create.
    • The key file is downloaded to your computer.
    • Close the dialog by clicking the Close button.

If you completed this process on behalf of someone else, deliver them the JSON key file containing the key to the service account. Delete the JSON key file from your local storage, once you don't need it anymore.

I am the Badrap user

Install the Google Cloud Platform app.

  1. Open the Google Cloud Platform app page in Badrap and click the Install button.

  2. The app will need your consent to create and manage assets under your Badrap user account. Click Install the app to give your consent.

  1. Click the Add a new account button. Upload the JSON key file you received or downloaded. Remember to delete the local file once the installation is finished and working.
  1. Congratulations! You are all done. Check the My assets page and find the section Google Cloud Platform from your asset list. You should see your public IP-addresses. If your DNS records are also under your GCP project, you should see your domain names in the list too.

Uninstalling the app

  1. Open the Google Cloud Platform app page and click Uninstall.
  2. Go to Service accounts in your Google Cloud Platform console.
  3. Select the project whose assets you have been following with the Badrap GCP app.
  4. Search for the service account you created earlier for the Badrap GCP app and select Delete from the Actions menu on the right.
  1. You have now successfully uninstalled the app and cleaned up its configuration from your GCP installation.
- + diff --git a/apps/gworkspace.html b/apps/gworkspace.html index 159a46fa..97f060a2 100644 --- a/apps/gworkspace.html +++ b/apps/gworkspace.html @@ -33,11 +33,11 @@ Google Workspace | Badrap docs - - + +

Google Workspace

This app allows you to synchronize your Google Workspace assets into Badrap and receive security notifications about them.

Once installed, the app fetches a list of your organization's assets from your Workspace environment, and adds them as your assets in Badrap. Whenever your assets change in Workspace, they are synchronized and updated automatically in Badrap. Assets can include:

  • Domain names
  • Email addresses
  • Groups

The app can be connected to Workspace either with an admin or non-admin account. An admin account has by default the necessary rights to fetch information about your assets. For non-admin users, you can create a custom role that allows them to fetch your asset information, see step 2 below.

Installing the app

  1. Google considers the Badrap app is "Unverified" because it requires certain "Limited" scopes from the Google Workspace user who installs it and it hasn't been vetted by Google.

    For a Google Workspace user to install the app, the app has to be allowlisted by an admin in their Google Workspace organization. The allowlisting can be done from the Google Admin panel:

  • Navigate to Security -> Access and data control -> API Controls -> Manage Third-Party App Access -> Add app -> OAuth App Name Or Client ID.
  • In the search field fill in the app's client ID, and click Search. The page will list the matching apps by name. Highlight the app and click Select.
    • The Badrap app client ID is 896703348678-sg4fi97m6p6r10dj49bfu88fjhj0t0am.apps.googleusercontent.com, and the app is named Badrap App for Google Workspace.
  • The next page asks which client IDs you want to configure. Select all of them and click Select.
  • The next page asks you to choose the access type. Select Trusted and click Configure.
  1. After this process, any Google Workspace user of the organization can install the app. However, the users need to have a Google Workspace role that allows accessing the required APIs. Admin users have the required permissions by default. For non-admin users, a new role can be created in the Google Admin panel:
  • Navigate to Admin roles and click Create new role.
  • Come up with a descriptive name for the role, for example "Badrap Watcher". Click Continue.
  • In the privilege selection list there is a separate section called Admin API privileges. From there enable Users -> Read, Groups -> Read and Domain Management privileges. Click Continue.
  • Click Create Role.
  • The role has now been created and can be assigned to the users that need the required permissions to install the Google Workspace Badrap app.

  1. After the steps above, you can proceed to install the Workspace app.

  2. Go to badrap.io. Install the app for a team or for you personally.

    • Team: Pick your team from the menu and click Apps
    • Personal: Go to Settings -> Apps

  3. Open the Workspace app page (opens new window). Click Install.

  1. Review the permissions that the app requests. Click Install the app.
  1. Click on Add a new account.
  1. Select your Google account that you want to use to connect to your Google Workspace installation.
  2. Google will ask for your permission to share your Workspace assets with Badrap. Review the permissions and click Allow to provide your consent.
  1. In a few minutes, you should see your assets under the Google Workspace section on your My Assets page.

Uninstalling the app

  1. Open the Workspace app page and click Uninstall.
  2. All assets listed by the app will disappear from your "My assets" page.
  3. From Google Admin panel, go to Security -> API Controls -> Manage Third-Party App Access, search for the app called Badrap App for Google Workspace, and delete it.
  4. If you created a custom role for non-admin users in your organization to install the app, go to Google Admin panel and delete the custom role from the Admin roles menu.
- + diff --git a/apps/https.html b/apps/https.html index 797c524e..47c3c2fd 100644 --- a/apps/https.html +++ b/apps/https.html @@ -33,13 +33,13 @@ HTTPS App | Badrap docs - - + +

HTTPS App

This app allows you to register a new asset into Badrap simply by fetching a URL. The IP address from which the request originates will be added as a new asset under your user account. You will receive security notifications about the asset you have registered, and you can use other Badrap apps to enrich or to interact with the asset.

Install the app

  1. Open the HTTPS app page.
  1. Click Install. The app will ask for your permission to create new assets under your Badrap account.
  1. Click on Install the app. The app is now installed.

Add a new asset

  1. Go to the HTTPS app page. Click on Generate new address.
  1. Click on the Copy to clipboard button to copy the URL onto your clipboard. You can also assign a name for the asset with the Assign name button.

  1. On the host that you want to add as a new asset into Badrap, fetch the URL using a suitable application. For command-line usage, common tools for fetching an URL are e.g. Wget or curl. These command-line tools are commonly available for Linux distributions. curl is built into Mac OS X, and into Windows 10 command line and PowerShell environments. For desktop hosts, you can simply fetch the URL with any web browser.

    Example using wget:

    wget https://http-app.badrap.io/app/claim/1abc...

    Example using curl:

    curl https://http-app.badrap.io/app/claim/1abc...

  2. The IP address of the host from which you fetched the URL will be registered and displayed as a new asset in your My assets page. If you assigned a name for your asset, it will also be displayed. The list shows also when the asset has been registered.

Update an asset

  1. If the IP address of your asset changes, you can update the asset simply by fetching the same URL again from the asset host. The asset is updated to reflect the current IP address. This way, you can keep assets with dynamically changing IP addresses easily up-to-date: just create a scheduled task on your asset host to periodically fetch the URL associated with it. If you want to update the name of the asset, you can do so with the Assign name button.

  2. You can also always just delete the previously generated URL associated with the asset and create a new one.

Delete an asset

  1. Go to the HTTPS app page. Find the URL that you used to register the asset that you want to delete. Click on Delete.

  2. The asset registered with the URL will be deleted from your My assets page.

Uninstall the app

  1. Go to the HTTPS app page and click Uninstall.

  2. The app is now uninstalled. Any assets you registered with the app are also deleted from your My assets page.

- + diff --git a/apps/o365.html b/apps/o365.html index 83652896..06775b02 100644 --- a/apps/o365.html +++ b/apps/o365.html @@ -33,11 +33,11 @@ Microsoft Office 365 | Badrap docs - - + +

Microsoft Office 365

This app allows you to synchronize your Office 365 assets into Badrap and receive security notifications about them. The app needs to be installed and enabled under your Badrap user account to get started. The app fetches a list of your organization's assets from your Office 365 installation with your consent, and adds those assets under your Badrap user account. It will also show how many users in your organization have Multi-Factor Authentication (MFA) enabled. If you do not have administrator rights for your organization's Office 365 installation, you will need help from your administrator to set up the app.

I am an Office 365 administrator

The easiest way to set up Badrap's Office 365 app is if you have administrator rights for your Office 365 environment. You can install the app and import all of your Office 365 assets to be visible under your Badrap user account. You can also optionally give permission to other Badrap users inside your organization to see the same information that you do.

You need to have one of the following administrator roles for your Office 365 environment to install the app:

  • Global administrator
  • Application administrator
  • Cloud application administrator

If you do not have any of these administrator rights, please refer to the I am an Office 365 user section below.

  1. To start the app installation, open the Office 365 app page. Click on Install.
  1. Review the permissions that the Office 365 app requires. If the permissions are acceptable for you, click on Install the app.
  1. Click on Add a new account.
  1. Your Office 365 login window will appear. Log in with your administrator account.
  1. The Office 365 app can also tell you if your organization has Multi-Factor Authentication (MFA) in use. Using MFA is a recommended best practice that will keep your organization protected against phishing attacks and data breaches. The app will display your MFA usage results along with a Microsoft Identity Secure Score, which is a numerical score created by Microsoft that shows how securely your Office 365 installation is configured. You can enable the MFA check by clicking on the Show Microsoft Identity Secure Score button after you add your Office 365 account.
  1. Microsoft Identity Secure Score will show how many of your administrator role users and regular users have MFA enabled. Note that it may take a minute or two for the app to fetch the MFA and Secure Score information from your Office 365 server. If you can do something to improve your score, clear instructions will explain what steps you can take. The link under the advice will take you to your Office 365 administration portal, which will provide further details on how the score is calculated, how your MFA settings are configured, and how to improve things.
  1. After you have added your account, the app will display your organization's Office 365 assets under the "Microsoft Office 365" section in your My Assets listing.

I am an Office 365 user

You can also install and use Badrap's Office 365 app as a regular Office 365 user. In this scenario, you will need help from your organization's Office 365 administrator to allow importing your organization's Office 365 assets into Badrap.

  1. To start the app installation, open the Office 365 app page. Click on Install.
  1. Review the permissions that the Office 365 app requires. If the permissions are acceptable for you, click on Install the app.
  1. Click on Add a new account.
  1. Your Microsoft Office 365 login window will appear. After you log in, you will see a notification that you need to contact your Office 365 administrator to give your user account permissions to install the app.

  1. Your organization's Office 365 administrator will need to allow access for the Badrap application. You can forward the instructions below for your Office 365 administrator.

  2. After your Office 365 administrator has given you sufficient permissions, you can use the Badrap Office 365 app. The app will fetch a list of your organization's Office 365 assets. You can then see those assets under the Microsoft Office 365 section in your My Assets listing.

  3. The Office 365 app can also tell you if your organization has Multi-Factor Authentication (MFA) in use. Using MFA is a recommended best practice that will keep your organization protected against phishing attacks and data breaches. The app will display your MFA usage results along with a Microsoft Identity Secure Score, which is a numerical score created by Microsoft that shows how securely your Office 365 installation is configured. You can enable the MFA check by clicking on the Show Microsoft Identity Secure Score button after you add your Office 365 account. Please note that your administrator needs to assign the Security Reader role for you to fetch the Secure Score from your Office 365 environment and to use this feature.

  1. Microsoft Identity Secure Score will show how many of your administrator role users and regular users have MFA enabled. Note that it may take a minute or two for the app to fetch the MFA and Secure Score information from your Office 365 server. If you can do something to improve your score, clear instructions will explain what steps you can take. The link under the advice will take you to your Office 365 administration portal, which will provide further details on how the score is calculated, how your MFA settings are configured, and how to improve things.

Instructions for Office 365 administrators to allow a user to install Badrap Office 365 app

  1. Click the following "Give admin consent" link to open the admin consent page for the Badrap for Office 365 application:

    Give admin consent

  2. Additionally, if a user wishes to use the Show Microsoft Identity Secure Score feature in Badrap to check your organization's Multi-Factor Authentication (MFA) deployment status, you need to assign the Security Reader role for that user in your Office 365 environment. This will allow the user to fetch the Microsoft Identity Secure Score.

Uninstalling the app

  1. Open the Office 365 app page and click on Uninstall.
  2. You have now successfully uninstalled the app.
- + diff --git a/apps/traficom.html b/apps/traficom.html index 8a0809f7..f6fc49e8 100644 --- a/apps/traficom.html +++ b/apps/traficom.html @@ -33,11 +33,11 @@ Traficom | Badrap docs - - + +

Traficom

Traficom app allows you to share your asset information with NCSC-FI (Kyberturvallisuuskeskus), the National Cyber Security Centre of Finland.

Sharing your Badrap asset information with NCSC-FI allows you to receive more accurate incident and vulnerability information about your valuable online resources.

By installing the app, you agree to share the list of your network assets (IP addresses and domain names) from Badrap to NCSC-FI. When you share the app installation ID with NCSC-FI, they can tell your assets belong to your organization.

Note that NCSC-FI is responsible for communicating about cyber security incidents and vulnerabilities with companies, organizations and individuals within Finland. If you are a Badrap user outside of Finland, you are probably better served by contacting your own local cyber security coordination centre.

Installation

  1. Open the Traficom app page.
  2. Click Install.
  1. Review the permissions the app requests. Click Install the app.
  1. Send the app installation ID by email to kyberturvallisuuskeskus@traficom.fi.
  1. Note that the installation ID is not a secret, and only NCSC-FI can use it to list your assets through Badrap's app API.

Uninstalling the app

  1. Open the Traficom app page and click Uninstall.
  2. That's it, you're done.
- + diff --git a/assets/404.html-BkdaAvsL.js b/assets/404.html-Bi_JhFm0.js similarity index 82% rename from assets/404.html-BkdaAvsL.js rename to assets/404.html-Bi_JhFm0.js index 5021537d..62c4b1ee 100644 --- a/assets/404.html-BkdaAvsL.js +++ b/assets/404.html-Bi_JhFm0.js @@ -1 +1 @@ -import{_ as t,c as e,o,a}from"./app-CxPUdK5a.js";const n={},c=a("p",null,"404 Not Found",-1),l=[c];function s(_,r){return o(),e("div",null,l)}const d=t(n,[["render",s],["__file","404.html.vue"]]),h=JSON.parse('{"path":"/404.html","title":"","lang":"en-US","frontmatter":{"layout":"NotFound"},"headers":[],"git":{},"filePathRelative":null}');export{d as comp,h as data}; +import{_ as t,c as e,o,a}from"./app-DhWbOGxr.js";const n={},c=a("p",null,"404 Not Found",-1),l=[c];function s(_,r){return o(),e("div",null,l)}const d=t(n,[["render",s],["__file","404.html.vue"]]),h=JSON.parse('{"path":"/404.html","title":"","lang":"en-US","frontmatter":{"layout":"NotFound"},"headers":[],"git":{},"filePathRelative":null}');export{d as comp,h as data}; diff --git a/assets/abandoned-server.html-iIrSMZM2.js b/assets/abandoned-server.html-CzZKkeOi.js similarity index 97% rename from assets/abandoned-server.html-iIrSMZM2.js rename to assets/abandoned-server.html-CzZKkeOi.js index 628b277d..9b36f75e 100644 --- a/assets/abandoned-server.html-iIrSMZM2.js +++ b/assets/abandoned-server.html-CzZKkeOi.js @@ -1,4 +1,4 @@ -import{_ as e,c as n,o as i,e as s}from"./app-CxPUdK5a.js";const a={},r=s(`

Abandoned Server

A computer with an Internet-facing IP address at your organization seems to be running an old operating system, which no longer receives security updates. The system may be vulnerable and should be decommissioned or upgraded.

Problem description

Based on version details of services visible to the Internet, a server, workstation or laptop in your network is running an out-of-date operating system. The operating system version has reached its end-of-life (EOL) phase, support for it has ended, and security updates are no longer released for it. You should assume that the server already contains unpatched vulnerabilities that an attacker can exploit, and continues to accumulate more vulnerabilities as time goes on.

Verifying the issue

On Linux systems, the following commands can be used to check which operating system version and release the affected computer is running.

Debian/Ubuntu and derivatives:

$ lsb_release -a
+import{_ as e,c as n,o as i,e as s}from"./app-DhWbOGxr.js";const a={},r=s(`
Abandoned Server
A computer with an Internet-facing IP address at your organization seems to be running an old operating system, which no longer receives security updates. The system may be vulnerable and should be decommissioned or upgraded.
Problem description
Based on version details of services visible to the Internet, a server, workstation or laptop in your network is running an out-of-date operating system. The operating system version has reached its end-of-life (EOL) phase, support for it has ended, and security updates are no longer released for it. You should assume that the server already contains unpatched vulnerabilities that an attacker can exploit, and continues to accumulate more vulnerabilities as time goes on.
Verifying the issue
On Linux systems, the following commands can be used to check which operating system version and release the affected computer is running.
Debian/Ubuntu and derivatives:
$ lsb_release -a
 Distributor ID: Ubuntu
 Description:    Ubuntu 22.04.2 LTS
 Release:        22.04
@@ -10,4 +10,4 @@ import{_ as e,c as n,o as i,e as s}from"./app-CxPUdK5a.js";const a={},r=s(`
...
 OS Name: Microsoft Windows 10 Enterprise
 OS Version: 10.0.19045 N/A Build 19045
-
The following links explain support timelines and EOL dates for the most common operating system releases. For other operating systems and versions, you can find the information online easily by searching for "OS name" (e.g. "OpenBSD") and "EOL" or "end-of-life".
Suggestions for repair
  1. If the server or workstation is not actively used or needed anymore, decommission it.
  2. If the server is still needed, replace it with a completely reinstalled server with a currently supported operating system.
  3. If you cannot replace the server with a freshly installed one, upgrade the operating system in place to a currently supported version. Please note that in this case known vulnerabilities may already have been abused and the system may be compromised.
Further considerations
  • Is the finding valid, and the operating system version is no longer supported?
  • Is the computer a server, a workstation or a laptop?
  • Does the computer contain information that should not end up in the wrong hands?
  • Has the computer contained such information at some point in the past?
  • If the computer is a server, is it actively used, or can it be decommissioned?
Protecting against future incidents
  1. Make sure that you use operating system versions that are actively supported.
  2. Whenever a new operating system version is released, upgrade your systems before the old version reaches its end-of-life phase.
  3. Make sure that you have named service owners who follow vulnerability reports and install updates whenever new vulnerabilities are announced.
  4. Continue to identify and decommission old legacy servers which have reached their end-of-life and which are no longer needed.
`,20),t=[r];function o(l,d){return i(),n("div",null,t)}const c=e(a,[["render",o],["__file","abandoned-server.html.vue"]]),u=JSON.parse('{"path":"/types/abandoned-server.html","title":"Abandoned Server","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Verifying the issue","slug":"verifying-the-issue","link":"#verifying-the-issue","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]},{"level":2,"title":"Further considerations","slug":"further-considerations","link":"#further-considerations","children":[]},{"level":2,"title":"Protecting against future incidents","slug":"protecting-against-future-incidents","link":"#protecting-against-future-incidents","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/abandoned-server.md"}');export{c as comp,u as data};
+

The following links explain support timelines and EOL dates for the most common operating system releases. For other operating systems and versions, you can find the information online easily by searching for "OS name" (e.g. "OpenBSD") and "EOL" or "end-of-life".

Suggestions for repair

  1. If the server or workstation is not actively used or needed anymore, decommission it.
  2. If the server is still needed, replace it with a completely reinstalled server with a currently supported operating system.
  3. If you cannot replace the server with a freshly installed one, upgrade the operating system in place to a currently supported version. Please note that in this case known vulnerabilities may already have been abused and the system may be compromised.

Further considerations

Protecting against future incidents

  1. Make sure that you use operating system versions that are actively supported.
  2. Whenever a new operating system version is released, upgrade your systems before the old version reaches its end-of-life phase.
  3. Make sure that you have named service owners who follow vulnerability reports and install updates whenever new vulnerabilities are announced.
  4. Continue to identify and decommission old legacy servers which have reached their end-of-life and which are no longer needed.
`,20),t=[r];function o(l,d){return i(),n("div",null,t)}const c=e(a,[["render",o],["__file","abandoned-server.html.vue"]]),u=JSON.parse('{"path":"/types/abandoned-server.html","title":"Abandoned Server","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Verifying the issue","slug":"verifying-the-issue","link":"#verifying-the-issue","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]},{"level":2,"title":"Further considerations","slug":"further-considerations","link":"#further-considerations","children":[]},{"level":2,"title":"Protecting against future incidents","slug":"protecting-against-future-incidents","link":"#protecting-against-future-incidents","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/abandoned-server.md"}');export{c as comp,u as data}; diff --git a/assets/app-CxPUdK5a.js b/assets/app-DhWbOGxr.js similarity index 97% rename from assets/app-CxPUdK5a.js rename to assets/app-DhWbOGxr.js index 8bb8004b..e78870b0 100644 --- a/assets/app-CxPUdK5a.js +++ b/assets/app-DhWbOGxr.js @@ -14,7 +14,7 @@ * @vue/runtime-dom v3.4.36 * (c) 2018-present Yuxi (Evan) You and Vue contributors * @license MIT -**/const Cu="http://www.w3.org/2000/svg",Tu="http://www.w3.org/1998/Math/MathML",vt=typeof document<"u"?document:null,Ds=vt&&vt.createElement("template"),Au={insert:(e,t,n)=>{t.insertBefore(e,n||null)},remove:e=>{const t=e.parentNode;t&&t.removeChild(e)},createElement:(e,t,n,r)=>{const o=t==="svg"?vt.createElementNS(Cu,e):t==="mathml"?vt.createElementNS(Tu,e):n?vt.createElement(e,{is:n}):vt.createElement(e);return e==="select"&&r&&r.multiple!=null&&o.setAttribute("multiple",r.multiple),o},createText:e=>vt.createTextNode(e),createComment:e=>vt.createComment(e),setText:(e,t)=>{e.nodeValue=t},setElementText:(e,t)=>{e.textContent=t},parentNode:e=>e.parentNode,nextSibling:e=>e.nextSibling,querySelector:e=>vt.querySelector(e),setScopeId(e,t){e.setAttribute(t,"")},insertStaticContent(e,t,n,r,o,s){const i=n?n.previousSibling:t.lastChild;if(o&&(o===s||o.nextSibling))for(;t.insertBefore(o.cloneNode(!0),n),!(o===s||!(o=o.nextSibling)););else{Ds.innerHTML=r==="svg"?`${e}`:r==="mathml"?`${e}`:e;const l=Ds.content;if(r==="svg"||r==="mathml"){const a=l.firstChild;for(;a.firstChild;)l.appendChild(a.firstChild);l.removeChild(a)}t.insertBefore(l,n)}return[i?i.nextSibling:t.firstChild,n?n.previousSibling:t.lastChild]}},Lt="transition",Cn="animation",zn=Symbol("_vtc"),nr=(e,{slots:t})=>Se(vc,xu(e),t);nr.displayName="Transition";const Ol={name:String,type:String,css:{type:Boolean,default:!0},duration:[String,Number,Object],enterFromClass:String,enterActiveClass:String,enterToClass:String,appearFromClass:String,appearActiveClass:String,appearToClass:String,leaveFromClass:String,leaveActiveClass:String,leaveToClass:String};nr.props=Me({},rl,Ol);const zt=(e,t=[])=>{te(e)?e.forEach(n=>n(...t)):e&&e(...t)},Ns=e=>e?te(e)?e.some(t=>t.length>1):e.length>1:!1;function xu(e){const t={};for(const y in e)y in Ol||(t[y]=e[y]);if(e.css===!1)return t;const{name:n="v",type:r,duration:o,enterFromClass:s=`${n}-enter-from`,enterActiveClass:i=`${n}-enter-active`,enterToClass:l=`${n}-enter-to`,appearFromClass:a=s,appearActiveClass:c=i,appearToClass:f=l,leaveFromClass:u=`${n}-leave-from`,leaveActiveClass:h=`${n}-leave-active`,leaveToClass:m=`${n}-leave-to`}=e,_=Ou(o),S=_&&_[0],A=_&&_[1],{onBeforeEnter:k,onEnter:E,onEnterCancelled:g,onLeave:w,onLeaveCancelled:$,onBeforeAppear:V=k,onAppear:M=E,onAppearCancelled:b=g}=t,z=(y,H,Z)=>{Ut(y,H?f:l),Ut(y,H?c:i),Z&&Z()},P=(y,H)=>{y._isLeaving=!1,Ut(y,u),Ut(y,m),Ut(y,h),H&&H()},B=y=>(H,Z)=>{const ne=y?M:E,R=()=>z(H,y,Z);zt(ne,[H,R]),Bs(()=>{Ut(H,y?a:s),Pt(H,y?f:l),Ns(ne)||js(H,r,S,R)})};return Me(t,{onBeforeEnter(y){zt(k,[y]),Pt(y,s),Pt(y,i)},onBeforeAppear(y){zt(V,[y]),Pt(y,a),Pt(y,c)},onEnter:B(!1),onAppear:B(!0),onLeave(y,H){y._isLeaving=!0;const Z=()=>P(y,H);Pt(y,u),Pt(y,h),Iu(),Bs(()=>{y._isLeaving&&(Ut(y,u),Pt(y,m),Ns(w)||js(y,r,A,Z))}),zt(w,[y,Z])},onEnterCancelled(y){z(y,!1),zt(g,[y])},onAppearCancelled(y){z(y,!0),zt(b,[y])},onLeaveCancelled(y){P(y),zt($,[y])}})}function Ou(e){if(e==null)return null;if(be(e))return[so(e.enter),so(e.leave)];{const t=so(e);return[t,t]}}function so(e){return Sa(e)}function Pt(e,t){t.split(/\s+/).forEach(n=>n&&e.classList.add(n)),(e[zn]||(e[zn]=new Set)).add(t)}function Ut(e,t){t.split(/\s+/).forEach(r=>r&&e.classList.remove(r));const n=e[zn];n&&(n.delete(t),n.size||(e[zn]=void 0))}function Bs(e){requestAnimationFrame(()=>{requestAnimationFrame(e)})}let ku=0;function js(e,t,n,r){const o=e._endId=++ku,s=()=>{o===e._endId&&r()};if(n)return setTimeout(s,n);const{type:i,timeout:l,propCount:a}=Ru(e,t);if(!i)return r();const c=i+"end";let f=0;const u=()=>{e.removeEventListener(c,h),s()},h=m=>{m.target===e&&++f>=a&&u()};setTimeout(()=>{f(n[_]||"").split(", "),o=r(`${Lt}Delay`),s=r(`${Lt}Duration`),i=Fs(o,s),l=r(`${Cn}Delay`),a=r(`${Cn}Duration`),c=Fs(l,a);let f=null,u=0,h=0;t===Lt?i>0&&(f=Lt,u=i,h=s.length):t===Cn?c>0&&(f=Cn,u=c,h=a.length):(u=Math.max(i,c),f=u>0?i>c?Lt:Cn:null,h=f?f===Lt?s.length:a.length:0);const m=f===Lt&&/\b(transform|all)(,|$)/.test(r(`${Lt}Property`).toString());return{type:f,timeout:u,propCount:h,hasTransform:m}}function Fs(e,t){for(;e.lengthzs(n)+zs(e[r])))}function zs(e){return e==="auto"?0:Number(e.slice(0,-1).replace(",","."))*1e3}function Iu(){return document.body.offsetHeight}function Mu(e,t,n){const r=e[zn];r&&(t=(t?[t,...r]:[...r]).join(" ")),t==null?e.removeAttribute("class"):n?e.setAttribute("class",t):e.className=t}const Rr=Symbol("_vod"),kl=Symbol("_vsh"),Ir={beforeMount(e,{value:t},{transition:n}){e[Rr]=e.style.display==="none"?"":e.style.display,n&&t?n.beforeEnter(e):Tn(e,t)},mounted(e,{value:t},{transition:n}){n&&t&&n.enter(e)},updated(e,{value:t,oldValue:n},{transition:r}){!t!=!n&&(r?t?(r.beforeEnter(e),Tn(e,!0),r.enter(e)):r.leave(e,()=>{Tn(e,!1)}):Tn(e,t))},beforeUnmount(e,{value:t}){Tn(e,t)}};function Tn(e,t){e.style.display=t?e[Rr]:"none",e[kl]=!t}const Hu=Symbol(""),Vu=/(^|;)\s*display\s*:/;function $u(e,t,n){const r=e.style,o=Te(n);let s=!1;if(n&&!o){if(t)if(Te(t))for(const i of t.split(";")){const l=i.slice(0,i.indexOf(":")).trim();n[l]==null&&yr(r,l,"")}else for(const i in t)n[i]==null&&yr(r,i,"");for(const i in n)i==="display"&&(s=!0),yr(r,i,n[i])}else if(o){if(t!==n){const i=r[Hu];i&&(n+=";"+i),r.cssText=n,s=Vu.test(n)}}else t&&e.removeAttribute("style");Rr in e&&(e[Rr]=s?r.display:"",e[kl]&&(r.display="none"))}const Us=/\s*!important$/;function yr(e,t,n){if(te(n))n.forEach(r=>yr(e,t,r));else if(n==null&&(n=""),t.startsWith("--"))e.setProperty(t,n);else{const r=Du(e,t);Us.test(n)?e.setProperty(Nt(r),n.replace(Us,""),"important"):e[r]=n}}const Ws=["Webkit","Moz","ms"],io={};function Du(e,t){const n=io[t];if(n)return n;let r=Xe(t);if(r!=="filter"&&r in e)return io[t]=r;r=Yn(r);for(let o=0;olo||(Uu.then(()=>lo=0),lo=Date.now());function Ku(e,t){const n=r=>{if(!r._vts)r._vts=Date.now();else if(r._vts<=n.attached)return;rt(qu(r,n.value),t,5,[r])};return n.value=e,n.attached=Wu(),n}function qu(e,t){if(te(t)){const n=e.stopImmediatePropagation;return e.stopImmediatePropagation=()=>{n.call(e),e._stopped=!0},t.map(r=>o=>!o._stopped&&r&&r(o))}else return t}const Js=e=>e.charCodeAt(0)===111&&e.charCodeAt(1)===110&&e.charCodeAt(2)>96&&e.charCodeAt(2)<123,Gu=(e,t,n,r,o,s)=>{const i=o==="svg";t==="class"?Mu(e,r,i):t==="style"?$u(e,n,r):Gn(t)?Io(t)||Fu(e,t,n,r,s):(t[0]==="."?(t=t.slice(1),!0):t[0]==="^"?(t=t.slice(1),!1):Yu(e,t,r,i))?(Nu(e,t,r),!e.tagName.includes("-")&&(t==="value"||t==="checked"||t==="selected")&&qs(e,t,r,i,s,t!=="value")):(t==="true-value"?e._trueValue=r:t==="false-value"&&(e._falseValue=r),qs(e,t,r,i))};function Yu(e,t,n,r){if(r)return!!(t==="innerHTML"||t==="textContent"||t in e&&Js(t)&&oe(n));if(t==="spellcheck"||t==="draggable"||t==="translate"||t==="form"||t==="list"&&e.tagName==="INPUT"||t==="type"&&e.tagName==="TEXTAREA")return!1;if(t==="width"||t==="height"){const o=e.tagName;if(o==="IMG"||o==="VIDEO"||o==="CANVAS"||o==="SOURCE")return!1}return Js(t)&&Te(n)?!1:t in e}const Ju={esc:"escape",space:" ",up:"arrow-up",left:"arrow-left",right:"arrow-right",down:"arrow-down",delete:"backspace"},Qu=(e,t)=>{const n=e._withKeys||(e._withKeys={}),r=t.join(".");return n[r]||(n[r]=o=>{if(!("key"in o))return;const s=Nt(o.key);if(t.some(i=>i===s||Ju[i]===s))return e(o)})},Xu=Me({patchProp:Gu},Au);let ao,Qs=!1;function Zu(){return ao=Qs?ao:Qc(Xu),Qs=!0,ao}const ef=(...e)=>{const t=Zu().createApp(...e),{mount:n}=t;return t.mount=r=>{const o=nf(r);if(o)return n(o,!0,tf(o))},t};function tf(e){if(e instanceof SVGElement)return"svg";if(typeof MathMLElement=="function"&&e instanceof MathMLElement)return"mathml"}function nf(e){return Te(e)?document.querySelector(e):e}var rr=e=>/^[a-z][a-z0-9+.-]*:/.test(e)||e.startsWith("//"),rf=/.md((\?|#).*)?$/,of=(e,t="/")=>rr(e)||e.startsWith("/")&&!e.startsWith(t)&&!rf.test(e),Wr=e=>/^(https?:)?\/\//.test(e),Xs=e=>{if(!e||e.endsWith("/"))return e;let t=e.replace(/(^|\/)README.md$/i,"$1index.html");return t.endsWith(".md")?t=t.substring(0,t.length-3)+".html":t.endsWith(".html")||(t=t+".html"),t.endsWith("/index.html")&&(t=t.substring(0,t.length-10)),t},sf="http://.",lf=(e,t)=>{if(!e.startsWith("/")&&t){const n=t.slice(0,t.lastIndexOf("/"));return Xs(new URL(`${n}/${e}`,sf).pathname)}return Xs(e)},af=(e,t)=>{const n=Object.keys(e).sort((r,o)=>{const s=o.split("/").length-r.split("/").length;return s!==0?s:o.length-r.length});for(const r of n)if(t.startsWith(r))return r;return"/"},cf=/(#|\?)/,Rl=e=>{const[t,...n]=e.split(cf);return{pathname:t,hashAndQueries:n.join("")}},uf=["link","meta","script","style","noscript","template"],ff=["title","base"],df=([e,t,n])=>ff.includes(e)?e:uf.includes(e)?e==="meta"&&t.name?`${e}.${t.name}`:e==="template"&&t.id?`${e}.${t.id}`:JSON.stringify([e,Object.entries(t).map(([r,o])=>typeof o=="boolean"?o?[r,""]:null:[r,o]).filter(r=>r!=null).sort(([r],[o])=>r.localeCompare(o)),n]):null,pf=e=>{const t=new Set,n=[];return e.forEach(r=>{const o=df(r);o&&!t.has(o)&&(t.add(o),n.push(r))}),n},hf=e=>e[e.length-1]==="/"||e.endsWith(".html")?e:`${e}/`,Il=e=>e[e.length-1]==="/"?e.slice(0,-1):e,Ml=e=>e[0]==="/"?e.slice(1):e,Qo=e=>Object.prototype.toString.call(e)==="[object Object]",st=e=>typeof e=="string";const mf="modulepreload",gf=function(e){return"/"+e},Zs={},W=function(t,n,r){let o=Promise.resolve();if(n&&n.length>0){document.getElementsByTagName("link");const s=document.querySelector("meta[property=csp-nonce]"),i=(s==null?void 0:s.nonce)||(s==null?void 0:s.getAttribute("nonce"));o=Promise.all(n.map(l=>{if(l=gf(l),l in Zs)return;Zs[l]=!0;const a=l.endsWith(".css"),c=a?'[rel="stylesheet"]':"";if(document.querySelector(`link[href="${l}"]${c}`))return;const f=document.createElement("link");if(f.rel=a?"stylesheet":mf,a||(f.as="script",f.crossOrigin=""),f.href=l,i&&f.setAttribute("nonce",i),document.head.appendChild(f),a)return new Promise((u,h)=>{f.addEventListener("load",u),f.addEventListener("error",()=>h(new Error(`Unable to preload CSS for ${l}`)))})}))}return o.then(()=>t()).catch(s=>{const i=new Event("vite:preloadError",{cancelable:!0});if(i.payload=s,window.dispatchEvent(i),!i.defaultPrevented)throw s})},vf=JSON.parse("{}"),_f=Object.fromEntries([["/",{loader:()=>W(()=>import("./index.html-BmS1BYUC.js"),[]),meta:{title:"Badrap Documentation"}}],["/categories.html",{loader:()=>W(()=>import("./categories.html-OrsqNfEb.js"),[]),meta:{title:"About different categories of attacks"}}],["/esg.html",{loader:()=>W(()=>import("./esg.html-DDLsCKLE.js"),[]),meta:{title:"Environmental, Social and Governance Policy - Badrap Oy"}}],["/faq.html",{loader:()=>W(()=>import("./faq.html-Dc6FysBz.js"),[]),meta:{title:"Frequently Asked Questions"}}],["/locate.html",{loader:()=>W(()=>import("./locate.html-DR_pglPl.js"),[]),meta:{title:"How to locate a vulnerable device"}}],["/privacy-company.html",{loader:()=>W(()=>import("./privacy-company.html-BNyM51Yv.js"),[]),meta:{title:"Privacy Policy for Badrap Oy"}}],["/privacy.html",{loader:()=>W(()=>import("./privacy.html--nAiX17R.js"),[]),meta:{title:"badrap.io Privacy Policy"}}],["/service-description.html",{loader:()=>W(()=>import("./service-description.html-DepB6qo7.js"),[]),meta:{title:"Service Description"}}],["/tos.html",{loader:()=>W(()=>import("./tos.html-CTPtZAS5.js"),[]),meta:{title:"Badrap Terms of Service"}}],["/apps/aws.html",{loader:()=>W(()=>import("./aws.html-BWuIiana.js"),[]),meta:{title:"Amazon Web Services (AWS)"}}],["/apps/azure.html",{loader:()=>W(()=>import("./azure.html-B8TmmYq2.js"),[]),meta:{title:"Microsoft Azure"}}],["/apps/beacon.html",{loader:()=>W(()=>import("./beacon.html-BOY3vzUm.js"),[]),meta:{title:"SensorFu Beacon"}}],["/apps/fraktal.html",{loader:()=>W(()=>import("./fraktal.html-BRW1YI_r.js"),[]),meta:{title:"Fraktal AWS Audit"}}],["/apps/gcp.html",{loader:()=>W(()=>import("./gcp.html-DeJ-0EHu.js"),[]),meta:{title:"Google Cloud Platform App"}}],["/apps/gworkspace.html",{loader:()=>W(()=>import("./gworkspace.html-dj_ceNJH.js"),[]),meta:{title:"Google Workspace"}}],["/apps/https.html",{loader:()=>W(()=>import("./https.html-CWJprkwF.js"),[]),meta:{title:"HTTPS App"}}],["/apps/o365.html",{loader:()=>W(()=>import("./o365.html-DYo0A0UP.js"),[]),meta:{title:"Microsoft Office 365"}}],["/apps/traficom.html",{loader:()=>W(()=>import("./traficom.html-DFa_0WX1.js"),[]),meta:{title:"Traficom"}}],["/fi/",{loader:()=>W(()=>import("./index.html-CNZDpYWA.js"),[]),meta:{title:"Badrapin suomenkieliset materiaalit"}}],["/fi/categories.html",{loader:()=>W(()=>import("./categories.html-CqD7nnj-.js"),[]),meta:{title:"Tietoa hyökkäyskategorioista"}}],["/fi/faq.html",{loader:()=>W(()=>import("./faq.html-BGXQxLi4.js"),[]),meta:{title:"Usein kysytyt kysymykset"}}],["/fi/locate.html",{loader:()=>W(()=>import("./locate.html-COlqpj_h.js"),[]),meta:{title:"Ongelmallisen laitteen paikallistaminen"}}],["/fi/privacy.html",{loader:()=>W(()=>import("./privacy.html-Bb0Nze7P.js"),[]),meta:{title:"badrap.io:n tietosuojaseloste"}}],["/types/abandoned-server.html",{loader:()=>W(()=>import("./abandoned-server.html-iIrSMZM2.js"),[]),meta:{title:"Abandoned Server"}}],["/types/attacksource.html",{loader:()=>W(()=>import("./attacksource.html-ngYGtnxE.js"),[]),meta:{title:"Attack Source"}}],["/types/databreach.html",{loader:()=>W(()=>import("./databreach.html-F5GAThpd.js"),[]),meta:{title:"Data Breach"}}],["/types/dns.html",{loader:()=>W(()=>import("./dns.html-2vaC12-a.js"),[]),meta:{title:"Open DNS service"}}],["/types/eol-server.html",{loader:()=>W(()=>import("./eol-server.html-DJQCfw7N.js"),[]),meta:{title:"End Of Life Server"}}],["/types/expired-certificate.html",{loader:()=>W(()=>import("./expired-certificate.html-DUS018mF.js"),[]),meta:{title:"Expired Certificate"}}],["/types/exposed-service.html",{loader:()=>W(()=>import("./exposed-service.html-4WdTnU5-.js"),[]),meta:{title:"Exposed Service"}}],["/types/malware-citeary.html",{loader:()=>W(()=>import("./malware-citeary.html-DIwgV1uK.js"),[]),meta:{title:"Problem description"}}],["/types/malware-ircbot.html",{loader:()=>W(()=>import("./malware-ircbot.html-Q2PqS_mH.js"),[]),meta:{title:"Problem description"}}],["/types/malware-jadtre.html",{loader:()=>W(()=>import("./malware-jadtre.html-Ntw8n8Mq.js"),[]),meta:{title:"Problem description"}}],["/types/malware-palevo.html",{loader:()=>W(()=>import("./malware-palevo.html-CtD3MC2a.js"),[]),meta:{title:"Problem description"}}],["/types/malware-pushdo.html",{loader:()=>W(()=>import("./malware-pushdo.html-BZmnH6YF.js"),[]),meta:{title:"Problem description"}}],["/types/malware-sality.html",{loader:()=>W(()=>import("./malware-sality.html-BQ0yV-V2.js"),[]),meta:{title:"Problem description"}}],["/types/malware-wapomi.html",{loader:()=>W(()=>import("./malware-wapomi.html-BRTIabzZ.js"),[]),meta:{title:"Problem description"}}],["/types/mdns.html",{loader:()=>W(()=>import("./mdns.html-DiGwY1J-.js"),[]),meta:{title:"Open mDNS service"}}],["/types/memcached.html",{loader:()=>W(()=>import("./memcached.html-CwkZICD2.js"),[]),meta:{title:"Open Memcached service"}}],["/types/netbios.html",{loader:()=>W(()=>import("./netbios.html-BSFwTz8C.js"),[]),meta:{title:"Open Netbios service"}}],["/types/ntp.html",{loader:()=>W(()=>import("./ntp.html-BikPWrCz.js"),[]),meta:{title:"Open NTP service"}}],["/types/portscan.html",{loader:()=>W(()=>import("./portscan.html-BO9ugUES.js"),[]),meta:{title:"Port Scan Source"}}],["/types/rdp.html",{loader:()=>W(()=>import("./rdp.html-Dltkm16M.js"),[]),meta:{title:"Open RDP service"}}],["/types/smb.html",{loader:()=>W(()=>import("./smb.html-BQll2f3l.js"),[]),meta:{title:"Open SMB service"}}],["/types/snmp.html",{loader:()=>W(()=>import("./snmp.html-BUnVwCVL.js"),[]),meta:{title:"Open SNMP service"}}],["/types/spamlist.html",{loader:()=>W(()=>import("./spamlist.html-tke5fmdm.js"),[]),meta:{title:"Spam List"}}],["/types/subdomain.html",{loader:()=>W(()=>import("./subdomain.html-BdkTII2J.js"),[]),meta:{title:"Subdomain Takeover Risk"}}],["/types/telnet.html",{loader:()=>W(()=>import("./telnet.html-CFTfXnZz.js"),[]),meta:{title:"Open Telnet service"}}],["/types/tftp.html",{loader:()=>W(()=>import("./tftp.html-Ddm1bE5s.js"),[]),meta:{title:"Open TFTP service"}}],["/types/vnc.html",{loader:()=>W(()=>import("./vnc.html-D9LE4BKT.js"),[]),meta:{title:"Open VNC service"}}],["/fi/types/attacksource.html",{loader:()=>W(()=>import("./attacksource.html-D-YOJ_ca.js"),[]),meta:{title:"Verkkohyökkäysten lähde verkossasi"}}],["/fi/types/buildingautomation.html",{loader:()=>W(()=>import("./buildingautomation.html-B-8ENF89.js"),[]),meta:{title:"Taloautomaatiojärjestelmäsi on kytketty Internetiin"}}],["/fi/types/dns.html",{loader:()=>W(()=>import("./dns.html-DeQPmGB2.js"),[]),meta:{title:"Liian avoin nimipalvelu"}}],["/fi/types/malware-citeary.html",{loader:()=>W(()=>import("./malware-citeary.html-BRCAvzSl.js"),[]),meta:{title:"Ongelman kuvaus"}}],["/fi/types/malware-ircbot.html",{loader:()=>W(()=>import("./malware-ircbot.html-DctXYzKN.js"),[]),meta:{title:"Ongelman kuvaus"}}],["/fi/types/malware-jadtre.html",{loader:()=>W(()=>import("./malware-jadtre.html-DzBe_BGP.js"),[]),meta:{title:"Ongelman kuvaus"}}],["/fi/types/malware-palevo.html",{loader:()=>W(()=>import("./malware-palevo.html-CouHPUTW.js"),[]),meta:{title:"Ongelman kuvaus"}}],["/fi/types/malware-pushdo.html",{loader:()=>W(()=>import("./malware-pushdo.html-CGHF6eXb.js"),[]),meta:{title:"Ongelman kuvaus"}}],["/fi/types/malware-sality.html",{loader:()=>W(()=>import("./malware-sality.html-DGNzPdCQ.js"),[]),meta:{title:"Ongelman kuvaus"}}],["/fi/types/malware-wapomi.html",{loader:()=>W(()=>import("./malware-wapomi.html-CDiIp60-.js"),[]),meta:{title:"Ongelman kuvaus"}}],["/fi/types/mdns.html",{loader:()=>W(()=>import("./mdns.html-Dk8kBqvO.js"),[]),meta:{title:"Avoin mDNS-palvelu"}}],["/fi/types/memcached.html",{loader:()=>W(()=>import("./memcached.html-BZ6LpFUS.js"),[]),meta:{title:"Avoin Memcached-palvelu"}}],["/fi/types/netbios.html",{loader:()=>W(()=>import("./netbios.html-Drij6NbL.js"),[]),meta:{title:"Avoin NetBIOS-palvelu"}}],["/fi/types/ntp.html",{loader:()=>W(()=>import("./ntp.html-DvHApbp1.js"),[]),meta:{title:"Avoin NTP-palvelu"}}],["/fi/types/portscan.html",{loader:()=>W(()=>import("./portscan.html-LC0ffMCx.js"),[]),meta:{title:"Porttiskannausta havaittu verkostasi"}}],["/fi/types/smb.html",{loader:()=>W(()=>import("./smb.html-BT2tqUye.js"),[]),meta:{title:"Avoin SMB-tiedostojakopalvelu"}}],["/fi/types/snmp.html",{loader:()=>W(()=>import("./snmp.html-q7B2tUR0.js"),[]),meta:{title:"Avoin SNMP-palvelu"}}],["/fi/types/telnet.html",{loader:()=>W(()=>import("./telnet.html-987288tA.js"),[]),meta:{title:"Avoin Telnet-palvelu"}}],["/fi/types/tftp.html",{loader:()=>W(()=>import("./tftp.html-7lCbqBhd.js"),[]),meta:{title:"Avoin TFTP-palvelu"}}],["/404.html",{loader:()=>W(()=>import("./404.html-BkdaAvsL.js"),[]),meta:{title:""}}]]);/*! +**/const Cu="http://www.w3.org/2000/svg",Tu="http://www.w3.org/1998/Math/MathML",vt=typeof document<"u"?document:null,Ds=vt&&vt.createElement("template"),Au={insert:(e,t,n)=>{t.insertBefore(e,n||null)},remove:e=>{const t=e.parentNode;t&&t.removeChild(e)},createElement:(e,t,n,r)=>{const o=t==="svg"?vt.createElementNS(Cu,e):t==="mathml"?vt.createElementNS(Tu,e):n?vt.createElement(e,{is:n}):vt.createElement(e);return e==="select"&&r&&r.multiple!=null&&o.setAttribute("multiple",r.multiple),o},createText:e=>vt.createTextNode(e),createComment:e=>vt.createComment(e),setText:(e,t)=>{e.nodeValue=t},setElementText:(e,t)=>{e.textContent=t},parentNode:e=>e.parentNode,nextSibling:e=>e.nextSibling,querySelector:e=>vt.querySelector(e),setScopeId(e,t){e.setAttribute(t,"")},insertStaticContent(e,t,n,r,o,s){const i=n?n.previousSibling:t.lastChild;if(o&&(o===s||o.nextSibling))for(;t.insertBefore(o.cloneNode(!0),n),!(o===s||!(o=o.nextSibling)););else{Ds.innerHTML=r==="svg"?`${e}`:r==="mathml"?`${e}`:e;const l=Ds.content;if(r==="svg"||r==="mathml"){const a=l.firstChild;for(;a.firstChild;)l.appendChild(a.firstChild);l.removeChild(a)}t.insertBefore(l,n)}return[i?i.nextSibling:t.firstChild,n?n.previousSibling:t.lastChild]}},Lt="transition",Cn="animation",zn=Symbol("_vtc"),nr=(e,{slots:t})=>Se(vc,xu(e),t);nr.displayName="Transition";const Ol={name:String,type:String,css:{type:Boolean,default:!0},duration:[String,Number,Object],enterFromClass:String,enterActiveClass:String,enterToClass:String,appearFromClass:String,appearActiveClass:String,appearToClass:String,leaveFromClass:String,leaveActiveClass:String,leaveToClass:String};nr.props=Me({},rl,Ol);const zt=(e,t=[])=>{te(e)?e.forEach(n=>n(...t)):e&&e(...t)},Ns=e=>e?te(e)?e.some(t=>t.length>1):e.length>1:!1;function xu(e){const t={};for(const y in e)y in Ol||(t[y]=e[y]);if(e.css===!1)return t;const{name:n="v",type:r,duration:o,enterFromClass:s=`${n}-enter-from`,enterActiveClass:i=`${n}-enter-active`,enterToClass:l=`${n}-enter-to`,appearFromClass:a=s,appearActiveClass:c=i,appearToClass:f=l,leaveFromClass:u=`${n}-leave-from`,leaveActiveClass:h=`${n}-leave-active`,leaveToClass:m=`${n}-leave-to`}=e,_=Ou(o),S=_&&_[0],A=_&&_[1],{onBeforeEnter:k,onEnter:E,onEnterCancelled:g,onLeave:w,onLeaveCancelled:$,onBeforeAppear:V=k,onAppear:M=E,onAppearCancelled:b=g}=t,z=(y,H,Z)=>{Ut(y,H?f:l),Ut(y,H?c:i),Z&&Z()},P=(y,H)=>{y._isLeaving=!1,Ut(y,u),Ut(y,m),Ut(y,h),H&&H()},B=y=>(H,Z)=>{const ne=y?M:E,R=()=>z(H,y,Z);zt(ne,[H,R]),Bs(()=>{Ut(H,y?a:s),Pt(H,y?f:l),Ns(ne)||js(H,r,S,R)})};return Me(t,{onBeforeEnter(y){zt(k,[y]),Pt(y,s),Pt(y,i)},onBeforeAppear(y){zt(V,[y]),Pt(y,a),Pt(y,c)},onEnter:B(!1),onAppear:B(!0),onLeave(y,H){y._isLeaving=!0;const Z=()=>P(y,H);Pt(y,u),Pt(y,h),Iu(),Bs(()=>{y._isLeaving&&(Ut(y,u),Pt(y,m),Ns(w)||js(y,r,A,Z))}),zt(w,[y,Z])},onEnterCancelled(y){z(y,!1),zt(g,[y])},onAppearCancelled(y){z(y,!0),zt(b,[y])},onLeaveCancelled(y){P(y),zt($,[y])}})}function Ou(e){if(e==null)return null;if(be(e))return[so(e.enter),so(e.leave)];{const t=so(e);return[t,t]}}function so(e){return Sa(e)}function Pt(e,t){t.split(/\s+/).forEach(n=>n&&e.classList.add(n)),(e[zn]||(e[zn]=new Set)).add(t)}function Ut(e,t){t.split(/\s+/).forEach(r=>r&&e.classList.remove(r));const n=e[zn];n&&(n.delete(t),n.size||(e[zn]=void 0))}function Bs(e){requestAnimationFrame(()=>{requestAnimationFrame(e)})}let ku=0;function js(e,t,n,r){const o=e._endId=++ku,s=()=>{o===e._endId&&r()};if(n)return setTimeout(s,n);const{type:i,timeout:l,propCount:a}=Ru(e,t);if(!i)return r();const c=i+"end";let f=0;const u=()=>{e.removeEventListener(c,h),s()},h=m=>{m.target===e&&++f>=a&&u()};setTimeout(()=>{f(n[_]||"").split(", "),o=r(`${Lt}Delay`),s=r(`${Lt}Duration`),i=Fs(o,s),l=r(`${Cn}Delay`),a=r(`${Cn}Duration`),c=Fs(l,a);let f=null,u=0,h=0;t===Lt?i>0&&(f=Lt,u=i,h=s.length):t===Cn?c>0&&(f=Cn,u=c,h=a.length):(u=Math.max(i,c),f=u>0?i>c?Lt:Cn:null,h=f?f===Lt?s.length:a.length:0);const m=f===Lt&&/\b(transform|all)(,|$)/.test(r(`${Lt}Property`).toString());return{type:f,timeout:u,propCount:h,hasTransform:m}}function Fs(e,t){for(;e.lengthzs(n)+zs(e[r])))}function zs(e){return e==="auto"?0:Number(e.slice(0,-1).replace(",","."))*1e3}function Iu(){return document.body.offsetHeight}function Mu(e,t,n){const r=e[zn];r&&(t=(t?[t,...r]:[...r]).join(" ")),t==null?e.removeAttribute("class"):n?e.setAttribute("class",t):e.className=t}const Rr=Symbol("_vod"),kl=Symbol("_vsh"),Ir={beforeMount(e,{value:t},{transition:n}){e[Rr]=e.style.display==="none"?"":e.style.display,n&&t?n.beforeEnter(e):Tn(e,t)},mounted(e,{value:t},{transition:n}){n&&t&&n.enter(e)},updated(e,{value:t,oldValue:n},{transition:r}){!t!=!n&&(r?t?(r.beforeEnter(e),Tn(e,!0),r.enter(e)):r.leave(e,()=>{Tn(e,!1)}):Tn(e,t))},beforeUnmount(e,{value:t}){Tn(e,t)}};function Tn(e,t){e.style.display=t?e[Rr]:"none",e[kl]=!t}const Hu=Symbol(""),Vu=/(^|;)\s*display\s*:/;function $u(e,t,n){const r=e.style,o=Te(n);let s=!1;if(n&&!o){if(t)if(Te(t))for(const i of t.split(";")){const l=i.slice(0,i.indexOf(":")).trim();n[l]==null&&yr(r,l,"")}else for(const i in t)n[i]==null&&yr(r,i,"");for(const i in n)i==="display"&&(s=!0),yr(r,i,n[i])}else if(o){if(t!==n){const i=r[Hu];i&&(n+=";"+i),r.cssText=n,s=Vu.test(n)}}else t&&e.removeAttribute("style");Rr in e&&(e[Rr]=s?r.display:"",e[kl]&&(r.display="none"))}const Us=/\s*!important$/;function yr(e,t,n){if(te(n))n.forEach(r=>yr(e,t,r));else if(n==null&&(n=""),t.startsWith("--"))e.setProperty(t,n);else{const r=Du(e,t);Us.test(n)?e.setProperty(Nt(r),n.replace(Us,""),"important"):e[r]=n}}const Ws=["Webkit","Moz","ms"],io={};function Du(e,t){const n=io[t];if(n)return n;let r=Xe(t);if(r!=="filter"&&r in e)return io[t]=r;r=Yn(r);for(let o=0;olo||(Uu.then(()=>lo=0),lo=Date.now());function Ku(e,t){const n=r=>{if(!r._vts)r._vts=Date.now();else if(r._vts<=n.attached)return;rt(qu(r,n.value),t,5,[r])};return n.value=e,n.attached=Wu(),n}function qu(e,t){if(te(t)){const n=e.stopImmediatePropagation;return e.stopImmediatePropagation=()=>{n.call(e),e._stopped=!0},t.map(r=>o=>!o._stopped&&r&&r(o))}else return t}const Js=e=>e.charCodeAt(0)===111&&e.charCodeAt(1)===110&&e.charCodeAt(2)>96&&e.charCodeAt(2)<123,Gu=(e,t,n,r,o,s)=>{const i=o==="svg";t==="class"?Mu(e,r,i):t==="style"?$u(e,n,r):Gn(t)?Io(t)||Fu(e,t,n,r,s):(t[0]==="."?(t=t.slice(1),!0):t[0]==="^"?(t=t.slice(1),!1):Yu(e,t,r,i))?(Nu(e,t,r),!e.tagName.includes("-")&&(t==="value"||t==="checked"||t==="selected")&&qs(e,t,r,i,s,t!=="value")):(t==="true-value"?e._trueValue=r:t==="false-value"&&(e._falseValue=r),qs(e,t,r,i))};function Yu(e,t,n,r){if(r)return!!(t==="innerHTML"||t==="textContent"||t in e&&Js(t)&&oe(n));if(t==="spellcheck"||t==="draggable"||t==="translate"||t==="form"||t==="list"&&e.tagName==="INPUT"||t==="type"&&e.tagName==="TEXTAREA")return!1;if(t==="width"||t==="height"){const o=e.tagName;if(o==="IMG"||o==="VIDEO"||o==="CANVAS"||o==="SOURCE")return!1}return Js(t)&&Te(n)?!1:t in e}const Ju={esc:"escape",space:" ",up:"arrow-up",left:"arrow-left",right:"arrow-right",down:"arrow-down",delete:"backspace"},Qu=(e,t)=>{const n=e._withKeys||(e._withKeys={}),r=t.join(".");return n[r]||(n[r]=o=>{if(!("key"in o))return;const s=Nt(o.key);if(t.some(i=>i===s||Ju[i]===s))return e(o)})},Xu=Me({patchProp:Gu},Au);let ao,Qs=!1;function Zu(){return ao=Qs?ao:Qc(Xu),Qs=!0,ao}const ef=(...e)=>{const t=Zu().createApp(...e),{mount:n}=t;return t.mount=r=>{const o=nf(r);if(o)return n(o,!0,tf(o))},t};function tf(e){if(e instanceof SVGElement)return"svg";if(typeof MathMLElement=="function"&&e instanceof MathMLElement)return"mathml"}function nf(e){return Te(e)?document.querySelector(e):e}var rr=e=>/^[a-z][a-z0-9+.-]*:/.test(e)||e.startsWith("//"),rf=/.md((\?|#).*)?$/,of=(e,t="/")=>rr(e)||e.startsWith("/")&&!e.startsWith(t)&&!rf.test(e),Wr=e=>/^(https?:)?\/\//.test(e),Xs=e=>{if(!e||e.endsWith("/"))return e;let t=e.replace(/(^|\/)README.md$/i,"$1index.html");return t.endsWith(".md")?t=t.substring(0,t.length-3)+".html":t.endsWith(".html")||(t=t+".html"),t.endsWith("/index.html")&&(t=t.substring(0,t.length-10)),t},sf="http://.",lf=(e,t)=>{if(!e.startsWith("/")&&t){const n=t.slice(0,t.lastIndexOf("/"));return Xs(new URL(`${n}/${e}`,sf).pathname)}return Xs(e)},af=(e,t)=>{const n=Object.keys(e).sort((r,o)=>{const s=o.split("/").length-r.split("/").length;return s!==0?s:o.length-r.length});for(const r of n)if(t.startsWith(r))return r;return"/"},cf=/(#|\?)/,Rl=e=>{const[t,...n]=e.split(cf);return{pathname:t,hashAndQueries:n.join("")}},uf=["link","meta","script","style","noscript","template"],ff=["title","base"],df=([e,t,n])=>ff.includes(e)?e:uf.includes(e)?e==="meta"&&t.name?`${e}.${t.name}`:e==="template"&&t.id?`${e}.${t.id}`:JSON.stringify([e,Object.entries(t).map(([r,o])=>typeof o=="boolean"?o?[r,""]:null:[r,o]).filter(r=>r!=null).sort(([r],[o])=>r.localeCompare(o)),n]):null,pf=e=>{const t=new Set,n=[];return e.forEach(r=>{const o=df(r);o&&!t.has(o)&&(t.add(o),n.push(r))}),n},hf=e=>e[e.length-1]==="/"||e.endsWith(".html")?e:`${e}/`,Il=e=>e[e.length-1]==="/"?e.slice(0,-1):e,Ml=e=>e[0]==="/"?e.slice(1):e,Qo=e=>Object.prototype.toString.call(e)==="[object Object]",st=e=>typeof e=="string";const mf="modulepreload",gf=function(e){return"/"+e},Zs={},W=function(t,n,r){let o=Promise.resolve();if(n&&n.length>0){document.getElementsByTagName("link");const s=document.querySelector("meta[property=csp-nonce]"),i=(s==null?void 0:s.nonce)||(s==null?void 0:s.getAttribute("nonce"));o=Promise.all(n.map(l=>{if(l=gf(l),l in Zs)return;Zs[l]=!0;const a=l.endsWith(".css"),c=a?'[rel="stylesheet"]':"";if(document.querySelector(`link[href="${l}"]${c}`))return;const f=document.createElement("link");if(f.rel=a?"stylesheet":mf,a||(f.as="script",f.crossOrigin=""),f.href=l,i&&f.setAttribute("nonce",i),document.head.appendChild(f),a)return new Promise((u,h)=>{f.addEventListener("load",u),f.addEventListener("error",()=>h(new Error(`Unable to preload CSS for ${l}`)))})}))}return o.then(()=>t()).catch(s=>{const i=new Event("vite:preloadError",{cancelable:!0});if(i.payload=s,window.dispatchEvent(i),!i.defaultPrevented)throw s})},vf=JSON.parse("{}"),_f=Object.fromEntries([["/",{loader:()=>W(()=>import("./index.html-DYp44kH-.js"),[]),meta:{title:"Badrap Documentation"}}],["/categories.html",{loader:()=>W(()=>import("./categories.html-DHFdQeuC.js"),[]),meta:{title:"About different categories of attacks"}}],["/esg.html",{loader:()=>W(()=>import("./esg.html-B-sXe0jX.js"),[]),meta:{title:"Environmental, Social and Governance Policy - Badrap Oy"}}],["/faq.html",{loader:()=>W(()=>import("./faq.html-CyrcwVJL.js"),[]),meta:{title:"Frequently Asked Questions"}}],["/locate.html",{loader:()=>W(()=>import("./locate.html-FpRRIpQO.js"),[]),meta:{title:"How to locate a vulnerable device"}}],["/privacy-company.html",{loader:()=>W(()=>import("./privacy-company.html-BpFQf9Tm.js"),[]),meta:{title:"Privacy Policy for Badrap Oy"}}],["/privacy.html",{loader:()=>W(()=>import("./privacy.html-D6xKhr5P.js"),[]),meta:{title:"badrap.io Privacy Policy"}}],["/service-description.html",{loader:()=>W(()=>import("./service-description.html-DJ6wIeal.js"),[]),meta:{title:"Service Description"}}],["/tos.html",{loader:()=>W(()=>import("./tos.html-BLHOeTQv.js"),[]),meta:{title:"Badrap Terms of Service"}}],["/apps/aws.html",{loader:()=>W(()=>import("./aws.html-Bh8gskLW.js"),[]),meta:{title:"Amazon Web Services (AWS)"}}],["/apps/azure.html",{loader:()=>W(()=>import("./azure.html-CqSusn3v.js"),[]),meta:{title:"Microsoft Azure"}}],["/apps/beacon.html",{loader:()=>W(()=>import("./beacon.html-BgJyRTZZ.js"),[]),meta:{title:"SensorFu Beacon"}}],["/apps/fraktal.html",{loader:()=>W(()=>import("./fraktal.html-BaGDwWI4.js"),[]),meta:{title:"Fraktal AWS Audit"}}],["/apps/gcp.html",{loader:()=>W(()=>import("./gcp.html-DA2lRM9g.js"),[]),meta:{title:"Google Cloud Platform App"}}],["/apps/gworkspace.html",{loader:()=>W(()=>import("./gworkspace.html-Cl4MsvXD.js"),[]),meta:{title:"Google Workspace"}}],["/apps/https.html",{loader:()=>W(()=>import("./https.html-D9UwG-CF.js"),[]),meta:{title:"HTTPS App"}}],["/apps/o365.html",{loader:()=>W(()=>import("./o365.html-Cz9QI7tt.js"),[]),meta:{title:"Microsoft Office 365"}}],["/apps/traficom.html",{loader:()=>W(()=>import("./traficom.html-Bes53oE1.js"),[]),meta:{title:"Traficom"}}],["/fi/",{loader:()=>W(()=>import("./index.html-D-Eupwv8.js"),[]),meta:{title:"Badrapin suomenkieliset materiaalit"}}],["/fi/categories.html",{loader:()=>W(()=>import("./categories.html-CHrhoUi9.js"),[]),meta:{title:"Tietoa hyökkäyskategorioista"}}],["/fi/faq.html",{loader:()=>W(()=>import("./faq.html-fnlksrTh.js"),[]),meta:{title:"Usein kysytyt kysymykset"}}],["/fi/locate.html",{loader:()=>W(()=>import("./locate.html-BTg8wfWO.js"),[]),meta:{title:"Ongelmallisen laitteen paikallistaminen"}}],["/fi/privacy.html",{loader:()=>W(()=>import("./privacy.html-BS1mkR75.js"),[]),meta:{title:"badrap.io:n tietosuojaseloste"}}],["/types/abandoned-server.html",{loader:()=>W(()=>import("./abandoned-server.html-CzZKkeOi.js"),[]),meta:{title:"Abandoned Server"}}],["/types/attacksource.html",{loader:()=>W(()=>import("./attacksource.html-D5ck4RPG.js"),[]),meta:{title:"Attack Source"}}],["/types/databreach.html",{loader:()=>W(()=>import("./databreach.html-DFLl7qGa.js"),[]),meta:{title:"Data Breach"}}],["/types/dns.html",{loader:()=>W(()=>import("./dns.html-BdTVvgOc.js"),[]),meta:{title:"Open DNS service"}}],["/types/eol-server.html",{loader:()=>W(()=>import("./eol-server.html-2fY2sfE2.js"),[]),meta:{title:"End Of Life Server"}}],["/types/expired-certificate.html",{loader:()=>W(()=>import("./expired-certificate.html-DqdbSSoa.js"),[]),meta:{title:"Expired Certificate"}}],["/types/exposed-service.html",{loader:()=>W(()=>import("./exposed-service.html-B4B1NCQg.js"),[]),meta:{title:"Exposed Service"}}],["/types/malware-citeary.html",{loader:()=>W(()=>import("./malware-citeary.html-BxtxlIcc.js"),[]),meta:{title:"Problem description"}}],["/types/malware-ircbot.html",{loader:()=>W(()=>import("./malware-ircbot.html-BTulPxok.js"),[]),meta:{title:"Problem description"}}],["/types/malware-jadtre.html",{loader:()=>W(()=>import("./malware-jadtre.html-d1ucKSZW.js"),[]),meta:{title:"Problem description"}}],["/types/malware-palevo.html",{loader:()=>W(()=>import("./malware-palevo.html-Boo1fU5v.js"),[]),meta:{title:"Problem description"}}],["/types/malware-pushdo.html",{loader:()=>W(()=>import("./malware-pushdo.html-DONDTm8-.js"),[]),meta:{title:"Problem description"}}],["/types/malware-sality.html",{loader:()=>W(()=>import("./malware-sality.html-CrxZ6rRl.js"),[]),meta:{title:"Problem description"}}],["/types/malware-wapomi.html",{loader:()=>W(()=>import("./malware-wapomi.html-Df0oR1wU.js"),[]),meta:{title:"Problem description"}}],["/types/mdns.html",{loader:()=>W(()=>import("./mdns.html-D4_cfIYR.js"),[]),meta:{title:"Open mDNS service"}}],["/types/memcached.html",{loader:()=>W(()=>import("./memcached.html-DsN1quKH.js"),[]),meta:{title:"Open Memcached service"}}],["/types/netbios.html",{loader:()=>W(()=>import("./netbios.html-BEh2-T_X.js"),[]),meta:{title:"Open Netbios service"}}],["/types/ntp.html",{loader:()=>W(()=>import("./ntp.html-CLvCuuuW.js"),[]),meta:{title:"Open NTP service"}}],["/types/portscan.html",{loader:()=>W(()=>import("./portscan.html-MNpyhYS1.js"),[]),meta:{title:"Port Scan Source"}}],["/types/rdp.html",{loader:()=>W(()=>import("./rdp.html-BgPamftI.js"),[]),meta:{title:"Open RDP service"}}],["/types/smb.html",{loader:()=>W(()=>import("./smb.html-CN1PCiis.js"),[]),meta:{title:"Open SMB service"}}],["/types/snmp.html",{loader:()=>W(()=>import("./snmp.html-Cb4kpTd6.js"),[]),meta:{title:"Open SNMP service"}}],["/types/spamlist.html",{loader:()=>W(()=>import("./spamlist.html-DnKLsU8E.js"),[]),meta:{title:"Spam List"}}],["/types/subdomain.html",{loader:()=>W(()=>import("./subdomain.html-CHgc-oVW.js"),[]),meta:{title:"Subdomain Takeover Risk"}}],["/types/telnet.html",{loader:()=>W(()=>import("./telnet.html-CxdK7qUP.js"),[]),meta:{title:"Open Telnet service"}}],["/types/tftp.html",{loader:()=>W(()=>import("./tftp.html-wLx--ROU.js"),[]),meta:{title:"Open TFTP service"}}],["/types/vnc.html",{loader:()=>W(()=>import("./vnc.html-CKb8ICul.js"),[]),meta:{title:"Open VNC service"}}],["/fi/types/attacksource.html",{loader:()=>W(()=>import("./attacksource.html-BFD2US_b.js"),[]),meta:{title:"Verkkohyökkäysten lähde verkossasi"}}],["/fi/types/buildingautomation.html",{loader:()=>W(()=>import("./buildingautomation.html-CMUzwkIQ.js"),[]),meta:{title:"Taloautomaatiojärjestelmäsi on kytketty Internetiin"}}],["/fi/types/dns.html",{loader:()=>W(()=>import("./dns.html-o1Kj407y.js"),[]),meta:{title:"Liian avoin nimipalvelu"}}],["/fi/types/malware-citeary.html",{loader:()=>W(()=>import("./malware-citeary.html-Cs5r7x63.js"),[]),meta:{title:"Ongelman kuvaus"}}],["/fi/types/malware-ircbot.html",{loader:()=>W(()=>import("./malware-ircbot.html-BTV0OL6y.js"),[]),meta:{title:"Ongelman kuvaus"}}],["/fi/types/malware-jadtre.html",{loader:()=>W(()=>import("./malware-jadtre.html-B4Hl82W_.js"),[]),meta:{title:"Ongelman kuvaus"}}],["/fi/types/malware-palevo.html",{loader:()=>W(()=>import("./malware-palevo.html-BHD7L2m9.js"),[]),meta:{title:"Ongelman kuvaus"}}],["/fi/types/malware-pushdo.html",{loader:()=>W(()=>import("./malware-pushdo.html-BXDXWC9K.js"),[]),meta:{title:"Ongelman kuvaus"}}],["/fi/types/malware-sality.html",{loader:()=>W(()=>import("./malware-sality.html-CzpdG8qs.js"),[]),meta:{title:"Ongelman kuvaus"}}],["/fi/types/malware-wapomi.html",{loader:()=>W(()=>import("./malware-wapomi.html-Byrdd7CJ.js"),[]),meta:{title:"Ongelman kuvaus"}}],["/fi/types/mdns.html",{loader:()=>W(()=>import("./mdns.html-XmN1K66O.js"),[]),meta:{title:"Avoin mDNS-palvelu"}}],["/fi/types/memcached.html",{loader:()=>W(()=>import("./memcached.html-C0NSvPWW.js"),[]),meta:{title:"Avoin Memcached-palvelu"}}],["/fi/types/netbios.html",{loader:()=>W(()=>import("./netbios.html-DlreNynM.js"),[]),meta:{title:"Avoin NetBIOS-palvelu"}}],["/fi/types/ntp.html",{loader:()=>W(()=>import("./ntp.html-CkzsZXxg.js"),[]),meta:{title:"Avoin NTP-palvelu"}}],["/fi/types/portscan.html",{loader:()=>W(()=>import("./portscan.html-Celnu4C0.js"),[]),meta:{title:"Porttiskannausta havaittu verkostasi"}}],["/fi/types/smb.html",{loader:()=>W(()=>import("./smb.html-BiahTyun.js"),[]),meta:{title:"Avoin SMB-tiedostojakopalvelu"}}],["/fi/types/snmp.html",{loader:()=>W(()=>import("./snmp.html-BiBpPTxM.js"),[]),meta:{title:"Avoin SNMP-palvelu"}}],["/fi/types/telnet.html",{loader:()=>W(()=>import("./telnet.html-C0BLJASu.js"),[]),meta:{title:"Avoin Telnet-palvelu"}}],["/fi/types/tftp.html",{loader:()=>W(()=>import("./tftp.html-3wvTG_p0.js"),[]),meta:{title:"Avoin TFTP-palvelu"}}],["/404.html",{loader:()=>W(()=>import("./404.html-Bi_JhFm0.js"),[]),meta:{title:""}}]]);/*! * vue-router v4.4.3 * (c) 2024 Eduardo San Martin Morote * @license MIT diff --git a/assets/attacksource.html-D-YOJ_ca.js b/assets/attacksource.html-BFD2US_b.js similarity index 95% rename from assets/attacksource.html-D-YOJ_ca.js rename to assets/attacksource.html-BFD2US_b.js index 6a68a719..135fbfcd 100644 --- a/assets/attacksource.html-D-YOJ_ca.js +++ b/assets/attacksource.html-BFD2US_b.js @@ -1 +1 @@ -import{_ as i,c as s,a,d as t,b as n,w as o,e as l,r as k,o as u}from"./app-CxPUdK5a.js";const r={},h=l('

Verkkohyökkäysten lähde verkossasi

Ongelman kuvaus

Seuraamastasi IP-osoitteesta on havaittu lähtevän verkkohyökkäyksiä Internetiin. Yleensä tämä tarkoittaa että joku hallitsee laitetta verkoissasi ja käyttää sitä hyökkäyksiin muita netin käyttäjiä vastaan. Laitteesi avulla voidaan etsiä seuraavia uhreja hyökkäyksille, tunkeutua muiden laitteisiin tai verkkoihin, etsiä haavoittuvuuksia verkoissa ja käyttää niitä hyväksi, tai aiheuttaa häiriöitä erilaisten verkkopalveluiden toiminnalle.

Tietoturvatutkijat havaitsevat tämänkaltaisia hyökkäyksiä yleensä honeypot-laitteilla, jotka tarkkailevat niihin tulevaa verkkoliikennettä ja havaitsevat hyökkäysyrityksiä. Hyökkääjän IP-osoite ja hyökkäyksen tyyppi tallennetaan ja siitä voidaan ilmoittaa hyökkäävän laitteen tai verkon omistajalle. Usein myös hyökkäysten uhrit ilmoittavat hyökkäyksistä tietoturvatutkijoille tai tietoturvaviranomaisille.

Korjausehdotuksia

',5),v=a("p",null,"Kun olet paikallistanut laitteen, suosittelemme resetoimaan sen tehdasasetuksille ja konfiguroimaan uudestaan tai asentamaan laitteen käyttöjärjestelmän kokonaan uudestaan. Jos laitteesi on otettu luvattomaan käyttöön ja se lähettää ulospäin hyökkäyksiä, yleensä on liian hankalaa yrittää puhdistaa haittakoodin jälkiä ilman täydellistä laitteen resetointia.",-1),y=a("p",null,"Kun olet resetoinut laitteen tai asentanut sen uudestaan, sinun tulisi asentaa siihen kaikki saatavilla olevat ohjelmistopäivitykset, jotta laite saadaan suojattua uusilta haltuunottoyrityksiltä. Jos tietoturvapäivityksiä ei ole laitteellesi saatavilla, sinun kannattaa harkita laitteen päivittämistä uuteen versioon tai kokonaan eri malliin, johon on saatavilla säännöllisiä tietoturvapäivityksiä.",-1);function d(m,c){const e=k("RouteLink");return u(),s("div",null,[h,a("p",null,[t("Ensiksi sinun tulisi tunnistaa laite, joka lähettää hyökkäyksiä ulospäin. "),n(e,{to:"/fi/locate.html"},{default:o(()=>[t("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),v,y])}const j=i(r,[["render",d],["__file","attacksource.html.vue"]]),_=JSON.parse('{"path":"/fi/types/attacksource.html","title":"Verkkohyökkäysten lähde verkossasi","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/attacksource.md"}');export{j as comp,_ as data}; +import{_ as i,c as s,a,d as t,b as n,w as o,e as l,r as k,o as u}from"./app-DhWbOGxr.js";const r={},h=l('

Verkkohyökkäysten lähde verkossasi

Ongelman kuvaus

Seuraamastasi IP-osoitteesta on havaittu lähtevän verkkohyökkäyksiä Internetiin. Yleensä tämä tarkoittaa että joku hallitsee laitetta verkoissasi ja käyttää sitä hyökkäyksiin muita netin käyttäjiä vastaan. Laitteesi avulla voidaan etsiä seuraavia uhreja hyökkäyksille, tunkeutua muiden laitteisiin tai verkkoihin, etsiä haavoittuvuuksia verkoissa ja käyttää niitä hyväksi, tai aiheuttaa häiriöitä erilaisten verkkopalveluiden toiminnalle.

Tietoturvatutkijat havaitsevat tämänkaltaisia hyökkäyksiä yleensä honeypot-laitteilla, jotka tarkkailevat niihin tulevaa verkkoliikennettä ja havaitsevat hyökkäysyrityksiä. Hyökkääjän IP-osoite ja hyökkäyksen tyyppi tallennetaan ja siitä voidaan ilmoittaa hyökkäävän laitteen tai verkon omistajalle. Usein myös hyökkäysten uhrit ilmoittavat hyökkäyksistä tietoturvatutkijoille tai tietoturvaviranomaisille.

Korjausehdotuksia

',5),v=a("p",null,"Kun olet paikallistanut laitteen, suosittelemme resetoimaan sen tehdasasetuksille ja konfiguroimaan uudestaan tai asentamaan laitteen käyttöjärjestelmän kokonaan uudestaan. Jos laitteesi on otettu luvattomaan käyttöön ja se lähettää ulospäin hyökkäyksiä, yleensä on liian hankalaa yrittää puhdistaa haittakoodin jälkiä ilman täydellistä laitteen resetointia.",-1),y=a("p",null,"Kun olet resetoinut laitteen tai asentanut sen uudestaan, sinun tulisi asentaa siihen kaikki saatavilla olevat ohjelmistopäivitykset, jotta laite saadaan suojattua uusilta haltuunottoyrityksiltä. Jos tietoturvapäivityksiä ei ole laitteellesi saatavilla, sinun kannattaa harkita laitteen päivittämistä uuteen versioon tai kokonaan eri malliin, johon on saatavilla säännöllisiä tietoturvapäivityksiä.",-1);function d(m,c){const e=k("RouteLink");return u(),s("div",null,[h,a("p",null,[t("Ensiksi sinun tulisi tunnistaa laite, joka lähettää hyökkäyksiä ulospäin. "),n(e,{to:"/fi/locate.html"},{default:o(()=>[t("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),v,y])}const j=i(r,[["render",d],["__file","attacksource.html.vue"]]),_=JSON.parse('{"path":"/fi/types/attacksource.html","title":"Verkkohyökkäysten lähde verkossasi","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/attacksource.md"}');export{j as comp,_ as data}; diff --git a/assets/attacksource.html-ngYGtnxE.js b/assets/attacksource.html-D5ck4RPG.js similarity index 95% rename from assets/attacksource.html-ngYGtnxE.js rename to assets/attacksource.html-D5ck4RPG.js index e8069db1..e448976e 100644 --- a/assets/attacksource.html-ngYGtnxE.js +++ b/assets/attacksource.html-D5ck4RPG.js @@ -1 +1 @@ -import{_ as s,c as o,a as e,d as t,b as r,w as i,e as n,r as c,o as l}from"./app-CxPUdK5a.js";const d={},h=n('

Attack Source

Problem description

This IP has been identified as a source of attacks. Usually this means that someone else is controlling your device and using it to attack others. Your device may be used to find new victims to infect, gain unauthorized access to to other devices, scan networks for vulnerabilities and try to exploit them, or cause disruption to normal Internet services.

These forms of attacks are detected automatically by researchers with devices called honeypots, which simply listen for attack attempts and record the attacker IP address and attack type when an attack is detected. Sometimes also the victims of these attack attempts alert researchers that they have seen an attack from a particular IP.

Our research partner Deutsche Telekom Honeypot Project operates a network of honeypots around the world as part of their Cyber Early Warning System.

Suggestions for repair

',6),u=e("p",null,"After you find the correct device, we recommend you to reset it to its factory settings or perform a full reinstall of the operating system. If your device is compromised and sending out attacks, it is usually too complex to try to clean the system without a full reset.",-1),p=e("p",null,"After you reset the device or reinstall the operating system, you should install all of the latest software updates to make sure your system will not be compromised in the same way again. If no security updates are available, you might consider switching to a different device, which is updated against known vulnerabilities.",-1);function m(f,y){const a=c("RouteLink");return l(),o("div",null,[h,e("p",null,[t("First of all you need to identify the device which is sending out these attacks. "),r(a,{to:"/locate.html"},{default:i(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),u,p])}const k=s(d,[["render",m],["__file","attacksource.html.vue"]]),v=JSON.parse('{"path":"/types/attacksource.html","title":"Attack Source","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/attacksource.md"}');export{k as comp,v as data}; +import{_ as s,c as o,a as e,d as t,b as r,w as i,e as n,r as c,o as l}from"./app-DhWbOGxr.js";const d={},h=n('

Attack Source

Problem description

This IP has been identified as a source of attacks. Usually this means that someone else is controlling your device and using it to attack others. Your device may be used to find new victims to infect, gain unauthorized access to to other devices, scan networks for vulnerabilities and try to exploit them, or cause disruption to normal Internet services.

These forms of attacks are detected automatically by researchers with devices called honeypots, which simply listen for attack attempts and record the attacker IP address and attack type when an attack is detected. Sometimes also the victims of these attack attempts alert researchers that they have seen an attack from a particular IP.

Our research partner Deutsche Telekom Honeypot Project operates a network of honeypots around the world as part of their Cyber Early Warning System.

Suggestions for repair

',6),u=e("p",null,"After you find the correct device, we recommend you to reset it to its factory settings or perform a full reinstall of the operating system. If your device is compromised and sending out attacks, it is usually too complex to try to clean the system without a full reset.",-1),p=e("p",null,"After you reset the device or reinstall the operating system, you should install all of the latest software updates to make sure your system will not be compromised in the same way again. If no security updates are available, you might consider switching to a different device, which is updated against known vulnerabilities.",-1);function m(f,y){const a=c("RouteLink");return l(),o("div",null,[h,e("p",null,[t("First of all you need to identify the device which is sending out these attacks. "),r(a,{to:"/locate.html"},{default:i(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),u,p])}const k=s(d,[["render",m],["__file","attacksource.html.vue"]]),v=JSON.parse('{"path":"/types/attacksource.html","title":"Attack Source","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/attacksource.md"}');export{k as comp,v as data}; diff --git a/assets/aws.html-BWuIiana.js b/assets/aws.html-Bh8gskLW.js similarity index 98% rename from assets/aws.html-BWuIiana.js rename to assets/aws.html-Bh8gskLW.js index 74e67654..10705b0e 100644 --- a/assets/aws.html-BWuIiana.js +++ b/assets/aws.html-Bh8gskLW.js @@ -1,4 +1,4 @@ -import{_ as e,c as a,o as n,e as s}from"./app-CxPUdK5a.js";const t="/assets/aws-external-id-KXMDF9XD.jpg",o="/assets/aws-another-aws-account-BnXmpAMM.jpg",l="/assets/aws-external-id2-jC-haemY.jpg",i="/assets/aws-create-policy-C0ZjIKAR.jpg",p="/assets/aws-return-DMNW4kla.jpg",r="/assets/aws-90-delete-role-BFowZfQd.png",c="/assets/aws-92-delete-policy-BeLxMmIl.png",d={},u=s('

Amazon Web Services (AWS)

This app allows you to synchronize your AWS assets into Badrap and receive security notifications about them. The app needs to be installed and enabled under your Badrap user account to get started. The app fetches a list of your organization's public IP addresses from your AWS installation with your consent, and adds those assets under your Badrap user account. Below, we describe the actions needed in Badrap. We also explain what you need to do in AWS to grant the minimum permissions for Badrap to fetch the public IP addresses.

Install the AWS app in Badrap

  1. Open the AWS app page.
  2. Install the app.
  3. Take note of the External ID value that the app has generated for you. You'll need this later.

External Id

Create Required AWS Role & Policy

Setting up the Badrap app with Amazon Web Services requires configuring role delegation using AWS IAM.

  1. Create a new role in the AWS IAM console.

  2. Select Another AWS account for the role type.

  3. Enter 808384617942 (Badrap's Account ID) as the Account ID. Another AWS Acocount

  4. Check the Require external ID option, and enter the External ID that the app generated for you earlier as the External ID.

  5. Leave the Require MFA option unchecked.

  6. Click Next: Permissions. External Id

  7. If you've already created a policy, skip the following substeps. Otherwise click Create Policy, which opens a new window. Create Policy

    1. Select the JSON tab and enter the following policy snippet into the text box:
    {
+import{_ as e,c as a,o as n,e as s}from"./app-DhWbOGxr.js";const t="/assets/aws-external-id-KXMDF9XD.jpg",o="/assets/aws-another-aws-account-BnXmpAMM.jpg",l="/assets/aws-external-id2-jC-haemY.jpg",i="/assets/aws-create-policy-C0ZjIKAR.jpg",p="/assets/aws-return-DMNW4kla.jpg",r="/assets/aws-90-delete-role-BFowZfQd.png",c="/assets/aws-92-delete-policy-BeLxMmIl.png",d={},u=s('
    Amazon Web Services (AWS)
    This app allows you to synchronize your AWS assets into Badrap and receive security notifications about them. The app needs to be installed and enabled under your Badrap user account to get started. The app fetches a list of your organization's public IP addresses from your AWS installation with your consent, and adds those assets under your Badrap user account. Below, we describe the actions needed in Badrap. We also explain what you need to do in AWS to grant the minimum permissions for Badrap to fetch the public IP addresses.
    Install the AWS app in Badrap
    1. Open the AWS app page.
    2. Install the app.
    3. Take note of the External ID value that the app has generated for you. You'll need this later.
    External Id
    Create Required AWS Role & Policy
    Setting up the Badrap app with Amazon Web Services requires configuring role delegation using AWS IAM.
    1. Create a new role in the AWS IAM console.
    2. Select Another AWS account for the role type.
    3. Enter 808384617942 (Badrap's Account ID) as the Account ID. Another AWS Acocount
    4. Check the Require external ID option, and enter the External ID that the app generated for you earlier as the External ID.
    5. Leave the Require MFA option unchecked.
    6. Click Next: Permissions. External Id
    7. If you've already created a policy, skip the following substeps. Otherwise click Create Policy, which opens a new window. Create Policy
      1. Select the JSON tab and enter the following policy snippet into the text box:
      {
   "Version": "2012-10-17",
   "Statement": [
     {
@@ -16,4 +16,4 @@ import{_ as e,c as a,o as n,e as s}from"./app-CxPUdK5a.js";const t="/assets/aws-
     }
   ]
 }
-
      1. Click Review policy.
      2. Name the policy (e.g., BadrapAppPolicy).
      3. Click Create policy
      4. Return to the Create role window.
      5. Refresh the list of policies
    8. Select the BadrapAppPolicy Create Policy
    9. Click Next: Tags.
    10. Click Next: Review.
    11. Name the role (e.g., BadrapAppRole).
    12. Click Create role.
    Finish the Installation
    1. Return to the AWS app page.
    2. Enter your AWS Account ID into the Account ID field.
    3. Enter the name of the AWS role you created earlier. Note that the role name is case sensitive!
    4. Click Add.
    Uninstalling the app
    If you want to stop using the Badrap AWS app, you can uninstall it from your Badrap AWS app page.
    Then you can clean up the app role and policy definitions from your AWS IAM console.
    1. Under the Roles section, search for the role you created earlier (e.g. "BadrapTestAppRole") and select Delete.
    1. Under the Policies section, search for the policy you created and connected to the role (e.g. "BadrapTestAppPolicy"), and from the Policy actions drop-down menu select Delete.
    That's it, you have successfully uninstalled the Badrap AWS app and cleaned up its configuration from your AWS installation.
    ',18),h=[u];function m(g,k){return n(),a("div",null,h)}const v=e(d,[["render",m],["__file","aws.html.vue"]]),y=JSON.parse('{"path":"/apps/aws.html","title":"Amazon Web Services (AWS)","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Install the AWS app in Badrap","slug":"install-the-aws-app-in-badrap","link":"#install-the-aws-app-in-badrap","children":[]},{"level":2,"title":"Create Required AWS Role & Policy","slug":"create-required-aws-role-policy","link":"#create-required-aws-role-policy","children":[]},{"level":2,"title":"Finish the Installation","slug":"finish-the-installation","link":"#finish-the-installation","children":[]},{"level":2,"title":"Uninstalling the app","slug":"uninstalling-the-app","link":"#uninstalling-the-app","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"apps/aws.md"}');export{v as comp,y as data};
+
    1. Click Review policy.
    2. Name the policy (e.g., BadrapAppPolicy).
    3. Click Create policy
    4. Return to the Create role window.
    5. Refresh the list of policies

  8. Select the BadrapAppPolicy Create Policy

  9. Click Next: Tags.

  10. Click Next: Review.

  11. Name the role (e.g., BadrapAppRole).

  12. Click Create role.

Finish the Installation

  1. Return to the AWS app page.
  2. Enter your AWS Account ID into the Account ID field.
  3. Enter the name of the AWS role you created earlier. Note that the role name is case sensitive!
  4. Click Add.

Uninstalling the app

If you want to stop using the Badrap AWS app, you can uninstall it from your Badrap AWS app page.

Then you can clean up the app role and policy definitions from your AWS IAM console.

  1. Under the Roles section, search for the role you created earlier (e.g. "BadrapTestAppRole") and select Delete.
  1. Under the Policies section, search for the policy you created and connected to the role (e.g. "BadrapTestAppPolicy"), and from the Policy actions drop-down menu select Delete.

That's it, you have successfully uninstalled the Badrap AWS app and cleaned up its configuration from your AWS installation.

',18),h=[u];function m(g,k){return n(),a("div",null,h)}const v=e(d,[["render",m],["__file","aws.html.vue"]]),y=JSON.parse('{"path":"/apps/aws.html","title":"Amazon Web Services (AWS)","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Install the AWS app in Badrap","slug":"install-the-aws-app-in-badrap","link":"#install-the-aws-app-in-badrap","children":[]},{"level":2,"title":"Create Required AWS Role & Policy","slug":"create-required-aws-role-policy","link":"#create-required-aws-role-policy","children":[]},{"level":2,"title":"Finish the Installation","slug":"finish-the-installation","link":"#finish-the-installation","children":[]},{"level":2,"title":"Uninstalling the app","slug":"uninstalling-the-app","link":"#uninstalling-the-app","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"apps/aws.md"}');export{v as comp,y as data}; diff --git a/assets/azure.html-B8TmmYq2.js b/assets/azure.html-CqSusn3v.js similarity index 99% rename from assets/azure.html-B8TmmYq2.js rename to assets/azure.html-CqSusn3v.js index 0f7d56c6..3a4f910d 100644 --- a/assets/azure.html-B8TmmYq2.js +++ b/assets/azure.html-CqSusn3v.js @@ -1,4 +1,4 @@ -import{_ as a,c as i,o as n,e as r}from"./app-CxPUdK5a.js";const l="/assets/azure-10-install-DpCNcBBt.png",o="/assets/azure-20-consent-CP6F7E5f.png",e="/assets/azure-30-add-account-OOPC7BpR.png",t="/assets/azure-99-assets-B8APUQrF.png",s="/assets/azure-50-portal-CqsQVvll.png",p="/assets/azure-54-appreg-CKFYBmvH.png",d="/assets/azure-58-newreg-BfSbEkzI.png",u="/assets/azure-60-search-subs-eB_26A8X.png",c="/assets/azure-64-choose-sub-BgOcGk8E.png",h="/assets/azure-68-iam-CF1rqgCu.png",m="/assets/azure-70-add-role-BomN28ri.png",g="/assets/azure-74-role-details-CZ2Q6ERC.png",v="/assets/azure-75-add-custom-role-CYgyHUZa.png",b="/assets/azure-76-custom-role-basics-D1GwTJwU.png",y="/assets/azure-77-custom-role-json-BlkQrsFC.png",q="/assets/azure-78-select-app-2KkbvB8p.png",f="/assets/azure-80-copy-values-Dv6tDm1I.png",x="/assets/azure-84-client-secret--jg_xWhs.png",z="/assets/azure-90-appreg-cleanup-DFHKRIhb.png",A="/assets/azure-92-appreg-delete-14MDQEtf.png",w="/assets/azure-94-appreg-delete-perm-B3r4Yn8h.png",_="/assets/azure-96-customrole-remove-DJL4DAu8.png",C={},k=r('

Microsoft Azure

This app allows you to synchronize your Microsoft Azure assets into Badrap and to receive security notifications about them. The app fetches a list of your organization's public network assets from your Azure installation with your consent, and adds those assets under your Badrap user account. The asset types listed are:

  • Public IP addresses from your Azure installation
  • DNS records (A, AAAA, CNAME, MX, NS) from all public DNS zones managed by Azure
  • Azure DNS alias records

Install the Azure app in Badrap

Anyone can install the Azure app in Badrap, but you will need Global Administrator, Application Administrator or Cloud Application Administrator level privileges to enable the app to access your Azure installation and to list your assets from there. If you do not have administrator role privileges, refer your administrator to these instructions and ask them to help you with the app configuration.

  1. Open the Azure app page.

  2. The app asks for your consent to create & manage new assets. Click Install the app.

    The Azure app is now installed. Next, you have to create a service principal for the app in your Azure installation, and to provide its configuration details to the app settings. You can do this either by using the Azure CLI (incredibly easy) or your Azure Portal (still easy).

Using the Azure CLI

Note that installing Azure CLI to your computer is outside of the scope of this guide. You can use Microsoft's Azure CLI installation instructions to get started if you haven't installed it previously.

  1. Log into Azure using your Azure CLI utility.

    az login
+import{_ as a,c as i,o as n,e as r}from"./app-DhWbOGxr.js";const l="/assets/azure-10-install-DpCNcBBt.png",o="/assets/azure-20-consent-CP6F7E5f.png",e="/assets/azure-30-add-account-OOPC7BpR.png",t="/assets/azure-99-assets-B8APUQrF.png",s="/assets/azure-50-portal-CqsQVvll.png",p="/assets/azure-54-appreg-CKFYBmvH.png",d="/assets/azure-58-newreg-BfSbEkzI.png",u="/assets/azure-60-search-subs-eB_26A8X.png",c="/assets/azure-64-choose-sub-BgOcGk8E.png",h="/assets/azure-68-iam-CF1rqgCu.png",m="/assets/azure-70-add-role-BomN28ri.png",g="/assets/azure-74-role-details-CZ2Q6ERC.png",v="/assets/azure-75-add-custom-role-CYgyHUZa.png",b="/assets/azure-76-custom-role-basics-D1GwTJwU.png",y="/assets/azure-77-custom-role-json-BlkQrsFC.png",q="/assets/azure-78-select-app-2KkbvB8p.png",f="/assets/azure-80-copy-values-Dv6tDm1I.png",x="/assets/azure-84-client-secret--jg_xWhs.png",z="/assets/azure-90-appreg-cleanup-DFHKRIhb.png",A="/assets/azure-92-appreg-delete-14MDQEtf.png",w="/assets/azure-94-appreg-delete-perm-B3r4Yn8h.png",_="/assets/azure-96-customrole-remove-DJL4DAu8.png",C={},k=r('
    Microsoft Azure
    This app allows you to synchronize your Microsoft Azure assets into Badrap and to receive security notifications about them. The app fetches a list of your organization's public network assets from your Azure installation with your consent, and adds those assets under your Badrap user account. The asset types listed are:
    • Public IP addresses from your Azure installation
    • DNS records (A, AAAA, CNAME, MX, NS) from all public DNS zones managed by Azure
    • Azure DNS alias records
    Install the Azure app in Badrap
    Anyone can install the Azure app in Badrap, but you will need Global Administrator, Application Administrator or Cloud Application Administrator level privileges to enable the app to access your Azure installation and to list your assets from there. If you do not have administrator role privileges, refer your administrator to these instructions and ask them to help you with the app configuration.
    1. Open the Azure app page.
    2. The app asks for your consent to create & manage new assets. Click Install the app.
      The Azure app is now installed. Next, you have to create a service principal for the app in your Azure installation, and to provide its configuration details to the app settings. You can do this either by using the Azure CLI (incredibly easy) or your Azure Portal (still easy).
    Using the Azure CLI
    Note that installing Azure CLI to your computer is outside of the scope of this guide. You can use Microsoft's Azure CLI installation instructions to get started if you haven't installed it previously.
    1. Log into Azure using your Azure CLI utility.
      az login
 
    2. List your subscription details:
      az account show
 
      The listing will look like this:
      {
   "environmentName": "AzureCloud",
@@ -68,4 +68,4 @@ import{_ as a,c as i,o as n,e as r}from"./app-CxPUdK5a.js";const l="/assets/azur
 
      Review the custom role one more time in the Review+create tab, and then select Create.
      Then, assign the custom role to the app service principal by following steps 8-10 above, but substituting your custom role name (e.g. "CustomReaderBadrapApp") in place of the Reader role in step 9.
    3. After you have assigned the necessary role for the service principal, you need to create a client secret for the app. Under App Registrations, select the application you created.
    4. Note down the Directory (tenant) ID and Application (client) ID values.
    5. Under the same app, select Certificates and Secrets in the Manage menu.
    6. Under "Client secrets", click on New Client Secret.
    7. For the description field, you can use e.g. badrapClientSecret. Select a suitable time for expiration (e.g. one year), and click Add.
    8. Note down the Value field from the generated client secret.
    9. Under your Badrap Azure app settings, add a new account. Copy the Directory (tenant) ID, Application (client) ID and client secret values you noted down earlier into the Badrap Azure app settings.
    10. Click Add account to save your settings.
    11. In a few minutes after the app has been configured into use, you should see a listing of your Azure assets under My Assets.
    Uninstalling the app
    If you want to stop using the Badrap Azure app, you should uninstall it from your Badrap Azure app page. Then you can clean up the app configuration from your Azure AD installation using either Azure CLI or your Azure Portal dashboard.
    Cleaning up via Azure CLI
    1. If you want to clean up your Azure configuration using the Azure CLI, just delete the service principal with the az ad sp delete command:
      az ad sp delete --id http://BadrapAzureApp
 
      The output of the command should look like this:
      Removing role assignments
 
    2. If you assigned a custom role for the service principal during the app registration, you can delete the custom role with this CLI command:
      az role definition delete --name "CustomReaderBadrapApp"
-
      You've now successfully cleaned up your Azure configuration.
    Cleaning up via Azure Portal
    1. If you want to clean up your Azure configuration using your Azure Portal, first log into the portal and select Azure Active Directory from the sidebar.
    2. Navigate to App Registrations.
    3. Click on the app that you created earlier, e.g. "Badrap Azure App".
    4. Select Delete from the actions at the top.
    5. This action will disable the app registration and move the app under the Deleted applications list on the App Registrations page.
    6. To delete the app registration and all its dependencies permanently, go to "Deleted applications", select the application (e.g. "Badrap Azure App"), and then choose Delete permanently.
    7. If you created a custom role for your service principal instead of using the default Reader role, go to "Subscriptions" view, select your subscription, go to the "Access control (IAM)" menu, select "Roles", search for your custom role (e.g. "CustomReaderBadrapApp"), select the custom role, and click "Remove".
    8. You've now successfully cleaned up your Azure configuration.
    ',17),I=[k];function B(R,D){return n(),i("div",null,I)}const S=a(C,[["render",B],["__file","azure.html.vue"]]),T=JSON.parse('{"path":"/apps/azure.html","title":"Microsoft Azure","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Install the Azure app in Badrap","slug":"install-the-azure-app-in-badrap","link":"#install-the-azure-app-in-badrap","children":[]},{"level":2,"title":"Using the Azure CLI","slug":"using-the-azure-cli","link":"#using-the-azure-cli","children":[]},{"level":2,"title":"Using Azure Portal","slug":"using-azure-portal","link":"#using-azure-portal","children":[]},{"level":2,"title":"Uninstalling the app","slug":"uninstalling-the-app","link":"#uninstalling-the-app","children":[{"level":3,"title":"Cleaning up via Azure CLI","slug":"cleaning-up-via-azure-cli","link":"#cleaning-up-via-azure-cli","children":[]},{"level":3,"title":"Cleaning up via Azure Portal","slug":"cleaning-up-via-azure-portal","link":"#cleaning-up-via-azure-portal","children":[]}]}],"git":{"updatedTime":1723117730000},"filePathRelative":"apps/azure.md"}');export{S as comp,T as data};
+
    You've now successfully cleaned up your Azure configuration.

Cleaning up via Azure Portal

  1. If you want to clean up your Azure configuration using your Azure Portal, first log into the portal and select Azure Active Directory from the sidebar.

  2. Navigate to App Registrations.

  3. Click on the app that you created earlier, e.g. "Badrap Azure App".

  4. Select Delete from the actions at the top.

  5. This action will disable the app registration and move the app under the Deleted applications list on the App Registrations page.

  6. To delete the app registration and all its dependencies permanently, go to "Deleted applications", select the application (e.g. "Badrap Azure App"), and then choose Delete permanently.

  7. If you created a custom role for your service principal instead of using the default Reader role, go to "Subscriptions" view, select your subscription, go to the "Access control (IAM)" menu, select "Roles", search for your custom role (e.g. "CustomReaderBadrapApp"), select the custom role, and click "Remove".

  8. You've now successfully cleaned up your Azure configuration.

',17),I=[k];function B(R,D){return n(),i("div",null,I)}const S=a(C,[["render",B],["__file","azure.html.vue"]]),T=JSON.parse('{"path":"/apps/azure.html","title":"Microsoft Azure","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Install the Azure app in Badrap","slug":"install-the-azure-app-in-badrap","link":"#install-the-azure-app-in-badrap","children":[]},{"level":2,"title":"Using the Azure CLI","slug":"using-the-azure-cli","link":"#using-the-azure-cli","children":[]},{"level":2,"title":"Using Azure Portal","slug":"using-azure-portal","link":"#using-azure-portal","children":[]},{"level":2,"title":"Uninstalling the app","slug":"uninstalling-the-app","link":"#uninstalling-the-app","children":[{"level":3,"title":"Cleaning up via Azure CLI","slug":"cleaning-up-via-azure-cli","link":"#cleaning-up-via-azure-cli","children":[]},{"level":3,"title":"Cleaning up via Azure Portal","slug":"cleaning-up-via-azure-portal","link":"#cleaning-up-via-azure-portal","children":[]}]}],"git":{"updatedTime":1723118227000},"filePathRelative":"apps/azure.md"}');export{S as comp,T as data}; diff --git a/assets/beacon.html-BOY3vzUm.js b/assets/beacon.html-BgJyRTZZ.js similarity index 92% rename from assets/beacon.html-BOY3vzUm.js rename to assets/beacon.html-BgJyRTZZ.js index cb1fa34e..026dfc65 100644 --- a/assets/beacon.html-BOY3vzUm.js +++ b/assets/beacon.html-BgJyRTZZ.js @@ -1 +1 @@ -import{_ as e,c as a,o as n,e as l}from"./app-CxPUdK5a.js";const t="/assets/beacon-DOERU7j7.jpg",o={},s=l('

SensorFu Beacon

Synchronize assets from SensorFu Beacon Home to Badrap.

Install App

  1. Open Beacon app page
  2. Click install
  3. Review the permission the app requests. Click Install the app
  4. Add home name and token you've received from SensorFu

Beacon App

  1. You're done

Uninstalling the app

  1. Open the Beacon app page and click Uninstall.
  2. Shut down and optionally erase beacons that you have been running.
  3. You're done!
',8),p=[s];function i(r,c){return n(),a("div",null,p)}const d=e(o,[["render",i],["__file","beacon.html.vue"]]),u=JSON.parse('{"path":"/apps/beacon.html","title":"SensorFu Beacon","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Install App","slug":"install-app","link":"#install-app","children":[]},{"level":2,"title":"Uninstalling the app","slug":"uninstalling-the-app","link":"#uninstalling-the-app","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"apps/beacon.md"}');export{d as comp,u as data}; +import{_ as e,c as a,o as n,e as l}from"./app-DhWbOGxr.js";const t="/assets/beacon-DOERU7j7.jpg",o={},s=l('

SensorFu Beacon

Synchronize assets from SensorFu Beacon Home to Badrap.

Install App

  1. Open Beacon app page
  2. Click install
  3. Review the permission the app requests. Click Install the app
  4. Add home name and token you've received from SensorFu

Beacon App

  1. You're done

Uninstalling the app

  1. Open the Beacon app page and click Uninstall.
  2. Shut down and optionally erase beacons that you have been running.
  3. You're done!
',8),p=[s];function i(r,c){return n(),a("div",null,p)}const d=e(o,[["render",i],["__file","beacon.html.vue"]]),u=JSON.parse('{"path":"/apps/beacon.html","title":"SensorFu Beacon","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Install App","slug":"install-app","link":"#install-app","children":[]},{"level":2,"title":"Uninstalling the app","slug":"uninstalling-the-app","link":"#uninstalling-the-app","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"apps/beacon.md"}');export{d as comp,u as data}; diff --git a/assets/buildingautomation.html-B-8ENF89.js b/assets/buildingautomation.html-CMUzwkIQ.js similarity index 98% rename from assets/buildingautomation.html-B-8ENF89.js rename to assets/buildingautomation.html-CMUzwkIQ.js index ca355a7b..8cc2b07f 100644 --- a/assets/buildingautomation.html-B-8ENF89.js +++ b/assets/buildingautomation.html-CMUzwkIQ.js @@ -1 +1 @@ -import{_ as a,c as t,o as i,e}from"./app-CxPUdK5a.js";const s={},n=e('

Taloautomaatiojärjestelmäsi on kytketty Internetiin

Verkossasi on havaittu Internetiin kytketty taloautomaatiojärjestelmä, jolla voidaan kontrolloida rakennuksesi valaistusta, lämmitystä, ilmanvaihtoa ja muita toimintoja. Koska järjestelmä on näkyvissä koko maailmalle Internetin välityksellä, sitä voidaan yrittää käyttää luvattomasti. Jos joku pääsee tunkeutumaan järjestelmään sisälle, hän voi aiheuttaa talollesi ja sen asukkaille vahinkoa tai jopa hengenvaaran muuttamalla talotekniikan asetuksia. Sinun tulisi estää pääsy järjestelmään, jotta talosi olisi suojassa vahingoilta.

Mitä on tapahtunut?

Maaliskuun 2019 alussa Yle Areenassa julkaistiin tietoturvaa käsittelevä 6-osainen ohjelmasarja Team Whack. Yhdessä sarjan jaksoista tietoturvatutkijat etsivät Suomesta Internetiin kytkettyjä Fidelix-merkkisiä taloautomaatiojärjestelmiä ja osoittivat, miten luvattomat käyttäjät voivat päästä varsin helposti muuttamaan talotekniikan asetuksia. Tietoturvatutkijat raportoivat löytämänsä haavoittuvuudet Viestintävirastolle yhteistyössä laitevalmistajan kanssa. Me, eli Badrap ja Remod, autamme nyt haavoittuvien järjestelmien omistajia kuulemaan ongelmasta, ymmärtämään sen vakavuuden ja korjaamaan tilanteen.

Mikä tässä on vaarana?

Taloautomaatiojärjestelmien ei kuulu missään nimessä olla auki Internetiin. Sekä Viestintäviraston Kyberturvallisuuskeskus että taloautomaatiojärjestelmien suomalainen valmistaja Fidelix varoittavat pitämästä järjestelmiä avoimissa verkoissa.

Jos taloautomaatiolaitteistot ovat koko maailman käytettävissä, niitä voi löytää helposti erilaisilla hakukoneilla ja yrittää väärinkäyttää. Pahantahtoiset tunkeilijat voivat kokeilla arvata järjestelmän salasanoja. Usein järjestelmissä on vielä päällä oletussalasanat, jotka ovat hyvin helppoja arvata tai jo valmiiksi tunkeilijoiden tiedossa. Hyökkääjät voivat myös ohittaa salasanatarkistuksen kokonaan järjestelmän tietoturvahaavoittuvuuksien avulla. Palvelunestohyökkäyksellä järjestelmän toimintaa voidaan haitata tai estää kokonaan kohdistamalla järjestelmään poikkeuksellisen paljon verkkoliikennettä Internetistä, vaikka itse järjestelmään ei pääsisikään kirjautumaan sisälle.

Kun hyökkääjä pääsee sisään Internetiin kytkettyyn taloautomaatiojärjestelmään, hän voi hallita monia talon asetuksia. Järjestelmillä voi yleisesti ohjata talon valaistusta, lämmitystä, ilmanvaihtoa ja muita elintärkeitä toimintoja. Hyökkääjä voi myös vaihtaa järjestelmän salasanat, jonka jälkeen oikeat käyttäjät kuten huoltoyhtiö, laitetoimittaja tai isännöitsijä eivät pääse siihen enää sisään. Jos järjestelmääsi hyökätään, pahimmillaan hyökkääjä voi aiheuttaa rakennuksen käyttäjille mitä tahansa lievän epämukavuuden ja jopa hengenvaaran väliltä.

Miksi häiritsette minua?

Tietoturvatutkijat ovat havainneet sinun verkossasi Internetiin kytketyn Fidelix-taloautomaatiojärjestelmän. Haavoittuvan järjestelmän IP-osoite on hallinnassasi. Autamme tietoturvatutkijoita, Viestintävirastoa ja laitevalmistajaa toimittamaan viestin sinulle perille, sekä autamme sinua ymmärtämään mistä on kysymys ja miten ongelman voi korjata. Taloautomaatiojärjestelmien valmistaja Fidelix on ollut koko ajan aktiivisesti mukana tutkimuksessa ja ongelmasta tiedottamisessa, koska myös heille on tärkeää, että heidän järjestelmänsä on asennettu tietoturvaohjeistuksen mukaisesti eivätkä asiattomat käyttäjät pääse niihin käsiksi.

Miten korjaan ongelman?

Pähkinänkuoressa sinun kannattaa tehdä seuraavat asiat mahdollisimman pian:

  • Siirrä taloautomaatiojärjestelmäsi avoimesta Internetistä suljettuun sisäverkkoon, jonne ei pääse ulkopuolelta,
  • TAI estä yleinen pääsy Internetistä taloautomaatiojärjestelmään palomuurilla ja VPN-etäyhteysratkaisulla.
  • Varmista yhdessä laitevalmistajan tai laitetoimittajasi kanssa, että järjestelmään on asennettu viimeisimmät tietoturvapäivitykset.
  • Varmista että järjestelmässä ei käytetä heikkoja oletussalasanoja. Vaihda salasanat uusiin ja riittävän vahvoihin.

Tarkempia korjausohjeita ja yhteystietoja löydät laitevalmistaja Fidelixin tiedotteesta.

Mistä saan apua korjauksiin?

Ota yhteyttä ensisijaisesti taloautomaatiojärjestelmäsi laitetoimittajaan tai huoltoyhtiöön. He neuvovat sinua mielellään tietoturvakäytännöissä ja varmistavat, että laitteisiin pääsee vain suljetusta paikallisesta verkosta tai asianmukaisesti suojatulla etäyhteydellä. He voivat myös auttaa sinua varmistamaan, että järjestelmään on asennettu tietoturvapäivitykset ja että oletussalasanat on vaihdettu turvallisempiin.

Keitä te olette?

Badrap on suomalainen tietoturvayritys, joka haluaa välittää tietoturvatietoa tutkijoilta haavoittuvien laitteiden ja verkkojen omistajille mahdollisimman tehokkaasti. Remod on suomalainen IT-palveluyritys, jonka intohimona on ongelmanratkaisu ja mahdottoman tekeminen mahdolliseksi. Toimimme yhdessä tietoturvatutkijoiden, Viestintäviraston Kyberturvallisuuskeskuksen ja laitevalmistajien kanssa tietoturvallisemman maailman puolesta.

Mistä saan lisätietoja?

',20),l=[n];function o(r,k){return i(),t("div",null,l)}const u=a(s,[["render",o],["__file","buildingautomation.html.vue"]]),j=JSON.parse('{"path":"/fi/types/buildingautomation.html","title":"Taloautomaatiojärjestelmäsi on kytketty Internetiin","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Mitä on tapahtunut?","slug":"mita-on-tapahtunut","link":"#mita-on-tapahtunut","children":[]},{"level":2,"title":"Mikä tässä on vaarana?","slug":"mika-tassa-on-vaarana","link":"#mika-tassa-on-vaarana","children":[]},{"level":2,"title":"Miksi häiritsette minua?","slug":"miksi-hairitsette-minua","link":"#miksi-hairitsette-minua","children":[]},{"level":2,"title":"Miten korjaan ongelman?","slug":"miten-korjaan-ongelman","link":"#miten-korjaan-ongelman","children":[]},{"level":2,"title":"Mistä saan apua korjauksiin?","slug":"mista-saan-apua-korjauksiin","link":"#mista-saan-apua-korjauksiin","children":[]},{"level":2,"title":"Keitä te olette?","slug":"keita-te-olette","link":"#keita-te-olette","children":[]},{"level":2,"title":"Mistä saan lisätietoja?","slug":"mista-saan-lisatietoja","link":"#mista-saan-lisatietoja","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/buildingautomation.md"}');export{u as comp,j as data}; +import{_ as a,c as t,o as i,e}from"./app-DhWbOGxr.js";const s={},n=e('

Taloautomaatiojärjestelmäsi on kytketty Internetiin

Verkossasi on havaittu Internetiin kytketty taloautomaatiojärjestelmä, jolla voidaan kontrolloida rakennuksesi valaistusta, lämmitystä, ilmanvaihtoa ja muita toimintoja. Koska järjestelmä on näkyvissä koko maailmalle Internetin välityksellä, sitä voidaan yrittää käyttää luvattomasti. Jos joku pääsee tunkeutumaan järjestelmään sisälle, hän voi aiheuttaa talollesi ja sen asukkaille vahinkoa tai jopa hengenvaaran muuttamalla talotekniikan asetuksia. Sinun tulisi estää pääsy järjestelmään, jotta talosi olisi suojassa vahingoilta.

Mitä on tapahtunut?

Maaliskuun 2019 alussa Yle Areenassa julkaistiin tietoturvaa käsittelevä 6-osainen ohjelmasarja Team Whack. Yhdessä sarjan jaksoista tietoturvatutkijat etsivät Suomesta Internetiin kytkettyjä Fidelix-merkkisiä taloautomaatiojärjestelmiä ja osoittivat, miten luvattomat käyttäjät voivat päästä varsin helposti muuttamaan talotekniikan asetuksia. Tietoturvatutkijat raportoivat löytämänsä haavoittuvuudet Viestintävirastolle yhteistyössä laitevalmistajan kanssa. Me, eli Badrap ja Remod, autamme nyt haavoittuvien järjestelmien omistajia kuulemaan ongelmasta, ymmärtämään sen vakavuuden ja korjaamaan tilanteen.

Mikä tässä on vaarana?

Taloautomaatiojärjestelmien ei kuulu missään nimessä olla auki Internetiin. Sekä Viestintäviraston Kyberturvallisuuskeskus että taloautomaatiojärjestelmien suomalainen valmistaja Fidelix varoittavat pitämästä järjestelmiä avoimissa verkoissa.

Jos taloautomaatiolaitteistot ovat koko maailman käytettävissä, niitä voi löytää helposti erilaisilla hakukoneilla ja yrittää väärinkäyttää. Pahantahtoiset tunkeilijat voivat kokeilla arvata järjestelmän salasanoja. Usein järjestelmissä on vielä päällä oletussalasanat, jotka ovat hyvin helppoja arvata tai jo valmiiksi tunkeilijoiden tiedossa. Hyökkääjät voivat myös ohittaa salasanatarkistuksen kokonaan järjestelmän tietoturvahaavoittuvuuksien avulla. Palvelunestohyökkäyksellä järjestelmän toimintaa voidaan haitata tai estää kokonaan kohdistamalla järjestelmään poikkeuksellisen paljon verkkoliikennettä Internetistä, vaikka itse järjestelmään ei pääsisikään kirjautumaan sisälle.

Kun hyökkääjä pääsee sisään Internetiin kytkettyyn taloautomaatiojärjestelmään, hän voi hallita monia talon asetuksia. Järjestelmillä voi yleisesti ohjata talon valaistusta, lämmitystä, ilmanvaihtoa ja muita elintärkeitä toimintoja. Hyökkääjä voi myös vaihtaa järjestelmän salasanat, jonka jälkeen oikeat käyttäjät kuten huoltoyhtiö, laitetoimittaja tai isännöitsijä eivät pääse siihen enää sisään. Jos järjestelmääsi hyökätään, pahimmillaan hyökkääjä voi aiheuttaa rakennuksen käyttäjille mitä tahansa lievän epämukavuuden ja jopa hengenvaaran väliltä.

Miksi häiritsette minua?

Tietoturvatutkijat ovat havainneet sinun verkossasi Internetiin kytketyn Fidelix-taloautomaatiojärjestelmän. Haavoittuvan järjestelmän IP-osoite on hallinnassasi. Autamme tietoturvatutkijoita, Viestintävirastoa ja laitevalmistajaa toimittamaan viestin sinulle perille, sekä autamme sinua ymmärtämään mistä on kysymys ja miten ongelman voi korjata. Taloautomaatiojärjestelmien valmistaja Fidelix on ollut koko ajan aktiivisesti mukana tutkimuksessa ja ongelmasta tiedottamisessa, koska myös heille on tärkeää, että heidän järjestelmänsä on asennettu tietoturvaohjeistuksen mukaisesti eivätkä asiattomat käyttäjät pääse niihin käsiksi.

Miten korjaan ongelman?

Pähkinänkuoressa sinun kannattaa tehdä seuraavat asiat mahdollisimman pian:

  • Siirrä taloautomaatiojärjestelmäsi avoimesta Internetistä suljettuun sisäverkkoon, jonne ei pääse ulkopuolelta,
  • TAI estä yleinen pääsy Internetistä taloautomaatiojärjestelmään palomuurilla ja VPN-etäyhteysratkaisulla.
  • Varmista yhdessä laitevalmistajan tai laitetoimittajasi kanssa, että järjestelmään on asennettu viimeisimmät tietoturvapäivitykset.
  • Varmista että järjestelmässä ei käytetä heikkoja oletussalasanoja. Vaihda salasanat uusiin ja riittävän vahvoihin.

Tarkempia korjausohjeita ja yhteystietoja löydät laitevalmistaja Fidelixin tiedotteesta.

Mistä saan apua korjauksiin?

Ota yhteyttä ensisijaisesti taloautomaatiojärjestelmäsi laitetoimittajaan tai huoltoyhtiöön. He neuvovat sinua mielellään tietoturvakäytännöissä ja varmistavat, että laitteisiin pääsee vain suljetusta paikallisesta verkosta tai asianmukaisesti suojatulla etäyhteydellä. He voivat myös auttaa sinua varmistamaan, että järjestelmään on asennettu tietoturvapäivitykset ja että oletussalasanat on vaihdettu turvallisempiin.

Keitä te olette?

Badrap on suomalainen tietoturvayritys, joka haluaa välittää tietoturvatietoa tutkijoilta haavoittuvien laitteiden ja verkkojen omistajille mahdollisimman tehokkaasti. Remod on suomalainen IT-palveluyritys, jonka intohimona on ongelmanratkaisu ja mahdottoman tekeminen mahdolliseksi. Toimimme yhdessä tietoturvatutkijoiden, Viestintäviraston Kyberturvallisuuskeskuksen ja laitevalmistajien kanssa tietoturvallisemman maailman puolesta.

Mistä saan lisätietoja?

',20),l=[n];function o(r,k){return i(),t("div",null,l)}const u=a(s,[["render",o],["__file","buildingautomation.html.vue"]]),j=JSON.parse('{"path":"/fi/types/buildingautomation.html","title":"Taloautomaatiojärjestelmäsi on kytketty Internetiin","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Mitä on tapahtunut?","slug":"mita-on-tapahtunut","link":"#mita-on-tapahtunut","children":[]},{"level":2,"title":"Mikä tässä on vaarana?","slug":"mika-tassa-on-vaarana","link":"#mika-tassa-on-vaarana","children":[]},{"level":2,"title":"Miksi häiritsette minua?","slug":"miksi-hairitsette-minua","link":"#miksi-hairitsette-minua","children":[]},{"level":2,"title":"Miten korjaan ongelman?","slug":"miten-korjaan-ongelman","link":"#miten-korjaan-ongelman","children":[]},{"level":2,"title":"Mistä saan apua korjauksiin?","slug":"mista-saan-apua-korjauksiin","link":"#mista-saan-apua-korjauksiin","children":[]},{"level":2,"title":"Keitä te olette?","slug":"keita-te-olette","link":"#keita-te-olette","children":[]},{"level":2,"title":"Mistä saan lisätietoja?","slug":"mista-saan-lisatietoja","link":"#mista-saan-lisatietoja","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/buildingautomation.md"}');export{u as comp,j as data}; diff --git a/assets/categories.html-CqD7nnj-.js b/assets/categories.html-CHrhoUi9.js similarity index 93% rename from assets/categories.html-CqD7nnj-.js rename to assets/categories.html-CHrhoUi9.js index 3c3d2130..6d5c3ff3 100644 --- a/assets/categories.html-CqD7nnj-.js +++ b/assets/categories.html-CHrhoUi9.js @@ -1 +1 @@ -import{_ as a,c as t,o as e,e as i}from"./app-CxPUdK5a.js";const s={},k=i('

Tietoa hyökkäyskategorioista

Amplifikaatiohyökkäykset

Amplifikaatiohyökkäys perustuu siihen, että hyökkääjä kimmottaa palvelunestohyökkäyksensä jonkin muun avoimen palvelun kautta. Moni sinällään viaton kotireitittimistäkin löytyvä palvelu toimii ikään kuin Internetin megafonina. Ne vahvistavat ja tekevät alunperin pienestä hyökkäyksestä paljon suuremman.

Hyökkääjä lähettää siis pieniä viestejä laitteellesi. Laitteesi vahvistaa viestiä ja lähettää suuria viestejä hyökkäjän kohteelle. Kohteelle näyttää, että IP-osoitteesi on yksi sadoista tuhansista hyökkääjistä.

Teknisemmän kuvauksen löydät esimerkiksi tästä havainnollistavasta Youtube-videosta. Videon esimerkki käyttää hyväkseen DNS-palveluita, mutta periaate on kuitenkin täsmälleen sama muissakin amplifikaatiohyökkäyksissä.

Tämä on yksi muutamasta tekniikasta, millä hyökkääjät saavat palvelun kuin palvelun polvilleen. Samalla oma Internet-yhteytesi tukkeutuu ja palveluntarjoajasi saattaa katkaista yhteytesi suojellakseen muita.

Pidä huoli netistäsi, maineestasi ja tulevista uhreista. Hankkiudu eroon rikollisia auttavista palveluista!

',7),n=[k];function o(l,h){return e(),t("div",null,n)}const u=a(s,[["render",o],["__file","categories.html.vue"]]),p=JSON.parse('{"path":"/fi/categories.html","title":"Tietoa hyökkäyskategorioista","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Amplifikaatiohyökkäykset","slug":"amplifikaatiohyokkaykset","link":"#amplifikaatiohyokkaykset","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/categories.md"}');export{u as comp,p as data}; +import{_ as a,c as t,o as e,e as i}from"./app-DhWbOGxr.js";const s={},k=i('

Tietoa hyökkäyskategorioista

Amplifikaatiohyökkäykset

Amplifikaatiohyökkäys perustuu siihen, että hyökkääjä kimmottaa palvelunestohyökkäyksensä jonkin muun avoimen palvelun kautta. Moni sinällään viaton kotireitittimistäkin löytyvä palvelu toimii ikään kuin Internetin megafonina. Ne vahvistavat ja tekevät alunperin pienestä hyökkäyksestä paljon suuremman.

Hyökkääjä lähettää siis pieniä viestejä laitteellesi. Laitteesi vahvistaa viestiä ja lähettää suuria viestejä hyökkäjän kohteelle. Kohteelle näyttää, että IP-osoitteesi on yksi sadoista tuhansista hyökkääjistä.

Teknisemmän kuvauksen löydät esimerkiksi tästä havainnollistavasta Youtube-videosta. Videon esimerkki käyttää hyväkseen DNS-palveluita, mutta periaate on kuitenkin täsmälleen sama muissakin amplifikaatiohyökkäyksissä.

Tämä on yksi muutamasta tekniikasta, millä hyökkääjät saavat palvelun kuin palvelun polvilleen. Samalla oma Internet-yhteytesi tukkeutuu ja palveluntarjoajasi saattaa katkaista yhteytesi suojellakseen muita.

Pidä huoli netistäsi, maineestasi ja tulevista uhreista. Hankkiudu eroon rikollisia auttavista palveluista!

',7),n=[k];function o(l,h){return e(),t("div",null,n)}const u=a(s,[["render",o],["__file","categories.html.vue"]]),p=JSON.parse('{"path":"/fi/categories.html","title":"Tietoa hyökkäyskategorioista","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Amplifikaatiohyökkäykset","slug":"amplifikaatiohyokkaykset","link":"#amplifikaatiohyokkaykset","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/categories.md"}');export{u as comp,p as data}; diff --git a/assets/categories.html-OrsqNfEb.js b/assets/categories.html-DHFdQeuC.js similarity index 95% rename from assets/categories.html-OrsqNfEb.js rename to assets/categories.html-DHFdQeuC.js index 9249cb70..d79cf9bb 100644 --- a/assets/categories.html-OrsqNfEb.js +++ b/assets/categories.html-DHFdQeuC.js @@ -1 +1 @@ -import{_ as e,c as t,o as a,e as i}from"./app-CxPUdK5a.js";const n={},o=i('

About different categories of attacks

Amplification attacks

Denial-of-service attacks are common incidents, where an attacker employs vulnerable machines on the Internet to send large amounts of malicious traffic to a victim organization, blocking the Internet connection of the victim and preventing the victim's services to work normally. An amplification attack is a form of denial-of-service attack, where the attacker uses an open Internet service somewhere to amplify the effects of the attack. Many innocent services found even in Internet users' home routers can act as an Internet megaphone, amplifying and making a small denial-of-service attack become a massive network outage.

To simplify, an attacker sends small data messages to your vulnerable device. Your device reacts to these messages by sending very large messages to the victim targeted by the attacker. The victim sees your IP address among possibly hundreds of thousands of other IP addresses as the source of the attack.

You can view a more technical explanation of this type of attack in this Youtube video. The example in this video shows an amplification attack happening via the common DNS service, but the principle remains the same no matter what vulnerable service is used.

This very common form of attacks can easily bring even a massive enterprise service to its knees. At the same time, your Internet connection is likely blocked during the attack, and your Internet service provider can block your service temporarily to protect you and others from abuse.

Take care of your Internet connectivity, your reputation and future victims of amplification attacks. Block services that can be abused by criminals!

',7),s=[o];function r(c,l){return a(),t("div",null,s)}const f=e(n,[["render",r],["__file","categories.html.vue"]]),h=JSON.parse('{"path":"/categories.html","title":"About different categories of attacks","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Amplification attacks","slug":"amplification-attacks","link":"#amplification-attacks","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"categories.md"}');export{f as comp,h as data}; +import{_ as e,c as t,o as a,e as i}from"./app-DhWbOGxr.js";const n={},o=i('

About different categories of attacks

Amplification attacks

Denial-of-service attacks are common incidents, where an attacker employs vulnerable machines on the Internet to send large amounts of malicious traffic to a victim organization, blocking the Internet connection of the victim and preventing the victim's services to work normally. An amplification attack is a form of denial-of-service attack, where the attacker uses an open Internet service somewhere to amplify the effects of the attack. Many innocent services found even in Internet users' home routers can act as an Internet megaphone, amplifying and making a small denial-of-service attack become a massive network outage.

To simplify, an attacker sends small data messages to your vulnerable device. Your device reacts to these messages by sending very large messages to the victim targeted by the attacker. The victim sees your IP address among possibly hundreds of thousands of other IP addresses as the source of the attack.

You can view a more technical explanation of this type of attack in this Youtube video. The example in this video shows an amplification attack happening via the common DNS service, but the principle remains the same no matter what vulnerable service is used.

This very common form of attacks can easily bring even a massive enterprise service to its knees. At the same time, your Internet connection is likely blocked during the attack, and your Internet service provider can block your service temporarily to protect you and others from abuse.

Take care of your Internet connectivity, your reputation and future victims of amplification attacks. Block services that can be abused by criminals!

',7),s=[o];function r(c,l){return a(),t("div",null,s)}const f=e(n,[["render",r],["__file","categories.html.vue"]]),h=JSON.parse('{"path":"/categories.html","title":"About different categories of attacks","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Amplification attacks","slug":"amplification-attacks","link":"#amplification-attacks","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"categories.md"}');export{f as comp,h as data}; diff --git a/assets/databreach.html-F5GAThpd.js b/assets/databreach.html-DFLl7qGa.js similarity index 97% rename from assets/databreach.html-F5GAThpd.js rename to assets/databreach.html-DFLl7qGa.js index c1dede8d..99c15bb4 100644 --- a/assets/databreach.html-F5GAThpd.js +++ b/assets/databreach.html-DFLl7qGa.js @@ -1 +1 @@ -import{_ as e,c as a,o as r,e as t}from"./app-CxPUdK5a.js";const o={},s=t('

Data Breach

Problem description

Your email address and possibly other personal data related to it has been stolen or accidentally exposed from a database. Usually, this happens when you provide your email address and other personal data to a company or organization when you subscribe to a service, and that company or organization then gets hacked or otherwise fails to protect your personal data adequately.

Along with your email address, a data breach may include personal information such as passwords, home addresses, phone numbers or credit card numbers, depending what information you have given to the service and what has been exposed. Breached data can be published online or used by hackers for bad purposes.

Information about these kinds of data breaches along with exposed email addresses are collected by a widely-publicized and credible data breach reporting service Have I Been Pwned, operated by security researcher Troy Hunt. You can read more about the data breaches collected by them at Who's been pwned. You can also learn more about data breaches in general in their FAQ.

Suggestions for repair

Since the data breach has already occurred, the most important thing is to stay calm. Many of the reported data breaches happened a long time ago. In most of the reported data breaches, the company or organization from where your data got stolen has already sent you a notification about the breach, asking you to protect your account by changing your password and providing other advice on how to stay safe. If you have done these things after the breach occurred, you should be quite safe. Your information can of course still be found among the breached data, but your account is protected from abuse.

If you have not known about the breach or if you have not yet acted according to the instructions, you should go to the affected service and change your password immediately. If you have been using the same password in other services, you should change those passwords too. In general, you should always use a different password for different services, so that data stolen from one service provider cannot be used to hack your other services.

Protecting against future data breaches

There are many other common-sense things you can do to protect against data breaches in the future. These are a few well-proven suggestions:

  • Use hard-to-guess passwords. Do not use common words (e.g., your own name) or numbers (1234). Use random words or characters, with punctuation marks and numbers thrown in to further reduce guessability.
  • Use a password manager application to generate and store good passwords on your behalf.
  • Use two-factor authentication in services that support it. That way, if an attacker gets hold of your password, they still cannot access your account easily.
',11),n=[s];function i(d,h){return r(),a("div",null,n)}const l=e(o,[["render",i],["__file","databreach.html.vue"]]),p=JSON.parse('{"path":"/types/databreach.html","title":"Data Breach","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]},{"level":2,"title":"Protecting against future data breaches","slug":"protecting-against-future-data-breaches","link":"#protecting-against-future-data-breaches","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/databreach.md"}');export{l as comp,p as data}; +import{_ as e,c as a,o as r,e as t}from"./app-DhWbOGxr.js";const o={},s=t('

Data Breach

Problem description

Your email address and possibly other personal data related to it has been stolen or accidentally exposed from a database. Usually, this happens when you provide your email address and other personal data to a company or organization when you subscribe to a service, and that company or organization then gets hacked or otherwise fails to protect your personal data adequately.

Along with your email address, a data breach may include personal information such as passwords, home addresses, phone numbers or credit card numbers, depending what information you have given to the service and what has been exposed. Breached data can be published online or used by hackers for bad purposes.

Information about these kinds of data breaches along with exposed email addresses are collected by a widely-publicized and credible data breach reporting service Have I Been Pwned, operated by security researcher Troy Hunt. You can read more about the data breaches collected by them at Who's been pwned. You can also learn more about data breaches in general in their FAQ.

Suggestions for repair

Since the data breach has already occurred, the most important thing is to stay calm. Many of the reported data breaches happened a long time ago. In most of the reported data breaches, the company or organization from where your data got stolen has already sent you a notification about the breach, asking you to protect your account by changing your password and providing other advice on how to stay safe. If you have done these things after the breach occurred, you should be quite safe. Your information can of course still be found among the breached data, but your account is protected from abuse.

If you have not known about the breach or if you have not yet acted according to the instructions, you should go to the affected service and change your password immediately. If you have been using the same password in other services, you should change those passwords too. In general, you should always use a different password for different services, so that data stolen from one service provider cannot be used to hack your other services.

Protecting against future data breaches

There are many other common-sense things you can do to protect against data breaches in the future. These are a few well-proven suggestions:

  • Use hard-to-guess passwords. Do not use common words (e.g., your own name) or numbers (1234). Use random words or characters, with punctuation marks and numbers thrown in to further reduce guessability.
  • Use a password manager application to generate and store good passwords on your behalf.
  • Use two-factor authentication in services that support it. That way, if an attacker gets hold of your password, they still cannot access your account easily.
',11),n=[s];function i(d,h){return r(),a("div",null,n)}const l=e(o,[["render",i],["__file","databreach.html.vue"]]),p=JSON.parse('{"path":"/types/databreach.html","title":"Data Breach","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]},{"level":2,"title":"Protecting against future data breaches","slug":"protecting-against-future-data-breaches","link":"#protecting-against-future-data-breaches","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/databreach.md"}');export{l as comp,p as data}; diff --git a/assets/dns.html-2vaC12-a.js b/assets/dns.html-BdTVvgOc.js similarity index 97% rename from assets/dns.html-2vaC12-a.js rename to assets/dns.html-BdTVvgOc.js index 69364666..ebeec640 100644 --- a/assets/dns.html-2vaC12-a.js +++ b/assets/dns.html-BdTVvgOc.js @@ -1 +1 @@ -import{_ as r,c as i,a as e,d as o,b as t,w as n,e as a,r as l,o as c}from"./app-CxPUdK5a.js";const d={},u=e("h1",{id:"open-dns-service",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#open-dns-service"},[e("span",null,"Open DNS service")])],-1),h=e("h2",{id:"problem-description",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#problem-description"},[e("span",null,"Problem description")])],-1),p=e("p",null,"Has your Internet connection sometimes been working badly? Your service provider is not always the source of the problem. It seems that your IP address has an open DNS service. Bad guys in the Internet search and abuse these services to cover their tracks and to amplify their denial-of-service attacks. When your DNS service is being abused, as a side effect your own Internet connection can become unusable.",-1),v=e("p",null,"An open DNS service means simply, that an attacker can send your device a small request message from the Internet, and your device will send back a large response message. If an attacker forges their source address and send a massive amount of small requests to your device, your device amplifies the attack by sending a massive amount of large responses to a third party (the actual victim of the attack). The victim is usually someone else than you, but as a result of the attack your own Internet connection usually breaks down.",-1),f=e("h2",{id:"suggestions-for-repair",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#suggestions-for-repair"},[e("span",null,"Suggestions for repair")])],-1),m=a('

If your DNS service is on without your knowledge or a valid reason

Do you own a device but don't know why its DNS service is visible to the Internet? This most likely means you do not need the service to be open. See your device instructions on how to disable DNS from being accessible from the Internet. Look for keywords "DNS", "Domain Name Service" or "Name Service". You could also look for a firewall function in your device, that could be used to block access to the DNS service from the Internet.

If your DNS service is on intentionally

See these instructions from US-CERT for examples on how to harden most common DNS services: https://www.us-cert.gov/ncas/alerts/TA13-088A.

You should allow recursive queries only for your own devices.

',5);function y(g,w){const s=l("RouteLink");return c(),i("div",null,[u,h,p,v,e("p",null,[o("If you want to understand better how these kinds of so-called amplification attacks work, please see "),t(s,{to:"/categories.html#amplification-attacks"},{default:n(()=>[o("here")]),_:1}),o(".")]),f,e("p",null,[o("First of all you need to identify the device which has the vulnerable service open. "),t(s,{to:"/locate.html"},{default:n(()=>[o("Please read our instructions on locating vulnerable devices.")]),_:1})]),m])}const k=r(d,[["render",y],["__file","dns.html.vue"]]),_=JSON.parse('{"path":"/types/dns.html","title":"Open DNS service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[{"level":3,"title":"If your DNS service is on without your knowledge or a valid reason","slug":"if-your-dns-service-is-on-without-your-knowledge-or-a-valid-reason","link":"#if-your-dns-service-is-on-without-your-knowledge-or-a-valid-reason","children":[]},{"level":3,"title":"If your DNS service is on intentionally","slug":"if-your-dns-service-is-on-intentionally","link":"#if-your-dns-service-is-on-intentionally","children":[]}]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/dns.md"}');export{k as comp,_ as data}; +import{_ as r,c as i,a as e,d as o,b as t,w as n,e as a,r as l,o as c}from"./app-DhWbOGxr.js";const d={},u=e("h1",{id:"open-dns-service",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#open-dns-service"},[e("span",null,"Open DNS service")])],-1),h=e("h2",{id:"problem-description",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#problem-description"},[e("span",null,"Problem description")])],-1),p=e("p",null,"Has your Internet connection sometimes been working badly? Your service provider is not always the source of the problem. It seems that your IP address has an open DNS service. Bad guys in the Internet search and abuse these services to cover their tracks and to amplify their denial-of-service attacks. When your DNS service is being abused, as a side effect your own Internet connection can become unusable.",-1),v=e("p",null,"An open DNS service means simply, that an attacker can send your device a small request message from the Internet, and your device will send back a large response message. If an attacker forges their source address and send a massive amount of small requests to your device, your device amplifies the attack by sending a massive amount of large responses to a third party (the actual victim of the attack). The victim is usually someone else than you, but as a result of the attack your own Internet connection usually breaks down.",-1),f=e("h2",{id:"suggestions-for-repair",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#suggestions-for-repair"},[e("span",null,"Suggestions for repair")])],-1),m=a('

If your DNS service is on without your knowledge or a valid reason

Do you own a device but don't know why its DNS service is visible to the Internet? This most likely means you do not need the service to be open. See your device instructions on how to disable DNS from being accessible from the Internet. Look for keywords "DNS", "Domain Name Service" or "Name Service". You could also look for a firewall function in your device, that could be used to block access to the DNS service from the Internet.

If your DNS service is on intentionally

See these instructions from US-CERT for examples on how to harden most common DNS services: https://www.us-cert.gov/ncas/alerts/TA13-088A.

You should allow recursive queries only for your own devices.

',5);function y(g,w){const s=l("RouteLink");return c(),i("div",null,[u,h,p,v,e("p",null,[o("If you want to understand better how these kinds of so-called amplification attacks work, please see "),t(s,{to:"/categories.html#amplification-attacks"},{default:n(()=>[o("here")]),_:1}),o(".")]),f,e("p",null,[o("First of all you need to identify the device which has the vulnerable service open. "),t(s,{to:"/locate.html"},{default:n(()=>[o("Please read our instructions on locating vulnerable devices.")]),_:1})]),m])}const k=r(d,[["render",y],["__file","dns.html.vue"]]),_=JSON.parse('{"path":"/types/dns.html","title":"Open DNS service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[{"level":3,"title":"If your DNS service is on without your knowledge or a valid reason","slug":"if-your-dns-service-is-on-without-your-knowledge-or-a-valid-reason","link":"#if-your-dns-service-is-on-without-your-knowledge-or-a-valid-reason","children":[]},{"level":3,"title":"If your DNS service is on intentionally","slug":"if-your-dns-service-is-on-intentionally","link":"#if-your-dns-service-is-on-intentionally","children":[]}]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/dns.md"}');export{k as comp,_ as data}; diff --git a/assets/dns.html-DeQPmGB2.js b/assets/dns.html-o1Kj407y.js similarity index 96% rename from assets/dns.html-DeQPmGB2.js rename to assets/dns.html-o1Kj407y.js index 6cbbc5a1..0e27272e 100644 --- a/assets/dns.html-DeQPmGB2.js +++ b/assets/dns.html-o1Kj407y.js @@ -1 +1 @@ -import{_ as s,c as n,a,d as e,b as t,w as l,e as o,r as u,o as k}from"./app-CxPUdK5a.js";const m={},p=a("h1",{id:"liian-avoin-nimipalvelu",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#liian-avoin-nimipalvelu"},[a("span",null,"Liian avoin nimipalvelu")])],-1),r=a("h2",{id:"ongelman-kuvaus",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#ongelman-kuvaus"},[a("span",null,"Ongelman kuvaus")])],-1),v=a("p",null,"Onko verkkosi toiminut joskus huonosti? Vika ei aina ole välttämättä palveluntarjoajassa. Tässä osoitteessa on liian avoin DNS-palvelu. Pahikset etsivät näitä peittääkseen jälkensä ja vahvistaakseen palvelunestohyökkäyksiään. Samalla yleensä oma verkko tukkeutuu.",-1),h=a("p",null,"Liian avoin nimipalvelu tarkoittaa sitä, että hyökkääjä voi esittää Internetistä käsin palvelimelle pienen kysymyksen ja palvelin antaa takaisin suuren vastauksen. Kun hyökkääjä väärentää lähdeosoitteensa ja lähettää massiivisen määrän kysymyksiä, toimii palvelu palvelunestohyökkäyksen vahvistimena. Kohteena on yleensä joku muu, mutta omakin verkkosi ja/tai palvelusi voivat hajota.",-1),d=a("h2",{id:"korjausehdotuksia",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#korjausehdotuksia"},[a("span",null,"Korjausehdotuksia")])],-1),c=o('

Nimipalvelu on päällä ilman hyvää syytä

Omistatko laitteen, etkä tiedä miksi siinä on nimipalvelu päällä? Et todennäköisesti silloin tarvitse sitä. Katso tässä tapauksessa laitteesi ohjeista miten nimipalvelun saisi pois päältä. Etsi avainsanoja "DNS", "Domain Name Service" tai "Name Service". Voit myös etsiä laitteestasi palomuuriominaisuuden, jolla estät pääsyn laitteen palveluihin Internetistä käsin.

Nimipalvelu on tarkoituksella päällä

US-CERTin ohje osoitteessa https://www.us-cert.gov/ncas/alerts/TA13-088A tarjoaa esimerkkejä yleisimmistä nimipalveluohjelmistojen tiukemmista asetuksista. Salli rekursiiviset kyselyt vain omille laitteillesi.

',4);function y(_,j){const i=u("RouteLink");return k(),n("div",null,[p,r,v,h,a("p",null,[e("Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää "),t(i,{to:"/fi/categories.html#amplifikaatiohyokkaykset"},{default:l(()=>[e("täältä")]),_:1}),e(".")]),d,a("p",null,[e("Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. "),t(i,{to:"/fi/locate.html"},{default:l(()=>[e("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),c])}const g=s(m,[["render",y],["__file","dns.html.vue"]]),N=JSON.parse('{"path":"/fi/types/dns.html","title":"Liian avoin nimipalvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[{"level":3,"title":"Nimipalvelu on päällä ilman hyvää syytä","slug":"nimipalvelu-on-paalla-ilman-hyvaa-syyta","link":"#nimipalvelu-on-paalla-ilman-hyvaa-syyta","children":[]},{"level":3,"title":"Nimipalvelu on tarkoituksella päällä","slug":"nimipalvelu-on-tarkoituksella-paalla","link":"#nimipalvelu-on-tarkoituksella-paalla","children":[]}]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/dns.md"}');export{g as comp,N as data}; +import{_ as s,c as n,a,d as e,b as t,w as l,e as o,r as u,o as k}from"./app-DhWbOGxr.js";const m={},p=a("h1",{id:"liian-avoin-nimipalvelu",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#liian-avoin-nimipalvelu"},[a("span",null,"Liian avoin nimipalvelu")])],-1),r=a("h2",{id:"ongelman-kuvaus",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#ongelman-kuvaus"},[a("span",null,"Ongelman kuvaus")])],-1),v=a("p",null,"Onko verkkosi toiminut joskus huonosti? Vika ei aina ole välttämättä palveluntarjoajassa. Tässä osoitteessa on liian avoin DNS-palvelu. Pahikset etsivät näitä peittääkseen jälkensä ja vahvistaakseen palvelunestohyökkäyksiään. Samalla yleensä oma verkko tukkeutuu.",-1),h=a("p",null,"Liian avoin nimipalvelu tarkoittaa sitä, että hyökkääjä voi esittää Internetistä käsin palvelimelle pienen kysymyksen ja palvelin antaa takaisin suuren vastauksen. Kun hyökkääjä väärentää lähdeosoitteensa ja lähettää massiivisen määrän kysymyksiä, toimii palvelu palvelunestohyökkäyksen vahvistimena. Kohteena on yleensä joku muu, mutta omakin verkkosi ja/tai palvelusi voivat hajota.",-1),d=a("h2",{id:"korjausehdotuksia",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#korjausehdotuksia"},[a("span",null,"Korjausehdotuksia")])],-1),c=o('

Nimipalvelu on päällä ilman hyvää syytä

Omistatko laitteen, etkä tiedä miksi siinä on nimipalvelu päällä? Et todennäköisesti silloin tarvitse sitä. Katso tässä tapauksessa laitteesi ohjeista miten nimipalvelun saisi pois päältä. Etsi avainsanoja "DNS", "Domain Name Service" tai "Name Service". Voit myös etsiä laitteestasi palomuuriominaisuuden, jolla estät pääsyn laitteen palveluihin Internetistä käsin.

Nimipalvelu on tarkoituksella päällä

US-CERTin ohje osoitteessa https://www.us-cert.gov/ncas/alerts/TA13-088A tarjoaa esimerkkejä yleisimmistä nimipalveluohjelmistojen tiukemmista asetuksista. Salli rekursiiviset kyselyt vain omille laitteillesi.

',4);function y(_,j){const i=u("RouteLink");return k(),n("div",null,[p,r,v,h,a("p",null,[e("Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää "),t(i,{to:"/fi/categories.html#amplifikaatiohyokkaykset"},{default:l(()=>[e("täältä")]),_:1}),e(".")]),d,a("p",null,[e("Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. "),t(i,{to:"/fi/locate.html"},{default:l(()=>[e("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),c])}const g=s(m,[["render",y],["__file","dns.html.vue"]]),N=JSON.parse('{"path":"/fi/types/dns.html","title":"Liian avoin nimipalvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[{"level":3,"title":"Nimipalvelu on päällä ilman hyvää syytä","slug":"nimipalvelu-on-paalla-ilman-hyvaa-syyta","link":"#nimipalvelu-on-paalla-ilman-hyvaa-syyta","children":[]},{"level":3,"title":"Nimipalvelu on tarkoituksella päällä","slug":"nimipalvelu-on-tarkoituksella-paalla","link":"#nimipalvelu-on-tarkoituksella-paalla","children":[]}]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/dns.md"}');export{g as comp,N as data}; diff --git a/assets/eol-server.html-DJQCfw7N.js b/assets/eol-server.html-2fY2sfE2.js similarity index 82% rename from assets/eol-server.html-DJQCfw7N.js rename to assets/eol-server.html-2fY2sfE2.js index 8dcd46e3..7a482c2e 100644 --- a/assets/eol-server.html-DJQCfw7N.js +++ b/assets/eol-server.html-2fY2sfE2.js @@ -1 +1 @@ -import{_ as a,c as o,a as e,d as t,b as n,w as s,r as l,o as d}from"./app-CxPUdK5a.js";const c={},i=e("h1",{id:"end-of-life-server",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#end-of-life-server"},[e("span",null,"End Of Life Server")])],-1);function f(_,p){const r=l("RouteLink");return d(),o("div",null,[i,e("p",null,[t("See "),n(r,{to:"/types/abandoned-server.html"},{default:s(()=>[t("Abandoned Server")]),_:1})])])}const m=a(c,[["render",f],["__file","eol-server.html.vue"]]),v=JSON.parse('{"path":"/types/eol-server.html","title":"End Of Life Server","lang":"en-US","frontmatter":{},"headers":[],"git":{"updatedTime":1723117730000},"filePathRelative":"types/eol-server.md"}');export{m as comp,v as data}; +import{_ as a,c as o,a as e,d as t,b as n,w as s,r as l,o as d}from"./app-DhWbOGxr.js";const c={},i=e("h1",{id:"end-of-life-server",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#end-of-life-server"},[e("span",null,"End Of Life Server")])],-1);function f(_,p){const r=l("RouteLink");return d(),o("div",null,[i,e("p",null,[t("See "),n(r,{to:"/types/abandoned-server.html"},{default:s(()=>[t("Abandoned Server")]),_:1})])])}const m=a(c,[["render",f],["__file","eol-server.html.vue"]]),v=JSON.parse('{"path":"/types/eol-server.html","title":"End Of Life Server","lang":"en-US","frontmatter":{},"headers":[],"git":{"updatedTime":1723118227000},"filePathRelative":"types/eol-server.md"}');export{m as comp,v as data}; diff --git a/assets/esg.html-DDLsCKLE.js b/assets/esg.html-B-sXe0jX.js similarity index 98% rename from assets/esg.html-DDLsCKLE.js rename to assets/esg.html-B-sXe0jX.js index b29d9755..112bf40b 100644 --- a/assets/esg.html-DDLsCKLE.js +++ b/assets/esg.html-B-sXe0jX.js @@ -1 +1 @@ -import{_ as e,c as a,o as n,e as r}from"./app-CxPUdK5a.js";const o={},i=r('

Environmental, Social and Governance Policy - Badrap Oy

This Environmental, Social and Governance Policy has been approved on 2021-03-24 by the board of directors to be used at Badrap Oy.

Corporate Responsibility Statement

Safety, security and privacy of our customers, society, people, our employees and our partners are the highest priorities for us. We follow laws, regulations and good corporate governance practices. We respect human rights, labour rights, consider the environment and have anti-corruption measures. Our Code of Conduct has short policy statements on Environmental Protection, Health and Safety, Child and Forced Labour, Anti-Bribery, Anti-Discrimination, Taxes, Security Research and Open Source and Community Work.

Code of Conduct

Our environmental, social and corporate governance (ESG) policies are the basis for our Code of Conduct. Our ESG policies are approved by our board. We periodically review and communicate our Code of Conduct to our staff, suppliers and partners. Our Code of Conduct is public and it is shared openly.

Supplier Code of Conduct

Our Code of Conduct and its major updates are communicated to the suppliers and partners and we expect them to uphold the same standards and to obey the legal obligations and local regulations.

Anti-Bribery Policy

We have zero tolerance towards acts of bribery and corruption, by any employee or anyone acting on our behalf. We, our partners and suppliers should "not offer, promise or give undue pecuniary or other advantage to public officials or the employees of business partners. ... Enterprises should not use third parties such as agents and other intermediaries, consultants, representatives, distributors, consortia, contractors and suppliers and joint venture partners for channelling undue pecuniary or other advantages to public officials, or to employees of their business partners or to their relatives or business associates.", see also further guidelines in chapter "Combating Bribery, Bribe Solicitation and Extortion" in OECD's OECD Guidelines for Multinational Enterprises.

Anti-Discrimination Policy

We have zero tolerance for discrimination, see https://www.syrjinta.fi/syrjinta (Finnish) and https://www.syrjinta.fi/web/en/discrimination (English). We follow the Finnish law on non-discrimination.

Child & Forced Labour Policy

We forbid use of child and forced labour as defined by the Finnish laws, see Laki nuorista työntekijöistä and Valtioneuvoston asetus nuorille työntekijöille erityisen haitallisista ja vaarallisista töistä.

Environmental Policy

As a bare minimum we, our suppliers and partners are to follow environmental laws, in Finland see Luonnonsuojelulaki. However, we strongly encourage going beyond that. We will be periodically reviewing United Nations' Sustainable Development goals for goal setting and adoption in our operations.

Health and Safety Policy

We follow Finnish laws for health and safety in employment and workplace, see Työterveyshuoltolaki and Työturvallisuuslaki. Local laws should be respected abroad.

Open Source and Community Work

Our employees and suppliers are encouraged to participate in community efforts such as developing and contributing to free open source software (FOSS). Contributing to the common good is a shared interest.

Security Research

Our employees and suppliers who participate in security and vulnerability research are encouraged to work responsibly and disclose any findings with care (e.g. using a responsible disclosure model).

Tax Policy

We have a zero tolerance to tax evasion and the facilitation of tax evasion. We are not engaged in aggressive tax planning. Our headquarters is in Finland and we follow local tax laws in regions where we operate.

Standard Clause for Suppliers and Partners

All Suppliers and Partners can include the following standard clause (or equivalent content in their own language) into their contract terms to demonstrate their willingness to uphold our ESG standards.

"The Supplier/Contractor/Partner has received a copy of the Company's Code of Conduct at https:/docs.badrap.io/esg.html and agrees to uphold or to exceed the same standards and to obey legal obligations and local regulations."

',27),t=[i];function s(l,c){return n(),a("div",null,t)}const p=e(o,[["render",s],["__file","esg.html.vue"]]),h=JSON.parse('{"path":"/esg.html","title":"Environmental, Social and Governance Policy - Badrap Oy","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Corporate Responsibility Statement","slug":"corporate-responsibility-statement","link":"#corporate-responsibility-statement","children":[]},{"level":2,"title":"Code of Conduct","slug":"code-of-conduct","link":"#code-of-conduct","children":[]},{"level":2,"title":"Supplier Code of Conduct","slug":"supplier-code-of-conduct","link":"#supplier-code-of-conduct","children":[]},{"level":2,"title":"Anti-Bribery Policy","slug":"anti-bribery-policy","link":"#anti-bribery-policy","children":[]},{"level":2,"title":"Anti-Discrimination Policy","slug":"anti-discrimination-policy","link":"#anti-discrimination-policy","children":[]},{"level":2,"title":"Child & Forced Labour Policy","slug":"child-forced-labour-policy","link":"#child-forced-labour-policy","children":[]},{"level":2,"title":"Environmental Policy","slug":"environmental-policy","link":"#environmental-policy","children":[]},{"level":2,"title":"Health and Safety Policy","slug":"health-and-safety-policy","link":"#health-and-safety-policy","children":[]},{"level":2,"title":"Open Source and Community Work","slug":"open-source-and-community-work","link":"#open-source-and-community-work","children":[]},{"level":2,"title":"Security Research","slug":"security-research","link":"#security-research","children":[]},{"level":2,"title":"Tax Policy","slug":"tax-policy","link":"#tax-policy","children":[]},{"level":2,"title":"Standard Clause for Suppliers and Partners","slug":"standard-clause-for-suppliers-and-partners","link":"#standard-clause-for-suppliers-and-partners","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"esg.md"}');export{p as comp,h as data}; +import{_ as e,c as a,o as n,e as r}from"./app-DhWbOGxr.js";const o={},i=r('

Environmental, Social and Governance Policy - Badrap Oy

This Environmental, Social and Governance Policy has been approved on 2021-03-24 by the board of directors to be used at Badrap Oy.

Corporate Responsibility Statement

Safety, security and privacy of our customers, society, people, our employees and our partners are the highest priorities for us. We follow laws, regulations and good corporate governance practices. We respect human rights, labour rights, consider the environment and have anti-corruption measures. Our Code of Conduct has short policy statements on Environmental Protection, Health and Safety, Child and Forced Labour, Anti-Bribery, Anti-Discrimination, Taxes, Security Research and Open Source and Community Work.

Code of Conduct

Our environmental, social and corporate governance (ESG) policies are the basis for our Code of Conduct. Our ESG policies are approved by our board. We periodically review and communicate our Code of Conduct to our staff, suppliers and partners. Our Code of Conduct is public and it is shared openly.

Supplier Code of Conduct

Our Code of Conduct and its major updates are communicated to the suppliers and partners and we expect them to uphold the same standards and to obey the legal obligations and local regulations.

Anti-Bribery Policy

We have zero tolerance towards acts of bribery and corruption, by any employee or anyone acting on our behalf. We, our partners and suppliers should "not offer, promise or give undue pecuniary or other advantage to public officials or the employees of business partners. ... Enterprises should not use third parties such as agents and other intermediaries, consultants, representatives, distributors, consortia, contractors and suppliers and joint venture partners for channelling undue pecuniary or other advantages to public officials, or to employees of their business partners or to their relatives or business associates.", see also further guidelines in chapter "Combating Bribery, Bribe Solicitation and Extortion" in OECD's OECD Guidelines for Multinational Enterprises.

Anti-Discrimination Policy

We have zero tolerance for discrimination, see https://www.syrjinta.fi/syrjinta (Finnish) and https://www.syrjinta.fi/web/en/discrimination (English). We follow the Finnish law on non-discrimination.

Child & Forced Labour Policy

We forbid use of child and forced labour as defined by the Finnish laws, see Laki nuorista työntekijöistä and Valtioneuvoston asetus nuorille työntekijöille erityisen haitallisista ja vaarallisista töistä.

Environmental Policy

As a bare minimum we, our suppliers and partners are to follow environmental laws, in Finland see Luonnonsuojelulaki. However, we strongly encourage going beyond that. We will be periodically reviewing United Nations' Sustainable Development goals for goal setting and adoption in our operations.

Health and Safety Policy

We follow Finnish laws for health and safety in employment and workplace, see Työterveyshuoltolaki and Työturvallisuuslaki. Local laws should be respected abroad.

Open Source and Community Work

Our employees and suppliers are encouraged to participate in community efforts such as developing and contributing to free open source software (FOSS). Contributing to the common good is a shared interest.

Security Research

Our employees and suppliers who participate in security and vulnerability research are encouraged to work responsibly and disclose any findings with care (e.g. using a responsible disclosure model).

Tax Policy

We have a zero tolerance to tax evasion and the facilitation of tax evasion. We are not engaged in aggressive tax planning. Our headquarters is in Finland and we follow local tax laws in regions where we operate.

Standard Clause for Suppliers and Partners

All Suppliers and Partners can include the following standard clause (or equivalent content in their own language) into their contract terms to demonstrate their willingness to uphold our ESG standards.

"The Supplier/Contractor/Partner has received a copy of the Company's Code of Conduct at https:/docs.badrap.io/esg.html and agrees to uphold or to exceed the same standards and to obey legal obligations and local regulations."

',27),t=[i];function s(l,c){return n(),a("div",null,t)}const p=e(o,[["render",s],["__file","esg.html.vue"]]),h=JSON.parse('{"path":"/esg.html","title":"Environmental, Social and Governance Policy - Badrap Oy","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Corporate Responsibility Statement","slug":"corporate-responsibility-statement","link":"#corporate-responsibility-statement","children":[]},{"level":2,"title":"Code of Conduct","slug":"code-of-conduct","link":"#code-of-conduct","children":[]},{"level":2,"title":"Supplier Code of Conduct","slug":"supplier-code-of-conduct","link":"#supplier-code-of-conduct","children":[]},{"level":2,"title":"Anti-Bribery Policy","slug":"anti-bribery-policy","link":"#anti-bribery-policy","children":[]},{"level":2,"title":"Anti-Discrimination Policy","slug":"anti-discrimination-policy","link":"#anti-discrimination-policy","children":[]},{"level":2,"title":"Child & Forced Labour Policy","slug":"child-forced-labour-policy","link":"#child-forced-labour-policy","children":[]},{"level":2,"title":"Environmental Policy","slug":"environmental-policy","link":"#environmental-policy","children":[]},{"level":2,"title":"Health and Safety Policy","slug":"health-and-safety-policy","link":"#health-and-safety-policy","children":[]},{"level":2,"title":"Open Source and Community Work","slug":"open-source-and-community-work","link":"#open-source-and-community-work","children":[]},{"level":2,"title":"Security Research","slug":"security-research","link":"#security-research","children":[]},{"level":2,"title":"Tax Policy","slug":"tax-policy","link":"#tax-policy","children":[]},{"level":2,"title":"Standard Clause for Suppliers and Partners","slug":"standard-clause-for-suppliers-and-partners","link":"#standard-clause-for-suppliers-and-partners","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"esg.md"}');export{p as comp,h as data}; diff --git a/assets/expired-certificate.html-DUS018mF.js b/assets/expired-certificate.html-DqdbSSoa.js similarity index 96% rename from assets/expired-certificate.html-DUS018mF.js rename to assets/expired-certificate.html-DqdbSSoa.js index a98f97f1..51e17d1e 100644 --- a/assets/expired-certificate.html-DUS018mF.js +++ b/assets/expired-certificate.html-DqdbSSoa.js @@ -1 +1 @@ -import{_ as e,c as i,o as t,e as r}from"./app-CxPUdK5a.js";const a={},s=r('

Expired Certificate

A TLS certificate issued to a host at your organization has expired. The certificate has not yet been renewed.

Problem description

Publically available Certificate Transparency logs contain information on all TLS certificates that have been generated into use. According to those logs, a certificate assigned to a host in your organization has expired, and it has not yet been renewed. When a certificate expires, services relying on TLS on that host no longer work correctly, and those services may not be reachable by their intended users.

Verifying the issue

You can use a public Certificate Transparency logs search engine such as crt.sh to check the status of your certificate. Replace the hostname in the query string with your hostname.

  • https://crt.sh/?q=host.example.com

Note that if you are replacing a host-specific certificate with a wildcard certificate (e.g. "*.example.com"), this may be a perfectly valid reason to let the old host certificate expire.

Suggestions for repair

  1. Check if the host and service with the TLS certificate is still in active use. If the server is no longer needed, decommission it.
  2. If the service is in active use, find out who is responsible for renewing TLS certificates for your organization.
  3. Ask them to renew the TLS certificate and to install the new certificate in place.

Protecting against future incidents

  1. Monitor your TLS certificates actively for expiration.
  2. Renew your actively used certificates automatically, if possible.
  3. Make sure that you have named service owners who are responsible for maintaining certificates on their systems.
  4. Decommission legacy servers when they are no longer needed.
',12),n=[s];function o(c,l){return t(),i("div",null,n)}const d=e(a,[["render",o],["__file","expired-certificate.html.vue"]]),p=JSON.parse('{"path":"/types/expired-certificate.html","title":"Expired Certificate","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Verifying the issue","slug":"verifying-the-issue","link":"#verifying-the-issue","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]},{"level":2,"title":"Protecting against future incidents","slug":"protecting-against-future-incidents","link":"#protecting-against-future-incidents","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/expired-certificate.md"}');export{d as comp,p as data}; +import{_ as e,c as i,o as t,e as r}from"./app-DhWbOGxr.js";const a={},s=r('

Expired Certificate

A TLS certificate issued to a host at your organization has expired. The certificate has not yet been renewed.

Problem description

Publically available Certificate Transparency logs contain information on all TLS certificates that have been generated into use. According to those logs, a certificate assigned to a host in your organization has expired, and it has not yet been renewed. When a certificate expires, services relying on TLS on that host no longer work correctly, and those services may not be reachable by their intended users.

Verifying the issue

You can use a public Certificate Transparency logs search engine such as crt.sh to check the status of your certificate. Replace the hostname in the query string with your hostname.

  • https://crt.sh/?q=host.example.com

Note that if you are replacing a host-specific certificate with a wildcard certificate (e.g. "*.example.com"), this may be a perfectly valid reason to let the old host certificate expire.

Suggestions for repair

  1. Check if the host and service with the TLS certificate is still in active use. If the server is no longer needed, decommission it.
  2. If the service is in active use, find out who is responsible for renewing TLS certificates for your organization.
  3. Ask them to renew the TLS certificate and to install the new certificate in place.

Protecting against future incidents

  1. Monitor your TLS certificates actively for expiration.
  2. Renew your actively used certificates automatically, if possible.
  3. Make sure that you have named service owners who are responsible for maintaining certificates on their systems.
  4. Decommission legacy servers when they are no longer needed.
',12),n=[s];function o(c,l){return t(),i("div",null,n)}const d=e(a,[["render",o],["__file","expired-certificate.html.vue"]]),p=JSON.parse('{"path":"/types/expired-certificate.html","title":"Expired Certificate","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Verifying the issue","slug":"verifying-the-issue","link":"#verifying-the-issue","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]},{"level":2,"title":"Protecting against future incidents","slug":"protecting-against-future-incidents","link":"#protecting-against-future-incidents","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/expired-certificate.md"}');export{d as comp,p as data}; diff --git a/assets/exposed-service.html-4WdTnU5-.js b/assets/exposed-service.html-B4B1NCQg.js similarity index 97% rename from assets/exposed-service.html-4WdTnU5-.js rename to assets/exposed-service.html-B4B1NCQg.js index 8bc3216d..c93f9ce1 100644 --- a/assets/exposed-service.html-4WdTnU5-.js +++ b/assets/exposed-service.html-B4B1NCQg.js @@ -1 +1 @@ -import{_ as e,c as i,o as t,e as s}from"./app-CxPUdK5a.js";const r={},a=s('

Exposed Service

A computer with an Internet-facing IP address at your organization has a database, remote administration or a file sharing service exposed to the Internet. Attackers may try to abuse these exposed services to steal data or to gain access to the server. The exposed service should be verified and isolated, if it does not need to be exposed to the public.

Problem description

Databases, remote administration interfaces or file shares should not be visible directly to the Internet, unless there is a very specific need. Databases accidentally left open to the Internet are a common cause for severe data breaches.

Even if the system is carefully configured to require proper access control, any new vulnerabilities in the exposed services may be abused by attackers before security updates are released and installed.

Verifying the issue

You can check if Shodan.io has identified your exposed service with the following query. Replace the example IP address in the query string with your server IP.

  • https://www.shodan.io/search?query=127.0.0.1

Make sure to pay attention to the "last seen" timestamp in Shodan's information page. If the issue was last observed some time ago, it may already be fixed. If the issue has been observed recently, the service is likely still exposed. Despite what Shodan says, always verify the issue by checking the server itself or by trying to connect to the exposed service.

Suggestions for repair

  1. Find out if the server is still being used. If it is not needed any more, decommission it.
  2. If the server cannot be decommissioned, verify if its services really need to be publicly visible to the Internet.
  3. Make sure that the exposed service is properly access-controlled, at a minimum with a non-default username and password.
  4. If the services do not need to be visible to the Internet, block access with a firewall and/or configure the service to only accept connection attempts from within your own organization.
  5. If remote connectivity is necessary, consider if the remote connection could be arranged securely. For instance, consider requiring a VPN.
  6. Check from logs if the server has been accessed without authorization.

Further considerations

  • Does the server contain confidential information for you or your customers?
  • Is the server properly access-controlled?
  • Have any passwords relating to the server been available anywhere (please note e.g. default passwords, or passwords that might have leaked to the public through application code accessing the server)?
  • How are you ensuring that all available security updates for the server are regularly installed and maintained?
  • How are you monitoring possible exploitation attempts against the server?
  • If the server is running a database, can it be remotely accessed without encryption?

Protecting against future incidents

  1. When designing a new service, try to limit its exposure to a minimum.
  2. Allow access to the service only from a limited set of trusted IP addresses or networks.
  3. Never expose a service with a default username or password to the public. Use a strong username and password for authentication.
  4. Allow access to the service only after some form of authentication and authorization (e.g. a VPN or single sign-on). Require users to use multi-factor authentication, if possible.
  5. Make sure that you have named service owners who follow vulnerability reports and install updates whenever new vulnerabilities are announced.
  6. Continue to identify exposed services automatically. Decommission any servers which are no longer needed.
',15),n=[a];function o(l,c){return t(),i("div",null,n)}const h=e(r,[["render",o],["__file","exposed-service.html.vue"]]),u=JSON.parse('{"path":"/types/exposed-service.html","title":"Exposed Service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Verifying the issue","slug":"verifying-the-issue","link":"#verifying-the-issue","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]},{"level":2,"title":"Further considerations","slug":"further-considerations","link":"#further-considerations","children":[]},{"level":2,"title":"Protecting against future incidents","slug":"protecting-against-future-incidents","link":"#protecting-against-future-incidents","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/exposed-service.md"}');export{h as comp,u as data}; +import{_ as e,c as i,o as t,e as s}from"./app-DhWbOGxr.js";const r={},a=s('

Exposed Service

A computer with an Internet-facing IP address at your organization has a database, remote administration or a file sharing service exposed to the Internet. Attackers may try to abuse these exposed services to steal data or to gain access to the server. The exposed service should be verified and isolated, if it does not need to be exposed to the public.

Problem description

Databases, remote administration interfaces or file shares should not be visible directly to the Internet, unless there is a very specific need. Databases accidentally left open to the Internet are a common cause for severe data breaches.

Even if the system is carefully configured to require proper access control, any new vulnerabilities in the exposed services may be abused by attackers before security updates are released and installed.

Verifying the issue

You can check if Shodan.io has identified your exposed service with the following query. Replace the example IP address in the query string with your server IP.

  • https://www.shodan.io/search?query=127.0.0.1

Make sure to pay attention to the "last seen" timestamp in Shodan's information page. If the issue was last observed some time ago, it may already be fixed. If the issue has been observed recently, the service is likely still exposed. Despite what Shodan says, always verify the issue by checking the server itself or by trying to connect to the exposed service.

Suggestions for repair

  1. Find out if the server is still being used. If it is not needed any more, decommission it.
  2. If the server cannot be decommissioned, verify if its services really need to be publicly visible to the Internet.
  3. Make sure that the exposed service is properly access-controlled, at a minimum with a non-default username and password.
  4. If the services do not need to be visible to the Internet, block access with a firewall and/or configure the service to only accept connection attempts from within your own organization.
  5. If remote connectivity is necessary, consider if the remote connection could be arranged securely. For instance, consider requiring a VPN.
  6. Check from logs if the server has been accessed without authorization.

Further considerations

  • Does the server contain confidential information for you or your customers?
  • Is the server properly access-controlled?
  • Have any passwords relating to the server been available anywhere (please note e.g. default passwords, or passwords that might have leaked to the public through application code accessing the server)?
  • How are you ensuring that all available security updates for the server are regularly installed and maintained?
  • How are you monitoring possible exploitation attempts against the server?
  • If the server is running a database, can it be remotely accessed without encryption?

Protecting against future incidents

  1. When designing a new service, try to limit its exposure to a minimum.
  2. Allow access to the service only from a limited set of trusted IP addresses or networks.
  3. Never expose a service with a default username or password to the public. Use a strong username and password for authentication.
  4. Allow access to the service only after some form of authentication and authorization (e.g. a VPN or single sign-on). Require users to use multi-factor authentication, if possible.
  5. Make sure that you have named service owners who follow vulnerability reports and install updates whenever new vulnerabilities are announced.
  6. Continue to identify exposed services automatically. Decommission any servers which are no longer needed.
',15),n=[a];function o(l,c){return t(),i("div",null,n)}const h=e(r,[["render",o],["__file","exposed-service.html.vue"]]),u=JSON.parse('{"path":"/types/exposed-service.html","title":"Exposed Service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Verifying the issue","slug":"verifying-the-issue","link":"#verifying-the-issue","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]},{"level":2,"title":"Further considerations","slug":"further-considerations","link":"#further-considerations","children":[]},{"level":2,"title":"Protecting against future incidents","slug":"protecting-against-future-incidents","link":"#protecting-against-future-incidents","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/exposed-service.md"}');export{h as comp,u as data}; diff --git a/assets/faq.html-Dc6FysBz.js b/assets/faq.html-CyrcwVJL.js similarity index 99% rename from assets/faq.html-Dc6FysBz.js rename to assets/faq.html-CyrcwVJL.js index e47d8f97..1eddad7e 100644 --- a/assets/faq.html-Dc6FysBz.js +++ b/assets/faq.html-CyrcwVJL.js @@ -1 +1 @@ -import{_ as i,c as n,a as t,d as e,b as s,w as o,e as a,r as l,o as d}from"./app-CxPUdK5a.js";const h={},c=a('

Frequently Asked Questions

Why did you make this service?

We've worked a long time in information security. A really long time. We've witnessed the benefits of exchanging security information, and the downsides of blocking information flows. We know how hard it is for Internet users to search for their own data from various services. We have friends and family who roll their eyes about infosec news and wonder if they have vulnerable devices in their own networks. We want to make exchanging security information so easy and efficient, that both home users as well as enterprises can search for their own data easily and find out if they are vulnerable.

Is there any danger if I search for my own data in your service?

Absolutely not. Information about your personal network assets (e.g., IP addresses, email addresses) already exists out in the Internet. By searching for your own data through our service, you just search for your own assets from existing data sets published by security researchers. We could show the results for your assets as soon as you enter our site, but we decided to put the search functionality behind a button, so that we do not do anything without your explicit consent, and that we can separate users who are really interested in our service from random passers-by.

Why is this a free service?

Some say if you are not paying for the product, you are the product. This refers to companies who provide free services for individuals in order to sell ads. This is not our business model. We want to democratize security information, and free service for individuals was always part of that plan. And of course, we hope that some of the happy Badrap users will become Badrap customers later. We have commercial services for companies, who want to protect their employees and infrastructure. We've also received private funding from the founders, ScanABC, as well as some public funding from TEKES. If you like the service and think we're doing an important job, please use it as much as you can and tell others about it. This helps us verify our ideas and to prove that this kind of service is truly needed in today's world.

Where do the security researchers' warnings come from?

We've started by requesting data from a few extremely credible and well-qualified sources which we know really well. These same sources are used by many other organizations who are interested in security and vulnerability observations. We are also constantly looking to add more good-quality sources for vulnerability information. Our current partners are:

Are you monitoring me or my networks?

Short answer: no.

',12),u=a('

A quick demonstration about this. We use Google Analytics to collect statistics about our visitors, just like other web sites. Statistics are important to us so that we can improve the service. Here's how you can prevent us from collecting your visitor analytics.

You can block our analytics by using an adblocker extension in your web browser. For instance, uBlock Origin is a good extension to use with Google Chrome. For mobile devices, you can use a privacy-oriented browser such as Ghostery or Firefox Focus. Now that we told you this, please allow our site analytics in the privacy tool of your choice and block everything else. 😃

If I create an account, will you send me spam?

No way. If you want, you can request automatic notifications on any new information regarding your IP addresses or email addresses. If any new vulnerabilities appear, you will get a notification via email. We also may inform you about major updates to the service as well as new features that affect its use substantially. You can always remove any registered assets from your notifications as well as deny all email notifications completely.

What is the data breach monitoring service (or "Have I Been Pwned integration")?

We started off Badrap by allowing you to search for security information relating to your important IP addresses. However, IP addresses are just one type of valuable network asset. We have added email addresses as another asset type that you can search for and get notified about. For this, we integrate with security researcher Troy Hunt's data breach search engine Have I Been Pwned. It allows you to search for information relating to your email addresses among publically available data breach datasets. These data breaches may include in addition to your email addresses other personal data such as passwords, home address, telephone number, etc. In addition to IP addresses and email addresses, we may also add other asset types in the future - let us know if you have some good ideas!

What is a data breach and what can it contain?

',7),y=a('

How does the Have I Been Pwned search feature work?

The Have I Been Pwned search feature works similarly to what we have been doing with IP addresses. You register your email address into our service so that we believe you have a right to search for available security information relating to it. You may register multiple email addresses, as long as you can verify that you have access to those addresses. We then help you search for security information relating to your email addresses from available good-quality sources. Initially, we use security researcher Troy Hunt's widely publicized and credible data breach reporting service Have I Been Pwned to tell you about publically known security incidents relating to your email addresses, such as data breaches.

The Have I Been Pwned search feature works slightly differently in the sense that when you enable the feature for your Badrap user account and register one or more email addresses as your assets, we have to submit your registered email addresses to the I Have Been Pwned search interface. That service does not log any searches or store your email addresses when searched. We explicitly ask for your consent and permission if you want to enable the Have I Been Pwned search functionality. As with any other services, if you do not trust Badrap or Have I Been Pwned to handle your email addresses properly, you can simply choose not to enable the Have I Been Pwned search feature.

How do I register multiple email addresses?

Your Badrap user account is initially tied to one primary email address, the one you provide when you create your account. When you register, we send you a verification link to that email address, and you use that link to verify that you own that address. After you have created an account, you may add other email addresses under your account. In the same way than upon initial registration, we will send a verification link to each email address that you want to register, and you must use that link to verify you have access to those additional addresses. After you register a new email address, it will show up under your user account as another network asset - the same way that happens when you register multiple IP addresses. You will also get another notification email to that address, confirming that the address was successfully registered.

What happens if someone else tries to claim my email address?

You will always get a verification link if anyone tries to register your email address to Badrap. If you have not registered that email address yourself, you can simply ignore the verification request. If you have registered the address yourself or want to give someone else permission to register your email address on your behalf, you may accept the request. You can also opt to remove your address from Badrap completely by clicking on the "remove this email address" link in the verification email. This will remove your email address from all registered assets in Badrap, under yourself and any other user accounts that have registered it.

Finally

We hope we were able to answer your questions above!

You can always check the status of your current IP address with any web browser without creating an account. However, by registering you can also search for information regarding your email addresses and possibly other personal assets in the future. By registering you can also get notifications regarding your registered assets, which means you will automatically receive any new security warnings by email. That way you can easily get up-to-date information on all of the different IP addresses that you use daily at home, at work, or at the coffee shop, as well as new security information relating to your email addresses.

Create an account »

',11);function m(w,f){const r=l("RouteLink");return d(),n("div",null,[c,t("p",null,[e("You can find a longer answer in our "),s(r,{to:"/privacy.html"},{default:o(()=>[e("privacy policy")]),_:1}),e(". We improve our service based on usage statistics, just like all other Internet websites out there. Our difference is that we continuously try to think about how we could improve your privacy even more when using the service.")]),u,t("p",null,[e("A data breach usually contains personal data stolen or inadvertently made public from a closed database. The most typical form of data breach happens when you register for a service, the service contains some kind of security vulnerability or is otherwise inadequately protected, and your personal data is copied from the service database. Data breaches typically contain your email addresses, any other personal data, passwords, and in really severe cases even things like credit card details or bank account information. You can read more about data breaches from our "),s(r,{to:"/types/databreach.html"},{default:o(()=>[e("instructions")]),_:1}),e(".")]),y])}const v=i(h,[["render",m],["__file","faq.html.vue"]]),g=JSON.parse(`{"path":"/faq.html","title":"Frequently Asked Questions","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Why did you make this service?","slug":"why-did-you-make-this-service","link":"#why-did-you-make-this-service","children":[]},{"level":2,"title":"Is there any danger if I search for my own data in your service?","slug":"is-there-any-danger-if-i-search-for-my-own-data-in-your-service","link":"#is-there-any-danger-if-i-search-for-my-own-data-in-your-service","children":[]},{"level":2,"title":"Why is this a free service?","slug":"why-is-this-a-free-service","link":"#why-is-this-a-free-service","children":[]},{"level":2,"title":"Where do the security researchers' warnings come from?","slug":"where-do-the-security-researchers-warnings-come-from","link":"#where-do-the-security-researchers-warnings-come-from","children":[]},{"level":2,"title":"Are you monitoring me or my networks?","slug":"are-you-monitoring-me-or-my-networks","link":"#are-you-monitoring-me-or-my-networks","children":[]},{"level":2,"title":"If I create an account, will you send me spam?","slug":"if-i-create-an-account-will-you-send-me-spam","link":"#if-i-create-an-account-will-you-send-me-spam","children":[]},{"level":2,"title":"What is the data breach monitoring service (or \\"Have I Been Pwned integration\\")?","slug":"what-is-the-data-breach-monitoring-service-or-have-i-been-pwned-integration","link":"#what-is-the-data-breach-monitoring-service-or-have-i-been-pwned-integration","children":[]},{"level":2,"title":"What is a data breach and what can it contain?","slug":"what-is-a-data-breach-and-what-can-it-contain","link":"#what-is-a-data-breach-and-what-can-it-contain","children":[]},{"level":2,"title":"How does the Have I Been Pwned search feature work?","slug":"how-does-the-have-i-been-pwned-search-feature-work","link":"#how-does-the-have-i-been-pwned-search-feature-work","children":[]},{"level":2,"title":"How do I register multiple email addresses?","slug":"how-do-i-register-multiple-email-addresses","link":"#how-do-i-register-multiple-email-addresses","children":[]},{"level":2,"title":"What happens if someone else tries to claim my email address?","slug":"what-happens-if-someone-else-tries-to-claim-my-email-address","link":"#what-happens-if-someone-else-tries-to-claim-my-email-address","children":[]},{"level":2,"title":"Finally","slug":"finally","link":"#finally","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"faq.md"}`);export{v as comp,g as data}; +import{_ as i,c as n,a as t,d as e,b as s,w as o,e as a,r as l,o as d}from"./app-DhWbOGxr.js";const h={},c=a('

Frequently Asked Questions

Why did you make this service?

We've worked a long time in information security. A really long time. We've witnessed the benefits of exchanging security information, and the downsides of blocking information flows. We know how hard it is for Internet users to search for their own data from various services. We have friends and family who roll their eyes about infosec news and wonder if they have vulnerable devices in their own networks. We want to make exchanging security information so easy and efficient, that both home users as well as enterprises can search for their own data easily and find out if they are vulnerable.

Is there any danger if I search for my own data in your service?

Absolutely not. Information about your personal network assets (e.g., IP addresses, email addresses) already exists out in the Internet. By searching for your own data through our service, you just search for your own assets from existing data sets published by security researchers. We could show the results for your assets as soon as you enter our site, but we decided to put the search functionality behind a button, so that we do not do anything without your explicit consent, and that we can separate users who are really interested in our service from random passers-by.

Why is this a free service?

Some say if you are not paying for the product, you are the product. This refers to companies who provide free services for individuals in order to sell ads. This is not our business model. We want to democratize security information, and free service for individuals was always part of that plan. And of course, we hope that some of the happy Badrap users will become Badrap customers later. We have commercial services for companies, who want to protect their employees and infrastructure. We've also received private funding from the founders, ScanABC, as well as some public funding from TEKES. If you like the service and think we're doing an important job, please use it as much as you can and tell others about it. This helps us verify our ideas and to prove that this kind of service is truly needed in today's world.

Where do the security researchers' warnings come from?

We've started by requesting data from a few extremely credible and well-qualified sources which we know really well. These same sources are used by many other organizations who are interested in security and vulnerability observations. We are also constantly looking to add more good-quality sources for vulnerability information. Our current partners are:

Are you monitoring me or my networks?

Short answer: no.

',12),u=a('

A quick demonstration about this. We use Google Analytics to collect statistics about our visitors, just like other web sites. Statistics are important to us so that we can improve the service. Here's how you can prevent us from collecting your visitor analytics.

You can block our analytics by using an adblocker extension in your web browser. For instance, uBlock Origin is a good extension to use with Google Chrome. For mobile devices, you can use a privacy-oriented browser such as Ghostery or Firefox Focus. Now that we told you this, please allow our site analytics in the privacy tool of your choice and block everything else. 😃

If I create an account, will you send me spam?

No way. If you want, you can request automatic notifications on any new information regarding your IP addresses or email addresses. If any new vulnerabilities appear, you will get a notification via email. We also may inform you about major updates to the service as well as new features that affect its use substantially. You can always remove any registered assets from your notifications as well as deny all email notifications completely.

What is the data breach monitoring service (or "Have I Been Pwned integration")?

We started off Badrap by allowing you to search for security information relating to your important IP addresses. However, IP addresses are just one type of valuable network asset. We have added email addresses as another asset type that you can search for and get notified about. For this, we integrate with security researcher Troy Hunt's data breach search engine Have I Been Pwned. It allows you to search for information relating to your email addresses among publically available data breach datasets. These data breaches may include in addition to your email addresses other personal data such as passwords, home address, telephone number, etc. In addition to IP addresses and email addresses, we may also add other asset types in the future - let us know if you have some good ideas!

What is a data breach and what can it contain?

',7),y=a('

How does the Have I Been Pwned search feature work?

The Have I Been Pwned search feature works similarly to what we have been doing with IP addresses. You register your email address into our service so that we believe you have a right to search for available security information relating to it. You may register multiple email addresses, as long as you can verify that you have access to those addresses. We then help you search for security information relating to your email addresses from available good-quality sources. Initially, we use security researcher Troy Hunt's widely publicized and credible data breach reporting service Have I Been Pwned to tell you about publically known security incidents relating to your email addresses, such as data breaches.

The Have I Been Pwned search feature works slightly differently in the sense that when you enable the feature for your Badrap user account and register one or more email addresses as your assets, we have to submit your registered email addresses to the I Have Been Pwned search interface. That service does not log any searches or store your email addresses when searched. We explicitly ask for your consent and permission if you want to enable the Have I Been Pwned search functionality. As with any other services, if you do not trust Badrap or Have I Been Pwned to handle your email addresses properly, you can simply choose not to enable the Have I Been Pwned search feature.

How do I register multiple email addresses?

Your Badrap user account is initially tied to one primary email address, the one you provide when you create your account. When you register, we send you a verification link to that email address, and you use that link to verify that you own that address. After you have created an account, you may add other email addresses under your account. In the same way than upon initial registration, we will send a verification link to each email address that you want to register, and you must use that link to verify you have access to those additional addresses. After you register a new email address, it will show up under your user account as another network asset - the same way that happens when you register multiple IP addresses. You will also get another notification email to that address, confirming that the address was successfully registered.

What happens if someone else tries to claim my email address?

You will always get a verification link if anyone tries to register your email address to Badrap. If you have not registered that email address yourself, you can simply ignore the verification request. If you have registered the address yourself or want to give someone else permission to register your email address on your behalf, you may accept the request. You can also opt to remove your address from Badrap completely by clicking on the "remove this email address" link in the verification email. This will remove your email address from all registered assets in Badrap, under yourself and any other user accounts that have registered it.

Finally

We hope we were able to answer your questions above!

You can always check the status of your current IP address with any web browser without creating an account. However, by registering you can also search for information regarding your email addresses and possibly other personal assets in the future. By registering you can also get notifications regarding your registered assets, which means you will automatically receive any new security warnings by email. That way you can easily get up-to-date information on all of the different IP addresses that you use daily at home, at work, or at the coffee shop, as well as new security information relating to your email addresses.

Create an account »

',11);function m(w,f){const r=l("RouteLink");return d(),n("div",null,[c,t("p",null,[e("You can find a longer answer in our "),s(r,{to:"/privacy.html"},{default:o(()=>[e("privacy policy")]),_:1}),e(". We improve our service based on usage statistics, just like all other Internet websites out there. Our difference is that we continuously try to think about how we could improve your privacy even more when using the service.")]),u,t("p",null,[e("A data breach usually contains personal data stolen or inadvertently made public from a closed database. The most typical form of data breach happens when you register for a service, the service contains some kind of security vulnerability or is otherwise inadequately protected, and your personal data is copied from the service database. Data breaches typically contain your email addresses, any other personal data, passwords, and in really severe cases even things like credit card details or bank account information. You can read more about data breaches from our "),s(r,{to:"/types/databreach.html"},{default:o(()=>[e("instructions")]),_:1}),e(".")]),y])}const v=i(h,[["render",m],["__file","faq.html.vue"]]),g=JSON.parse(`{"path":"/faq.html","title":"Frequently Asked Questions","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Why did you make this service?","slug":"why-did-you-make-this-service","link":"#why-did-you-make-this-service","children":[]},{"level":2,"title":"Is there any danger if I search for my own data in your service?","slug":"is-there-any-danger-if-i-search-for-my-own-data-in-your-service","link":"#is-there-any-danger-if-i-search-for-my-own-data-in-your-service","children":[]},{"level":2,"title":"Why is this a free service?","slug":"why-is-this-a-free-service","link":"#why-is-this-a-free-service","children":[]},{"level":2,"title":"Where do the security researchers' warnings come from?","slug":"where-do-the-security-researchers-warnings-come-from","link":"#where-do-the-security-researchers-warnings-come-from","children":[]},{"level":2,"title":"Are you monitoring me or my networks?","slug":"are-you-monitoring-me-or-my-networks","link":"#are-you-monitoring-me-or-my-networks","children":[]},{"level":2,"title":"If I create an account, will you send me spam?","slug":"if-i-create-an-account-will-you-send-me-spam","link":"#if-i-create-an-account-will-you-send-me-spam","children":[]},{"level":2,"title":"What is the data breach monitoring service (or \\"Have I Been Pwned integration\\")?","slug":"what-is-the-data-breach-monitoring-service-or-have-i-been-pwned-integration","link":"#what-is-the-data-breach-monitoring-service-or-have-i-been-pwned-integration","children":[]},{"level":2,"title":"What is a data breach and what can it contain?","slug":"what-is-a-data-breach-and-what-can-it-contain","link":"#what-is-a-data-breach-and-what-can-it-contain","children":[]},{"level":2,"title":"How does the Have I Been Pwned search feature work?","slug":"how-does-the-have-i-been-pwned-search-feature-work","link":"#how-does-the-have-i-been-pwned-search-feature-work","children":[]},{"level":2,"title":"How do I register multiple email addresses?","slug":"how-do-i-register-multiple-email-addresses","link":"#how-do-i-register-multiple-email-addresses","children":[]},{"level":2,"title":"What happens if someone else tries to claim my email address?","slug":"what-happens-if-someone-else-tries-to-claim-my-email-address","link":"#what-happens-if-someone-else-tries-to-claim-my-email-address","children":[]},{"level":2,"title":"Finally","slug":"finally","link":"#finally","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"faq.md"}`);export{v as comp,g as data}; diff --git a/assets/faq.html-BGXQxLi4.js b/assets/faq.html-fnlksrTh.js similarity index 98% rename from assets/faq.html-BGXQxLi4.js rename to assets/faq.html-fnlksrTh.js index e90d4d1a..0272db35 100644 --- a/assets/faq.html-BGXQxLi4.js +++ b/assets/faq.html-fnlksrTh.js @@ -1 +1 @@ -import{_ as e,c as s,a as n,d as t,b as o,w as l,e as a,r as u,o as k}from"./app-CxPUdK5a.js";const r={},m=a('

Usein kysytyt kysymykset

Mitä hyötyä palvelusta on?

Badrap välittää tietoturvatutkijoiden varoitukset sinulle. Se yhdistää useiden tutkijoiden tuottamat tiedot yhteen paikkaan ja selittää mahdolliset havainnot kansantajuisesti. Lisäksi Badrap neuvoo mitä sinun kannattaa tehdä, jos havaintoja löytyy. Sinun ei tarvitse käyttää jatkuvasti Badrapiä. Jos rekisteröidyt palveluun, Badrap kertoo sinulle uusista varoituksista sähköpostitse.

Huolehdin läheisteni tietoturvasta, onnistuuko se Badrapin avulla?

Lisää läheisten sähköpostiosoitteet tietovuotoseurantaan. Badrap lähettää heille samanlaisen vahvistusviestin, mitä itsekin sait. Kun läheinen antaa hyväksyntänsä, hänen sähköpostiosoitteensa ilmestyy listallesi.

Miksi teitte tämän palvelun?

Olemme työskennelleet tietoturva-alalla pitkään. Tosi pitkään. Olemme nähneet tietoturvatiedon välittämisen edut, ja tiedon blokkaamisen haitat. Tiedämme miten hankala netin käyttäjien on etsiä omia tietojaan eri lähteistä. Meillä on omia lähimmäisiä jotka ihmettelevät tietoturvauutisia ja miettivät onko omassa verkossa haavoittuvia laitteita. Haluamme tehdä tietoturvatietojen välittämisen niin tehokkaaksi, että kotikäyttäjät sekä yritykset voivat etsiä omia tietojaan helposti.

Onko tulosten katsomisesta minulle jotain haittaa?

Ei missään nimessä. IP-osoitettasi koskevat tiedot ovat jo olemassa. Painamalla nappia haet vain omaa osoitettasi tietoturvatutkijoiden tiedoista. Voisimme näyttää tulokset heti kun saavut palveluun, mutta laitoimme tulokset napin taakse, jotta emme tee mitään ilman suostumustasi ja että erotamme palvelusta oikeasti kiinnostuneet käyttäjät satunnaisista sivuille eksyneistä.

Sähköpostiosoitteeseesi liittyvät varoitukset tarkastamme tekemällä kyselyn tietoturvapiireissä mainetta niittäneen Troy Huntin Have I Been Pwned -palvelusta. Tähän tarkastukseen sinun pitää antaa erikseen lupa, koska emme halua paljastaa identiteettiäsi ilman lupaasi. Uskaltaako lupaa antaa? Sekä meidän että Troy Huntin palvelu on F-Securen Herrasmieshakkereiden Mikko Hyppösen ja Tomi Tuomisen suosittelema. He sanoivat "kyllä" ja me olemme samaa mieltä!

Miksi palvelu on ilmainen?

Meillä on erilliset kaupalliset lisäpalvelut kuluttajille suunnatun ilmaispalvelun lisäksi. Kyberhygieniaa työntekijöille -palvelu innostaa ja valistaa yrityksen työntekijöitä huolehtimaan tietoturvasta. Yritykset voivat myös ottaa omia suojattavia kohteitaan seurantaan automaattisesti, erillisten Badrap Appien avulla.

Ilmaispalvelu lisää meidän tunnettuvuuttamme ja on yksi keino muiden joukossa poistaa kaikki tietoturvatiedon välittämiseen liittyvät esteet.

Mistä tietoturvatutkijoiden varoitukset tulevat?

Aloitimme pyytämällä dataa muutamasta meille ennestään tutusta äärimmäisen laadukkaasta ja luotettavasta lähteestä, joita käyttävät myös monet muut tietoturvasta ja haavoittuvuushavainnoista kiinnostuneet tahot.

Ajantasainen lista tietoturvatutkijoista löytyy osoitteesta https://badrap.io/researchers

Minkälaista tietoa Badrapistä saa?

Meillä on kolmea erityyppistä tietoturvatietoa:

  • Tietovuodot - ovatko Internetin palvelut vuotaneet sinun henkilökohtaisia tietojasi.
  • Haavoittuvuudet - onko IP-osoitteessasi, josta kytkeydyt Internetiin, havaittu haavoittuvuuksia, jotka kannattaisi korjata ennen kuin joku käyttää niitä hyväksi.
  • Hyökkäykset - joskus voit olla hyökkääjä tietämättäsi. Jos koneellasi esimerkiksi sattuisi olemaan haittaohjelma, voisi se etsiä aktiivisesti uusia uhreja. Olet itsekin uhri, mutta uuden uhrin näkökulmasta hyökkääjä. Firman nimi tulee muuten tästä: Bad rap - ansaitsematon huono maine, kuten Merriam-Webster termin määrittää.

Seuraatteko minua tai verkkojani?

Lyhyt vastaus: emme.

',21),h=a('

Demonstroidaanpa: tilastointi on meille tärkeää, jotta voimme kehittää palvelua. Kerromme nyt miten estät tilastoinnin.

Voit estää tilastoinnin käyttämällä selaimessasi sisällön estäjää. Esimerkiksi uBlock Origin toimii sekä [Chromessa][https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm] että Firefoxissa Samalla kun estät tilastoinnin ja mainokset, tukit yhden reitin, jota kautta haittaohjelma saattaisi päästä laitteellesi. Estäjistä löytyy myös tapa tehdä poikkeuksia, jos haluat sallia mainokset joillakin sivustoilla kannatussyistä.

Jos rekisteröidyn, lähetättekö minulle mainoksia?

Emme. Voit halutessasi tilata päivitykset uusista IP-osoitteitasi koskevista tiedoista. Jos uusia haavoittuvuuksia ilmenee, saat sähköpostiin ilmoituksen. Saatamme myös kertoa suuremmista palveluun liittyvistä päivityksistä ja uusista ominaisuuksista, jotka vaikuttavat olennaisesti palvelun käyttöön. Kun olet kirjautunut palveluun, voit säätää sähköpostiasetuksiasi osoitteessa https://badrap.io/settings/account

Lopuksi

Toivottavasti vastasimme kysymyksiisi!

Voit aina tarkistaa IP-osoitteesi selaimella uudestaan kirjautumatta palveluun. Rekisteröitymällä voit kuitenkin tarkastaa sähköpostiisi liittyvät tietovuodot. Rekisteröitymällä voit myös lisätä sinulle tärkeät IP-osoitteet jatkuvaan seurantaan, jolloin saat uudet varoitukset välittömästi sähköpostiisi.

Rekisteröidy käyttäjäksi »

',8);function p(v,d){const i=u("RouteLink");return k(),s("div",null,[m,n("p",null,[t("Pidempi vastaus löytyy "),o(i,{to:"/fi/privacy.html"},{default:l(()=>[t("tietosuojaselosteestamme")]),_:1}),t(". Teemme kävijätilastoihin pohjautuvaa palvelun kehittämistä, kuten kahdeksan biljoonaa muutakin palvelua. Mutta käyttäjiemme yksityisyys on meille tärkeää. Oikeasti! Tämä ei ollut kopioitu korulause.")]),h])}const j=e(r,[["render",p],["__file","faq.html.vue"]]),c=JSON.parse('{"path":"/fi/faq.html","title":"Usein kysytyt kysymykset","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Mitä hyötyä palvelusta on?","slug":"mita-hyotya-palvelusta-on","link":"#mita-hyotya-palvelusta-on","children":[]},{"level":2,"title":"Huolehdin läheisteni tietoturvasta, onnistuuko se Badrapin avulla?","slug":"huolehdin-laheisteni-tietoturvasta-onnistuuko-se-badrapin-avulla","link":"#huolehdin-laheisteni-tietoturvasta-onnistuuko-se-badrapin-avulla","children":[]},{"level":2,"title":"Miksi teitte tämän palvelun?","slug":"miksi-teitte-taman-palvelun","link":"#miksi-teitte-taman-palvelun","children":[]},{"level":2,"title":"Onko tulosten katsomisesta minulle jotain haittaa?","slug":"onko-tulosten-katsomisesta-minulle-jotain-haittaa","link":"#onko-tulosten-katsomisesta-minulle-jotain-haittaa","children":[]},{"level":2,"title":"Miksi palvelu on ilmainen?","slug":"miksi-palvelu-on-ilmainen","link":"#miksi-palvelu-on-ilmainen","children":[]},{"level":2,"title":"Mistä tietoturvatutkijoiden varoitukset tulevat?","slug":"mista-tietoturvatutkijoiden-varoitukset-tulevat","link":"#mista-tietoturvatutkijoiden-varoitukset-tulevat","children":[]},{"level":2,"title":"Minkälaista tietoa Badrapistä saa?","slug":"minkalaista-tietoa-badrapista-saa","link":"#minkalaista-tietoa-badrapista-saa","children":[]},{"level":2,"title":"Seuraatteko minua tai verkkojani?","slug":"seuraatteko-minua-tai-verkkojani","link":"#seuraatteko-minua-tai-verkkojani","children":[]},{"level":2,"title":"Jos rekisteröidyn, lähetättekö minulle mainoksia?","slug":"jos-rekisteroidyn-lahetatteko-minulle-mainoksia","link":"#jos-rekisteroidyn-lahetatteko-minulle-mainoksia","children":[]},{"level":2,"title":"Lopuksi","slug":"lopuksi","link":"#lopuksi","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/faq.md"}');export{j as comp,c as data}; +import{_ as e,c as s,a as n,d as t,b as o,w as l,e as a,r as u,o as k}from"./app-DhWbOGxr.js";const r={},m=a('

Usein kysytyt kysymykset

Mitä hyötyä palvelusta on?

Badrap välittää tietoturvatutkijoiden varoitukset sinulle. Se yhdistää useiden tutkijoiden tuottamat tiedot yhteen paikkaan ja selittää mahdolliset havainnot kansantajuisesti. Lisäksi Badrap neuvoo mitä sinun kannattaa tehdä, jos havaintoja löytyy. Sinun ei tarvitse käyttää jatkuvasti Badrapiä. Jos rekisteröidyt palveluun, Badrap kertoo sinulle uusista varoituksista sähköpostitse.

Huolehdin läheisteni tietoturvasta, onnistuuko se Badrapin avulla?

Lisää läheisten sähköpostiosoitteet tietovuotoseurantaan. Badrap lähettää heille samanlaisen vahvistusviestin, mitä itsekin sait. Kun läheinen antaa hyväksyntänsä, hänen sähköpostiosoitteensa ilmestyy listallesi.

Miksi teitte tämän palvelun?

Olemme työskennelleet tietoturva-alalla pitkään. Tosi pitkään. Olemme nähneet tietoturvatiedon välittämisen edut, ja tiedon blokkaamisen haitat. Tiedämme miten hankala netin käyttäjien on etsiä omia tietojaan eri lähteistä. Meillä on omia lähimmäisiä jotka ihmettelevät tietoturvauutisia ja miettivät onko omassa verkossa haavoittuvia laitteita. Haluamme tehdä tietoturvatietojen välittämisen niin tehokkaaksi, että kotikäyttäjät sekä yritykset voivat etsiä omia tietojaan helposti.

Onko tulosten katsomisesta minulle jotain haittaa?

Ei missään nimessä. IP-osoitettasi koskevat tiedot ovat jo olemassa. Painamalla nappia haet vain omaa osoitettasi tietoturvatutkijoiden tiedoista. Voisimme näyttää tulokset heti kun saavut palveluun, mutta laitoimme tulokset napin taakse, jotta emme tee mitään ilman suostumustasi ja että erotamme palvelusta oikeasti kiinnostuneet käyttäjät satunnaisista sivuille eksyneistä.

Sähköpostiosoitteeseesi liittyvät varoitukset tarkastamme tekemällä kyselyn tietoturvapiireissä mainetta niittäneen Troy Huntin Have I Been Pwned -palvelusta. Tähän tarkastukseen sinun pitää antaa erikseen lupa, koska emme halua paljastaa identiteettiäsi ilman lupaasi. Uskaltaako lupaa antaa? Sekä meidän että Troy Huntin palvelu on F-Securen Herrasmieshakkereiden Mikko Hyppösen ja Tomi Tuomisen suosittelema. He sanoivat "kyllä" ja me olemme samaa mieltä!

Miksi palvelu on ilmainen?

Meillä on erilliset kaupalliset lisäpalvelut kuluttajille suunnatun ilmaispalvelun lisäksi. Kyberhygieniaa työntekijöille -palvelu innostaa ja valistaa yrityksen työntekijöitä huolehtimaan tietoturvasta. Yritykset voivat myös ottaa omia suojattavia kohteitaan seurantaan automaattisesti, erillisten Badrap Appien avulla.

Ilmaispalvelu lisää meidän tunnettuvuuttamme ja on yksi keino muiden joukossa poistaa kaikki tietoturvatiedon välittämiseen liittyvät esteet.

Mistä tietoturvatutkijoiden varoitukset tulevat?

Aloitimme pyytämällä dataa muutamasta meille ennestään tutusta äärimmäisen laadukkaasta ja luotettavasta lähteestä, joita käyttävät myös monet muut tietoturvasta ja haavoittuvuushavainnoista kiinnostuneet tahot.

Ajantasainen lista tietoturvatutkijoista löytyy osoitteesta https://badrap.io/researchers

Minkälaista tietoa Badrapistä saa?

Meillä on kolmea erityyppistä tietoturvatietoa:

  • Tietovuodot - ovatko Internetin palvelut vuotaneet sinun henkilökohtaisia tietojasi.
  • Haavoittuvuudet - onko IP-osoitteessasi, josta kytkeydyt Internetiin, havaittu haavoittuvuuksia, jotka kannattaisi korjata ennen kuin joku käyttää niitä hyväksi.
  • Hyökkäykset - joskus voit olla hyökkääjä tietämättäsi. Jos koneellasi esimerkiksi sattuisi olemaan haittaohjelma, voisi se etsiä aktiivisesti uusia uhreja. Olet itsekin uhri, mutta uuden uhrin näkökulmasta hyökkääjä. Firman nimi tulee muuten tästä: Bad rap - ansaitsematon huono maine, kuten Merriam-Webster termin määrittää.

Seuraatteko minua tai verkkojani?

Lyhyt vastaus: emme.

',21),h=a('

Demonstroidaanpa: tilastointi on meille tärkeää, jotta voimme kehittää palvelua. Kerromme nyt miten estät tilastoinnin.

Voit estää tilastoinnin käyttämällä selaimessasi sisällön estäjää. Esimerkiksi uBlock Origin toimii sekä [Chromessa][https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm] että Firefoxissa Samalla kun estät tilastoinnin ja mainokset, tukit yhden reitin, jota kautta haittaohjelma saattaisi päästä laitteellesi. Estäjistä löytyy myös tapa tehdä poikkeuksia, jos haluat sallia mainokset joillakin sivustoilla kannatussyistä.

Jos rekisteröidyn, lähetättekö minulle mainoksia?

Emme. Voit halutessasi tilata päivitykset uusista IP-osoitteitasi koskevista tiedoista. Jos uusia haavoittuvuuksia ilmenee, saat sähköpostiin ilmoituksen. Saatamme myös kertoa suuremmista palveluun liittyvistä päivityksistä ja uusista ominaisuuksista, jotka vaikuttavat olennaisesti palvelun käyttöön. Kun olet kirjautunut palveluun, voit säätää sähköpostiasetuksiasi osoitteessa https://badrap.io/settings/account

Lopuksi

Toivottavasti vastasimme kysymyksiisi!

Voit aina tarkistaa IP-osoitteesi selaimella uudestaan kirjautumatta palveluun. Rekisteröitymällä voit kuitenkin tarkastaa sähköpostiisi liittyvät tietovuodot. Rekisteröitymällä voit myös lisätä sinulle tärkeät IP-osoitteet jatkuvaan seurantaan, jolloin saat uudet varoitukset välittömästi sähköpostiisi.

Rekisteröidy käyttäjäksi »

',8);function p(v,d){const i=u("RouteLink");return k(),s("div",null,[m,n("p",null,[t("Pidempi vastaus löytyy "),o(i,{to:"/fi/privacy.html"},{default:l(()=>[t("tietosuojaselosteestamme")]),_:1}),t(". Teemme kävijätilastoihin pohjautuvaa palvelun kehittämistä, kuten kahdeksan biljoonaa muutakin palvelua. Mutta käyttäjiemme yksityisyys on meille tärkeää. Oikeasti! Tämä ei ollut kopioitu korulause.")]),h])}const j=e(r,[["render",p],["__file","faq.html.vue"]]),c=JSON.parse('{"path":"/fi/faq.html","title":"Usein kysytyt kysymykset","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Mitä hyötyä palvelusta on?","slug":"mita-hyotya-palvelusta-on","link":"#mita-hyotya-palvelusta-on","children":[]},{"level":2,"title":"Huolehdin läheisteni tietoturvasta, onnistuuko se Badrapin avulla?","slug":"huolehdin-laheisteni-tietoturvasta-onnistuuko-se-badrapin-avulla","link":"#huolehdin-laheisteni-tietoturvasta-onnistuuko-se-badrapin-avulla","children":[]},{"level":2,"title":"Miksi teitte tämän palvelun?","slug":"miksi-teitte-taman-palvelun","link":"#miksi-teitte-taman-palvelun","children":[]},{"level":2,"title":"Onko tulosten katsomisesta minulle jotain haittaa?","slug":"onko-tulosten-katsomisesta-minulle-jotain-haittaa","link":"#onko-tulosten-katsomisesta-minulle-jotain-haittaa","children":[]},{"level":2,"title":"Miksi palvelu on ilmainen?","slug":"miksi-palvelu-on-ilmainen","link":"#miksi-palvelu-on-ilmainen","children":[]},{"level":2,"title":"Mistä tietoturvatutkijoiden varoitukset tulevat?","slug":"mista-tietoturvatutkijoiden-varoitukset-tulevat","link":"#mista-tietoturvatutkijoiden-varoitukset-tulevat","children":[]},{"level":2,"title":"Minkälaista tietoa Badrapistä saa?","slug":"minkalaista-tietoa-badrapista-saa","link":"#minkalaista-tietoa-badrapista-saa","children":[]},{"level":2,"title":"Seuraatteko minua tai verkkojani?","slug":"seuraatteko-minua-tai-verkkojani","link":"#seuraatteko-minua-tai-verkkojani","children":[]},{"level":2,"title":"Jos rekisteröidyn, lähetättekö minulle mainoksia?","slug":"jos-rekisteroidyn-lahetatteko-minulle-mainoksia","link":"#jos-rekisteroidyn-lahetatteko-minulle-mainoksia","children":[]},{"level":2,"title":"Lopuksi","slug":"lopuksi","link":"#lopuksi","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/faq.md"}');export{j as comp,c as data}; diff --git a/assets/fraktal.html-BRW1YI_r.js b/assets/fraktal.html-BaGDwWI4.js similarity index 99% rename from assets/fraktal.html-BRW1YI_r.js rename to assets/fraktal.html-BaGDwWI4.js index cc4be5c7..831b95eb 100644 --- a/assets/fraktal.html-BRW1YI_r.js +++ b/assets/fraktal.html-BaGDwWI4.js @@ -1 +1 @@ -import{_ as t,c as a,o,e as n}from"./app-CxPUdK5a.js";const i="/assets/fraktal-10-install-CtUM-UNr.png",r="/assets/fraktal-12-perms-ejsefBgQ.png",l="/assets/fraktal-14-add-account-faF7ri3W.png",s="/assets/fraktal-20-create-role-Dw66U-c3.png",c="/assets/fraktal-22-select-type-B59PvMMR.png",u="/assets/fraktal-24-policies-readonly-BJ4bUKJc.png",d="/assets/fraktal-26-policies-securityaudit-gLtn9FMf.png",h="/assets/fraktal-30-aws-config-t-_oAAAm.png",e="/assets/fraktal-32-aws-region-DtDhCA4-.png",p="/assets/fraktal-34-aws-config-review-DEZAisW2.png",g="/assets/fraktal-40-securityhub-CHv7h9hL.png",m="/assets/fraktal-42-enable-hub-CrmugPK6.png",f="/assets/fraktal-50-guardduty-C0RgHlZs.png",y="/assets/fraktal-52-enable-guardduty-BhaMvnQD.png",A="/assets/fraktal-95-uninstall-Cgg_OFTS.png",w="/assets/fraktal-90-delete-role-BBc9_odj.png",b={},S=n('

Fraktal AWS Audit

This app allows you to audit and monitor your Amazon Web Services (AWS) assets for configuration weaknesses and security vulnerabilities automatically and continuously. It has been created in collaboration with our partner Fraktal Ltd, the experts in AWS security.

The app connects to your AWS account(s) with your consent. It then employs AWS Config, AWS Security Hub and Amazon GuardDuty to scan your AWS assets periodically, and provides you with alerts about any critical identified weaknesses and vulnerabilities in your configurations.

The instructions below explain the installation of the app, integration with your AWS environment, how to enable AWS Config, AWS Security Hub and AWS GuardDuty functionalities, and how to grant the minimum permissions for the app to scan your AWS assets.

When the app identifies vulnerabilities, it will provide you with details of the finding and a link to the AWS console to find out more. If you would like to receive expert assistance to mitigate or fix the findings, you can contact Fraktal Ltd for their professional services.

Install the Fraktal AWS Audit app

  1. Open the Fraktal AWS Audit app page.
  2. Install the app.
  1. The app asks for permission to connect to your AWS account and to create assets to Badrap based on your AWS environment.
  1. Enter your AWS Account ID into the Account ID field.
  2. Create a recognizable role name for the app, e.g. "AWSAuditRole".
  1. Note down the "External-ID" value that the app creates. You will need it later when creating a role delegation in the AWS console.

Create AWS role

Configure role delegation for the app with the AWS IAM console.

  1. Create a new role in the AWS IAM console.
  1. Select Another AWS account for the role type.
  2. Enter 816084135002 (AWS Audit app Account ID) as the Account ID.
  3. Check the Require external ID option, and enter the External ID that the app generated for you earlier.
  4. Leave the Require MFA option unchecked.
  1. Click Next: Permissions.
  2. Type ReadOnlyAccess to the policy search bar, scroll down to find the correct policy and select it.
  1. Type SecurityAudit to the policy search bar, scroll down to find the correct policy and select it.
  1. Click Next: Tags.
  2. Click Next: Review.
  3. Name the role (e.g., AWSAuditRole).
  4. Click Create role.

Enable AWS Config

The app integrates with Amazon's tools AWS Config, Security Hub and GuardDuty to monitor for weaknesses and vulnerabilities in your configurations. You need to enable these features in your AWS console for the app to function properly. First, let's go through how to enable AWS Config.

  1. Go to the AWS Config setup page in AWS Console.
  1. Select your AWS region (e.g. eu-north-1) from the drop-down menu in the right upper corner.
  1. Review the pricing for AWS Config, and then click on either "1-Click setup" or "Get started" to enable and configure AWS Config for your selected region.
  2. Review the configuration and click "Confirm" to enable AWS Config.

AWS Config is required before you can enable AWS Security Hub or Amazon GuardDuty (next steps).

Enable AWS Security Hub

AWS Security Hub performs checks for security best practices. It automatically detects services that are configured in a way that leaves them vulnerable to attacks. It categorizes its findings into those that need immediate attention and those that can be dealt with later. Let's go through how to enable AWS Security Hub for your AWS services.

  1. Go to the AWS Security Hub setup page in AWS Console.
  1. Select your AWS region (e.g. eu-north-1) from the drop-down menu in the right upper corner.
  1. Review the pricing, and then click on "Go to Security Hub" to enable and configure AWS Security Hub for your selected region. Make sure to turn on "Enable AWS Foundational Security Best Practices" and "Enable CIS AWS Foundations Benchmark".

Note that it may take up to a few hours before all of the compliance checks of AWS Security Hub are enabled.

Enable Amazon GuardDuty

Amazon GuardDuty continuously monitors your AWS account for malicious activity and unauthorised behaviour. Whereas AWS Security Hub is more concerned about compliance and configurations, GuardDuty is more concerned about the runtime behaviour of your systems. You should use both of them to get the best possible results on both configuration and runtime security of your environment. Let's see how to enable Amazon GuardDuty.

  1. Go to the Amazon GuardDuty setup page in AWS Console.
  1. Select your AWS region (e.g. eu-north-1) from the drop-down menu in the right upper corner.
  1. Click on "Get started" to configure Amazon GuardDuty for your selected region. Review the pricing and click "Enable GuardDuty".

AWS Regions and Accounts

All of the AWS and Amazon services for security monitoring and posture management are specific to a single AWS account and region.

If you have AWS services running in multiple regions or in multiple AWS accounts, and you want to audit all of them using the Fraktal AWS Audit app, you should repeat the steps above and enable AWS Config, AWS Security Hub and Amazon GuardDuty separately for each region and account that you are interested in.

Decide what accounts and regions you are interested in and start with those. You can start small and turn on checks on a test account or a single region to get acquainted with the AWS and Amazon security services before enabling them on all accounts and regions.

However, remember that it is a common security problem to assume that you have resources only on a specific AWS account or region. The resources that you don’t even know about, let alone have monitoring on, are often the ones that enable attackers to gain access to your environment.

Uninstalling the app

If you want to stop using the app, you can uninstall it and clean up the role delegation from your AWS IAM console.

  1. Go to the Fraktal AWS Audit app page and click Uninstall.
  1. Clean up the app role from your AWS IAM console.
  2. Under the Roles section, find and select the role you created earlier (e.g. "AWSAuditRole"), select Delete and confirm deletion.
  1. Turn off AWS Config, AWS Security Hub and Amazon GuardDuty in AWS Console for all of your accounts and regions, if you wish to stop using them.
  2. That's it, you have successfully uninstalled the Fraktal AWS Audit app and cleaned up its configuration from your AWS installation.
',62),v=[S];function k(W,x){return o(),a("div",null,v)}const C=t(b,[["render",k],["__file","fraktal.html.vue"]]),D=JSON.parse('{"path":"/apps/fraktal.html","title":"Fraktal AWS Audit","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Install the Fraktal AWS Audit app","slug":"install-the-fraktal-aws-audit-app","link":"#install-the-fraktal-aws-audit-app","children":[]},{"level":2,"title":"Create AWS role","slug":"create-aws-role","link":"#create-aws-role","children":[]},{"level":2,"title":"Enable AWS Config","slug":"enable-aws-config","link":"#enable-aws-config","children":[]},{"level":2,"title":"Enable AWS Security Hub","slug":"enable-aws-security-hub","link":"#enable-aws-security-hub","children":[]},{"level":2,"title":"Enable Amazon GuardDuty","slug":"enable-amazon-guardduty","link":"#enable-amazon-guardduty","children":[]},{"level":2,"title":"AWS Regions and Accounts","slug":"aws-regions-and-accounts","link":"#aws-regions-and-accounts","children":[]},{"level":2,"title":"Uninstalling the app","slug":"uninstalling-the-app","link":"#uninstalling-the-app","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"apps/fraktal.md"}');export{C as comp,D as data}; +import{_ as t,c as a,o,e as n}from"./app-DhWbOGxr.js";const i="/assets/fraktal-10-install-CtUM-UNr.png",r="/assets/fraktal-12-perms-ejsefBgQ.png",l="/assets/fraktal-14-add-account-faF7ri3W.png",s="/assets/fraktal-20-create-role-Dw66U-c3.png",c="/assets/fraktal-22-select-type-B59PvMMR.png",u="/assets/fraktal-24-policies-readonly-BJ4bUKJc.png",d="/assets/fraktal-26-policies-securityaudit-gLtn9FMf.png",h="/assets/fraktal-30-aws-config-t-_oAAAm.png",e="/assets/fraktal-32-aws-region-DtDhCA4-.png",p="/assets/fraktal-34-aws-config-review-DEZAisW2.png",g="/assets/fraktal-40-securityhub-CHv7h9hL.png",m="/assets/fraktal-42-enable-hub-CrmugPK6.png",f="/assets/fraktal-50-guardduty-C0RgHlZs.png",y="/assets/fraktal-52-enable-guardduty-BhaMvnQD.png",A="/assets/fraktal-95-uninstall-Cgg_OFTS.png",w="/assets/fraktal-90-delete-role-BBc9_odj.png",b={},S=n('

Fraktal AWS Audit

This app allows you to audit and monitor your Amazon Web Services (AWS) assets for configuration weaknesses and security vulnerabilities automatically and continuously. It has been created in collaboration with our partner Fraktal Ltd, the experts in AWS security.

The app connects to your AWS account(s) with your consent. It then employs AWS Config, AWS Security Hub and Amazon GuardDuty to scan your AWS assets periodically, and provides you with alerts about any critical identified weaknesses and vulnerabilities in your configurations.

The instructions below explain the installation of the app, integration with your AWS environment, how to enable AWS Config, AWS Security Hub and AWS GuardDuty functionalities, and how to grant the minimum permissions for the app to scan your AWS assets.

When the app identifies vulnerabilities, it will provide you with details of the finding and a link to the AWS console to find out more. If you would like to receive expert assistance to mitigate or fix the findings, you can contact Fraktal Ltd for their professional services.

Install the Fraktal AWS Audit app

  1. Open the Fraktal AWS Audit app page.
  2. Install the app.
  1. The app asks for permission to connect to your AWS account and to create assets to Badrap based on your AWS environment.
  1. Enter your AWS Account ID into the Account ID field.
  2. Create a recognizable role name for the app, e.g. "AWSAuditRole".
  1. Note down the "External-ID" value that the app creates. You will need it later when creating a role delegation in the AWS console.

Create AWS role

Configure role delegation for the app with the AWS IAM console.

  1. Create a new role in the AWS IAM console.
  1. Select Another AWS account for the role type.
  2. Enter 816084135002 (AWS Audit app Account ID) as the Account ID.
  3. Check the Require external ID option, and enter the External ID that the app generated for you earlier.
  4. Leave the Require MFA option unchecked.
  1. Click Next: Permissions.
  2. Type ReadOnlyAccess to the policy search bar, scroll down to find the correct policy and select it.
  1. Type SecurityAudit to the policy search bar, scroll down to find the correct policy and select it.
  1. Click Next: Tags.
  2. Click Next: Review.
  3. Name the role (e.g., AWSAuditRole).
  4. Click Create role.

Enable AWS Config

The app integrates with Amazon's tools AWS Config, Security Hub and GuardDuty to monitor for weaknesses and vulnerabilities in your configurations. You need to enable these features in your AWS console for the app to function properly. First, let's go through how to enable AWS Config.

  1. Go to the AWS Config setup page in AWS Console.
  1. Select your AWS region (e.g. eu-north-1) from the drop-down menu in the right upper corner.
  1. Review the pricing for AWS Config, and then click on either "1-Click setup" or "Get started" to enable and configure AWS Config for your selected region.
  2. Review the configuration and click "Confirm" to enable AWS Config.

AWS Config is required before you can enable AWS Security Hub or Amazon GuardDuty (next steps).

Enable AWS Security Hub

AWS Security Hub performs checks for security best practices. It automatically detects services that are configured in a way that leaves them vulnerable to attacks. It categorizes its findings into those that need immediate attention and those that can be dealt with later. Let's go through how to enable AWS Security Hub for your AWS services.

  1. Go to the AWS Security Hub setup page in AWS Console.
  1. Select your AWS region (e.g. eu-north-1) from the drop-down menu in the right upper corner.
  1. Review the pricing, and then click on "Go to Security Hub" to enable and configure AWS Security Hub for your selected region. Make sure to turn on "Enable AWS Foundational Security Best Practices" and "Enable CIS AWS Foundations Benchmark".

Note that it may take up to a few hours before all of the compliance checks of AWS Security Hub are enabled.

Enable Amazon GuardDuty

Amazon GuardDuty continuously monitors your AWS account for malicious activity and unauthorised behaviour. Whereas AWS Security Hub is more concerned about compliance and configurations, GuardDuty is more concerned about the runtime behaviour of your systems. You should use both of them to get the best possible results on both configuration and runtime security of your environment. Let's see how to enable Amazon GuardDuty.

  1. Go to the Amazon GuardDuty setup page in AWS Console.
  1. Select your AWS region (e.g. eu-north-1) from the drop-down menu in the right upper corner.
  1. Click on "Get started" to configure Amazon GuardDuty for your selected region. Review the pricing and click "Enable GuardDuty".

AWS Regions and Accounts

All of the AWS and Amazon services for security monitoring and posture management are specific to a single AWS account and region.

If you have AWS services running in multiple regions or in multiple AWS accounts, and you want to audit all of them using the Fraktal AWS Audit app, you should repeat the steps above and enable AWS Config, AWS Security Hub and Amazon GuardDuty separately for each region and account that you are interested in.

Decide what accounts and regions you are interested in and start with those. You can start small and turn on checks on a test account or a single region to get acquainted with the AWS and Amazon security services before enabling them on all accounts and regions.

However, remember that it is a common security problem to assume that you have resources only on a specific AWS account or region. The resources that you don’t even know about, let alone have monitoring on, are often the ones that enable attackers to gain access to your environment.

Uninstalling the app

If you want to stop using the app, you can uninstall it and clean up the role delegation from your AWS IAM console.

  1. Go to the Fraktal AWS Audit app page and click Uninstall.
  1. Clean up the app role from your AWS IAM console.
  2. Under the Roles section, find and select the role you created earlier (e.g. "AWSAuditRole"), select Delete and confirm deletion.
  1. Turn off AWS Config, AWS Security Hub and Amazon GuardDuty in AWS Console for all of your accounts and regions, if you wish to stop using them.
  2. That's it, you have successfully uninstalled the Fraktal AWS Audit app and cleaned up its configuration from your AWS installation.
',62),v=[S];function k(W,x){return o(),a("div",null,v)}const C=t(b,[["render",k],["__file","fraktal.html.vue"]]),D=JSON.parse('{"path":"/apps/fraktal.html","title":"Fraktal AWS Audit","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Install the Fraktal AWS Audit app","slug":"install-the-fraktal-aws-audit-app","link":"#install-the-fraktal-aws-audit-app","children":[]},{"level":2,"title":"Create AWS role","slug":"create-aws-role","link":"#create-aws-role","children":[]},{"level":2,"title":"Enable AWS Config","slug":"enable-aws-config","link":"#enable-aws-config","children":[]},{"level":2,"title":"Enable AWS Security Hub","slug":"enable-aws-security-hub","link":"#enable-aws-security-hub","children":[]},{"level":2,"title":"Enable Amazon GuardDuty","slug":"enable-amazon-guardduty","link":"#enable-amazon-guardduty","children":[]},{"level":2,"title":"AWS Regions and Accounts","slug":"aws-regions-and-accounts","link":"#aws-regions-and-accounts","children":[]},{"level":2,"title":"Uninstalling the app","slug":"uninstalling-the-app","link":"#uninstalling-the-app","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"apps/fraktal.md"}');export{C as comp,D as data}; diff --git a/assets/gcp.html-DeJ-0EHu.js b/assets/gcp.html-DA2lRM9g.js similarity index 97% rename from assets/gcp.html-DeJ-0EHu.js rename to assets/gcp.html-DA2lRM9g.js index 5c565a61..b35e1f69 100644 --- a/assets/gcp.html-DeJ-0EHu.js +++ b/assets/gcp.html-DA2lRM9g.js @@ -1 +1 @@ -import{_ as e,c as t,o,e as a}from"./app-CxPUdK5a.js";const r="/assets/gcp-10-create-service-account-CFuhgeiQ.png",n="/assets/gcp-20-describe-create-Ae3pODFE.png",s="/assets/gcp-30-grant-roles-BXSdwDzf.png",l="/assets/gcp-40-create-key-C0nNT5HG.png",i="/assets/gcp-50-permissions-D0vutdYB.png",c="/assets/gcp-60-add-account-DAgyxX9F.png",p="/assets/gcp-70-my-assets-AQk6M2Lu.png",d="/assets/gcp-90-delete-service-account-BSKeqJU1.png",h={},u=a('

Google Cloud Platform App

This app allows you to synchronize your Google Cloud Platform (GCP) assets into Badrap and receive security notifications about them. If you are not the owner or your organization's GCP project or projects, you will need help from the owner.

First, the owner of your organization's GCP project(s) creates a service account, downloads a key for it, and delivers the key to the Badrap GCP app user. Badrap GCP app user loads the key to the Badrap GCP app. Once installed, the app maintains a list of your organization's assets and add those assets under your Badrap user account. Namely:

  • public IP-addresses from your GCP installation
  • domain names, if GCP also hosts your DNS
  • public IP-addresses of your Google Cloud SQL instances
  • public IP-addresses of your Google Kubernetes Engine clusters' control planes

I am the owner of the GCP project

Create a service account with limited access:

  1. Go to https://console.cloud.google.com/iam-admin/serviceaccounts (log in if necessary).
  2. Select the project which public assets are going to be shared
  3. Click on the Create service account button.
  1. On the Service account details area, give the account any name you want (for example "Service account for badrap.io").
    • Optionally add a description so you can remember what this service account is for.
    • Click the Create button.
  1. On the Service account permissions area, select the role Compute Viewer.
    • Click Add another role and add the DNS Reader role.
    • Click Add another role and add the Cloud SQL Viewer role.
    • Click Add another role and add the Kubernetes Engine Cluster Viewer role.
    • Click the Continue button.

  1. On the Grant users access to this service account area, leave the fields empty and click the Done button. You will be taken back to the project's Service accounts page.

  2. On the Service accounts page, find the row for the account you created, and click the three dots on the right.

    • Click Manage keys.
    • From the Add key drop-down menu, select Create new key.
    • When the key creation dialog opens, select JSON as the key type and click Create.
    • The key file is downloaded to your computer.
    • Close the dialog by clicking the Close button.

If you completed this process on behalf of someone else, deliver them the JSON key file containing the key to the service account. Delete the JSON key file from your local storage, once you don't need it anymore.

I am the Badrap user

Install the Google Cloud Platform app.

  1. Open the Google Cloud Platform app page in Badrap and click the Install button.

  2. The app will need your consent to create and manage assets under your Badrap user account. Click Install the app to give your consent.

  1. Click the Add a new account button. Upload the JSON key file you received or downloaded. Remember to delete the local file once the installation is finished and working.
  1. Congratulations! You are all done. Check the My assets page and find the section Google Cloud Platform from your asset list. You should see your public IP-addresses. If your DNS records are also under your GCP project, you should see your domain names in the list too.

Uninstalling the app

  1. Open the Google Cloud Platform app page and click Uninstall.
  2. Go to Service accounts in your Google Cloud Platform console.
  3. Select the project whose assets you have been following with the Badrap GCP app.
  4. Search for the service account you created earlier for the Badrap GCP app and select Delete from the Actions menu on the right.
  1. You have now successfully uninstalled the app and cleaned up its configuration from your GCP installation.
',27),g=[u];function m(f,y){return o(),t("div",null,g)}const C=e(h,[["render",m],["__file","gcp.html.vue"]]),k=JSON.parse('{"path":"/apps/gcp.html","title":"Google Cloud Platform App","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"I am the owner of the GCP project","slug":"i-am-the-owner-of-the-gcp-project","link":"#i-am-the-owner-of-the-gcp-project","children":[]},{"level":2,"title":"I am the Badrap user","slug":"i-am-the-badrap-user","link":"#i-am-the-badrap-user","children":[]},{"level":2,"title":"Uninstalling the app","slug":"uninstalling-the-app","link":"#uninstalling-the-app","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"apps/gcp.md"}');export{C as comp,k as data}; +import{_ as e,c as t,o,e as a}from"./app-DhWbOGxr.js";const r="/assets/gcp-10-create-service-account-CFuhgeiQ.png",n="/assets/gcp-20-describe-create-Ae3pODFE.png",s="/assets/gcp-30-grant-roles-BXSdwDzf.png",l="/assets/gcp-40-create-key-C0nNT5HG.png",i="/assets/gcp-50-permissions-D0vutdYB.png",c="/assets/gcp-60-add-account-DAgyxX9F.png",p="/assets/gcp-70-my-assets-AQk6M2Lu.png",d="/assets/gcp-90-delete-service-account-BSKeqJU1.png",h={},u=a('

Google Cloud Platform App

This app allows you to synchronize your Google Cloud Platform (GCP) assets into Badrap and receive security notifications about them. If you are not the owner or your organization's GCP project or projects, you will need help from the owner.

First, the owner of your organization's GCP project(s) creates a service account, downloads a key for it, and delivers the key to the Badrap GCP app user. Badrap GCP app user loads the key to the Badrap GCP app. Once installed, the app maintains a list of your organization's assets and add those assets under your Badrap user account. Namely:

  • public IP-addresses from your GCP installation
  • domain names, if GCP also hosts your DNS
  • public IP-addresses of your Google Cloud SQL instances
  • public IP-addresses of your Google Kubernetes Engine clusters' control planes

I am the owner of the GCP project

Create a service account with limited access:

  1. Go to https://console.cloud.google.com/iam-admin/serviceaccounts (log in if necessary).
  2. Select the project which public assets are going to be shared
  3. Click on the Create service account button.
  1. On the Service account details area, give the account any name you want (for example "Service account for badrap.io").
    • Optionally add a description so you can remember what this service account is for.
    • Click the Create button.
  1. On the Service account permissions area, select the role Compute Viewer.
    • Click Add another role and add the DNS Reader role.
    • Click Add another role and add the Cloud SQL Viewer role.
    • Click Add another role and add the Kubernetes Engine Cluster Viewer role.
    • Click the Continue button.

  1. On the Grant users access to this service account area, leave the fields empty and click the Done button. You will be taken back to the project's Service accounts page.

  2. On the Service accounts page, find the row for the account you created, and click the three dots on the right.

    • Click Manage keys.
    • From the Add key drop-down menu, select Create new key.
    • When the key creation dialog opens, select JSON as the key type and click Create.
    • The key file is downloaded to your computer.
    • Close the dialog by clicking the Close button.

If you completed this process on behalf of someone else, deliver them the JSON key file containing the key to the service account. Delete the JSON key file from your local storage, once you don't need it anymore.

I am the Badrap user

Install the Google Cloud Platform app.

  1. Open the Google Cloud Platform app page in Badrap and click the Install button.

  2. The app will need your consent to create and manage assets under your Badrap user account. Click Install the app to give your consent.

  1. Click the Add a new account button. Upload the JSON key file you received or downloaded. Remember to delete the local file once the installation is finished and working.
  1. Congratulations! You are all done. Check the My assets page and find the section Google Cloud Platform from your asset list. You should see your public IP-addresses. If your DNS records are also under your GCP project, you should see your domain names in the list too.

Uninstalling the app

  1. Open the Google Cloud Platform app page and click Uninstall.
  2. Go to Service accounts in your Google Cloud Platform console.
  3. Select the project whose assets you have been following with the Badrap GCP app.
  4. Search for the service account you created earlier for the Badrap GCP app and select Delete from the Actions menu on the right.
  1. You have now successfully uninstalled the app and cleaned up its configuration from your GCP installation.
',27),g=[u];function m(f,y){return o(),t("div",null,g)}const C=e(h,[["render",m],["__file","gcp.html.vue"]]),k=JSON.parse('{"path":"/apps/gcp.html","title":"Google Cloud Platform App","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"I am the owner of the GCP project","slug":"i-am-the-owner-of-the-gcp-project","link":"#i-am-the-owner-of-the-gcp-project","children":[]},{"level":2,"title":"I am the Badrap user","slug":"i-am-the-badrap-user","link":"#i-am-the-badrap-user","children":[]},{"level":2,"title":"Uninstalling the app","slug":"uninstalling-the-app","link":"#uninstalling-the-app","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"apps/gcp.md"}');export{C as comp,k as data}; diff --git a/assets/gworkspace.html-dj_ceNJH.js b/assets/gworkspace.html-Cl4MsvXD.js similarity index 97% rename from assets/gworkspace.html-dj_ceNJH.js rename to assets/gworkspace.html-Cl4MsvXD.js index c0395143..c46519ee 100644 --- a/assets/gworkspace.html-dj_ceNJH.js +++ b/assets/gworkspace.html-Cl4MsvXD.js @@ -1 +1 @@ -import{_ as e,c as t,o as a,e as o}from"./app-CxPUdK5a.js";const s="/assets/gworkspace-10-install-Brp6TXUX.png",n="/assets/gworkspace-20-perms-DLCM_vTZ.png",r="/assets/gworkspace-30-add-account-B84RL5Cn.png",l="/assets/gworkspace-40-google-perms-DqATrWCl.png",i="/assets/gworkspace-80-assets-SD5czj3v.png",p={},c=o('

Google Workspace

This app allows you to synchronize your Google Workspace assets into Badrap and receive security notifications about them.

Once installed, the app fetches a list of your organization's assets from your Workspace environment, and adds them as your assets in Badrap. Whenever your assets change in Workspace, they are synchronized and updated automatically in Badrap. Assets can include:

  • Domain names
  • Email addresses
  • Groups

The app can be connected to Workspace either with an admin or non-admin account. An admin account has by default the necessary rights to fetch information about your assets. For non-admin users, you can create a custom role that allows them to fetch your asset information, see step 2 below.

Installing the app

  1. Google considers the Badrap app is "Unverified" because it requires certain "Limited" scopes from the Google Workspace user who installs it and it hasn't been vetted by Google.

    For a Google Workspace user to install the app, the app has to be allowlisted by an admin in their Google Workspace organization. The allowlisting can be done from the Google Admin panel:

  • Navigate to Security -> Access and data control -> API Controls -> Manage Third-Party App Access -> Add app -> OAuth App Name Or Client ID.
  • In the search field fill in the app's client ID, and click Search. The page will list the matching apps by name. Highlight the app and click Select.
    • The Badrap app client ID is 896703348678-sg4fi97m6p6r10dj49bfu88fjhj0t0am.apps.googleusercontent.com, and the app is named Badrap App for Google Workspace.
  • The next page asks which client IDs you want to configure. Select all of them and click Select.
  • The next page asks you to choose the access type. Select Trusted and click Configure.
  1. After this process, any Google Workspace user of the organization can install the app. However, the users need to have a Google Workspace role that allows accessing the required APIs. Admin users have the required permissions by default. For non-admin users, a new role can be created in the Google Admin panel:
  • Navigate to Admin roles and click Create new role.
  • Come up with a descriptive name for the role, for example "Badrap Watcher". Click Continue.
  • In the privilege selection list there is a separate section called Admin API privileges. From there enable Users -> Read, Groups -> Read and Domain Management privileges. Click Continue.
  • Click Create Role.
  • The role has now been created and can be assigned to the users that need the required permissions to install the Google Workspace Badrap app.

  1. After the steps above, you can proceed to install the Workspace app.

  2. Go to badrap.io. Install the app for a team or for you personally.

    • Team: Pick your team from the menu and click Apps
    • Personal: Go to Settings -> Apps

  3. Open the Workspace app page (opens new window). Click Install.

  1. Review the permissions that the app requests. Click Install the app.
  1. Click on Add a new account.
  1. Select your Google account that you want to use to connect to your Google Workspace installation.
  2. Google will ask for your permission to share your Workspace assets with Badrap. Review the permissions and click Allow to provide your consent.
  1. In a few minutes, you should see your assets under the Google Workspace section on your My Assets page.

Uninstalling the app

  1. Open the Workspace app page and click Uninstall.
  2. All assets listed by the app will disappear from your "My assets" page.
  3. From Google Admin panel, go to Security -> API Controls -> Manage Third-Party App Access, search for the app called Badrap App for Google Workspace, and delete it.
  4. If you created a custom role for non-admin users in your organization to install the app, go to Google Admin panel and delete the custom role from the Admin roles menu.
',22),h=[c];function g(d,m){return a(),t("div",null,h)}const f=e(p,[["render",g],["__file","gworkspace.html.vue"]]),k=JSON.parse('{"path":"/apps/gworkspace.html","title":"Google Workspace","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Installing the app","slug":"installing-the-app","link":"#installing-the-app","children":[]},{"level":2,"title":"Uninstalling the app","slug":"uninstalling-the-app","link":"#uninstalling-the-app","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"apps/gworkspace.md"}');export{f as comp,k as data}; +import{_ as e,c as t,o as a,e as o}from"./app-DhWbOGxr.js";const s="/assets/gworkspace-10-install-Brp6TXUX.png",n="/assets/gworkspace-20-perms-DLCM_vTZ.png",r="/assets/gworkspace-30-add-account-B84RL5Cn.png",l="/assets/gworkspace-40-google-perms-DqATrWCl.png",i="/assets/gworkspace-80-assets-SD5czj3v.png",p={},c=o('

Google Workspace

This app allows you to synchronize your Google Workspace assets into Badrap and receive security notifications about them.

Once installed, the app fetches a list of your organization's assets from your Workspace environment, and adds them as your assets in Badrap. Whenever your assets change in Workspace, they are synchronized and updated automatically in Badrap. Assets can include:

  • Domain names
  • Email addresses
  • Groups

The app can be connected to Workspace either with an admin or non-admin account. An admin account has by default the necessary rights to fetch information about your assets. For non-admin users, you can create a custom role that allows them to fetch your asset information, see step 2 below.

Installing the app

  1. Google considers the Badrap app is "Unverified" because it requires certain "Limited" scopes from the Google Workspace user who installs it and it hasn't been vetted by Google.

    For a Google Workspace user to install the app, the app has to be allowlisted by an admin in their Google Workspace organization. The allowlisting can be done from the Google Admin panel:

  • Navigate to Security -> Access and data control -> API Controls -> Manage Third-Party App Access -> Add app -> OAuth App Name Or Client ID.
  • In the search field fill in the app's client ID, and click Search. The page will list the matching apps by name. Highlight the app and click Select.
    • The Badrap app client ID is 896703348678-sg4fi97m6p6r10dj49bfu88fjhj0t0am.apps.googleusercontent.com, and the app is named Badrap App for Google Workspace.
  • The next page asks which client IDs you want to configure. Select all of them and click Select.
  • The next page asks you to choose the access type. Select Trusted and click Configure.
  1. After this process, any Google Workspace user of the organization can install the app. However, the users need to have a Google Workspace role that allows accessing the required APIs. Admin users have the required permissions by default. For non-admin users, a new role can be created in the Google Admin panel:
  • Navigate to Admin roles and click Create new role.
  • Come up with a descriptive name for the role, for example "Badrap Watcher". Click Continue.
  • In the privilege selection list there is a separate section called Admin API privileges. From there enable Users -> Read, Groups -> Read and Domain Management privileges. Click Continue.
  • Click Create Role.
  • The role has now been created and can be assigned to the users that need the required permissions to install the Google Workspace Badrap app.

  1. After the steps above, you can proceed to install the Workspace app.

  2. Go to badrap.io. Install the app for a team or for you personally.

    • Team: Pick your team from the menu and click Apps
    • Personal: Go to Settings -> Apps

  3. Open the Workspace app page (opens new window). Click Install.

  1. Review the permissions that the app requests. Click Install the app.
  1. Click on Add a new account.
  1. Select your Google account that you want to use to connect to your Google Workspace installation.
  2. Google will ask for your permission to share your Workspace assets with Badrap. Review the permissions and click Allow to provide your consent.
  1. In a few minutes, you should see your assets under the Google Workspace section on your My Assets page.

Uninstalling the app

  1. Open the Workspace app page and click Uninstall.
  2. All assets listed by the app will disappear from your "My assets" page.
  3. From Google Admin panel, go to Security -> API Controls -> Manage Third-Party App Access, search for the app called Badrap App for Google Workspace, and delete it.
  4. If you created a custom role for non-admin users in your organization to install the app, go to Google Admin panel and delete the custom role from the Admin roles menu.
',22),h=[c];function g(d,m){return a(),t("div",null,h)}const f=e(p,[["render",g],["__file","gworkspace.html.vue"]]),k=JSON.parse('{"path":"/apps/gworkspace.html","title":"Google Workspace","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Installing the app","slug":"installing-the-app","link":"#installing-the-app","children":[]},{"level":2,"title":"Uninstalling the app","slug":"uninstalling-the-app","link":"#uninstalling-the-app","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"apps/gworkspace.md"}');export{f as comp,k as data}; diff --git a/assets/https.html-CWJprkwF.js b/assets/https.html-D9UwG-CF.js similarity index 98% rename from assets/https.html-CWJprkwF.js rename to assets/https.html-D9UwG-CF.js index f19ce8c7..460c816b 100644 --- a/assets/https.html-CWJprkwF.js +++ b/assets/https.html-D9UwG-CF.js @@ -1,3 +1,3 @@ -import{_ as e,c as t,o as a,e as s}from"./app-CxPUdK5a.js";const n="/assets/https-10-install-BAAo2phf.png",l="/assets/https-15-perms-Bz03Q4x1.png",r="/assets/https-20-add-new-url-Be2L31gu.png",i="/assets/https-30-copy-url-CTnbXhPm.png",o="/assets/https-40-assets-list-CqkxvHmg.png",p={},h=s('

HTTPS App

This app allows you to register a new asset into Badrap simply by fetching a URL. The IP address from which the request originates will be added as a new asset under your user account. You will receive security notifications about the asset you have registered, and you can use other Badrap apps to enrich or to interact with the asset.

Install the app

  1. Open the HTTPS app page.
  1. Click Install. The app will ask for your permission to create new assets under your Badrap account.
  1. Click on Install the app. The app is now installed.

Add a new asset

  1. Go to the HTTPS app page. Click on Generate new address.
  1. Click on the Copy to clipboard button to copy the URL onto your clipboard. You can also assign a name for the asset with the Assign name button.

  1. On the host that you want to add as a new asset into Badrap, fetch the URL using a suitable application. For command-line usage, common tools for fetching an URL are e.g. Wget or curl. These command-line tools are commonly available for Linux distributions. curl is built into Mac OS X, and into Windows 10 command line and PowerShell environments. For desktop hosts, you can simply fetch the URL with any web browser.

    Example using wget:

    wget https://http-app.badrap.io/app/claim/1abc...
+import{_ as e,c as t,o as a,e as s}from"./app-DhWbOGxr.js";const n="/assets/https-10-install-BAAo2phf.png",l="/assets/https-15-perms-Bz03Q4x1.png",r="/assets/https-20-add-new-url-Be2L31gu.png",i="/assets/https-30-copy-url-CTnbXhPm.png",o="/assets/https-40-assets-list-CqkxvHmg.png",p={},h=s('
    HTTPS App
    This app allows you to register a new asset into Badrap simply by fetching a URL. The IP address from which the request originates will be added as a new asset under your user account. You will receive security notifications about the asset you have registered, and you can use other Badrap apps to enrich or to interact with the asset.
    Install the app
    1. Open the HTTPS app page.
    1. Click Install. The app will ask for your permission to create new assets under your Badrap account.
    1. Click on Install the app. The app is now installed.
    Add a new asset
    1. Go to the HTTPS app page. Click on Generate new address.
    1. Click on the Copy to clipboard button to copy the URL onto your clipboard. You can also assign a name for the asset with the Assign name button.
    1. On the host that you want to add as a new asset into Badrap, fetch the URL using a suitable application. For command-line usage, common tools for fetching an URL are e.g. Wget or curl. These command-line tools are commonly available for Linux distributions. curl is built into Mac OS X, and into Windows 10 command line and PowerShell environments. For desktop hosts, you can simply fetch the URL with any web browser.
      Example using wget:
      wget https://http-app.badrap.io/app/claim/1abc...
 
      Example using curl:
      curl https://http-app.badrap.io/app/claim/1abc...
-
    2. The IP address of the host from which you fetched the URL will be registered and displayed as a new asset in your My assets page. If you assigned a name for your asset, it will also be displayed. The list shows also when the asset has been registered.
    Update an asset
    1. If the IP address of your asset changes, you can update the asset simply by fetching the same URL again from the asset host. The asset is updated to reflect the current IP address. This way, you can keep assets with dynamically changing IP addresses easily up-to-date: just create a scheduled task on your asset host to periodically fetch the URL associated with it. If you want to update the name of the asset, you can do so with the Assign name button.
    2. You can also always just delete the previously generated URL associated with the asset and create a new one.
    Delete an asset
    1. Go to the HTTPS app page. Find the URL that you used to register the asset that you want to delete. Click on Delete.
    2. The asset registered with the URL will be deleted from your My assets page.
    Uninstall the app
    1. Go to the HTTPS app page and click Uninstall.
    2. The app is now uninstalled. Any assets you registered with the app are also deleted from your My assets page.
    ',21),d=[h];function c(u,g){return a(),t("div",null,d)}const w=e(p,[["render",c],["__file","https.html.vue"]]),y=JSON.parse('{"path":"/apps/https.html","title":"HTTPS App","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Install the app","slug":"install-the-app","link":"#install-the-app","children":[]},{"level":2,"title":"Add a new asset","slug":"add-a-new-asset","link":"#add-a-new-asset","children":[]},{"level":2,"title":"Update an asset","slug":"update-an-asset","link":"#update-an-asset","children":[]},{"level":2,"title":"Delete an asset","slug":"delete-an-asset","link":"#delete-an-asset","children":[]},{"level":2,"title":"Uninstall the app","slug":"uninstall-the-app","link":"#uninstall-the-app","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"apps/https.md"}');export{w as comp,y as data};
+

  2. The IP address of the host from which you fetched the URL will be registered and displayed as a new asset in your My assets page. If you assigned a name for your asset, it will also be displayed. The list shows also when the asset has been registered.

Update an asset

  1. If the IP address of your asset changes, you can update the asset simply by fetching the same URL again from the asset host. The asset is updated to reflect the current IP address. This way, you can keep assets with dynamically changing IP addresses easily up-to-date: just create a scheduled task on your asset host to periodically fetch the URL associated with it. If you want to update the name of the asset, you can do so with the Assign name button.

  2. You can also always just delete the previously generated URL associated with the asset and create a new one.

Delete an asset

  1. Go to the HTTPS app page. Find the URL that you used to register the asset that you want to delete. Click on Delete.

  2. The asset registered with the URL will be deleted from your My assets page.

Uninstall the app

  1. Go to the HTTPS app page and click Uninstall.

  2. The app is now uninstalled. Any assets you registered with the app are also deleted from your My assets page.

',21),d=[h];function c(u,g){return a(),t("div",null,d)}const w=e(p,[["render",c],["__file","https.html.vue"]]),y=JSON.parse('{"path":"/apps/https.html","title":"HTTPS App","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Install the app","slug":"install-the-app","link":"#install-the-app","children":[]},{"level":2,"title":"Add a new asset","slug":"add-a-new-asset","link":"#add-a-new-asset","children":[]},{"level":2,"title":"Update an asset","slug":"update-an-asset","link":"#update-an-asset","children":[]},{"level":2,"title":"Delete an asset","slug":"delete-an-asset","link":"#delete-an-asset","children":[]},{"level":2,"title":"Uninstall the app","slug":"uninstall-the-app","link":"#uninstall-the-app","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"apps/https.md"}');export{w as comp,y as data}; diff --git a/assets/index.html-CNZDpYWA.js b/assets/index.html-D-Eupwv8.js similarity index 96% rename from assets/index.html-CNZDpYWA.js rename to assets/index.html-D-Eupwv8.js index 99ca7259..8cee400d 100644 --- a/assets/index.html-CNZDpYWA.js +++ b/assets/index.html-D-Eupwv8.js @@ -1 +1 @@ -import{_ as o,c as n,a as e,b as l,w as a,e as s,r as u,o as h,d as i}from"./app-CxPUdK5a.js";const r={},d=s('

Badrapin suomenkieliset materiaalit

Suomenkielistä oheismateriaalia badrap.io-palvelulle.

Yleisiä ja yleiskäyttöisiä ohjeita

',3),m=e("h2",{id:"havaintojen-ohjeet",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#havaintojen-ohjeet"},[e("span",null,"Havaintojen ohjeet")])],-1),p=e("h2",{id:"tietoja-palvelusta",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#tietoja-palvelusta"},[e("span",null,"Tietoja palvelusta")])],-1);function f(y,c){const t=u("RouteLink");return h(),n("div",null,[d,e("ul",null,[e("li",null,[l(t,{to:"/fi/locate.html"},{default:a(()=>[i("Ongelmallisen palvelun paikallistaminen")]),_:1})]),e("li",null,[l(t,{to:"/fi/categories.html"},{default:a(()=>[i("Tietoa hyökkäyskategorioista")]),_:1})])]),m,e("ul",null,[e("li",null,[l(t,{to:"/fi/types/telnet.html"},{default:a(()=>[i("Avoin Telnet-palvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/dns.html"},{default:a(()=>[i("Liian avoin nimipalvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/mdns.html"},{default:a(()=>[i("Avoin mDNS-palvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/snmp.html"},{default:a(()=>[i("Avoin SNMP-palvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/tftp.html"},{default:a(()=>[i("Avoin TFTP-palvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/netbios.html"},{default:a(()=>[i("Avoin NetBIOS-palvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/ntp.html"},{default:a(()=>[i("Avoin NTP-palvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/memcached.html"},{default:a(()=>[i("Avoin Memcached-palvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/smb.html"},{default:a(()=>[i("Avoin SMB-tiedostojakopalvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/attacksource.html"},{default:a(()=>[i("Verkkohyökkäysten lähde verkossasi")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/portscan.html"},{default:a(()=>[i("Porttiskannauksen lähde")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/buildingautomation.html"},{default:a(()=>[i("Avoin taloautomaatiojärjestelmä")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/malware-citeary.html"},{default:a(()=>[i("Haittaohjelma: Citeary")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/malware-ircbot.html"},{default:a(()=>[i("Haittaohjelma: IRCBot")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/malware-jadtre.html"},{default:a(()=>[i("Haittaohjelma: Jadtre")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/malware-palevo.html"},{default:a(()=>[i("Haittaohjelma: Palevo")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/malware-pushdo.html"},{default:a(()=>[i("Haittaohjelma: Pushdo")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/malware-sality.html"},{default:a(()=>[i("Haittaohjelma: Sality")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/malware-wapomi.html"},{default:a(()=>[i("Haittaohjelma: Wapomi")]),_:1})])]),p,e("ul",null,[e("li",null,[l(t,{to:"/fi/faq.html"},{default:a(()=>[i("Usein kysytyt kysymykset")]),_:1})]),e("li",null,[l(t,{to:"/fi/privacy.html"},{default:a(()=>[i("badrap.io:n tietosuojaseloste")]),_:1})])])])}const _=o(r,[["render",f],["__file","index.html.vue"]]),j=JSON.parse('{"path":"/fi/","title":"Badrapin suomenkieliset materiaalit","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Yleisiä ja yleiskäyttöisiä ohjeita","slug":"yleisia-ja-yleiskayttoisia-ohjeita","link":"#yleisia-ja-yleiskayttoisia-ohjeita","children":[]},{"level":2,"title":"Havaintojen ohjeet","slug":"havaintojen-ohjeet","link":"#havaintojen-ohjeet","children":[]},{"level":2,"title":"Tietoja palvelusta","slug":"tietoja-palvelusta","link":"#tietoja-palvelusta","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/README.md"}');export{_ as comp,j as data}; +import{_ as o,c as n,a as e,b as l,w as a,e as s,r as u,o as h,d as i}from"./app-DhWbOGxr.js";const r={},d=s('

Badrapin suomenkieliset materiaalit

Suomenkielistä oheismateriaalia badrap.io-palvelulle.

Yleisiä ja yleiskäyttöisiä ohjeita

',3),m=e("h2",{id:"havaintojen-ohjeet",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#havaintojen-ohjeet"},[e("span",null,"Havaintojen ohjeet")])],-1),p=e("h2",{id:"tietoja-palvelusta",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#tietoja-palvelusta"},[e("span",null,"Tietoja palvelusta")])],-1);function f(y,c){const t=u("RouteLink");return h(),n("div",null,[d,e("ul",null,[e("li",null,[l(t,{to:"/fi/locate.html"},{default:a(()=>[i("Ongelmallisen palvelun paikallistaminen")]),_:1})]),e("li",null,[l(t,{to:"/fi/categories.html"},{default:a(()=>[i("Tietoa hyökkäyskategorioista")]),_:1})])]),m,e("ul",null,[e("li",null,[l(t,{to:"/fi/types/telnet.html"},{default:a(()=>[i("Avoin Telnet-palvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/dns.html"},{default:a(()=>[i("Liian avoin nimipalvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/mdns.html"},{default:a(()=>[i("Avoin mDNS-palvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/snmp.html"},{default:a(()=>[i("Avoin SNMP-palvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/tftp.html"},{default:a(()=>[i("Avoin TFTP-palvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/netbios.html"},{default:a(()=>[i("Avoin NetBIOS-palvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/ntp.html"},{default:a(()=>[i("Avoin NTP-palvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/memcached.html"},{default:a(()=>[i("Avoin Memcached-palvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/smb.html"},{default:a(()=>[i("Avoin SMB-tiedostojakopalvelu")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/attacksource.html"},{default:a(()=>[i("Verkkohyökkäysten lähde verkossasi")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/portscan.html"},{default:a(()=>[i("Porttiskannauksen lähde")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/buildingautomation.html"},{default:a(()=>[i("Avoin taloautomaatiojärjestelmä")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/malware-citeary.html"},{default:a(()=>[i("Haittaohjelma: Citeary")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/malware-ircbot.html"},{default:a(()=>[i("Haittaohjelma: IRCBot")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/malware-jadtre.html"},{default:a(()=>[i("Haittaohjelma: Jadtre")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/malware-palevo.html"},{default:a(()=>[i("Haittaohjelma: Palevo")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/malware-pushdo.html"},{default:a(()=>[i("Haittaohjelma: Pushdo")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/malware-sality.html"},{default:a(()=>[i("Haittaohjelma: Sality")]),_:1})]),e("li",null,[l(t,{to:"/fi/types/malware-wapomi.html"},{default:a(()=>[i("Haittaohjelma: Wapomi")]),_:1})])]),p,e("ul",null,[e("li",null,[l(t,{to:"/fi/faq.html"},{default:a(()=>[i("Usein kysytyt kysymykset")]),_:1})]),e("li",null,[l(t,{to:"/fi/privacy.html"},{default:a(()=>[i("badrap.io:n tietosuojaseloste")]),_:1})])])])}const _=o(r,[["render",f],["__file","index.html.vue"]]),j=JSON.parse('{"path":"/fi/","title":"Badrapin suomenkieliset materiaalit","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Yleisiä ja yleiskäyttöisiä ohjeita","slug":"yleisia-ja-yleiskayttoisia-ohjeita","link":"#yleisia-ja-yleiskayttoisia-ohjeita","children":[]},{"level":2,"title":"Havaintojen ohjeet","slug":"havaintojen-ohjeet","link":"#havaintojen-ohjeet","children":[]},{"level":2,"title":"Tietoja palvelusta","slug":"tietoja-palvelusta","link":"#tietoja-palvelusta","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/README.md"}');export{_ as comp,j as data}; diff --git a/assets/index.html-BmS1BYUC.js b/assets/index.html-DYp44kH-.js similarity index 97% rename from assets/index.html-BmS1BYUC.js rename to assets/index.html-DYp44kH-.js index a4bad952..6e7d5ab9 100644 --- a/assets/index.html-BmS1BYUC.js +++ b/assets/index.html-DYp44kH-.js @@ -1 +1 @@ -import{_ as i,c as o,a as e,b as a,w as n,d as l,e as s,r,o as u}from"./app-CxPUdK5a.js";const c={},p=s('

Badrap Documentation

This site contains supplementary material for the badrap.io service.

General Instructions

',3),d=e("h2",{id:"apps",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#apps"},[e("span",null,"Apps")])],-1),m=e("p",null,"Apps are currently available as part of the commercial offering.",-1),h=e("h2",{id:"instructions-for-events",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#instructions-for-events"},[e("span",null,"Instructions for Events")])],-1),f=e("h2",{id:"service-information",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#service-information"},[e("span",null,"Service Information")])],-1);function _(v,y){const t=r("RouteLink");return u(),o("div",null,[p,e("ul",null,[e("li",null,[a(t,{to:"/locate.html"},{default:n(()=>[l("How to locate a vulnerable service")]),_:1})]),e("li",null,[a(t,{to:"/categories.html"},{default:n(()=>[l("Information about vulnerability categories")]),_:1})])]),d,m,e("ul",null,[e("li",null,[a(t,{to:"/apps/aws.html"},{default:n(()=>[l("Amazon Web Services (AWS)")]),_:1})]),e("li",null,[a(t,{to:"/apps/fraktal.html"},{default:n(()=>[l("Fraktal AWS Audit")]),_:1})]),e("li",null,[a(t,{to:"/apps/o365.html"},{default:n(()=>[l("Microsoft Office 365")]),_:1})]),e("li",null,[a(t,{to:"/apps/azure.html"},{default:n(()=>[l("Microsoft Azure")]),_:1})]),e("li",null,[a(t,{to:"/apps/gworkspace.html"},{default:n(()=>[l("Google Workspace")]),_:1})]),e("li",null,[a(t,{to:"/apps/gcp.html"},{default:n(()=>[l("Google Cloud Platform")]),_:1})]),e("li",null,[a(t,{to:"/apps/beacon.html"},{default:n(()=>[l("Sensorfu Beacon")]),_:1})]),e("li",null,[a(t,{to:"/apps/https.html"},{default:n(()=>[l("HTTPS")]),_:1})]),e("li",null,[a(t,{to:"/apps/traficom.html"},{default:n(()=>[l("Traficom")]),_:1})])]),h,e("ul",null,[e("li",null,[a(t,{to:"/types/abandoned-server.html"},{default:n(()=>[l("Abandoned Server")]),_:1})]),e("li",null,[a(t,{to:"/types/eol-server.html"},{default:n(()=>[l("End Of Life Server")]),_:1})]),e("li",null,[a(t,{to:"/types/exposed-service.html"},{default:n(()=>[l("Exposed Service")]),_:1})]),e("li",null,[a(t,{to:"/types/expired-certificate.html"},{default:n(()=>[l("Expired Certificate")]),_:1})]),e("li",null,[a(t,{to:"/types/subdomain.html"},{default:n(()=>[l("Subdomain Takeover Risk")]),_:1})]),e("li",null,[a(t,{to:"/types/databreach.html"},{default:n(()=>[l("Data Breach")]),_:1})]),e("li",null,[a(t,{to:"/types/spamlist.html"},{default:n(()=>[l("Spam List")]),_:1})]),e("li",null,[a(t,{to:"/types/telnet.html"},{default:n(()=>[l("Open Telnet service")]),_:1})]),e("li",null,[a(t,{to:"/types/dns.html"},{default:n(()=>[l("Open DNS service")]),_:1})]),e("li",null,[a(t,{to:"/types/mdns.html"},{default:n(()=>[l("Open mDNS service")]),_:1})]),e("li",null,[a(t,{to:"/types/snmp.html"},{default:n(()=>[l("Open SNMP service")]),_:1})]),e("li",null,[a(t,{to:"/types/tftp.html"},{default:n(()=>[l("Open TFTP service")]),_:1})]),e("li",null,[a(t,{to:"/types/netbios.html"},{default:n(()=>[l("Open NetBIOS service")]),_:1})]),e("li",null,[a(t,{to:"/types/ntp.html"},{default:n(()=>[l("Open NTP service")]),_:1})]),e("li",null,[a(t,{to:"/types/memcached.html"},{default:n(()=>[l("Open Memcached service")]),_:1})]),e("li",null,[a(t,{to:"/types/rdp.html"},{default:n(()=>[l("Open RDP service")]),_:1})]),e("li",null,[a(t,{to:"/types/smb.html"},{default:n(()=>[l("Open SMB service")]),_:1})]),e("li",null,[a(t,{to:"/types/vnc.html"},{default:n(()=>[l("Open VNC service")]),_:1})]),e("li",null,[a(t,{to:"/types/attacksource.html"},{default:n(()=>[l("Attack source")]),_:1})]),e("li",null,[a(t,{to:"/types/portscan.html"},{default:n(()=>[l("Port scanning")]),_:1})]),e("li",null,[a(t,{to:"/types/malware-citeary.html"},{default:n(()=>[l("Malware: Citeary")]),_:1})]),e("li",null,[a(t,{to:"/types/malware-ircbot.html"},{default:n(()=>[l("Malware: IRCBot")]),_:1})]),e("li",null,[a(t,{to:"/types/malware-jadtre.html"},{default:n(()=>[l("Malware: Jadtre")]),_:1})]),e("li",null,[a(t,{to:"/types/malware-palevo.html"},{default:n(()=>[l("Malware: Palevo")]),_:1})]),e("li",null,[a(t,{to:"/types/malware-pushdo.html"},{default:n(()=>[l("Malware: Pushdo")]),_:1})]),e("li",null,[a(t,{to:"/types/malware-sality.html"},{default:n(()=>[l("Malware: Sality")]),_:1})]),e("li",null,[a(t,{to:"/types/malware-wapomi.html"},{default:n(()=>[l("Malware: Wapomi")]),_:1})])]),f,e("ul",null,[e("li",null,[a(t,{to:"/faq.html"},{default:n(()=>[l("Frequently Asked Questions")]),_:1})]),e("li",null,[a(t,{to:"/privacy.html"},{default:n(()=>[l("badrap.io Privacy Policy")]),_:1}),l(" - for the badrap.io users")]),e("li",null,[a(t,{to:"/tos.html"},{default:n(()=>[l("Terms of Service")]),_:1})]),e("li",null,[a(t,{to:"/service-description.html"},{default:n(()=>[l("Service Description")]),_:1})]),e("li",null,[a(t,{to:"/privacy-company.html"},{default:n(()=>[l("Badrap Oy Privacy Policy")]),_:1}),l(" - for Badrap Oy customers or potential customers (covers marketing, sales and deliveries)")]),e("li",null,[a(t,{to:"/esg.html"},{default:n(()=>[l("Environmental, Societal and Governance Policy")]),_:1})])])])}const S=i(c,[["render",_],["__file","index.html.vue"]]),g=JSON.parse('{"path":"/","title":"Badrap Documentation","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"General Instructions","slug":"general-instructions","link":"#general-instructions","children":[]},{"level":2,"title":"Apps","slug":"apps","link":"#apps","children":[]},{"level":2,"title":"Instructions for Events","slug":"instructions-for-events","link":"#instructions-for-events","children":[]},{"level":2,"title":"Service Information","slug":"service-information","link":"#service-information","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"README.md"}');export{S as comp,g as data}; +import{_ as i,c as o,a as e,b as a,w as n,d as l,e as s,r,o as u}from"./app-DhWbOGxr.js";const c={},p=s('

Badrap Documentation

This site contains supplementary material for the badrap.io service.

General Instructions

',3),d=e("h2",{id:"apps",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#apps"},[e("span",null,"Apps")])],-1),m=e("p",null,"Apps are currently available as part of the commercial offering.",-1),h=e("h2",{id:"instructions-for-events",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#instructions-for-events"},[e("span",null,"Instructions for Events")])],-1),f=e("h2",{id:"service-information",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#service-information"},[e("span",null,"Service Information")])],-1);function _(v,y){const t=r("RouteLink");return u(),o("div",null,[p,e("ul",null,[e("li",null,[a(t,{to:"/locate.html"},{default:n(()=>[l("How to locate a vulnerable service")]),_:1})]),e("li",null,[a(t,{to:"/categories.html"},{default:n(()=>[l("Information about vulnerability categories")]),_:1})])]),d,m,e("ul",null,[e("li",null,[a(t,{to:"/apps/aws.html"},{default:n(()=>[l("Amazon Web Services (AWS)")]),_:1})]),e("li",null,[a(t,{to:"/apps/fraktal.html"},{default:n(()=>[l("Fraktal AWS Audit")]),_:1})]),e("li",null,[a(t,{to:"/apps/o365.html"},{default:n(()=>[l("Microsoft Office 365")]),_:1})]),e("li",null,[a(t,{to:"/apps/azure.html"},{default:n(()=>[l("Microsoft Azure")]),_:1})]),e("li",null,[a(t,{to:"/apps/gworkspace.html"},{default:n(()=>[l("Google Workspace")]),_:1})]),e("li",null,[a(t,{to:"/apps/gcp.html"},{default:n(()=>[l("Google Cloud Platform")]),_:1})]),e("li",null,[a(t,{to:"/apps/beacon.html"},{default:n(()=>[l("Sensorfu Beacon")]),_:1})]),e("li",null,[a(t,{to:"/apps/https.html"},{default:n(()=>[l("HTTPS")]),_:1})]),e("li",null,[a(t,{to:"/apps/traficom.html"},{default:n(()=>[l("Traficom")]),_:1})])]),h,e("ul",null,[e("li",null,[a(t,{to:"/types/abandoned-server.html"},{default:n(()=>[l("Abandoned Server")]),_:1})]),e("li",null,[a(t,{to:"/types/eol-server.html"},{default:n(()=>[l("End Of Life Server")]),_:1})]),e("li",null,[a(t,{to:"/types/exposed-service.html"},{default:n(()=>[l("Exposed Service")]),_:1})]),e("li",null,[a(t,{to:"/types/expired-certificate.html"},{default:n(()=>[l("Expired Certificate")]),_:1})]),e("li",null,[a(t,{to:"/types/subdomain.html"},{default:n(()=>[l("Subdomain Takeover Risk")]),_:1})]),e("li",null,[a(t,{to:"/types/databreach.html"},{default:n(()=>[l("Data Breach")]),_:1})]),e("li",null,[a(t,{to:"/types/spamlist.html"},{default:n(()=>[l("Spam List")]),_:1})]),e("li",null,[a(t,{to:"/types/telnet.html"},{default:n(()=>[l("Open Telnet service")]),_:1})]),e("li",null,[a(t,{to:"/types/dns.html"},{default:n(()=>[l("Open DNS service")]),_:1})]),e("li",null,[a(t,{to:"/types/mdns.html"},{default:n(()=>[l("Open mDNS service")]),_:1})]),e("li",null,[a(t,{to:"/types/snmp.html"},{default:n(()=>[l("Open SNMP service")]),_:1})]),e("li",null,[a(t,{to:"/types/tftp.html"},{default:n(()=>[l("Open TFTP service")]),_:1})]),e("li",null,[a(t,{to:"/types/netbios.html"},{default:n(()=>[l("Open NetBIOS service")]),_:1})]),e("li",null,[a(t,{to:"/types/ntp.html"},{default:n(()=>[l("Open NTP service")]),_:1})]),e("li",null,[a(t,{to:"/types/memcached.html"},{default:n(()=>[l("Open Memcached service")]),_:1})]),e("li",null,[a(t,{to:"/types/rdp.html"},{default:n(()=>[l("Open RDP service")]),_:1})]),e("li",null,[a(t,{to:"/types/smb.html"},{default:n(()=>[l("Open SMB service")]),_:1})]),e("li",null,[a(t,{to:"/types/vnc.html"},{default:n(()=>[l("Open VNC service")]),_:1})]),e("li",null,[a(t,{to:"/types/attacksource.html"},{default:n(()=>[l("Attack source")]),_:1})]),e("li",null,[a(t,{to:"/types/portscan.html"},{default:n(()=>[l("Port scanning")]),_:1})]),e("li",null,[a(t,{to:"/types/malware-citeary.html"},{default:n(()=>[l("Malware: Citeary")]),_:1})]),e("li",null,[a(t,{to:"/types/malware-ircbot.html"},{default:n(()=>[l("Malware: IRCBot")]),_:1})]),e("li",null,[a(t,{to:"/types/malware-jadtre.html"},{default:n(()=>[l("Malware: Jadtre")]),_:1})]),e("li",null,[a(t,{to:"/types/malware-palevo.html"},{default:n(()=>[l("Malware: Palevo")]),_:1})]),e("li",null,[a(t,{to:"/types/malware-pushdo.html"},{default:n(()=>[l("Malware: Pushdo")]),_:1})]),e("li",null,[a(t,{to:"/types/malware-sality.html"},{default:n(()=>[l("Malware: Sality")]),_:1})]),e("li",null,[a(t,{to:"/types/malware-wapomi.html"},{default:n(()=>[l("Malware: Wapomi")]),_:1})])]),f,e("ul",null,[e("li",null,[a(t,{to:"/faq.html"},{default:n(()=>[l("Frequently Asked Questions")]),_:1})]),e("li",null,[a(t,{to:"/privacy.html"},{default:n(()=>[l("badrap.io Privacy Policy")]),_:1}),l(" - for the badrap.io users")]),e("li",null,[a(t,{to:"/tos.html"},{default:n(()=>[l("Terms of Service")]),_:1})]),e("li",null,[a(t,{to:"/service-description.html"},{default:n(()=>[l("Service Description")]),_:1})]),e("li",null,[a(t,{to:"/privacy-company.html"},{default:n(()=>[l("Badrap Oy Privacy Policy")]),_:1}),l(" - for Badrap Oy customers or potential customers (covers marketing, sales and deliveries)")]),e("li",null,[a(t,{to:"/esg.html"},{default:n(()=>[l("Environmental, Societal and Governance Policy")]),_:1})])])])}const S=i(c,[["render",_],["__file","index.html.vue"]]),g=JSON.parse('{"path":"/","title":"Badrap Documentation","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"General Instructions","slug":"general-instructions","link":"#general-instructions","children":[]},{"level":2,"title":"Apps","slug":"apps","link":"#apps","children":[]},{"level":2,"title":"Instructions for Events","slug":"instructions-for-events","link":"#instructions-for-events","children":[]},{"level":2,"title":"Service Information","slug":"service-information","link":"#service-information","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"README.md"}');export{S as comp,g as data}; diff --git a/assets/locate.html-COlqpj_h.js b/assets/locate.html-BTg8wfWO.js similarity index 98% rename from assets/locate.html-COlqpj_h.js rename to assets/locate.html-BTg8wfWO.js index 83beade4..80f2c7d4 100644 --- a/assets/locate.html-COlqpj_h.js +++ b/assets/locate.html-BTg8wfWO.js @@ -1 +1 @@ -import{_ as a,c as t,o as i,e}from"./app-CxPUdK5a.js";const l={},n=e('

Ongelmallisen laitteen paikallistaminen

Hienoa, että ryhdyit selvittämään asiaa!

Nyt tarvitaan pientä etsivätyötä. Koska Internet toimii hieman monimutkaisesti, emme voi kertoa sinulle IP-osoitteen perusteella tarkalleen mistä laitteesta havainnossasi on kyse. Voimme kuitenkin auttaa sinua löytämään laitteen. Mikäli olet jonkun toisen verkossa, voimme auttaa sinua löytämään tahon kenelle kertoa löydöstäsi.

Tuumasta toimeen! Missä olet tällä hetkellä?

  • Olen kotona
  • Olen muualla kuin kotonani

Olen kotona

Oletko kotona WiFi-verkossasi?

Kotisi langattomassa verkossa ollessasi kyseessä on aika varmasti kotireitittimesi, sillä useimmiten kotisi muut internetiin kytketyt laitteet piilottelevat sen IP-osoitteen takana.

Käy ensitöiksesi tarkistamassa reitittimesi tarkka merkki ja malli. Tiedot löytyvät usein esimerkiksi laitteen pohjassa olevasta tarrasta.

Seuraavaksi etsi netistä kyseisen kotireitittimen käyttöohje. Ohjeessa kerrotaan kuinka reititintä ylläpidetään, miten siihen otetaan etäyhteys ja mitkä ovat sen käyttäjätunnukset. Käyttäjätunnus ja salasana saattavat myös lukea reitittimen pohjassa.

Onneksi olkoon, onnistuit paikallistamaan laitteen ja pystyt nyt ylläpitämään sitä. Lue seuraavaksi toimintaohjeet badrap.io-palvelun antamasta havainnosta ja ryhdy korjaustoimenpiteisiin!

Käytätkö oman puhelimesi tai tabletin mobiiliverkkoa? (3G, 4G/LTE)

Mobiiliverkot ovat hieman hankalampia tapauksia, sillä niissä IP-osoitteet siirtyvät henkilöltä toiselle tiuhaan tahtiin. Joillakin operaattoreilla saman IP-osoitteen takaa voi löytyä tuhansia eri käyttäjiä.

Näet palvelumme IP-osoitekohtaisesta informaatiokortista milloin olet seurannut IP-osoitetta. Vertaa aikaleimoja havainnon raportointiaikaan. Jos havainto on raportoitu myöhemmin, saattaa kyseessä olla sinun laitteesi. Muussa tapauksessa kyseessä voi olla havainto, joka on tehty silloin kun IP-osoite on ollut jonkun toisen käytössä.

Onnistuitko paikallistamaan laitteen? Lue seuraavaksi toimintaohjeet badrap.io-palvelun antamasta havainnosta. Tarkista onko laitteessasi kyseistä ongelmaa ja korjaa se palvelun antamilla ohjeilla!

Olen muualla kuin kotonani

Jos teet havainnon jonkun toisen verkossa, kuten työpaikallasi tai vierasverkossa yrityksessä, hotellissa tai kahvilassa, et voi korjata ongelmaa suoraan itse. Voit kuitenkin auttaa ongelman korjauksessa kertomalla siitä verkon ylläpitäjälle.

Aivan ensimmäiseksi kuitenkin: Kerää aineisto talteen.

Helpoiten tämä onnistuu ottamalla palvelun näyttämistä tiedoista kuvakaappaus. Myös esimerkiksi älypuhelimen kameran kuva käy mainiosti, luovuus kunniaan.

Seuraavaksi etsi käsiisi henkilö, jolle voit kertoa löydöstäsi:

Omalla työpaikalla

Jos olet omalla työpaikallasi, ole yhteydessä työpaikkanne IT-guruun. Välitä badrap.io-palvelun varoitus hänelle ja kysy tietääkö hän IP-osoitteen perusteella mistä laitteesta on kyse. Kysäise samalla voisiko guru korjata ongelman.

Vieraana jonkun toisen työpaikalla

Käytätkö vierailullasi neukkarin vierasverkkoa? Näytä tulos vierailusi isännälle. Hän osaa olla yhteydessä oman työpaikkansa IT-guruun, joka puolestaan voi guruilla verkon takaisin priimakuntoon antamiesi tietojen perusteella.

Koulussa, hotellissa, kahvilassa

Esittele tiedot löydästäsi henkilökunnalle. He tietävät, tai pystyvät selvittämään kuka vastaa paikan tietotekniikasta ja pystyy korjaamaan tilanteen.

',28),s=[n];function o(k,r){return i(),t("div",null,s)}const p=a(l,[["render",o],["__file","locate.html.vue"]]),m=JSON.parse('{"path":"/fi/locate.html","title":"Ongelmallisen laitteen paikallistaminen","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Olen kotona","slug":"olen-kotona","link":"#olen-kotona","children":[{"level":3,"title":"Oletko kotona WiFi-verkossasi?","slug":"oletko-kotona-wifi-verkossasi","link":"#oletko-kotona-wifi-verkossasi","children":[]},{"level":3,"title":"Käytätkö oman puhelimesi tai tabletin mobiiliverkkoa? (3G, 4G/LTE)","slug":"kaytatko-oman-puhelimesi-tai-tabletin-mobiiliverkkoa-3g-4g-lte","link":"#kaytatko-oman-puhelimesi-tai-tabletin-mobiiliverkkoa-3g-4g-lte","children":[]}]},{"level":2,"title":"Olen muualla kuin kotonani","slug":"olen-muualla-kuin-kotonani","link":"#olen-muualla-kuin-kotonani","children":[{"level":3,"title":"Omalla työpaikalla","slug":"omalla-tyopaikalla","link":"#omalla-tyopaikalla","children":[]},{"level":3,"title":"Vieraana jonkun toisen työpaikalla","slug":"vieraana-jonkun-toisen-tyopaikalla","link":"#vieraana-jonkun-toisen-tyopaikalla","children":[]},{"level":3,"title":"Koulussa, hotellissa, kahvilassa","slug":"koulussa-hotellissa-kahvilassa","link":"#koulussa-hotellissa-kahvilassa","children":[]}]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/locate.md"}');export{p as comp,m as data}; +import{_ as a,c as t,o as i,e}from"./app-DhWbOGxr.js";const l={},n=e('

Ongelmallisen laitteen paikallistaminen

Hienoa, että ryhdyit selvittämään asiaa!

Nyt tarvitaan pientä etsivätyötä. Koska Internet toimii hieman monimutkaisesti, emme voi kertoa sinulle IP-osoitteen perusteella tarkalleen mistä laitteesta havainnossasi on kyse. Voimme kuitenkin auttaa sinua löytämään laitteen. Mikäli olet jonkun toisen verkossa, voimme auttaa sinua löytämään tahon kenelle kertoa löydöstäsi.

Tuumasta toimeen! Missä olet tällä hetkellä?

  • Olen kotona
  • Olen muualla kuin kotonani

Olen kotona

Oletko kotona WiFi-verkossasi?

Kotisi langattomassa verkossa ollessasi kyseessä on aika varmasti kotireitittimesi, sillä useimmiten kotisi muut internetiin kytketyt laitteet piilottelevat sen IP-osoitteen takana.

Käy ensitöiksesi tarkistamassa reitittimesi tarkka merkki ja malli. Tiedot löytyvät usein esimerkiksi laitteen pohjassa olevasta tarrasta.

Seuraavaksi etsi netistä kyseisen kotireitittimen käyttöohje. Ohjeessa kerrotaan kuinka reititintä ylläpidetään, miten siihen otetaan etäyhteys ja mitkä ovat sen käyttäjätunnukset. Käyttäjätunnus ja salasana saattavat myös lukea reitittimen pohjassa.

Onneksi olkoon, onnistuit paikallistamaan laitteen ja pystyt nyt ylläpitämään sitä. Lue seuraavaksi toimintaohjeet badrap.io-palvelun antamasta havainnosta ja ryhdy korjaustoimenpiteisiin!

Käytätkö oman puhelimesi tai tabletin mobiiliverkkoa? (3G, 4G/LTE)

Mobiiliverkot ovat hieman hankalampia tapauksia, sillä niissä IP-osoitteet siirtyvät henkilöltä toiselle tiuhaan tahtiin. Joillakin operaattoreilla saman IP-osoitteen takaa voi löytyä tuhansia eri käyttäjiä.

Näet palvelumme IP-osoitekohtaisesta informaatiokortista milloin olet seurannut IP-osoitetta. Vertaa aikaleimoja havainnon raportointiaikaan. Jos havainto on raportoitu myöhemmin, saattaa kyseessä olla sinun laitteesi. Muussa tapauksessa kyseessä voi olla havainto, joka on tehty silloin kun IP-osoite on ollut jonkun toisen käytössä.

Onnistuitko paikallistamaan laitteen? Lue seuraavaksi toimintaohjeet badrap.io-palvelun antamasta havainnosta. Tarkista onko laitteessasi kyseistä ongelmaa ja korjaa se palvelun antamilla ohjeilla!

Olen muualla kuin kotonani

Jos teet havainnon jonkun toisen verkossa, kuten työpaikallasi tai vierasverkossa yrityksessä, hotellissa tai kahvilassa, et voi korjata ongelmaa suoraan itse. Voit kuitenkin auttaa ongelman korjauksessa kertomalla siitä verkon ylläpitäjälle.

Aivan ensimmäiseksi kuitenkin: Kerää aineisto talteen.

Helpoiten tämä onnistuu ottamalla palvelun näyttämistä tiedoista kuvakaappaus. Myös esimerkiksi älypuhelimen kameran kuva käy mainiosti, luovuus kunniaan.

Seuraavaksi etsi käsiisi henkilö, jolle voit kertoa löydöstäsi:

Omalla työpaikalla

Jos olet omalla työpaikallasi, ole yhteydessä työpaikkanne IT-guruun. Välitä badrap.io-palvelun varoitus hänelle ja kysy tietääkö hän IP-osoitteen perusteella mistä laitteesta on kyse. Kysäise samalla voisiko guru korjata ongelman.

Vieraana jonkun toisen työpaikalla

Käytätkö vierailullasi neukkarin vierasverkkoa? Näytä tulos vierailusi isännälle. Hän osaa olla yhteydessä oman työpaikkansa IT-guruun, joka puolestaan voi guruilla verkon takaisin priimakuntoon antamiesi tietojen perusteella.

Koulussa, hotellissa, kahvilassa

Esittele tiedot löydästäsi henkilökunnalle. He tietävät, tai pystyvät selvittämään kuka vastaa paikan tietotekniikasta ja pystyy korjaamaan tilanteen.

',28),s=[n];function o(k,r){return i(),t("div",null,s)}const p=a(l,[["render",o],["__file","locate.html.vue"]]),m=JSON.parse('{"path":"/fi/locate.html","title":"Ongelmallisen laitteen paikallistaminen","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Olen kotona","slug":"olen-kotona","link":"#olen-kotona","children":[{"level":3,"title":"Oletko kotona WiFi-verkossasi?","slug":"oletko-kotona-wifi-verkossasi","link":"#oletko-kotona-wifi-verkossasi","children":[]},{"level":3,"title":"Käytätkö oman puhelimesi tai tabletin mobiiliverkkoa? (3G, 4G/LTE)","slug":"kaytatko-oman-puhelimesi-tai-tabletin-mobiiliverkkoa-3g-4g-lte","link":"#kaytatko-oman-puhelimesi-tai-tabletin-mobiiliverkkoa-3g-4g-lte","children":[]}]},{"level":2,"title":"Olen muualla kuin kotonani","slug":"olen-muualla-kuin-kotonani","link":"#olen-muualla-kuin-kotonani","children":[{"level":3,"title":"Omalla työpaikalla","slug":"omalla-tyopaikalla","link":"#omalla-tyopaikalla","children":[]},{"level":3,"title":"Vieraana jonkun toisen työpaikalla","slug":"vieraana-jonkun-toisen-tyopaikalla","link":"#vieraana-jonkun-toisen-tyopaikalla","children":[]},{"level":3,"title":"Koulussa, hotellissa, kahvilassa","slug":"koulussa-hotellissa-kahvilassa","link":"#koulussa-hotellissa-kahvilassa","children":[]}]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/locate.md"}');export{p as comp,m as data}; diff --git a/assets/locate.html-DR_pglPl.js b/assets/locate.html-FpRRIpQO.js similarity index 98% rename from assets/locate.html-DR_pglPl.js rename to assets/locate.html-FpRRIpQO.js index 4ef3ac6b..4c003ca9 100644 --- a/assets/locate.html-DR_pglPl.js +++ b/assets/locate.html-FpRRIpQO.js @@ -1 +1 @@ -import{_ as e,c as o,o as t,e as a}from"./app-CxPUdK5a.js";const r={},n=a('

How to locate a vulnerable device

Great to see you want to fix things!

A little detective work is required. Due to the way that the Internet works, we are not able to tell you exactly which device in your network may be vulnerable simply based on your IP address. However, we can help you find the vulnerable device. If you are visiting someone else's network, we can help you report your finding to someone else.

Where is the IP address with the reported vulnerability?

  • At my home
  • Somewhere else than my home

At my home

Are you using your home network or Wi-Fi?

If the vulnerability was reported from your home network, the most likely candidate for the vulnerable device is your home router. Usually all other devices connected to the Internet hide behind your home router's IP address.

First find out the brand and exact model number your home router. Usually you can see these from a sticker at the bottom of your device.

Next, search for the user manual of your device from the Internet (or from your home if you have saved it). The user manual explains how to maintain your device, how to configure it and what username and password to use. The username and password can also be printed in a sticker at the bottom of your device.

Congratulations, you've now managed to locate your device and can configure it. Next read our instructions on the specific vulnerability which was reported from your IP address and try to fix the problem!

Are you using a mobile device or a home router with a 4G connection?

Mobile networks can be more challenging in these kinds of cases, since IP addresses can move from one user to another quite quickly. At some mobile operators' networks thousands of individual users can reside behind a single IP address.

You can see under your user account details when you have registered your IP address into our service. Compare the time when you registered the IP address to when the vulnerability observation was made. If the observation has been made later than when you registered your IP, it's more likely that the device in question is yours. If the observation has been reported before, or if your current IP address is no longer the same, it's more likely that the vulnerability exists in some other user's device.

Did you manage to locate the device? Next read our instructions on the specific vulnerability which was reported from your IP address and try to fix the problem!

Somewhere else than my home

If you received a vulnerability notification for an IP address in someone else's network, such as your workplace or a guest network at a company, hotel, or cafe, you may not be able to fix the problem yourself. You can help fix the problem by reporting it to the owner or maintainer of the network.

First things first, collect some evidence.

The easiest way to do this is to take a screenshot of the vulnerability notification shown to you by our service. You can also even take a picture of the results with your mobile phone camera - points for style are not the key here, having the evidence is.

Next, find someone who you can report the finding to:

At your own workplace

If the vulnerability report came for an IP address at your own workplace, contact your IT support. Convey the report from our service to your support personnel and as if they know what device might be affected simply based on the IP address information. Ask also if they can fix the problem.

Visiting someone else's workplace

Are you visiting another company and using a guest network? Show the vulnerability notification to your host. They should be able to contact their IT support team, who can fix the problem based on the data you provide.

At school, at a hotel, cafe, etc.

Show the vulnerability notification to the staff. They should know (or at least they can find out) who is in charge of IT support and can fix the issue.

',28),i=[n];function s(h,l){return t(),o("div",null,i)}const u=e(r,[["render",s],["__file","locate.html.vue"]]),d=JSON.parse(`{"path":"/locate.html","title":"How to locate a vulnerable device","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"At my home","slug":"at-my-home","link":"#at-my-home","children":[{"level":3,"title":"Are you using your home network or Wi-Fi?","slug":"are-you-using-your-home-network-or-wi-fi","link":"#are-you-using-your-home-network-or-wi-fi","children":[]},{"level":3,"title":"Are you using a mobile device or a home router with a 4G connection?","slug":"are-you-using-a-mobile-device-or-a-home-router-with-a-4g-connection","link":"#are-you-using-a-mobile-device-or-a-home-router-with-a-4g-connection","children":[]}]},{"level":2,"title":"Somewhere else than my home","slug":"somewhere-else-than-my-home","link":"#somewhere-else-than-my-home","children":[{"level":3,"title":"At your own workplace","slug":"at-your-own-workplace","link":"#at-your-own-workplace","children":[]},{"level":3,"title":"Visiting someone else's workplace","slug":"visiting-someone-else-s-workplace","link":"#visiting-someone-else-s-workplace","children":[]},{"level":3,"title":"At school, at a hotel, cafe, etc.","slug":"at-school-at-a-hotel-cafe-etc","link":"#at-school-at-a-hotel-cafe-etc","children":[]}]}],"git":{"updatedTime":1723117730000},"filePathRelative":"locate.md"}`);export{u as comp,d as data}; +import{_ as e,c as o,o as t,e as a}from"./app-DhWbOGxr.js";const r={},n=a('

How to locate a vulnerable device

Great to see you want to fix things!

A little detective work is required. Due to the way that the Internet works, we are not able to tell you exactly which device in your network may be vulnerable simply based on your IP address. However, we can help you find the vulnerable device. If you are visiting someone else's network, we can help you report your finding to someone else.

Where is the IP address with the reported vulnerability?

  • At my home
  • Somewhere else than my home

At my home

Are you using your home network or Wi-Fi?

If the vulnerability was reported from your home network, the most likely candidate for the vulnerable device is your home router. Usually all other devices connected to the Internet hide behind your home router's IP address.

First find out the brand and exact model number your home router. Usually you can see these from a sticker at the bottom of your device.

Next, search for the user manual of your device from the Internet (or from your home if you have saved it). The user manual explains how to maintain your device, how to configure it and what username and password to use. The username and password can also be printed in a sticker at the bottom of your device.

Congratulations, you've now managed to locate your device and can configure it. Next read our instructions on the specific vulnerability which was reported from your IP address and try to fix the problem!

Are you using a mobile device or a home router with a 4G connection?

Mobile networks can be more challenging in these kinds of cases, since IP addresses can move from one user to another quite quickly. At some mobile operators' networks thousands of individual users can reside behind a single IP address.

You can see under your user account details when you have registered your IP address into our service. Compare the time when you registered the IP address to when the vulnerability observation was made. If the observation has been made later than when you registered your IP, it's more likely that the device in question is yours. If the observation has been reported before, or if your current IP address is no longer the same, it's more likely that the vulnerability exists in some other user's device.

Did you manage to locate the device? Next read our instructions on the specific vulnerability which was reported from your IP address and try to fix the problem!

Somewhere else than my home

If you received a vulnerability notification for an IP address in someone else's network, such as your workplace or a guest network at a company, hotel, or cafe, you may not be able to fix the problem yourself. You can help fix the problem by reporting it to the owner or maintainer of the network.

First things first, collect some evidence.

The easiest way to do this is to take a screenshot of the vulnerability notification shown to you by our service. You can also even take a picture of the results with your mobile phone camera - points for style are not the key here, having the evidence is.

Next, find someone who you can report the finding to:

At your own workplace

If the vulnerability report came for an IP address at your own workplace, contact your IT support. Convey the report from our service to your support personnel and as if they know what device might be affected simply based on the IP address information. Ask also if they can fix the problem.

Visiting someone else's workplace

Are you visiting another company and using a guest network? Show the vulnerability notification to your host. They should be able to contact their IT support team, who can fix the problem based on the data you provide.

At school, at a hotel, cafe, etc.

Show the vulnerability notification to the staff. They should know (or at least they can find out) who is in charge of IT support and can fix the issue.

',28),i=[n];function s(h,l){return t(),o("div",null,i)}const u=e(r,[["render",s],["__file","locate.html.vue"]]),d=JSON.parse(`{"path":"/locate.html","title":"How to locate a vulnerable device","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"At my home","slug":"at-my-home","link":"#at-my-home","children":[{"level":3,"title":"Are you using your home network or Wi-Fi?","slug":"are-you-using-your-home-network-or-wi-fi","link":"#are-you-using-your-home-network-or-wi-fi","children":[]},{"level":3,"title":"Are you using a mobile device or a home router with a 4G connection?","slug":"are-you-using-a-mobile-device-or-a-home-router-with-a-4g-connection","link":"#are-you-using-a-mobile-device-or-a-home-router-with-a-4g-connection","children":[]}]},{"level":2,"title":"Somewhere else than my home","slug":"somewhere-else-than-my-home","link":"#somewhere-else-than-my-home","children":[{"level":3,"title":"At your own workplace","slug":"at-your-own-workplace","link":"#at-your-own-workplace","children":[]},{"level":3,"title":"Visiting someone else's workplace","slug":"visiting-someone-else-s-workplace","link":"#visiting-someone-else-s-workplace","children":[]},{"level":3,"title":"At school, at a hotel, cafe, etc.","slug":"at-school-at-a-hotel-cafe-etc","link":"#at-school-at-a-hotel-cafe-etc","children":[]}]}],"git":{"updatedTime":1723118227000},"filePathRelative":"locate.md"}`);export{u as comp,d as data}; diff --git a/assets/malware-citeary.html-DIwgV1uK.js b/assets/malware-citeary.html-BxtxlIcc.js similarity index 96% rename from assets/malware-citeary.html-DIwgV1uK.js rename to assets/malware-citeary.html-BxtxlIcc.js index 48c15dd4..c731750a 100644 --- a/assets/malware-citeary.html-DIwgV1uK.js +++ b/assets/malware-citeary.html-BxtxlIcc.js @@ -1 +1 @@ -import{_ as o,c as r,a as t,d as e,b as i,w as s,e as n,r as c,o as l}from"./app-CxPUdK5a.js";const h={},m=n('

Malware: Citeary

Problem description

A Windows computer in your network is likely infected with the Citeary malware. Citeary is a very common type of malware that affects only Windows systems. It belongs to a category of malware called worms, which usually copy themselves automatically onto your computer from a removable drive or USB stick, from network drives, through email attachments, filesharing services or links received through instant messaging chat applications. The infection most often happens through a Windows feature called "autorun", in which a program is automatically executed when you plug in a USB memory stick or a removable drive. The worm infects your machine through this automatic execution mechanism. Another very common way to infect your machine is if you click a link in an email or chat message you receive from someone whose computer has also been infected by this malware.

After your computer has been infected, this family of malware can be used to perform many kinds of bad actions, such as using your computer to make denial-of-service attacks against other victims in the Internet, to steal your sensitive personal or financial data, or perform computing tasks such as mining cryptocurrency or cracking passwords. The malware is also trying to spread to other computers in your network and elsewhere in the Internet. It may try to send emails or chat messages to your friends or other people in your address book, and get those people to click the link that causes an infection.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

',6),d=t("p",null,[e("You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to detect this malware and fix your computer: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Citeary.E",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Citeary.E"),e(". You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.")],-1);function u(p,f){const a=c("RouteLink");return l(),r("div",null,[m,t("p",null,[e("First of all you need to identify the computer in your network which is likely infected by this type of malware. "),i(a,{to:"/locate.html"},{default:s(()=>[e("Please read our instructions on locating vulnerable devices.")]),_:1})]),d])}const w=o(h,[["render",u],["__file","malware-citeary.html.vue"]]),g=JSON.parse('{"path":"/types/malware-citeary.html","title":"Problem description","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Malware: Citeary","slug":"malware-citeary","link":"#malware-citeary","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/malware-citeary.md"}');export{w as comp,g as data}; +import{_ as o,c as r,a as t,d as e,b as i,w as s,e as n,r as c,o as l}from"./app-DhWbOGxr.js";const h={},m=n('

Malware: Citeary

Problem description

A Windows computer in your network is likely infected with the Citeary malware. Citeary is a very common type of malware that affects only Windows systems. It belongs to a category of malware called worms, which usually copy themselves automatically onto your computer from a removable drive or USB stick, from network drives, through email attachments, filesharing services or links received through instant messaging chat applications. The infection most often happens through a Windows feature called "autorun", in which a program is automatically executed when you plug in a USB memory stick or a removable drive. The worm infects your machine through this automatic execution mechanism. Another very common way to infect your machine is if you click a link in an email or chat message you receive from someone whose computer has also been infected by this malware.

After your computer has been infected, this family of malware can be used to perform many kinds of bad actions, such as using your computer to make denial-of-service attacks against other victims in the Internet, to steal your sensitive personal or financial data, or perform computing tasks such as mining cryptocurrency or cracking passwords. The malware is also trying to spread to other computers in your network and elsewhere in the Internet. It may try to send emails or chat messages to your friends or other people in your address book, and get those people to click the link that causes an infection.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

',6),d=t("p",null,[e("You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to detect this malware and fix your computer: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Citeary.E",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Citeary.E"),e(". You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.")],-1);function u(p,f){const a=c("RouteLink");return l(),r("div",null,[m,t("p",null,[e("First of all you need to identify the computer in your network which is likely infected by this type of malware. "),i(a,{to:"/locate.html"},{default:s(()=>[e("Please read our instructions on locating vulnerable devices.")]),_:1})]),d])}const w=o(h,[["render",u],["__file","malware-citeary.html.vue"]]),g=JSON.parse('{"path":"/types/malware-citeary.html","title":"Problem description","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Malware: Citeary","slug":"malware-citeary","link":"#malware-citeary","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/malware-citeary.md"}');export{w as comp,g as data}; diff --git a/assets/malware-citeary.html-BRCAvzSl.js b/assets/malware-citeary.html-Cs5r7x63.js similarity index 96% rename from assets/malware-citeary.html-BRCAvzSl.js rename to assets/malware-citeary.html-Cs5r7x63.js index f7fd08c1..83e65055 100644 --- a/assets/malware-citeary.html-BRCAvzSl.js +++ b/assets/malware-citeary.html-Cs5r7x63.js @@ -1 +1 @@ -import{_ as i,c as n,a as t,d as a,b as s,w as o,e as l,r,o as u}from"./app-CxPUdK5a.js";const k={},m=l('

Haittaohjelma: Citeary

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Citeary-haittaohjelma. Citeary on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se kuuluu haittaohjelmien kategoriaan nimeltä madot (worm), jotka pyrkivät kopioimaan itsensä koneellesi kun liität siihen siirrettävän kovalevyn tai USB-muistitikun, käytät verkkolevyä tai tiedostonjakopalveluita, tai klikkaat sähköpostissa tai chat-ohjelmassa saamaasi linkkiä. Yleisin tapa tartunnoille on Windowsin sisäänrakennettu "autorun"-toiminnallisuus, missä suoritetaan automaattisesti ohjelma kun kytket koneeseesi ulkoisen kovalevyn tai muistitikun. Mato-ohjelma pääsee tarttumaan koneellesi tämän automaattisen ohjelman suorituksen yhteydessä. Toinen hyvin tyypillinen tartuntatapa on linkkien klikkaaminen sähköposteista tai pikaviesteistä, jotka yleensä tulevat sinulle jonkun toisen saastuneen koneen omistajalta.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma voi tehdä monenlaista pahaa, esimerkiksi käyttää konettasi hyväksi Internetin palvelunestohyökkäyksissä, varastaa henkilökohtaisia tietojasi, tai käyttää koneesi laskentatehoa kryptovaluuttojen luomiseen tai salasanojen murtamiseen. Haittaohjelma pyrkii yleensä myös tartuttamaan muita koneita verkossasi tai Internetissä. Se voi yrittää lähettää sähköposteja tai chat-viestejä automaattisesti osoitekirjastasi löytyville ystäville ja tuttaville, pyrkimyksenään saada nämä henkilöt puolestaan klikkaamaan viesteissä olevaa linkkiä.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

',6),h=t("p",null,[a("Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen saa poistettua Windows Defenderin avulla: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Citeary.E",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Citeary.E"),a(". Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.")],-1);function p(y,d){const e=r("RouteLink");return u(),n("div",null,[m,t("p",null,[a("Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. "),s(e,{to:"/fi/locate.html"},{default:o(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),h])}const j=i(k,[["render",p],["__file","malware-citeary.html.vue"]]),v=JSON.parse('{"path":"/fi/types/malware-citeary.html","title":"Ongelman kuvaus","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Haittaohjelma: Citeary","slug":"haittaohjelma-citeary","link":"#haittaohjelma-citeary","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/malware-citeary.md"}');export{j as comp,v as data}; +import{_ as i,c as n,a as t,d as a,b as s,w as o,e as l,r,o as u}from"./app-DhWbOGxr.js";const k={},m=l('

Haittaohjelma: Citeary

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Citeary-haittaohjelma. Citeary on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se kuuluu haittaohjelmien kategoriaan nimeltä madot (worm), jotka pyrkivät kopioimaan itsensä koneellesi kun liität siihen siirrettävän kovalevyn tai USB-muistitikun, käytät verkkolevyä tai tiedostonjakopalveluita, tai klikkaat sähköpostissa tai chat-ohjelmassa saamaasi linkkiä. Yleisin tapa tartunnoille on Windowsin sisäänrakennettu "autorun"-toiminnallisuus, missä suoritetaan automaattisesti ohjelma kun kytket koneeseesi ulkoisen kovalevyn tai muistitikun. Mato-ohjelma pääsee tarttumaan koneellesi tämän automaattisen ohjelman suorituksen yhteydessä. Toinen hyvin tyypillinen tartuntatapa on linkkien klikkaaminen sähköposteista tai pikaviesteistä, jotka yleensä tulevat sinulle jonkun toisen saastuneen koneen omistajalta.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma voi tehdä monenlaista pahaa, esimerkiksi käyttää konettasi hyväksi Internetin palvelunestohyökkäyksissä, varastaa henkilökohtaisia tietojasi, tai käyttää koneesi laskentatehoa kryptovaluuttojen luomiseen tai salasanojen murtamiseen. Haittaohjelma pyrkii yleensä myös tartuttamaan muita koneita verkossasi tai Internetissä. Se voi yrittää lähettää sähköposteja tai chat-viestejä automaattisesti osoitekirjastasi löytyville ystäville ja tuttaville, pyrkimyksenään saada nämä henkilöt puolestaan klikkaamaan viesteissä olevaa linkkiä.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

',6),h=t("p",null,[a("Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen saa poistettua Windows Defenderin avulla: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Citeary.E",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Citeary.E"),a(". Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.")],-1);function p(y,d){const e=r("RouteLink");return u(),n("div",null,[m,t("p",null,[a("Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. "),s(e,{to:"/fi/locate.html"},{default:o(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),h])}const j=i(k,[["render",p],["__file","malware-citeary.html.vue"]]),v=JSON.parse('{"path":"/fi/types/malware-citeary.html","title":"Ongelman kuvaus","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Haittaohjelma: Citeary","slug":"haittaohjelma-citeary","link":"#haittaohjelma-citeary","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/malware-citeary.md"}');export{j as comp,v as data}; diff --git a/assets/malware-ircbot.html-DctXYzKN.js b/assets/malware-ircbot.html-BTV0OL6y.js similarity index 95% rename from assets/malware-ircbot.html-DctXYzKN.js rename to assets/malware-ircbot.html-BTV0OL6y.js index 22e7eb3b..40001dd3 100644 --- a/assets/malware-ircbot.html-DctXYzKN.js +++ b/assets/malware-ircbot.html-BTV0OL6y.js @@ -1 +1 @@ -import{_ as i,c as n,a as t,d as a,b as s,w as o,e as l,r,o as h}from"./app-CxPUdK5a.js";const u={},m=l('

Haittaohjelma: IRCBot

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut IRCBot-haittaohjelma. IRCBot on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se kuuluu haittaohjelmien kategoriaan nimeltä troijalaiset (tai Troijan hevoset), jotka pääsevät tarttumaan koneellesi kun avaat sähköpostissa tai chat-viestissä olevan linkin tai liitetiedoston.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma antaa hyökkääjälle mahdollisuuden ottaa yhteyttä koneellesi, salakatsella mitä kirjoitat, varastaa henkilökohtaisia tietojasi tai pankkitietojasi, tuhota tiedostoja tai käyttää konettasi muihin ikäviin tarkoituksiin.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

',6),k=t("p",null,[a("Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen saa löydettyä ja poistettua: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Win32%2FIRCBot",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Win32%2FIRCBot"),a(". Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.")],-1);function c(d,p){const e=r("RouteLink");return h(),n("div",null,[m,t("p",null,[a("Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. "),s(e,{to:"/fi/locate.html"},{default:o(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),k])}const v=i(u,[["render",c],["__file","malware-ircbot.html.vue"]]),y=JSON.parse('{"path":"/fi/types/malware-ircbot.html","title":"Ongelman kuvaus","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Haittaohjelma: IRCBot","slug":"haittaohjelma-ircbot","link":"#haittaohjelma-ircbot","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/malware-ircbot.md"}');export{v as comp,y as data}; +import{_ as i,c as n,a as t,d as a,b as s,w as o,e as l,r,o as h}from"./app-DhWbOGxr.js";const u={},m=l('

Haittaohjelma: IRCBot

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut IRCBot-haittaohjelma. IRCBot on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se kuuluu haittaohjelmien kategoriaan nimeltä troijalaiset (tai Troijan hevoset), jotka pääsevät tarttumaan koneellesi kun avaat sähköpostissa tai chat-viestissä olevan linkin tai liitetiedoston.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma antaa hyökkääjälle mahdollisuuden ottaa yhteyttä koneellesi, salakatsella mitä kirjoitat, varastaa henkilökohtaisia tietojasi tai pankkitietojasi, tuhota tiedostoja tai käyttää konettasi muihin ikäviin tarkoituksiin.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

',6),k=t("p",null,[a("Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen saa löydettyä ja poistettua: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Win32%2FIRCBot",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Win32%2FIRCBot"),a(". Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.")],-1);function c(d,p){const e=r("RouteLink");return h(),n("div",null,[m,t("p",null,[a("Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. "),s(e,{to:"/fi/locate.html"},{default:o(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),k])}const v=i(u,[["render",c],["__file","malware-ircbot.html.vue"]]),y=JSON.parse('{"path":"/fi/types/malware-ircbot.html","title":"Ongelman kuvaus","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Haittaohjelma: IRCBot","slug":"haittaohjelma-ircbot","link":"#haittaohjelma-ircbot","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/malware-ircbot.md"}');export{v as comp,y as data}; diff --git a/assets/malware-ircbot.html-Q2PqS_mH.js b/assets/malware-ircbot.html-BTulPxok.js similarity index 95% rename from assets/malware-ircbot.html-Q2PqS_mH.js rename to assets/malware-ircbot.html-BTulPxok.js index 07e5578e..b18f8ef7 100644 --- a/assets/malware-ircbot.html-Q2PqS_mH.js +++ b/assets/malware-ircbot.html-BTulPxok.js @@ -1 +1 @@ -import{_ as o,c as r,a as t,d as e,b as n,w as i,e as s,r as c,o as l}from"./app-CxPUdK5a.js";const d={},h=s('

Malware: IRCBot

Problem description

A Windows computer in your network is likely infected with the IRCBot malware. IRCBot is a very common type of malware that affects only Windows systems. It belongs to a category of malware called trojans, which usually infect your machine when you open a link or an attachment in an email or in an instant messaging chat.

After your computer has been infected, this family of malware allows an attacker to remotely connect to your computer, eavesdrop on everything you type on your computer, steal your personal and financial data, delete your files, or use your computer for other malicious purposes.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

',6),m=t("p",null,[e("You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to detect this type or malware and fix your computer: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Win32%2FIRCBot",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Win32%2FIRCBot"),e(". You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.")],-1);function p(u,f){const a=c("RouteLink");return l(),r("div",null,[h,t("p",null,[e("First of all you need to identify the computer in your network which is likely infected by this type of malware. "),n(a,{to:"/locate.html"},{default:i(()=>[e("Please read our instructions on locating vulnerable devices.")]),_:1})]),m])}const y=o(d,[["render",p],["__file","malware-ircbot.html.vue"]]),b=JSON.parse('{"path":"/types/malware-ircbot.html","title":"Problem description","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Malware: IRCBot","slug":"malware-ircbot","link":"#malware-ircbot","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/malware-ircbot.md"}');export{y as comp,b as data}; +import{_ as o,c as r,a as t,d as e,b as n,w as i,e as s,r as c,o as l}from"./app-DhWbOGxr.js";const d={},h=s('

Malware: IRCBot

Problem description

A Windows computer in your network is likely infected with the IRCBot malware. IRCBot is a very common type of malware that affects only Windows systems. It belongs to a category of malware called trojans, which usually infect your machine when you open a link or an attachment in an email or in an instant messaging chat.

After your computer has been infected, this family of malware allows an attacker to remotely connect to your computer, eavesdrop on everything you type on your computer, steal your personal and financial data, delete your files, or use your computer for other malicious purposes.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

',6),m=t("p",null,[e("You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to detect this type or malware and fix your computer: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Win32%2FIRCBot",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Win32%2FIRCBot"),e(". You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.")],-1);function p(u,f){const a=c("RouteLink");return l(),r("div",null,[h,t("p",null,[e("First of all you need to identify the computer in your network which is likely infected by this type of malware. "),n(a,{to:"/locate.html"},{default:i(()=>[e("Please read our instructions on locating vulnerable devices.")]),_:1})]),m])}const y=o(d,[["render",p],["__file","malware-ircbot.html.vue"]]),b=JSON.parse('{"path":"/types/malware-ircbot.html","title":"Problem description","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Malware: IRCBot","slug":"malware-ircbot","link":"#malware-ircbot","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/malware-ircbot.md"}');export{y as comp,b as data}; diff --git a/assets/malware-jadtre.html-DzBe_BGP.js b/assets/malware-jadtre.html-B4Hl82W_.js similarity index 96% rename from assets/malware-jadtre.html-DzBe_BGP.js rename to assets/malware-jadtre.html-B4Hl82W_.js index 97457dbb..48cd6489 100644 --- a/assets/malware-jadtre.html-DzBe_BGP.js +++ b/assets/malware-jadtre.html-B4Hl82W_.js @@ -1 +1 @@ -import{_ as i,c as n,a as t,d as a,b as s,w as o,e as l,r,o as u}from"./app-CxPUdK5a.js";const k={},m=l('

Haittaohjelma: Jadtre

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Jadtre-haittaohjelma. Jadtre on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se pyrkii kopioimaan itsensä koneellesi kun liität koneeseesi siirrettävän kovalevyn tai USB-muistitikun, käytät verkkolevyä tai suoritat EXE-tyyppisen ohjelmatiedoston. Yleisin tapa tartunnoille on Windowsin sisäänrakennettu "autorun"-toiminnallisuus, missä suoritetaan automaattisesti ohjelma kun kytket koneeseesi ulkoisen kovalevyn tai muistitikun. Virus pääsee tarttumaan koneellesi tämän automaattisen ohjelman suorituksen yhteydessä. Toinen hyvin tyypillinen tartuntatapa on EXE-tiedoston suorittaminen, jos tiedostossa on haittakoodia mukana.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma voi tehdä monenlaista pahaa, esimerkiksi käyttää konettasi hyväksi Internetin palvelunestohyökkäyksissä, varastaa henkilökohtaisia tietojasi, tai käyttää koneesi laskentatehoa kryptovaluuttojen luomiseen tai salasanojen murtamiseen. Haittaohjelma pyrkii yleensä myös tartuttamaan muita koneita verkossasi tai Internetissä. Se pyrkii kopioimaan itsensä osaksi koneellasi olevia suoritettavia tiedostoja, kaikille siirrettäville kovalevyille tai muistitikuille mitä yhdistät koneeseesi, tai mihin tahansa verkkolevyille joihin koneeltasi pääsee ja joita ei ole suojattu riittävän vahvoilla salasanoilla.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

',6),h=t("p",null,[a("Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen voi löytää ja poistaa: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:Win32/Jadtre.A",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:Win32/Jadtre.A"),a(". Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.")],-1);function d(p,j){const e=r("RouteLink");return u(),n("div",null,[m,t("p",null,[a("Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. "),s(e,{to:"/fi/locate.html"},{default:o(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),h])}const c=i(k,[["render",d],["__file","malware-jadtre.html.vue"]]),y=JSON.parse('{"path":"/fi/types/malware-jadtre.html","title":"Ongelman kuvaus","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Haittaohjelma: Jadtre","slug":"haittaohjelma-jadtre","link":"#haittaohjelma-jadtre","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/malware-jadtre.md"}');export{c as comp,y as data}; +import{_ as i,c as n,a as t,d as a,b as s,w as o,e as l,r,o as u}from"./app-DhWbOGxr.js";const k={},m=l('

Haittaohjelma: Jadtre

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Jadtre-haittaohjelma. Jadtre on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se pyrkii kopioimaan itsensä koneellesi kun liität koneeseesi siirrettävän kovalevyn tai USB-muistitikun, käytät verkkolevyä tai suoritat EXE-tyyppisen ohjelmatiedoston. Yleisin tapa tartunnoille on Windowsin sisäänrakennettu "autorun"-toiminnallisuus, missä suoritetaan automaattisesti ohjelma kun kytket koneeseesi ulkoisen kovalevyn tai muistitikun. Virus pääsee tarttumaan koneellesi tämän automaattisen ohjelman suorituksen yhteydessä. Toinen hyvin tyypillinen tartuntatapa on EXE-tiedoston suorittaminen, jos tiedostossa on haittakoodia mukana.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma voi tehdä monenlaista pahaa, esimerkiksi käyttää konettasi hyväksi Internetin palvelunestohyökkäyksissä, varastaa henkilökohtaisia tietojasi, tai käyttää koneesi laskentatehoa kryptovaluuttojen luomiseen tai salasanojen murtamiseen. Haittaohjelma pyrkii yleensä myös tartuttamaan muita koneita verkossasi tai Internetissä. Se pyrkii kopioimaan itsensä osaksi koneellasi olevia suoritettavia tiedostoja, kaikille siirrettäville kovalevyille tai muistitikuille mitä yhdistät koneeseesi, tai mihin tahansa verkkolevyille joihin koneeltasi pääsee ja joita ei ole suojattu riittävän vahvoilla salasanoilla.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

',6),h=t("p",null,[a("Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen voi löytää ja poistaa: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:Win32/Jadtre.A",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:Win32/Jadtre.A"),a(". Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.")],-1);function d(p,j){const e=r("RouteLink");return u(),n("div",null,[m,t("p",null,[a("Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. "),s(e,{to:"/fi/locate.html"},{default:o(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),h])}const c=i(k,[["render",d],["__file","malware-jadtre.html.vue"]]),y=JSON.parse('{"path":"/fi/types/malware-jadtre.html","title":"Ongelman kuvaus","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Haittaohjelma: Jadtre","slug":"haittaohjelma-jadtre","link":"#haittaohjelma-jadtre","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/malware-jadtre.md"}');export{c as comp,y as data}; diff --git a/assets/malware-jadtre.html-Ntw8n8Mq.js b/assets/malware-jadtre.html-d1ucKSZW.js similarity index 96% rename from assets/malware-jadtre.html-Ntw8n8Mq.js rename to assets/malware-jadtre.html-d1ucKSZW.js index 35ffaf80..fda440ac 100644 --- a/assets/malware-jadtre.html-Ntw8n8Mq.js +++ b/assets/malware-jadtre.html-d1ucKSZW.js @@ -1 +1 @@ -import{_ as r,c as o,a as t,d as e,b as i,w as s,e as n,r as c,o as l}from"./app-CxPUdK5a.js";const d={},h=n('

Malware: Jadtre

Problem description

A Windows computer in your network is likely infected with the Jadtre malware. Jadtre is a very common type of virus that affects only Windows systems. It usually copies itself automatically onto your computer from a removable drive or USB stick, from network drives, or when you execute an EXE program file which is infected with this worm. The infection most often happens through a Windows feature called "autorun", in which a program is automatically executed when you plug in a USB memory stick or a removable drive. The virus infects your machine through this automatic execution mechanism.

After your computer has been infected, this family of malware can be used to perform many kinds of bad actions, such as using your computer to make denial-of-service attacks against other victims in the Internet, to steal your sensitive personal or financial data, or perform computing tasks such as mining cryptocurrency or cracking passwords. The malware is also trying to spread to other computers in your network and elsewhere in the Internet. It usually tries to copy itself to executable files on your computer, to any removable drives or USB sticks you attach to your computer, or to any shared network drives that are reachable from your machine and that are not protected with strong passwords.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

',6),u=t("p",null,[e("You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to find this malware and fix your computer: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:Win32/Jadtre.A",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:Win32/Jadtre.A"),e(". You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.")],-1);function m(p,f){const a=c("RouteLink");return l(),o("div",null,[h,t("p",null,[e("First of all you need to identify the computer in your network which is likely infected by this type of malware. "),i(a,{to:"/locate.html"},{default:s(()=>[e("Please read our instructions on locating vulnerable devices.")]),_:1})]),u])}const y=r(d,[["render",m],["__file","malware-jadtre.html.vue"]]),g=JSON.parse('{"path":"/types/malware-jadtre.html","title":"Problem description","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Malware: Jadtre","slug":"malware-jadtre","link":"#malware-jadtre","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/malware-jadtre.md"}');export{y as comp,g as data}; +import{_ as r,c as o,a as t,d as e,b as i,w as s,e as n,r as c,o as l}from"./app-DhWbOGxr.js";const d={},h=n('

Malware: Jadtre

Problem description

A Windows computer in your network is likely infected with the Jadtre malware. Jadtre is a very common type of virus that affects only Windows systems. It usually copies itself automatically onto your computer from a removable drive or USB stick, from network drives, or when you execute an EXE program file which is infected with this worm. The infection most often happens through a Windows feature called "autorun", in which a program is automatically executed when you plug in a USB memory stick or a removable drive. The virus infects your machine through this automatic execution mechanism.

After your computer has been infected, this family of malware can be used to perform many kinds of bad actions, such as using your computer to make denial-of-service attacks against other victims in the Internet, to steal your sensitive personal or financial data, or perform computing tasks such as mining cryptocurrency or cracking passwords. The malware is also trying to spread to other computers in your network and elsewhere in the Internet. It usually tries to copy itself to executable files on your computer, to any removable drives or USB sticks you attach to your computer, or to any shared network drives that are reachable from your machine and that are not protected with strong passwords.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

',6),u=t("p",null,[e("You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to find this malware and fix your computer: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:Win32/Jadtre.A",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:Win32/Jadtre.A"),e(". You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.")],-1);function m(p,f){const a=c("RouteLink");return l(),o("div",null,[h,t("p",null,[e("First of all you need to identify the computer in your network which is likely infected by this type of malware. "),i(a,{to:"/locate.html"},{default:s(()=>[e("Please read our instructions on locating vulnerable devices.")]),_:1})]),u])}const y=r(d,[["render",m],["__file","malware-jadtre.html.vue"]]),g=JSON.parse('{"path":"/types/malware-jadtre.html","title":"Problem description","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Malware: Jadtre","slug":"malware-jadtre","link":"#malware-jadtre","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/malware-jadtre.md"}');export{y as comp,g as data}; diff --git a/assets/malware-palevo.html-CouHPUTW.js b/assets/malware-palevo.html-BHD7L2m9.js similarity index 96% rename from assets/malware-palevo.html-CouHPUTW.js rename to assets/malware-palevo.html-BHD7L2m9.js index 0a22705e..a46b99a4 100644 --- a/assets/malware-palevo.html-CouHPUTW.js +++ b/assets/malware-palevo.html-BHD7L2m9.js @@ -1 +1 @@ -import{_ as i,c as n,a as t,d as a,b as s,w as o,e as l,r as u,o as k}from"./app-CxPUdK5a.js";const r={},m=l('

Haittaohjelma: Palevo

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Palevo-haittaohjelma. Palevo on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se kuuluu haittaohjelmien kategoriaan nimeltä madot (worm), jotka pyrkivät kopioimaan itsensä koneellesi kun liität siihen siirrettävän kovalevyn tai USB-muistitikun, käytät verkkolevyä tai tiedostonjakopalveluita, tai klikkaat sähköpostissa tai chat-ohjelmassa saamaasi linkkiä. Yleisin tapa tartunnoille on Windowsin sisäänrakennettu "autorun"-toiminnallisuus, missä suoritetaan automaattisesti ohjelma kun kytket koneeseesi ulkoisen kovalevyn tai muistitikun. Mato-ohjelma pääsee tarttumaan koneellesi tämän automaattisen ohjelman suorituksen yhteydessä. Toinen hyvin tyypillinen tartuntatapa on linkkien klikkaaminen sähköposteista tai pikaviesteistä, jotka yleensä tulevat sinulle jonkun toisen saastuneen koneen omistajalta.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma voi tehdä monenlaista pahaa, esimerkiksi käyttää konettasi hyväksi Internetin palvelunestohyökkäyksissä, varastaa henkilökohtaisia tietojasi, tai käyttää koneesi laskentatehoa kryptovaluuttojen luomiseen tai salasanojen murtamiseen. Haittaohjelma pyrkii yleensä myös tartuttamaan muita koneita verkossasi tai Internetissä. Se voi yrittää lähettää sähköposteja tai chat-viestejä automaattisesti osoitekirjastasi löytyville ystäville ja tuttaville, pyrkimyksenään saada nämä henkilöt puolestaan klikkaamaan viesteissä olevaa linkkiä.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

',6),h=t("p",null,[a("Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen saa poistettua Windows Defenderin avulla: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm%3AWin32%2FPalevo",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm%3AWin32%2FPalevo"),a(". Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.")],-1);function p(v,d){const e=u("RouteLink");return k(),n("div",null,[m,t("p",null,[a("Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. "),s(e,{to:"/fi/locate.html"},{default:o(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),h])}const c=i(r,[["render",p],["__file","malware-palevo.html.vue"]]),y=JSON.parse('{"path":"/fi/types/malware-palevo.html","title":"Ongelman kuvaus","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Haittaohjelma: Palevo","slug":"haittaohjelma-palevo","link":"#haittaohjelma-palevo","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/malware-palevo.md"}');export{c as comp,y as data}; +import{_ as i,c as n,a as t,d as a,b as s,w as o,e as l,r as u,o as k}from"./app-DhWbOGxr.js";const r={},m=l('

Haittaohjelma: Palevo

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Palevo-haittaohjelma. Palevo on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se kuuluu haittaohjelmien kategoriaan nimeltä madot (worm), jotka pyrkivät kopioimaan itsensä koneellesi kun liität siihen siirrettävän kovalevyn tai USB-muistitikun, käytät verkkolevyä tai tiedostonjakopalveluita, tai klikkaat sähköpostissa tai chat-ohjelmassa saamaasi linkkiä. Yleisin tapa tartunnoille on Windowsin sisäänrakennettu "autorun"-toiminnallisuus, missä suoritetaan automaattisesti ohjelma kun kytket koneeseesi ulkoisen kovalevyn tai muistitikun. Mato-ohjelma pääsee tarttumaan koneellesi tämän automaattisen ohjelman suorituksen yhteydessä. Toinen hyvin tyypillinen tartuntatapa on linkkien klikkaaminen sähköposteista tai pikaviesteistä, jotka yleensä tulevat sinulle jonkun toisen saastuneen koneen omistajalta.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma voi tehdä monenlaista pahaa, esimerkiksi käyttää konettasi hyväksi Internetin palvelunestohyökkäyksissä, varastaa henkilökohtaisia tietojasi, tai käyttää koneesi laskentatehoa kryptovaluuttojen luomiseen tai salasanojen murtamiseen. Haittaohjelma pyrkii yleensä myös tartuttamaan muita koneita verkossasi tai Internetissä. Se voi yrittää lähettää sähköposteja tai chat-viestejä automaattisesti osoitekirjastasi löytyville ystäville ja tuttaville, pyrkimyksenään saada nämä henkilöt puolestaan klikkaamaan viesteissä olevaa linkkiä.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

',6),h=t("p",null,[a("Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen saa poistettua Windows Defenderin avulla: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm%3AWin32%2FPalevo",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm%3AWin32%2FPalevo"),a(". Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.")],-1);function p(v,d){const e=u("RouteLink");return k(),n("div",null,[m,t("p",null,[a("Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. "),s(e,{to:"/fi/locate.html"},{default:o(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),h])}const c=i(r,[["render",p],["__file","malware-palevo.html.vue"]]),y=JSON.parse('{"path":"/fi/types/malware-palevo.html","title":"Ongelman kuvaus","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Haittaohjelma: Palevo","slug":"haittaohjelma-palevo","link":"#haittaohjelma-palevo","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/malware-palevo.md"}');export{c as comp,y as data}; diff --git a/assets/malware-palevo.html-CtD3MC2a.js b/assets/malware-palevo.html-Boo1fU5v.js similarity index 96% rename from assets/malware-palevo.html-CtD3MC2a.js rename to assets/malware-palevo.html-Boo1fU5v.js index 683e8b6d..6ae77d0d 100644 --- a/assets/malware-palevo.html-CtD3MC2a.js +++ b/assets/malware-palevo.html-Boo1fU5v.js @@ -1 +1 @@ -import{_ as o,c as r,a,d as e,b as s,w as i,e as n,r as l,o as c}from"./app-CxPUdK5a.js";const h={},m=n('

Malware: Palevo

Problem description

A Windows computer in your network is likely infected with the Palevo malware. Palevo is a very common type of malware that affects only Windows systems. It belongs to a category of malware called worms, which usually copy themselves automatically onto your computer from a removable drive or USB stick, from network drives, through email attachments, filesharing services or links received through instant messaging chat applications. The infection most often happens through a Windows feature called "autorun", in which a program is automatically executed when you plug in a USB memory stick or a removable drive. The worm infects your machine through this automatic execution mechanism. Another very common way to infect your machine is if you click a link in an email or chat message you receive from someone whose computer has also been infected by this malware.

After your computer has been infected, this family of malware can be used to perform many kinds of bad actions, such as using your computer to make denial-of-service attacks against other victims in the Internet, to steal your sensitive personal or financial data, or perform computing tasks such as mining cryptocurrency or cracking passwords. The malware is also trying to spread to other computers in your network and elsewhere in the Internet. It may try to send emails or chat messages to your friends or other people in your address book, and get those people to click the link that causes an infection.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

',6),d=a("p",null,[e("You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to use Windows Defender to fix your computer: "),a("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm%3AWin32%2FPalevo",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm%3AWin32%2FPalevo"),e(". You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.")],-1);function u(p,f){const t=l("RouteLink");return c(),r("div",null,[m,a("p",null,[e("First of all you need to identify the computer in your network which is likely infected by this type of malware. "),s(t,{to:"/locate.html"},{default:i(()=>[e("Please read our instructions on locating vulnerable devices.")]),_:1})]),d])}const y=o(h,[["render",u],["__file","malware-palevo.html.vue"]]),v=JSON.parse('{"path":"/types/malware-palevo.html","title":"Problem description","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Malware: Palevo","slug":"malware-palevo","link":"#malware-palevo","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/malware-palevo.md"}');export{y as comp,v as data}; +import{_ as o,c as r,a,d as e,b as s,w as i,e as n,r as l,o as c}from"./app-DhWbOGxr.js";const h={},m=n('

Malware: Palevo

Problem description

A Windows computer in your network is likely infected with the Palevo malware. Palevo is a very common type of malware that affects only Windows systems. It belongs to a category of malware called worms, which usually copy themselves automatically onto your computer from a removable drive or USB stick, from network drives, through email attachments, filesharing services or links received through instant messaging chat applications. The infection most often happens through a Windows feature called "autorun", in which a program is automatically executed when you plug in a USB memory stick or a removable drive. The worm infects your machine through this automatic execution mechanism. Another very common way to infect your machine is if you click a link in an email or chat message you receive from someone whose computer has also been infected by this malware.

After your computer has been infected, this family of malware can be used to perform many kinds of bad actions, such as using your computer to make denial-of-service attacks against other victims in the Internet, to steal your sensitive personal or financial data, or perform computing tasks such as mining cryptocurrency or cracking passwords. The malware is also trying to spread to other computers in your network and elsewhere in the Internet. It may try to send emails or chat messages to your friends or other people in your address book, and get those people to click the link that causes an infection.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

',6),d=a("p",null,[e("You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to use Windows Defender to fix your computer: "),a("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm%3AWin32%2FPalevo",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm%3AWin32%2FPalevo"),e(". You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.")],-1);function u(p,f){const t=l("RouteLink");return c(),r("div",null,[m,a("p",null,[e("First of all you need to identify the computer in your network which is likely infected by this type of malware. "),s(t,{to:"/locate.html"},{default:i(()=>[e("Please read our instructions on locating vulnerable devices.")]),_:1})]),d])}const y=o(h,[["render",u],["__file","malware-palevo.html.vue"]]),v=JSON.parse('{"path":"/types/malware-palevo.html","title":"Problem description","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Malware: Palevo","slug":"malware-palevo","link":"#malware-palevo","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/malware-palevo.md"}');export{y as comp,v as data}; diff --git a/assets/malware-pushdo.html-CGHF6eXb.js b/assets/malware-pushdo.html-BXDXWC9K.js similarity index 96% rename from assets/malware-pushdo.html-CGHF6eXb.js rename to assets/malware-pushdo.html-BXDXWC9K.js index b55a94c7..90cfc879 100644 --- a/assets/malware-pushdo.html-CGHF6eXb.js +++ b/assets/malware-pushdo.html-BXDXWC9K.js @@ -1 +1 @@ -import{_ as i,c as s,a as t,d as a,b as n,w as o,e as l,r as u,o as h}from"./app-CxPUdK5a.js";const r={},m=l('

Haittaohjelma: Pushdo

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Pushdo-haittaohjelma (tunnetaan myös nimellä Pandex). Pushdo on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se kuuluu haittaohjelmien kategoriaan nimeltä troijalaiset (tai Troijan hevoset), jotka pääsevät tarttumaan koneellesi kun avaat sähköpostissa tai chat-viestissä olevan linkin tai liitetiedoston.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma antaa hyökkääjälle mahdollisuuden ottaa yhteyttä koneellesi, salakuunnella ja -katsella mitä teet ja kirjoitat, varastaa henkilökohtaisia tietojasi tai pankkitietojasi, tuhota tiedostoja tai käyttää konettasi muihin pahoihin tarkoituksiin.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

',6),d=t("p",null,[a("Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen saa löydettyä ja poistettua: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor%3AWin32%2FPushdo.A",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor%3AWin32%2FPushdo.A"),a(". Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.")],-1);function k(p,c){const e=u("RouteLink");return h(),s("div",null,[m,t("p",null,[a("Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. "),n(e,{to:"/fi/locate.html"},{default:o(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),d])}const v=i(r,[["render",k],["__file","malware-pushdo.html.vue"]]),y=JSON.parse('{"path":"/fi/types/malware-pushdo.html","title":"Ongelman kuvaus","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Haittaohjelma: Pushdo","slug":"haittaohjelma-pushdo","link":"#haittaohjelma-pushdo","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/malware-pushdo.md"}');export{v as comp,y as data}; +import{_ as i,c as s,a as t,d as a,b as n,w as o,e as l,r as u,o as h}from"./app-DhWbOGxr.js";const r={},m=l('

Haittaohjelma: Pushdo

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Pushdo-haittaohjelma (tunnetaan myös nimellä Pandex). Pushdo on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se kuuluu haittaohjelmien kategoriaan nimeltä troijalaiset (tai Troijan hevoset), jotka pääsevät tarttumaan koneellesi kun avaat sähköpostissa tai chat-viestissä olevan linkin tai liitetiedoston.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma antaa hyökkääjälle mahdollisuuden ottaa yhteyttä koneellesi, salakuunnella ja -katsella mitä teet ja kirjoitat, varastaa henkilökohtaisia tietojasi tai pankkitietojasi, tuhota tiedostoja tai käyttää konettasi muihin pahoihin tarkoituksiin.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

',6),d=t("p",null,[a("Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen saa löydettyä ja poistettua: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor%3AWin32%2FPushdo.A",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor%3AWin32%2FPushdo.A"),a(". Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.")],-1);function k(p,c){const e=u("RouteLink");return h(),s("div",null,[m,t("p",null,[a("Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. "),n(e,{to:"/fi/locate.html"},{default:o(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),d])}const v=i(r,[["render",k],["__file","malware-pushdo.html.vue"]]),y=JSON.parse('{"path":"/fi/types/malware-pushdo.html","title":"Ongelman kuvaus","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Haittaohjelma: Pushdo","slug":"haittaohjelma-pushdo","link":"#haittaohjelma-pushdo","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/malware-pushdo.md"}');export{v as comp,y as data}; diff --git a/assets/malware-pushdo.html-BZmnH6YF.js b/assets/malware-pushdo.html-DONDTm8-.js similarity index 95% rename from assets/malware-pushdo.html-BZmnH6YF.js rename to assets/malware-pushdo.html-DONDTm8-.js index 84982fc7..db8023fb 100644 --- a/assets/malware-pushdo.html-BZmnH6YF.js +++ b/assets/malware-pushdo.html-DONDTm8-.js @@ -1 +1 @@ -import{_ as o,c as s,a as t,d as e,b as r,w as n,e as i,r as l,o as c}from"./app-CxPUdK5a.js";const d={},h=i('

Malware: Pushdo

Problem description

A Windows computer in your network is likely infected with the Pushdo malware (also known with the name Pandex). Pushdo is a very common type of malware that affects only Windows systems. It belongs to a category of malware called trojans, which usually infect your machine when you open a link or an attachment in an email or in an instant messaging chat.

After your computer has been infected, this family of malware allows an attacker to remotely connect to your computer, eavesdrop on everything you see and type on your computer, steal your personal and financial data, delete your files, or use your computer for other malicious purposes.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

',6),u=t("p",null,[e("You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to detect this type or malware and fix your computer: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor%3AWin32%2FPushdo.A",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor%3AWin32%2FPushdo.A"),e(". You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.")],-1);function p(m,f){const a=l("RouteLink");return c(),s("div",null,[h,t("p",null,[e("First of all you need to identify the computer in your network which is likely infected by this type of malware. "),r(a,{to:"/locate.html"},{default:n(()=>[e("Please read our instructions on locating vulnerable devices.")]),_:1})]),u])}const y=o(d,[["render",p],["__file","malware-pushdo.html.vue"]]),g=JSON.parse('{"path":"/types/malware-pushdo.html","title":"Problem description","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Malware: Pushdo","slug":"malware-pushdo","link":"#malware-pushdo","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/malware-pushdo.md"}');export{y as comp,g as data}; +import{_ as o,c as s,a as t,d as e,b as r,w as n,e as i,r as l,o as c}from"./app-DhWbOGxr.js";const d={},h=i('

Malware: Pushdo

Problem description

A Windows computer in your network is likely infected with the Pushdo malware (also known with the name Pandex). Pushdo is a very common type of malware that affects only Windows systems. It belongs to a category of malware called trojans, which usually infect your machine when you open a link or an attachment in an email or in an instant messaging chat.

After your computer has been infected, this family of malware allows an attacker to remotely connect to your computer, eavesdrop on everything you see and type on your computer, steal your personal and financial data, delete your files, or use your computer for other malicious purposes.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

',6),u=t("p",null,[e("You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to detect this type or malware and fix your computer: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor%3AWin32%2FPushdo.A",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor%3AWin32%2FPushdo.A"),e(". You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.")],-1);function p(m,f){const a=l("RouteLink");return c(),s("div",null,[h,t("p",null,[e("First of all you need to identify the computer in your network which is likely infected by this type of malware. "),r(a,{to:"/locate.html"},{default:n(()=>[e("Please read our instructions on locating vulnerable devices.")]),_:1})]),u])}const y=o(d,[["render",p],["__file","malware-pushdo.html.vue"]]),g=JSON.parse('{"path":"/types/malware-pushdo.html","title":"Problem description","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Malware: Pushdo","slug":"malware-pushdo","link":"#malware-pushdo","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/malware-pushdo.md"}');export{y as comp,g as data}; diff --git a/assets/malware-sality.html-BQ0yV-V2.js b/assets/malware-sality.html-CrxZ6rRl.js similarity index 95% rename from assets/malware-sality.html-BQ0yV-V2.js rename to assets/malware-sality.html-CrxZ6rRl.js index e663e62d..1db4d37c 100644 --- a/assets/malware-sality.html-BQ0yV-V2.js +++ b/assets/malware-sality.html-CrxZ6rRl.js @@ -1 +1 @@ -import{_ as s,c as i,a as t,d as e,b as o,w as n,e as r,r as l,o as c}from"./app-CxPUdK5a.js";const d={},h=r('

Malware: Sality

Problem description

A Windows computer in your network is likely infected with the Sality malware. Sality is a very common type of malicious code that affects only Windows systems. It usually infects your PC when you open a file with malicious contents. It can be used to perform many kinds of bad actions, such as using your computer to send and receive spam emails, stealing your sensitive personal or financial data, or performing computing tasks such as mining cryptocurrency or cracking passwords.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

',5),m=t("p",null,[e("You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to use Windows Defender to fix your computer: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Sality",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Sality"),e(". You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.")],-1);function p(u,f){const a=l("RouteLink");return c(),i("div",null,[h,t("p",null,[e("First of all you need to identify the computer in your network which is likely infected by this type of malware. "),o(a,{to:"/locate.html"},{default:n(()=>[e("Please read our instructions on locating vulnerable devices.")]),_:1})]),m])}const w=s(d,[["render",p],["__file","malware-sality.html.vue"]]),g=JSON.parse('{"path":"/types/malware-sality.html","title":"Problem description","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Malware: Sality","slug":"malware-sality","link":"#malware-sality","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/malware-sality.md"}');export{w as comp,g as data}; +import{_ as s,c as i,a as t,d as e,b as o,w as n,e as r,r as l,o as c}from"./app-DhWbOGxr.js";const d={},h=r('

Malware: Sality

Problem description

A Windows computer in your network is likely infected with the Sality malware. Sality is a very common type of malicious code that affects only Windows systems. It usually infects your PC when you open a file with malicious contents. It can be used to perform many kinds of bad actions, such as using your computer to send and receive spam emails, stealing your sensitive personal or financial data, or performing computing tasks such as mining cryptocurrency or cracking passwords.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

',5),m=t("p",null,[e("You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to use Windows Defender to fix your computer: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Sality",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Sality"),e(". You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.")],-1);function p(u,f){const a=l("RouteLink");return c(),i("div",null,[h,t("p",null,[e("First of all you need to identify the computer in your network which is likely infected by this type of malware. "),o(a,{to:"/locate.html"},{default:n(()=>[e("Please read our instructions on locating vulnerable devices.")]),_:1})]),m])}const w=s(d,[["render",p],["__file","malware-sality.html.vue"]]),g=JSON.parse('{"path":"/types/malware-sality.html","title":"Problem description","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Malware: Sality","slug":"malware-sality","link":"#malware-sality","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/malware-sality.md"}');export{w as comp,g as data}; diff --git a/assets/malware-sality.html-DGNzPdCQ.js b/assets/malware-sality.html-CzpdG8qs.js similarity index 95% rename from assets/malware-sality.html-DGNzPdCQ.js rename to assets/malware-sality.html-CzpdG8qs.js index 32aba768..c2f0163d 100644 --- a/assets/malware-sality.html-DGNzPdCQ.js +++ b/assets/malware-sality.html-CzpdG8qs.js @@ -1 +1 @@ -import{_ as i,c as n,a as t,d as a,b as s,w as o,e as l,r,o as u}from"./app-CxPUdK5a.js";const h={},m=l('

Haittaohjelma: Sality

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Sality-haittaohjelma. Sality on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se tarttuu yleensä PC-koneeseen kun käyttäjä avaa tiedoston jonka sisällä on viruskoodi. Tämän haittaohjelman avulla tehdään monenlaista pahaa, esimerkiksi käytetään konettasi roskapostin lähettämiseen ja vastaanottoon, varastetaan henkilökohtaisia tietojasi, tai käytetään koneesi laskentatehoa hyväksi kryptovaluuttojen luomiseen tai salasanojen murtamiseen.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

',5),k=t("p",null,[a("Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen saa poistettua Windows Defenderin avulla: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Sality",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Sality"),a(". Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.")],-1);function d(c,p){const e=r("RouteLink");return u(),n("div",null,[m,t("p",null,[a("Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. "),s(e,{to:"/fi/locate.html"},{default:o(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),k])}const y=i(h,[["render",d],["__file","malware-sality.html.vue"]]),v=JSON.parse('{"path":"/fi/types/malware-sality.html","title":"Ongelman kuvaus","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Haittaohjelma: Sality","slug":"haittaohjelma-sality","link":"#haittaohjelma-sality","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/malware-sality.md"}');export{y as comp,v as data}; +import{_ as i,c as n,a as t,d as a,b as s,w as o,e as l,r,o as u}from"./app-DhWbOGxr.js";const h={},m=l('

Haittaohjelma: Sality

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Sality-haittaohjelma. Sality on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se tarttuu yleensä PC-koneeseen kun käyttäjä avaa tiedoston jonka sisällä on viruskoodi. Tämän haittaohjelman avulla tehdään monenlaista pahaa, esimerkiksi käytetään konettasi roskapostin lähettämiseen ja vastaanottoon, varastetaan henkilökohtaisia tietojasi, tai käytetään koneesi laskentatehoa hyväksi kryptovaluuttojen luomiseen tai salasanojen murtamiseen.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

',5),k=t("p",null,[a("Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen saa poistettua Windows Defenderin avulla: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Sality",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Sality"),a(". Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.")],-1);function d(c,p){const e=r("RouteLink");return u(),n("div",null,[m,t("p",null,[a("Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. "),s(e,{to:"/fi/locate.html"},{default:o(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),k])}const y=i(h,[["render",d],["__file","malware-sality.html.vue"]]),v=JSON.parse('{"path":"/fi/types/malware-sality.html","title":"Ongelman kuvaus","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Haittaohjelma: Sality","slug":"haittaohjelma-sality","link":"#haittaohjelma-sality","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/malware-sality.md"}');export{y as comp,v as data}; diff --git a/assets/malware-wapomi.html-CDiIp60-.js b/assets/malware-wapomi.html-Byrdd7CJ.js similarity index 96% rename from assets/malware-wapomi.html-CDiIp60-.js rename to assets/malware-wapomi.html-Byrdd7CJ.js index 8cbfe13b..cd836c29 100644 --- a/assets/malware-wapomi.html-CDiIp60-.js +++ b/assets/malware-wapomi.html-Byrdd7CJ.js @@ -1 +1 @@ -import{_ as i,c as n,a as t,d as a,b as s,w as o,e as l,r as u,o as r}from"./app-CxPUdK5a.js";const m={},k=l('

Haittaohjelma: Wapomi

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Wapomi-haittaohjelma. Wapomi on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se kuuluu haittaohjelmien kategoriaan nimeltä madot (worm), jotka pyrkivät kopioimaan itsensä koneellesi kun liität siihen siirrettävän kovalevyn tai USB-muistitikun, käytät verkkolevyä tai suoritat EXE-tyyppisen ohjelmatiedoston. Yleisin tapa tartunnoille on Windowsin sisäänrakennettu "autorun"-toiminnallisuus, missä suoritetaan automaattisesti ohjelma kun kytket koneeseesi ulkoisen kovalevyn tai muistitikun. Mato-ohjelma pääsee tarttumaan koneellesi tämän automaattisen ohjelman suorituksen yhteydessä. Toinen hyvin tyypillinen tartuntatapa on EXE-tiedoston suorittaminen, jos tiedostossa on haittakoodia mukana.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma voi tehdä monenlaista pahaa, esimerkiksi käyttää konettasi hyväksi Internetin palvelunestohyökkäyksissä, varastaa henkilökohtaisia tietojasi, tai käyttää koneesi laskentatehoa kryptovaluuttojen luomiseen tai salasanojen murtamiseen. Haittaohjelma pyrkii yleensä myös tartuttamaan muita koneita verkossasi tai Internetissä. Se pyrkii kopioimaan itsensä osaksi kaikkia koneellasi olevia EXE-tiedostoja, kaikille siirrettäville kovalevyille tai muistitikuille mitä yhdistät koneeseesi, tai mihin tahansa verkkolevyille joihin koneeltasi pääsee ja joita ei ole suojattu riittävän vahvoilla salasanoilla.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

',6),h=t("p",null,[a("Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen voi löytää ja poistaa: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus%3aWin32%2fJadtre.I",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus%3AWin32%2FJadtre.I"),a(". Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.")],-1);function p(d,j){const e=u("RouteLink");return r(),n("div",null,[k,t("p",null,[a("Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. "),s(e,{to:"/fi/locate.html"},{default:o(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),h])}const c=i(m,[["render",p],["__file","malware-wapomi.html.vue"]]),y=JSON.parse('{"path":"/fi/types/malware-wapomi.html","title":"Ongelman kuvaus","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Haittaohjelma: Wapomi","slug":"haittaohjelma-wapomi","link":"#haittaohjelma-wapomi","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/malware-wapomi.md"}');export{c as comp,y as data}; +import{_ as i,c as n,a as t,d as a,b as s,w as o,e as l,r as u,o as r}from"./app-DhWbOGxr.js";const m={},k=l('

Haittaohjelma: Wapomi

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Wapomi-haittaohjelma. Wapomi on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se kuuluu haittaohjelmien kategoriaan nimeltä madot (worm), jotka pyrkivät kopioimaan itsensä koneellesi kun liität siihen siirrettävän kovalevyn tai USB-muistitikun, käytät verkkolevyä tai suoritat EXE-tyyppisen ohjelmatiedoston. Yleisin tapa tartunnoille on Windowsin sisäänrakennettu "autorun"-toiminnallisuus, missä suoritetaan automaattisesti ohjelma kun kytket koneeseesi ulkoisen kovalevyn tai muistitikun. Mato-ohjelma pääsee tarttumaan koneellesi tämän automaattisen ohjelman suorituksen yhteydessä. Toinen hyvin tyypillinen tartuntatapa on EXE-tiedoston suorittaminen, jos tiedostossa on haittakoodia mukana.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma voi tehdä monenlaista pahaa, esimerkiksi käyttää konettasi hyväksi Internetin palvelunestohyökkäyksissä, varastaa henkilökohtaisia tietojasi, tai käyttää koneesi laskentatehoa kryptovaluuttojen luomiseen tai salasanojen murtamiseen. Haittaohjelma pyrkii yleensä myös tartuttamaan muita koneita verkossasi tai Internetissä. Se pyrkii kopioimaan itsensä osaksi kaikkia koneellasi olevia EXE-tiedostoja, kaikille siirrettäville kovalevyille tai muistitikuille mitä yhdistät koneeseesi, tai mihin tahansa verkkolevyille joihin koneeltasi pääsee ja joita ei ole suojattu riittävän vahvoilla salasanoilla.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

',6),h=t("p",null,[a("Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen voi löytää ja poistaa: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus%3aWin32%2fJadtre.I",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus%3AWin32%2FJadtre.I"),a(". Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.")],-1);function p(d,j){const e=u("RouteLink");return r(),n("div",null,[k,t("p",null,[a("Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. "),s(e,{to:"/fi/locate.html"},{default:o(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),h])}const c=i(m,[["render",p],["__file","malware-wapomi.html.vue"]]),y=JSON.parse('{"path":"/fi/types/malware-wapomi.html","title":"Ongelman kuvaus","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Haittaohjelma: Wapomi","slug":"haittaohjelma-wapomi","link":"#haittaohjelma-wapomi","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/malware-wapomi.md"}');export{c as comp,y as data}; diff --git a/assets/malware-wapomi.html-BRTIabzZ.js b/assets/malware-wapomi.html-Df0oR1wU.js similarity index 96% rename from assets/malware-wapomi.html-BRTIabzZ.js rename to assets/malware-wapomi.html-Df0oR1wU.js index da47baa4..e1ed4814 100644 --- a/assets/malware-wapomi.html-BRTIabzZ.js +++ b/assets/malware-wapomi.html-Df0oR1wU.js @@ -1 +1 @@ -import{_ as o,c as r,a as t,d as e,b as i,w as s,e as n,r as c,o as l}from"./app-CxPUdK5a.js";const m={},h=n('

Malware: Wapomi

Problem description

A Windows computer in your network is likely infected with the Wapomi malware. Wapomi is a very common type of malware that affects only Windows systems. It belongs to a category of malware called worms, which usually copy themselves automatically onto your computer from a removable drive or USB stick, from network drives, or when you execute an EXE program file which is infected with this worm. The infection most often happens through a Windows feature called "autorun", in which a program is automatically executed when you plug in a USB memory stick or a removable drive. The worm infects your machine through this automatic execution mechanism.

After your computer has been infected, this family of malware can be used to perform many kinds of bad actions, such as using your computer to make denial-of-service attacks against other victims in the Internet, to steal your sensitive personal or financial data, or perform computing tasks such as mining cryptocurrency or cracking passwords. The malware is also trying to spread to other computers in your network and elsewhere in the Internet. It usually tries to copy itself to every EXE file on your computer, to any removable drives or USB sticks you attach to your computer, or to any shared network drives that are reachable from your machine and that are not protected with strong passwords.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

',6),d=t("p",null,[e("You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to find this malware and fix your computer: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus%3aWin32%2fJadtre.I",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus%3AWin32%2FJadtre.I"),e(". You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.")],-1);function u(p,w){const a=c("RouteLink");return l(),r("div",null,[h,t("p",null,[e("First of all you need to identify the computer in your network which is likely infected by this type of malware. "),i(a,{to:"/locate.html"},{default:s(()=>[e("Please read our instructions on locating vulnerable devices.")]),_:1})]),d])}const y=o(m,[["render",u],["__file","malware-wapomi.html.vue"]]),g=JSON.parse('{"path":"/types/malware-wapomi.html","title":"Problem description","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Malware: Wapomi","slug":"malware-wapomi","link":"#malware-wapomi","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/malware-wapomi.md"}');export{y as comp,g as data}; +import{_ as o,c as r,a as t,d as e,b as i,w as s,e as n,r as c,o as l}from"./app-DhWbOGxr.js";const m={},h=n('

Malware: Wapomi

Problem description

A Windows computer in your network is likely infected with the Wapomi malware. Wapomi is a very common type of malware that affects only Windows systems. It belongs to a category of malware called worms, which usually copy themselves automatically onto your computer from a removable drive or USB stick, from network drives, or when you execute an EXE program file which is infected with this worm. The infection most often happens through a Windows feature called "autorun", in which a program is automatically executed when you plug in a USB memory stick or a removable drive. The worm infects your machine through this automatic execution mechanism.

After your computer has been infected, this family of malware can be used to perform many kinds of bad actions, such as using your computer to make denial-of-service attacks against other victims in the Internet, to steal your sensitive personal or financial data, or perform computing tasks such as mining cryptocurrency or cracking passwords. The malware is also trying to spread to other computers in your network and elsewhere in the Internet. It usually tries to copy itself to every EXE file on your computer, to any removable drives or USB sticks you attach to your computer, or to any shared network drives that are reachable from your machine and that are not protected with strong passwords.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

',6),d=t("p",null,[e("You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to find this malware and fix your computer: "),t("a",{href:"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus%3aWin32%2fJadtre.I",target:"_blank",rel:"noopener noreferrer"},"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus%3AWin32%2FJadtre.I"),e(". You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.")],-1);function u(p,w){const a=c("RouteLink");return l(),r("div",null,[h,t("p",null,[e("First of all you need to identify the computer in your network which is likely infected by this type of malware. "),i(a,{to:"/locate.html"},{default:s(()=>[e("Please read our instructions on locating vulnerable devices.")]),_:1})]),d])}const y=o(m,[["render",u],["__file","malware-wapomi.html.vue"]]),g=JSON.parse('{"path":"/types/malware-wapomi.html","title":"Problem description","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Malware: Wapomi","slug":"malware-wapomi","link":"#malware-wapomi","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/malware-wapomi.md"}');export{y as comp,g as data}; diff --git a/assets/mdns.html-DiGwY1J-.js b/assets/mdns.html-D4_cfIYR.js similarity index 94% rename from assets/mdns.html-DiGwY1J-.js rename to assets/mdns.html-D4_cfIYR.js index 0624ff58..4ee3429a 100644 --- a/assets/mdns.html-DiGwY1J-.js +++ b/assets/mdns.html-D4_cfIYR.js @@ -1 +1 @@ -import{_ as r,c as a,a as e,d as t,b as n,w as s,r as i,o as l}from"./app-CxPUdK5a.js";const c={},d=e("h1",{id:"open-mdns-service",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#open-mdns-service"},[e("span",null,"Open mDNS service")])],-1),h=e("h2",{id:"problem-description",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#problem-description"},[e("span",null,"Problem description")])],-1),u=e("p",null,"Is your Internet working badly? Sometimes your service provider is not to blame. Bad guys can use your open mDNS service to launch a denial-of-service attack. As a result, your Internet connection can work really slowly or not at all, and the actual victim of the attack has things even worse.",-1),m=e("h2",{id:"suggestions-for-repair",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#suggestions-for-repair"},[e("span",null,"Suggestions for repair")])],-1),p=e("p",null,[t("When you have located the vulnerable device, we recommend disabling the mDNS service from it. Search for instructions from the Internet with the keywords "),e("code",null,"disable mdns"),t(" and your device brand and model, for instance: "),e("code",null,"disable mdns google wifi")],-1),f=e("p",null,"If the mDNS service is on intentionally and you want to keep it that way, at least block access to the mDNS service from the Internet at your firewall or home router.",-1);function v(_,g){const o=i("RouteLink");return l(),a("div",null,[d,h,u,e("p",null,[t("If you want to understand better how these kinds of so-called amplification attacks work, please see "),n(o,{to:"/categories.html#amplification-attacks"},{default:s(()=>[t("here")]),_:1}),t(".")]),m,e("p",null,[t("First of all you need to identify the device which has the vulnerable service open. "),n(o,{to:"/locate.html"},{default:s(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),p,f])}const y=r(c,[["render",v],["__file","mdns.html.vue"]]),k=JSON.parse('{"path":"/types/mdns.html","title":"Open mDNS service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/mdns.md"}');export{y as comp,k as data}; +import{_ as r,c as a,a as e,d as t,b as n,w as s,r as i,o as l}from"./app-DhWbOGxr.js";const c={},d=e("h1",{id:"open-mdns-service",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#open-mdns-service"},[e("span",null,"Open mDNS service")])],-1),h=e("h2",{id:"problem-description",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#problem-description"},[e("span",null,"Problem description")])],-1),u=e("p",null,"Is your Internet working badly? Sometimes your service provider is not to blame. Bad guys can use your open mDNS service to launch a denial-of-service attack. As a result, your Internet connection can work really slowly or not at all, and the actual victim of the attack has things even worse.",-1),m=e("h2",{id:"suggestions-for-repair",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#suggestions-for-repair"},[e("span",null,"Suggestions for repair")])],-1),p=e("p",null,[t("When you have located the vulnerable device, we recommend disabling the mDNS service from it. Search for instructions from the Internet with the keywords "),e("code",null,"disable mdns"),t(" and your device brand and model, for instance: "),e("code",null,"disable mdns google wifi")],-1),f=e("p",null,"If the mDNS service is on intentionally and you want to keep it that way, at least block access to the mDNS service from the Internet at your firewall or home router.",-1);function v(_,g){const o=i("RouteLink");return l(),a("div",null,[d,h,u,e("p",null,[t("If you want to understand better how these kinds of so-called amplification attacks work, please see "),n(o,{to:"/categories.html#amplification-attacks"},{default:s(()=>[t("here")]),_:1}),t(".")]),m,e("p",null,[t("First of all you need to identify the device which has the vulnerable service open. "),n(o,{to:"/locate.html"},{default:s(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),p,f])}const y=r(c,[["render",v],["__file","mdns.html.vue"]]),k=JSON.parse('{"path":"/types/mdns.html","title":"Open mDNS service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/mdns.md"}');export{y as comp,k as data}; diff --git a/assets/mdns.html-Dk8kBqvO.js b/assets/mdns.html-XmN1K66O.js similarity index 94% rename from assets/mdns.html-Dk8kBqvO.js rename to assets/mdns.html-XmN1K66O.js index 6e247fb1..3eb40124 100644 --- a/assets/mdns.html-Dk8kBqvO.js +++ b/assets/mdns.html-XmN1K66O.js @@ -1 +1 @@ -import{_ as l,c as n,a,d as e,b as i,w as s,r as o,o as u}from"./app-CxPUdK5a.js";const k={},m=a("h1",{id:"avoin-mdns-palvelu",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#avoin-mdns-palvelu"},[a("span",null,"Avoin mDNS-palvelu")])],-1),d=a("h2",{id:"ongelman-kuvaus",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#ongelman-kuvaus"},[a("span",null,"Ongelman kuvaus")])],-1),r=a("p",null,"Tökkiikö netti? Joskus vika ei olekaan palveluntarjoajassa. Pahikset saattavat käyttää tässä osoitteessa olevaa avointa mDNS-palvelua hyväkseen palvelunestohyökkäyksissä. Tällöin nettisi voi toimia todella hitaasti ja varsinainen hyökkäyksen kohde ei ollenkaan.",-1),h=a("h2",{id:"korjausehdotuksia",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#korjausehdotuksia"},[a("span",null,"Korjausehdotuksia")])],-1),p=a("p",null,"Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun käytöstä. Jos kyseessä on kotitietokoneesi ja haluat pitää palvelun päällä, siirrä ainakin laitteet palomuurin taakse tai ota tietokoneesi oma palomuuri käyttöön.",-1),v=a("p",null,[e("Mikäli kyseessä oli laite, jota et voi piilottaa palomuurin taakse, poista palvelu kokonaan käytöstä. Etsi laitteeseesi sopivat ohjeet kirjoittamalla hakukoneeseen "),a("code",null,"disable mdns"),e(" ja laitteeseen liittyvä tarkenne, esimerkiksi kotireitittimen malli: "),a("code",null,"disable mdns google wifi")],-1);function c(_,f){const t=o("RouteLink");return u(),n("div",null,[m,d,r,a("p",null,[e("Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää "),i(t,{to:"/fi/categories.html#amplifikaatiohyokkaykset"},{default:s(()=>[e("täältä")]),_:1}),e(".")]),h,a("p",null,[e("Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. "),i(t,{to:"/fi/locate.html"},{default:s(()=>[e("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),p,v])}const j=l(k,[["render",c],["__file","mdns.html.vue"]]),g=JSON.parse('{"path":"/fi/types/mdns.html","title":"Avoin mDNS-palvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/mdns.md"}');export{j as comp,g as data}; +import{_ as l,c as n,a,d as e,b as i,w as s,r as o,o as u}from"./app-DhWbOGxr.js";const k={},m=a("h1",{id:"avoin-mdns-palvelu",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#avoin-mdns-palvelu"},[a("span",null,"Avoin mDNS-palvelu")])],-1),d=a("h2",{id:"ongelman-kuvaus",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#ongelman-kuvaus"},[a("span",null,"Ongelman kuvaus")])],-1),r=a("p",null,"Tökkiikö netti? Joskus vika ei olekaan palveluntarjoajassa. Pahikset saattavat käyttää tässä osoitteessa olevaa avointa mDNS-palvelua hyväkseen palvelunestohyökkäyksissä. Tällöin nettisi voi toimia todella hitaasti ja varsinainen hyökkäyksen kohde ei ollenkaan.",-1),h=a("h2",{id:"korjausehdotuksia",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#korjausehdotuksia"},[a("span",null,"Korjausehdotuksia")])],-1),p=a("p",null,"Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun käytöstä. Jos kyseessä on kotitietokoneesi ja haluat pitää palvelun päällä, siirrä ainakin laitteet palomuurin taakse tai ota tietokoneesi oma palomuuri käyttöön.",-1),v=a("p",null,[e("Mikäli kyseessä oli laite, jota et voi piilottaa palomuurin taakse, poista palvelu kokonaan käytöstä. Etsi laitteeseesi sopivat ohjeet kirjoittamalla hakukoneeseen "),a("code",null,"disable mdns"),e(" ja laitteeseen liittyvä tarkenne, esimerkiksi kotireitittimen malli: "),a("code",null,"disable mdns google wifi")],-1);function c(_,f){const t=o("RouteLink");return u(),n("div",null,[m,d,r,a("p",null,[e("Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää "),i(t,{to:"/fi/categories.html#amplifikaatiohyokkaykset"},{default:s(()=>[e("täältä")]),_:1}),e(".")]),h,a("p",null,[e("Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. "),i(t,{to:"/fi/locate.html"},{default:s(()=>[e("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),p,v])}const j=l(k,[["render",c],["__file","mdns.html.vue"]]),g=JSON.parse('{"path":"/fi/types/mdns.html","title":"Avoin mDNS-palvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/mdns.md"}');export{j as comp,g as data}; diff --git a/assets/memcached.html-BZ6LpFUS.js b/assets/memcached.html-C0NSvPWW.js similarity index 95% rename from assets/memcached.html-BZ6LpFUS.js rename to assets/memcached.html-C0NSvPWW.js index fb387ce7..693e009c 100644 --- a/assets/memcached.html-BZ6LpFUS.js +++ b/assets/memcached.html-C0NSvPWW.js @@ -1 +1 @@ -import{_ as i,c as n,a as e,d as a,b as s,w as l,e as o,r as h,o as u}from"./app-CxPUdK5a.js";const k={},r=o('

Avoin Memcached-palvelu

Ongelman kuvaus

Kuulitko jo? Pahikset rikkoivat jälleen (28.2.2018) aiemman ennätyksensä palvelunestohyökkäysten tehokkuuden suhteen. Uuteen ennätykseen he pääsivät hyödyntämällä viattomien ihmisten avoimia Memcached-palveluita.

Uutinen kyseenalaisesta ennätyksestä löytyy muun muassa täältä: https://thehackernews.com/2018/03/biggest-ddos-attack-github.html

Amplifikaatiohyökkäykset ovat mahdollista, mikäli palvelu tarjoillaan UDP-protokollan välityksellä. Memcached:n kanssa on vielä toinenkin ongelma, nimittäin palvelu ei tue autentikointia joten ulkopuolisilla on mahdollista käpelöidä siinä olevia tietoja. (Lähde: https://www.shadowserver.org/wiki/pmwiki.php/Services/Open-Memcached)

',5),m=e("h2",{id:"korjausehdotuksia",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#korjausehdotuksia"},[e("span",null,"Korjausehdotuksia")])],-1),c=e("p",null,"Estä ulkopuolisten pääsy palveluun palomuuraamalla portti 11211 umpeen. Mikäli et tarvitse palvelua, ota se kokonaan pois käytöstä.",-1),p=e("p",null,'Hakusanoilla "how to disable memcache" löytyy hyvin ohjeita. Voit liittää hakuusi vielä laitteen, käyttöjärjestelmän tai Linux-distribuution nimen tarkentaaksesi osumatarkkuutta.',-1);function d(v,y){const t=h("RouteLink");return u(),n("div",null,[r,e("p",null,[a("Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää "),s(t,{to:"/fi/categories.html#amplifikaatiohyokkaykset"},{default:l(()=>[a("täältä")]),_:1}),a(".")]),m,c,p])}const f=i(k,[["render",d],["__file","memcached.html.vue"]]),g=JSON.parse('{"path":"/fi/types/memcached.html","title":"Avoin Memcached-palvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/memcached.md"}');export{f as comp,g as data}; +import{_ as i,c as n,a as e,d as a,b as s,w as l,e as o,r as h,o as u}from"./app-DhWbOGxr.js";const k={},r=o('

Avoin Memcached-palvelu

Ongelman kuvaus

Kuulitko jo? Pahikset rikkoivat jälleen (28.2.2018) aiemman ennätyksensä palvelunestohyökkäysten tehokkuuden suhteen. Uuteen ennätykseen he pääsivät hyödyntämällä viattomien ihmisten avoimia Memcached-palveluita.

Uutinen kyseenalaisesta ennätyksestä löytyy muun muassa täältä: https://thehackernews.com/2018/03/biggest-ddos-attack-github.html

Amplifikaatiohyökkäykset ovat mahdollista, mikäli palvelu tarjoillaan UDP-protokollan välityksellä. Memcached:n kanssa on vielä toinenkin ongelma, nimittäin palvelu ei tue autentikointia joten ulkopuolisilla on mahdollista käpelöidä siinä olevia tietoja. (Lähde: https://www.shadowserver.org/wiki/pmwiki.php/Services/Open-Memcached)

',5),m=e("h2",{id:"korjausehdotuksia",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#korjausehdotuksia"},[e("span",null,"Korjausehdotuksia")])],-1),c=e("p",null,"Estä ulkopuolisten pääsy palveluun palomuuraamalla portti 11211 umpeen. Mikäli et tarvitse palvelua, ota se kokonaan pois käytöstä.",-1),p=e("p",null,'Hakusanoilla "how to disable memcache" löytyy hyvin ohjeita. Voit liittää hakuusi vielä laitteen, käyttöjärjestelmän tai Linux-distribuution nimen tarkentaaksesi osumatarkkuutta.',-1);function d(v,y){const t=h("RouteLink");return u(),n("div",null,[r,e("p",null,[a("Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää "),s(t,{to:"/fi/categories.html#amplifikaatiohyokkaykset"},{default:l(()=>[a("täältä")]),_:1}),a(".")]),m,c,p])}const f=i(k,[["render",d],["__file","memcached.html.vue"]]),g=JSON.parse('{"path":"/fi/types/memcached.html","title":"Avoin Memcached-palvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/memcached.md"}');export{f as comp,g as data}; diff --git a/assets/memcached.html-CwkZICD2.js b/assets/memcached.html-DsN1quKH.js similarity index 95% rename from assets/memcached.html-CwkZICD2.js rename to assets/memcached.html-DsN1quKH.js index 0a1b757b..aaa8cb78 100644 --- a/assets/memcached.html-CwkZICD2.js +++ b/assets/memcached.html-DsN1quKH.js @@ -1 +1 @@ -import{_ as o,c as a,a as e,d as t,b as s,w as i,e as n,r as c,o as h}from"./app-CxPUdK5a.js";const d={},p=n('

Open Memcached service

Problem description

Have you read the news? Internet bad guys broke their previous record of denial-of-service attack effectiveness on Feb 28, 2018. This record-breaking attack was made by abusing the Memcached services of innocent third parties.

Here's one report of this rather questionable record attack: https://thehackernews.com/2018/03/biggest-ddos-attack-github.html

Amplification attacks abusing services that run on top of the UDP protocol are common. There is also another issue with Memcached, as it does not support authentication outsiders can tamper with the service data. (Source: https://www.shadowserver.org/wiki/pmwiki.php/Services/Open-Memcached)

',5),l=e("h2",{id:"suggestions-for-repair",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#suggestions-for-repair"},[e("span",null,"Suggestions for repair")])],-1),m=e("p",null,"Block access to the service from the Internet by blocking incoming UDP port 11211 at your firewall. If you do not need the Memcached service to be on, disable it.",-1),u=e("p",null,[t("You can find good instructions by searching for the keywords "),e("code",null,"how to disable memcached"),t(". To refine the results even further, add your device, operating system or name of Linux distribution to the search terms.")],-1);function f(g,b){const r=c("RouteLink");return h(),a("div",null,[p,e("p",null,[t("If you want to understand better how these kinds of so-called amplification attacks work, please see "),s(r,{to:"/categories.html#amplification-attacks"},{default:i(()=>[t("here")]),_:1}),t(".")]),l,m,u])}const w=o(d,[["render",f],["__file","memcached.html.vue"]]),v=JSON.parse('{"path":"/types/memcached.html","title":"Open Memcached service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/memcached.md"}');export{w as comp,v as data}; +import{_ as o,c as a,a as e,d as t,b as s,w as i,e as n,r as c,o as h}from"./app-DhWbOGxr.js";const d={},p=n('

Open Memcached service

Problem description

Have you read the news? Internet bad guys broke their previous record of denial-of-service attack effectiveness on Feb 28, 2018. This record-breaking attack was made by abusing the Memcached services of innocent third parties.

Here's one report of this rather questionable record attack: https://thehackernews.com/2018/03/biggest-ddos-attack-github.html

Amplification attacks abusing services that run on top of the UDP protocol are common. There is also another issue with Memcached, as it does not support authentication outsiders can tamper with the service data. (Source: https://www.shadowserver.org/wiki/pmwiki.php/Services/Open-Memcached)

',5),l=e("h2",{id:"suggestions-for-repair",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#suggestions-for-repair"},[e("span",null,"Suggestions for repair")])],-1),m=e("p",null,"Block access to the service from the Internet by blocking incoming UDP port 11211 at your firewall. If you do not need the Memcached service to be on, disable it.",-1),u=e("p",null,[t("You can find good instructions by searching for the keywords "),e("code",null,"how to disable memcached"),t(". To refine the results even further, add your device, operating system or name of Linux distribution to the search terms.")],-1);function f(g,b){const r=c("RouteLink");return h(),a("div",null,[p,e("p",null,[t("If you want to understand better how these kinds of so-called amplification attacks work, please see "),s(r,{to:"/categories.html#amplification-attacks"},{default:i(()=>[t("here")]),_:1}),t(".")]),l,m,u])}const w=o(d,[["render",f],["__file","memcached.html.vue"]]),v=JSON.parse('{"path":"/types/memcached.html","title":"Open Memcached service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/memcached.md"}');export{w as comp,v as data}; diff --git a/assets/netbios.html-BSFwTz8C.js b/assets/netbios.html-BEh2-T_X.js similarity index 94% rename from assets/netbios.html-BSFwTz8C.js rename to assets/netbios.html-BEh2-T_X.js index 1f7ac48a..1cb44ab2 100644 --- a/assets/netbios.html-BSFwTz8C.js +++ b/assets/netbios.html-BEh2-T_X.js @@ -1 +1 @@ -import{_ as i,c as a,a as e,d as t,b as n,w as s,r,o as l}from"./app-CxPUdK5a.js";const c={},d=e("h1",{id:"open-netbios-service",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#open-netbios-service"},[e("span",null,"Open Netbios service")])],-1),h=e("h2",{id:"problem-description",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#problem-description"},[e("span",null,"Problem description")])],-1),u=e("p",null,"Is your Internet working badly? Sometimes your service provider is not to blame. Bad guys can use your open NetBIOS service to launch a denial-of-service attack. As a result, your Internet connection can work really slowly or not at all, and the actual victim of the attack has things even worse.",-1),p=e("h2",{id:"suggestions-for-repair",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#suggestions-for-repair"},[e("span",null,"Suggestions for repair")])],-1),f=e("p",null,[t("When you have located the vulnerable device, we recommend disabling the NetBIOS service from it. Search for instructions from the Internet with the keywords "),e("code",null,"disable netbios"),t(" and your device brand and model, for instance: "),e("code",null,"disable netbios asus rt-ac96u")],-1),m=e("p",null,"If the NetBIOS service is on intentionally and you want to keep it that way, at least block access to the NetBIOS service from the Internet at your firewall or home router.",-1);function b(v,_){const o=r("RouteLink");return l(),a("div",null,[d,h,u,e("p",null,[t("If you want to understand better how these kinds of so-called amplification attacks work, please see "),n(o,{to:"/categories.html#amplification-attacks"},{default:s(()=>[t("here")]),_:1}),t(".")]),p,e("p",null,[t("First of all you need to identify the device which has the vulnerable service open. "),n(o,{to:"/locate.html"},{default:s(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),f,m])}const y=i(c,[["render",b],["__file","netbios.html.vue"]]),k=JSON.parse('{"path":"/types/netbios.html","title":"Open Netbios service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/netbios.md"}');export{y as comp,k as data}; +import{_ as i,c as a,a as e,d as t,b as n,w as s,r,o as l}from"./app-DhWbOGxr.js";const c={},d=e("h1",{id:"open-netbios-service",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#open-netbios-service"},[e("span",null,"Open Netbios service")])],-1),h=e("h2",{id:"problem-description",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#problem-description"},[e("span",null,"Problem description")])],-1),u=e("p",null,"Is your Internet working badly? Sometimes your service provider is not to blame. Bad guys can use your open NetBIOS service to launch a denial-of-service attack. As a result, your Internet connection can work really slowly or not at all, and the actual victim of the attack has things even worse.",-1),p=e("h2",{id:"suggestions-for-repair",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#suggestions-for-repair"},[e("span",null,"Suggestions for repair")])],-1),f=e("p",null,[t("When you have located the vulnerable device, we recommend disabling the NetBIOS service from it. Search for instructions from the Internet with the keywords "),e("code",null,"disable netbios"),t(" and your device brand and model, for instance: "),e("code",null,"disable netbios asus rt-ac96u")],-1),m=e("p",null,"If the NetBIOS service is on intentionally and you want to keep it that way, at least block access to the NetBIOS service from the Internet at your firewall or home router.",-1);function b(v,_){const o=r("RouteLink");return l(),a("div",null,[d,h,u,e("p",null,[t("If you want to understand better how these kinds of so-called amplification attacks work, please see "),n(o,{to:"/categories.html#amplification-attacks"},{default:s(()=>[t("here")]),_:1}),t(".")]),p,e("p",null,[t("First of all you need to identify the device which has the vulnerable service open. "),n(o,{to:"/locate.html"},{default:s(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),f,m])}const y=i(c,[["render",b],["__file","netbios.html.vue"]]),k=JSON.parse('{"path":"/types/netbios.html","title":"Open Netbios service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/netbios.md"}');export{y as comp,k as data}; diff --git a/assets/netbios.html-Drij6NbL.js b/assets/netbios.html-DlreNynM.js similarity index 94% rename from assets/netbios.html-Drij6NbL.js rename to assets/netbios.html-DlreNynM.js index bc4e5824..a6484806 100644 --- a/assets/netbios.html-Drij6NbL.js +++ b/assets/netbios.html-DlreNynM.js @@ -1 +1 @@ -import{_ as l,c as n,a as e,d as a,b as i,w as s,r as o,o as u}from"./app-CxPUdK5a.js";const k={},r=e("h1",{id:"avoin-netbios-palvelu",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#avoin-netbios-palvelu"},[e("span",null,"Avoin NetBIOS-palvelu")])],-1),h=e("h2",{id:"ongelman-kuvaus",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#ongelman-kuvaus"},[e("span",null,"Ongelman kuvaus")])],-1),p=e("p",null,"Tökkiikö netti? Joskus vika ei olekaan palveluntarjoajassa. Pahikset saattavat käyttää tässä osoitteessa olevaa avointa NetBIOS-palvelua hyväkseen palvelunestohyökkäyksissä. Tällöin nettisi voi toimia todella hitaasti ja varsinainen hyökkäyksen kohde ei ollenkaan.",-1),d=e("h2",{id:"korjausehdotuksia",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#korjausehdotuksia"},[e("span",null,"Korjausehdotuksia")])],-1),m=e("p",null,"Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun käytöstä. Jos kyseessä on kotitietokoneesi ja haluat pitää palvelun päällä, siirrä ainakin laitteet palomuurin taakse tai ota tietokoneesi oma palomuuri käyttöön.",-1),c=e("p",null,[a("Mikäli kyseessä oli laite, jota et voi piilottaa palomuurin taakse, poista palvelu kokonaan käytöstä. Etsi laitteeseesi sopivat ohjeet kirjoittamalla hakukoneeseen "),e("code",null,"disable netbios"),a(" ja laitteeseen liittyvä tarkenne, esimerkiksi kotireitittimen malli: "),e("code",null,"disable netbios asus rt-ac86u")],-1);function v(_,y){const t=o("RouteLink");return u(),n("div",null,[r,h,p,e("p",null,[a("Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää "),i(t,{to:"/fi/categories.html#amplifikaatiohyokkaykset"},{default:s(()=>[a("täältä")]),_:1}),a(".")]),d,e("p",null,[a("Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. "),i(t,{to:"/fi/locate.html"},{default:s(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),m,c])}const j=l(k,[["render",v],["__file","netbios.html.vue"]]),b=JSON.parse('{"path":"/fi/types/netbios.html","title":"Avoin NetBIOS-palvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/netbios.md"}');export{j as comp,b as data}; +import{_ as l,c as n,a as e,d as a,b as i,w as s,r as o,o as u}from"./app-DhWbOGxr.js";const k={},r=e("h1",{id:"avoin-netbios-palvelu",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#avoin-netbios-palvelu"},[e("span",null,"Avoin NetBIOS-palvelu")])],-1),h=e("h2",{id:"ongelman-kuvaus",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#ongelman-kuvaus"},[e("span",null,"Ongelman kuvaus")])],-1),p=e("p",null,"Tökkiikö netti? Joskus vika ei olekaan palveluntarjoajassa. Pahikset saattavat käyttää tässä osoitteessa olevaa avointa NetBIOS-palvelua hyväkseen palvelunestohyökkäyksissä. Tällöin nettisi voi toimia todella hitaasti ja varsinainen hyökkäyksen kohde ei ollenkaan.",-1),d=e("h2",{id:"korjausehdotuksia",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#korjausehdotuksia"},[e("span",null,"Korjausehdotuksia")])],-1),m=e("p",null,"Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun käytöstä. Jos kyseessä on kotitietokoneesi ja haluat pitää palvelun päällä, siirrä ainakin laitteet palomuurin taakse tai ota tietokoneesi oma palomuuri käyttöön.",-1),c=e("p",null,[a("Mikäli kyseessä oli laite, jota et voi piilottaa palomuurin taakse, poista palvelu kokonaan käytöstä. Etsi laitteeseesi sopivat ohjeet kirjoittamalla hakukoneeseen "),e("code",null,"disable netbios"),a(" ja laitteeseen liittyvä tarkenne, esimerkiksi kotireitittimen malli: "),e("code",null,"disable netbios asus rt-ac86u")],-1);function v(_,y){const t=o("RouteLink");return u(),n("div",null,[r,h,p,e("p",null,[a("Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää "),i(t,{to:"/fi/categories.html#amplifikaatiohyokkaykset"},{default:s(()=>[a("täältä")]),_:1}),a(".")]),d,e("p",null,[a("Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. "),i(t,{to:"/fi/locate.html"},{default:s(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),m,c])}const j=l(k,[["render",v],["__file","netbios.html.vue"]]),b=JSON.parse('{"path":"/fi/types/netbios.html","title":"Avoin NetBIOS-palvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/netbios.md"}');export{j as comp,b as data}; diff --git a/assets/ntp.html-BikPWrCz.js b/assets/ntp.html-CLvCuuuW.js similarity index 94% rename from assets/ntp.html-BikPWrCz.js rename to assets/ntp.html-CLvCuuuW.js index 58a5bff4..0cb58087 100644 --- a/assets/ntp.html-BikPWrCz.js +++ b/assets/ntp.html-CLvCuuuW.js @@ -1 +1 @@ -import{_ as s,c as a,a as e,d as t,b as o,w as r,r as i,o as l}from"./app-CxPUdK5a.js";const c={},d=e("h1",{id:"open-ntp-service",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#open-ntp-service"},[e("span",null,"Open NTP service")])],-1),h=e("h2",{id:"problem-description",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#problem-description"},[e("span",null,"Problem description")])],-1),p=e("p",null,"Is your Internet working badly? Sometimes your service provider is not to blame. Bad guys can use your open NTP service to launch a denial-of-service attack. As a result, your Internet connection can work really slowly or not at all, and the actual victim of the attack has things even worse.",-1),u=e("h2",{id:"suggestions-for-repair",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#suggestions-for-repair"},[e("span",null,"Suggestions for repair")])],-1),f=e("p",null,[t("When you have located the vulnerable device, we recommend disabling the NTP service from it. Search for instructions from the Internet with the keywords "),e("code",null,"disable ntp"),t(" and your device brand and model, for instance: "),e("code",null,"disable ntp linksys wrt32x")],-1),m=e("p",null,"If the NTP service is on intentionally and you want to keep it that way, at least block access to the NTP service from the Internet at your firewall or home router.",-1);function v(_,g){const n=i("RouteLink");return l(),a("div",null,[d,h,p,e("p",null,[t("If you want to understand better how these kinds of so-called amplification attacks work, please see "),o(n,{to:"/categories.html#amplification-attacks"},{default:r(()=>[t("here")]),_:1}),t(".")]),u,e("p",null,[t("First of all you need to identify the device which has the vulnerable service open. "),o(n,{to:"/locate.html"},{default:r(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),f,m])}const y=s(c,[["render",v],["__file","ntp.html.vue"]]),k=JSON.parse('{"path":"/types/ntp.html","title":"Open NTP service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/ntp.md"}');export{y as comp,k as data}; +import{_ as s,c as a,a as e,d as t,b as o,w as r,r as i,o as l}from"./app-DhWbOGxr.js";const c={},d=e("h1",{id:"open-ntp-service",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#open-ntp-service"},[e("span",null,"Open NTP service")])],-1),h=e("h2",{id:"problem-description",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#problem-description"},[e("span",null,"Problem description")])],-1),p=e("p",null,"Is your Internet working badly? Sometimes your service provider is not to blame. Bad guys can use your open NTP service to launch a denial-of-service attack. As a result, your Internet connection can work really slowly or not at all, and the actual victim of the attack has things even worse.",-1),u=e("h2",{id:"suggestions-for-repair",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#suggestions-for-repair"},[e("span",null,"Suggestions for repair")])],-1),f=e("p",null,[t("When you have located the vulnerable device, we recommend disabling the NTP service from it. Search for instructions from the Internet with the keywords "),e("code",null,"disable ntp"),t(" and your device brand and model, for instance: "),e("code",null,"disable ntp linksys wrt32x")],-1),m=e("p",null,"If the NTP service is on intentionally and you want to keep it that way, at least block access to the NTP service from the Internet at your firewall or home router.",-1);function v(_,g){const n=i("RouteLink");return l(),a("div",null,[d,h,p,e("p",null,[t("If you want to understand better how these kinds of so-called amplification attacks work, please see "),o(n,{to:"/categories.html#amplification-attacks"},{default:r(()=>[t("here")]),_:1}),t(".")]),u,e("p",null,[t("First of all you need to identify the device which has the vulnerable service open. "),o(n,{to:"/locate.html"},{default:r(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),f,m])}const y=s(c,[["render",v],["__file","ntp.html.vue"]]),k=JSON.parse('{"path":"/types/ntp.html","title":"Open NTP service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/ntp.md"}');export{y as comp,k as data}; diff --git a/assets/ntp.html-DvHApbp1.js b/assets/ntp.html-CkzsZXxg.js similarity index 94% rename from assets/ntp.html-DvHApbp1.js rename to assets/ntp.html-CkzsZXxg.js index 45fb8887..ddc8bafb 100644 --- a/assets/ntp.html-DvHApbp1.js +++ b/assets/ntp.html-CkzsZXxg.js @@ -1 +1 @@ -import{_ as l,c as n,a,d as e,b as i,w as s,r as o,o as k}from"./app-CxPUdK5a.js";const u={},p=a("h1",{id:"avoin-ntp-palvelu",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#avoin-ntp-palvelu"},[a("span",null,"Avoin NTP-palvelu")])],-1),r=a("h2",{id:"ongelman-kuvaus",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#ongelman-kuvaus"},[a("span",null,"Ongelman kuvaus")])],-1),h=a("p",null,"Tökkiikö netti? Joskus vika ei olekaan palveluntarjoajassa. Pahikset saattavat käyttää tässä osoitteessa olevaa avointa NTP-palvelua hyväkseen palvelunestohyökkäyksissä. Tällöin nettisi voi toimia todella hitaasti ja varsinainen hyökkäyksen kohde ei ollenkaan.",-1),d=a("h2",{id:"korjausehdotuksia",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#korjausehdotuksia"},[a("span",null,"Korjausehdotuksia")])],-1),m=a("p",null,"Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun käytöstä. Jos kyseessä on kotitietokoneesi ja haluat pitää palvelun päällä, siirrä ainakin laitteet palomuurin taakse tai ota tietokoneesi oma palomuuri käyttöön.",-1),v=a("p",null,[e("Mikäli kyseessä oli laite, jota et voi piilottaa palomuurin taakse, poista palvelu kokonaan käytöstä. Etsi laitteeseesi sopivat ohjeet kirjoittamalla hakukoneeseen "),a("code",null,"disable ntp"),e(" ja laitteeseen liittyvä tarkenne, esimerkiksi kotireitittimen malli: "),a("code",null,"disable ntp linksys wrt32x")],-1);function c(_,y){const t=o("RouteLink");return k(),n("div",null,[p,r,h,a("p",null,[e("Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää "),i(t,{to:"/fi/categories.html#amplifikaatiohyokkaykset"},{default:s(()=>[e("täältä")]),_:1}),e(".")]),d,a("p",null,[e("Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. "),i(t,{to:"/fi/locate.html"},{default:s(()=>[e("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),m,v])}const j=l(u,[["render",c],["__file","ntp.html.vue"]]),g=JSON.parse('{"path":"/fi/types/ntp.html","title":"Avoin NTP-palvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/ntp.md"}');export{j as comp,g as data}; +import{_ as l,c as n,a,d as e,b as i,w as s,r as o,o as k}from"./app-DhWbOGxr.js";const u={},p=a("h1",{id:"avoin-ntp-palvelu",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#avoin-ntp-palvelu"},[a("span",null,"Avoin NTP-palvelu")])],-1),r=a("h2",{id:"ongelman-kuvaus",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#ongelman-kuvaus"},[a("span",null,"Ongelman kuvaus")])],-1),h=a("p",null,"Tökkiikö netti? Joskus vika ei olekaan palveluntarjoajassa. Pahikset saattavat käyttää tässä osoitteessa olevaa avointa NTP-palvelua hyväkseen palvelunestohyökkäyksissä. Tällöin nettisi voi toimia todella hitaasti ja varsinainen hyökkäyksen kohde ei ollenkaan.",-1),d=a("h2",{id:"korjausehdotuksia",tabindex:"-1"},[a("a",{class:"header-anchor",href:"#korjausehdotuksia"},[a("span",null,"Korjausehdotuksia")])],-1),m=a("p",null,"Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun käytöstä. Jos kyseessä on kotitietokoneesi ja haluat pitää palvelun päällä, siirrä ainakin laitteet palomuurin taakse tai ota tietokoneesi oma palomuuri käyttöön.",-1),v=a("p",null,[e("Mikäli kyseessä oli laite, jota et voi piilottaa palomuurin taakse, poista palvelu kokonaan käytöstä. Etsi laitteeseesi sopivat ohjeet kirjoittamalla hakukoneeseen "),a("code",null,"disable ntp"),e(" ja laitteeseen liittyvä tarkenne, esimerkiksi kotireitittimen malli: "),a("code",null,"disable ntp linksys wrt32x")],-1);function c(_,y){const t=o("RouteLink");return k(),n("div",null,[p,r,h,a("p",null,[e("Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää "),i(t,{to:"/fi/categories.html#amplifikaatiohyokkaykset"},{default:s(()=>[e("täältä")]),_:1}),e(".")]),d,a("p",null,[e("Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. "),i(t,{to:"/fi/locate.html"},{default:s(()=>[e("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),m,v])}const j=l(u,[["render",c],["__file","ntp.html.vue"]]),g=JSON.parse('{"path":"/fi/types/ntp.html","title":"Avoin NTP-palvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/ntp.md"}');export{j as comp,g as data}; diff --git a/assets/o365.html-DYo0A0UP.js b/assets/o365.html-Cz9QI7tt.js similarity index 98% rename from assets/o365.html-DYo0A0UP.js rename to assets/o365.html-Cz9QI7tt.js index 441af284..599d9659 100644 --- a/assets/o365.html-DYo0A0UP.js +++ b/assets/o365.html-Cz9QI7tt.js @@ -1 +1 @@ -import{_ as l,c,a as f,d as t,b as p,w as d,e as s,r as h,o as u}from"./app-CxPUdK5a.js";const e="/assets/o365-10-install-DWAZT3m-.png",o="/assets/o365-20-review-perms-DoUHDx86.png",i="/assets/o365-30-add-account-CSu9lAUE.png",m="/assets/o365-40-login-BqVdKypO.png",a="/assets/o365-60-enable-score-R4-xcfj3.png",r="/assets/o365-70-show-score-rdhfYnW1.png",g="/assets/o365-50-contact-admin-4UV9U8pG.png",y={},w=s('

Microsoft Office 365

This app allows you to synchronize your Office 365 assets into Badrap and receive security notifications about them. The app needs to be installed and enabled under your Badrap user account to get started. The app fetches a list of your organization's assets from your Office 365 installation with your consent, and adds those assets under your Badrap user account. It will also show how many users in your organization have Multi-Factor Authentication (MFA) enabled. If you do not have administrator rights for your organization's Office 365 installation, you will need help from your administrator to set up the app.

I am an Office 365 administrator

The easiest way to set up Badrap's Office 365 app is if you have administrator rights for your Office 365 environment. You can install the app and import all of your Office 365 assets to be visible under your Badrap user account. You can also optionally give permission to other Badrap users inside your organization to see the same information that you do.

You need to have one of the following administrator roles for your Office 365 environment to install the app:

  • Global administrator
  • Application administrator
  • Cloud application administrator
',6),v=s('
  1. To start the app installation, open the Office 365 app page. Click on Install.
  1. Review the permissions that the Office 365 app requires. If the permissions are acceptable for you, click on Install the app.
  1. Click on Add a new account.
  1. Your Office 365 login window will appear. Log in with your administrator account.
  1. The Office 365 app can also tell you if your organization has Multi-Factor Authentication (MFA) in use. Using MFA is a recommended best practice that will keep your organization protected against phishing attacks and data breaches. The app will display your MFA usage results along with a Microsoft Identity Secure Score, which is a numerical score created by Microsoft that shows how securely your Office 365 installation is configured. You can enable the MFA check by clicking on the Show Microsoft Identity Secure Score button after you add your Office 365 account.
  1. Microsoft Identity Secure Score will show how many of your administrator role users and regular users have MFA enabled. Note that it may take a minute or two for the app to fetch the MFA and Secure Score information from your Office 365 server. If you can do something to improve your score, clear instructions will explain what steps you can take. The link under the advice will take you to your Office 365 administration portal, which will provide further details on how the score is calculated, how your MFA settings are configured, and how to improve things.
  1. After you have added your account, the app will display your organization's Office 365 assets under the "Microsoft Office 365" section in your My Assets listing.

I am an Office 365 user

You can also install and use Badrap's Office 365 app as a regular Office 365 user. In this scenario, you will need help from your organization's Office 365 administrator to allow importing your organization's Office 365 assets into Badrap.

  1. To start the app installation, open the Office 365 app page. Click on Install.
  1. Review the permissions that the Office 365 app requires. If the permissions are acceptable for you, click on Install the app.
  1. Click on Add a new account.
  1. Your Microsoft Office 365 login window will appear. After you log in, you will see a notification that you need to contact your Office 365 administrator to give your user account permissions to install the app.

  1. Your organization's Office 365 administrator will need to allow access for the Badrap application. You can forward the instructions below for your Office 365 administrator.

  2. After your Office 365 administrator has given you sufficient permissions, you can use the Badrap Office 365 app. The app will fetch a list of your organization's Office 365 assets. You can then see those assets under the Microsoft Office 365 section in your My Assets listing.

  3. The Office 365 app can also tell you if your organization has Multi-Factor Authentication (MFA) in use. Using MFA is a recommended best practice that will keep your organization protected against phishing attacks and data breaches. The app will display your MFA usage results along with a Microsoft Identity Secure Score, which is a numerical score created by Microsoft that shows how securely your Office 365 installation is configured. You can enable the MFA check by clicking on the Show Microsoft Identity Secure Score button after you add your Office 365 account. Please note that your administrator needs to assign the Security Reader role for you to fetch the Secure Score from your Office 365 environment and to use this feature.

  1. Microsoft Identity Secure Score will show how many of your administrator role users and regular users have MFA enabled. Note that it may take a minute or two for the app to fetch the MFA and Secure Score information from your Office 365 server. If you can do something to improve your score, clear instructions will explain what steps you can take. The link under the advice will take you to your Office 365 administration portal, which will provide further details on how the score is calculated, how your MFA settings are configured, and how to improve things.

Instructions for Office 365 administrators to allow a user to install Badrap Office 365 app

  1. Click the following "Give admin consent" link to open the admin consent page for the Badrap for Office 365 application:

    Give admin consent

  2. Additionally, if a user wishes to use the Show Microsoft Identity Secure Score feature in Badrap to check your organization's Multi-Factor Authentication (MFA) deployment status, you need to assign the Security Reader role for that user in your Office 365 environment. This will allow the user to fetch the Microsoft Identity Secure Score.

Uninstalling the app

  1. Open the Office 365 app page and click on Uninstall.
  2. You have now successfully uninstalled the app.
',31);function O(b,x){const n=h("RouteLink");return u(),c("div",null,[w,f("p",null,[t("If you do not have any of these administrator rights, please refer to the "),p(n,{to:"/apps/o365.html#i-am-an-office-365-user"},{default:d(()=>[t("I am an Office 365 user")]),_:1}),t(" section below.")]),v])}const k=l(y,[["render",O],["__file","o365.html.vue"]]),M=JSON.parse('{"path":"/apps/o365.html","title":"Microsoft Office 365","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"I am an Office 365 administrator","slug":"i-am-an-office-365-administrator","link":"#i-am-an-office-365-administrator","children":[]},{"level":2,"title":"I am an Office 365 user","slug":"i-am-an-office-365-user","link":"#i-am-an-office-365-user","children":[]},{"level":2,"title":"Instructions for Office 365 administrators to allow a user to install Badrap Office 365 app","slug":"instructions-for-office-365-administrators-to-allow-a-user-to-install-badrap-office-365-app","link":"#instructions-for-office-365-administrators-to-allow-a-user-to-install-badrap-office-365-app","children":[]},{"level":2,"title":"Uninstalling the app","slug":"uninstalling-the-app","link":"#uninstalling-the-app","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"apps/o365.md"}');export{k as comp,M as data}; +import{_ as l,c,a as f,d as t,b as p,w as d,e as s,r as h,o as u}from"./app-DhWbOGxr.js";const e="/assets/o365-10-install-DWAZT3m-.png",o="/assets/o365-20-review-perms-DoUHDx86.png",i="/assets/o365-30-add-account-CSu9lAUE.png",m="/assets/o365-40-login-BqVdKypO.png",a="/assets/o365-60-enable-score-R4-xcfj3.png",r="/assets/o365-70-show-score-rdhfYnW1.png",g="/assets/o365-50-contact-admin-4UV9U8pG.png",y={},w=s('

Microsoft Office 365

This app allows you to synchronize your Office 365 assets into Badrap and receive security notifications about them. The app needs to be installed and enabled under your Badrap user account to get started. The app fetches a list of your organization's assets from your Office 365 installation with your consent, and adds those assets under your Badrap user account. It will also show how many users in your organization have Multi-Factor Authentication (MFA) enabled. If you do not have administrator rights for your organization's Office 365 installation, you will need help from your administrator to set up the app.

I am an Office 365 administrator

The easiest way to set up Badrap's Office 365 app is if you have administrator rights for your Office 365 environment. You can install the app and import all of your Office 365 assets to be visible under your Badrap user account. You can also optionally give permission to other Badrap users inside your organization to see the same information that you do.

You need to have one of the following administrator roles for your Office 365 environment to install the app:

  • Global administrator
  • Application administrator
  • Cloud application administrator
',6),v=s('
  1. To start the app installation, open the Office 365 app page. Click on Install.
  1. Review the permissions that the Office 365 app requires. If the permissions are acceptable for you, click on Install the app.
  1. Click on Add a new account.
  1. Your Office 365 login window will appear. Log in with your administrator account.
  1. The Office 365 app can also tell you if your organization has Multi-Factor Authentication (MFA) in use. Using MFA is a recommended best practice that will keep your organization protected against phishing attacks and data breaches. The app will display your MFA usage results along with a Microsoft Identity Secure Score, which is a numerical score created by Microsoft that shows how securely your Office 365 installation is configured. You can enable the MFA check by clicking on the Show Microsoft Identity Secure Score button after you add your Office 365 account.
  1. Microsoft Identity Secure Score will show how many of your administrator role users and regular users have MFA enabled. Note that it may take a minute or two for the app to fetch the MFA and Secure Score information from your Office 365 server. If you can do something to improve your score, clear instructions will explain what steps you can take. The link under the advice will take you to your Office 365 administration portal, which will provide further details on how the score is calculated, how your MFA settings are configured, and how to improve things.
  1. After you have added your account, the app will display your organization's Office 365 assets under the "Microsoft Office 365" section in your My Assets listing.

I am an Office 365 user

You can also install and use Badrap's Office 365 app as a regular Office 365 user. In this scenario, you will need help from your organization's Office 365 administrator to allow importing your organization's Office 365 assets into Badrap.

  1. To start the app installation, open the Office 365 app page. Click on Install.
  1. Review the permissions that the Office 365 app requires. If the permissions are acceptable for you, click on Install the app.
  1. Click on Add a new account.
  1. Your Microsoft Office 365 login window will appear. After you log in, you will see a notification that you need to contact your Office 365 administrator to give your user account permissions to install the app.

  1. Your organization's Office 365 administrator will need to allow access for the Badrap application. You can forward the instructions below for your Office 365 administrator.

  2. After your Office 365 administrator has given you sufficient permissions, you can use the Badrap Office 365 app. The app will fetch a list of your organization's Office 365 assets. You can then see those assets under the Microsoft Office 365 section in your My Assets listing.

  3. The Office 365 app can also tell you if your organization has Multi-Factor Authentication (MFA) in use. Using MFA is a recommended best practice that will keep your organization protected against phishing attacks and data breaches. The app will display your MFA usage results along with a Microsoft Identity Secure Score, which is a numerical score created by Microsoft that shows how securely your Office 365 installation is configured. You can enable the MFA check by clicking on the Show Microsoft Identity Secure Score button after you add your Office 365 account. Please note that your administrator needs to assign the Security Reader role for you to fetch the Secure Score from your Office 365 environment and to use this feature.

  1. Microsoft Identity Secure Score will show how many of your administrator role users and regular users have MFA enabled. Note that it may take a minute or two for the app to fetch the MFA and Secure Score information from your Office 365 server. If you can do something to improve your score, clear instructions will explain what steps you can take. The link under the advice will take you to your Office 365 administration portal, which will provide further details on how the score is calculated, how your MFA settings are configured, and how to improve things.

Instructions for Office 365 administrators to allow a user to install Badrap Office 365 app

  1. Click the following "Give admin consent" link to open the admin consent page for the Badrap for Office 365 application:

    Give admin consent

  2. Additionally, if a user wishes to use the Show Microsoft Identity Secure Score feature in Badrap to check your organization's Multi-Factor Authentication (MFA) deployment status, you need to assign the Security Reader role for that user in your Office 365 environment. This will allow the user to fetch the Microsoft Identity Secure Score.

Uninstalling the app

  1. Open the Office 365 app page and click on Uninstall.
  2. You have now successfully uninstalled the app.
',31);function O(b,x){const n=h("RouteLink");return u(),c("div",null,[w,f("p",null,[t("If you do not have any of these administrator rights, please refer to the "),p(n,{to:"/apps/o365.html#i-am-an-office-365-user"},{default:d(()=>[t("I am an Office 365 user")]),_:1}),t(" section below.")]),v])}const k=l(y,[["render",O],["__file","o365.html.vue"]]),M=JSON.parse('{"path":"/apps/o365.html","title":"Microsoft Office 365","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"I am an Office 365 administrator","slug":"i-am-an-office-365-administrator","link":"#i-am-an-office-365-administrator","children":[]},{"level":2,"title":"I am an Office 365 user","slug":"i-am-an-office-365-user","link":"#i-am-an-office-365-user","children":[]},{"level":2,"title":"Instructions for Office 365 administrators to allow a user to install Badrap Office 365 app","slug":"instructions-for-office-365-administrators-to-allow-a-user-to-install-badrap-office-365-app","link":"#instructions-for-office-365-administrators-to-allow-a-user-to-install-badrap-office-365-app","children":[]},{"level":2,"title":"Uninstalling the app","slug":"uninstalling-the-app","link":"#uninstalling-the-app","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"apps/o365.md"}');export{k as comp,M as data}; diff --git a/assets/portscan.html-LC0ffMCx.js b/assets/portscan.html-Celnu4C0.js similarity index 95% rename from assets/portscan.html-LC0ffMCx.js rename to assets/portscan.html-Celnu4C0.js index 8a8ef8f1..73fc6fbe 100644 --- a/assets/portscan.html-LC0ffMCx.js +++ b/assets/portscan.html-Celnu4C0.js @@ -1 +1 @@ -import{_ as e,c as s,a as t,d as a,b as n,w as o,e as l,r as u,o as k}from"./app-CxPUdK5a.js";const r={},h=l('

Porttiskannausta havaittu verkostasi

Ongelman kuvaus

Seuraamastasi IP-osoitteesta on havaittu liikennettä jolla etsitään hyökkäyskohteita Internetistä. Laitteesi ottaa yhteyttä muihin verkkoihin ja laitteisiin ja tekee niille niin sanottuja porttiskannauksia. Yleensä tämä tarkoittaa että joku hallitsee laitetta verkossasi ja käyttää sitä hyväkseen löytääkseen uusia haavoittuvia laitteita. Laitteesi avulla yritetään siis löytää uusia hyökkäyskohteita.

Tutkimuspartnerimme Telia Darknet havaitsee tämänkaltaisia porttiskannaushyökkäyksiä automaattisesti. Heidän palvelunsa tunnistaa IP-osoitteita joista yritetään tehdä porttiskannauksia heidän hallinnoimiin mutta käyttämättömiin IP-osoitteisiin.

Korjausehdotuksia

',5),p=t("p",null,"Kun olet paikallistanut laitteen, suosittelemme resetoimaan sen tehdasasetuksille ja konfiguroimaan uudestaan tai asentamaan laitteen käyttöjärjestelmän kokonaan uudestaan. Jos laitteesi on otettu luvattomaan käyttöön ja se tekee automaattisesti porttiskannauksia, yleensä on liian hankalaa yrittää puhdistaa haittakoodin jälkiä ilman täydellistä laitteen resetointia.",-1),d=t("p",null,"Kun olet resetoinut laitteen tai asentanut sen uudestaan, sinun tulisi asentaa siihen kaikki saatavilla olevat ohjelmistopäivitykset, jotta laitteesi saadaan suojattua uusilta haltuunottoyrityksiltä. Jos tietoturvapäivityksiä ei ole laitteellesi saatavilla, sinun kannattaa harkita laitteen päivittämistä uuteen versioon tai kokonaan eri malliin, johon on saatavilla säännöllisiä tietoturvapäivityksiä.",-1);function m(v,c){const i=u("RouteLink");return k(),s("div",null,[h,t("p",null,[a("Ensiksi sinun tulisi tunnistaa laite, joka lähettää verkostasi porttiskannausliikennettä ulospäin. "),n(i,{to:"/fi/locate.html"},{default:o(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),p,d])}const j=e(r,[["render",m],["__file","portscan.html.vue"]]),_=JSON.parse('{"path":"/fi/types/portscan.html","title":"Porttiskannausta havaittu verkostasi","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/portscan.md"}');export{j as comp,_ as data}; +import{_ as e,c as s,a as t,d as a,b as n,w as o,e as l,r as u,o as k}from"./app-DhWbOGxr.js";const r={},h=l('

Porttiskannausta havaittu verkostasi

Ongelman kuvaus

Seuraamastasi IP-osoitteesta on havaittu liikennettä jolla etsitään hyökkäyskohteita Internetistä. Laitteesi ottaa yhteyttä muihin verkkoihin ja laitteisiin ja tekee niille niin sanottuja porttiskannauksia. Yleensä tämä tarkoittaa että joku hallitsee laitetta verkossasi ja käyttää sitä hyväkseen löytääkseen uusia haavoittuvia laitteita. Laitteesi avulla yritetään siis löytää uusia hyökkäyskohteita.

Tutkimuspartnerimme Telia Darknet havaitsee tämänkaltaisia porttiskannaushyökkäyksiä automaattisesti. Heidän palvelunsa tunnistaa IP-osoitteita joista yritetään tehdä porttiskannauksia heidän hallinnoimiin mutta käyttämättömiin IP-osoitteisiin.

Korjausehdotuksia

',5),p=t("p",null,"Kun olet paikallistanut laitteen, suosittelemme resetoimaan sen tehdasasetuksille ja konfiguroimaan uudestaan tai asentamaan laitteen käyttöjärjestelmän kokonaan uudestaan. Jos laitteesi on otettu luvattomaan käyttöön ja se tekee automaattisesti porttiskannauksia, yleensä on liian hankalaa yrittää puhdistaa haittakoodin jälkiä ilman täydellistä laitteen resetointia.",-1),d=t("p",null,"Kun olet resetoinut laitteen tai asentanut sen uudestaan, sinun tulisi asentaa siihen kaikki saatavilla olevat ohjelmistopäivitykset, jotta laitteesi saadaan suojattua uusilta haltuunottoyrityksiltä. Jos tietoturvapäivityksiä ei ole laitteellesi saatavilla, sinun kannattaa harkita laitteen päivittämistä uuteen versioon tai kokonaan eri malliin, johon on saatavilla säännöllisiä tietoturvapäivityksiä.",-1);function m(v,c){const i=u("RouteLink");return k(),s("div",null,[h,t("p",null,[a("Ensiksi sinun tulisi tunnistaa laite, joka lähettää verkostasi porttiskannausliikennettä ulospäin. "),n(i,{to:"/fi/locate.html"},{default:o(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),p,d])}const j=e(r,[["render",m],["__file","portscan.html.vue"]]),_=JSON.parse('{"path":"/fi/types/portscan.html","title":"Porttiskannausta havaittu verkostasi","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/portscan.md"}');export{j as comp,_ as data}; diff --git a/assets/portscan.html-BO9ugUES.js b/assets/portscan.html-MNpyhYS1.js similarity index 95% rename from assets/portscan.html-BO9ugUES.js rename to assets/portscan.html-MNpyhYS1.js index 8a2836eb..f11203f8 100644 --- a/assets/portscan.html-BO9ugUES.js +++ b/assets/portscan.html-MNpyhYS1.js @@ -1 +1 @@ -import{_ as o,c as a,a as e,d as t,b as r,w as i,e as n,r as c,o as l}from"./app-CxPUdK5a.js";const d={},p=n('

Port Scan Source

Problem description

This IP has been identified to scan the Internet for potential attack targets. Your device is connecting to other networks and devices in the Internet and scanning them for open ports. Usually this means that someone is controlling a device in your network and using it to find other vulnerable devices. Your device is being used to actively find new victims to infect or attack.

These kinds of port scans are detected automatically by our research partner Telia Darknet. They operate a service that identifies IP addresses which are making port scans for their unused IP address space.

Suggestions for repair

',5),h=e("p",null,"After you find the correct device, we recommend you to reset it to its factory settings or perform a full reinstall of the operating system. If your device is compromised and actively sending out attacks, it is usually too complex to try to clean the system without a full reset.",-1),u=e("p",null,"After you reset the device or reinstall the operating system, you should install all of the latest software updates to make sure your system will not be compromised in the same way again. If no security updates are available, you might consider switching to a different device, which is updated against known vulnerabilities.",-1);function f(m,g){const s=c("RouteLink");return l(),a("div",null,[p,e("p",null,[t("First of all you need to identify the device in your network which is making these port scans. "),r(s,{to:"/locate.html"},{default:i(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),h,u])}const v=o(d,[["render",f],["__file","portscan.html.vue"]]),_=JSON.parse('{"path":"/types/portscan.html","title":"Port Scan Source","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/portscan.md"}');export{v as comp,_ as data}; +import{_ as o,c as a,a as e,d as t,b as r,w as i,e as n,r as c,o as l}from"./app-DhWbOGxr.js";const d={},p=n('

Port Scan Source

Problem description

This IP has been identified to scan the Internet for potential attack targets. Your device is connecting to other networks and devices in the Internet and scanning them for open ports. Usually this means that someone is controlling a device in your network and using it to find other vulnerable devices. Your device is being used to actively find new victims to infect or attack.

These kinds of port scans are detected automatically by our research partner Telia Darknet. They operate a service that identifies IP addresses which are making port scans for their unused IP address space.

Suggestions for repair

',5),h=e("p",null,"After you find the correct device, we recommend you to reset it to its factory settings or perform a full reinstall of the operating system. If your device is compromised and actively sending out attacks, it is usually too complex to try to clean the system without a full reset.",-1),u=e("p",null,"After you reset the device or reinstall the operating system, you should install all of the latest software updates to make sure your system will not be compromised in the same way again. If no security updates are available, you might consider switching to a different device, which is updated against known vulnerabilities.",-1);function f(m,g){const s=c("RouteLink");return l(),a("div",null,[p,e("p",null,[t("First of all you need to identify the device in your network which is making these port scans. "),r(s,{to:"/locate.html"},{default:i(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),h,u])}const v=o(d,[["render",f],["__file","portscan.html.vue"]]),_=JSON.parse('{"path":"/types/portscan.html","title":"Port Scan Source","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/portscan.md"}');export{v as comp,_ as data}; diff --git a/assets/privacy-company.html-BNyM51Yv.js b/assets/privacy-company.html-BpFQf9Tm.js similarity index 99% rename from assets/privacy-company.html-BNyM51Yv.js rename to assets/privacy-company.html-BpFQf9Tm.js index 883dc463..8a3a3938 100644 --- a/assets/privacy-company.html-BNyM51Yv.js +++ b/assets/privacy-company.html-BpFQf9Tm.js @@ -1 +1 @@ -import{_ as o,c as s,a as e,d as a,b as i,w as n,e as r,r as c,o as d}from"./app-CxPUdK5a.js";const l={},u=e("h1",{id:"privacy-policy-for-badrap-oy",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#privacy-policy-for-badrap-oy"},[e("span",null,"Privacy Policy for Badrap Oy")])],-1),p=r('

Data controller contact details

Company name: Badrap Oy
Address: Teknologiantie 11
90590 Oulu
Finland
Email: contact@badrap.io
Business ID: 2846254-9

Types of data collected

When discovering leads, we may collect your name, company, email address, and phone number. Our hosting, content delivery and analytics services collect visitor information in the form of IP addresses and cookies automatically submitted by your web browser.

We process your personal information for purposes of focusing and localizing marketing content, generating leads for our sales, distributing factual information and news related to our company and products and measuring and improving the website user experience.

Legal basis for processing personal information is our legitimate business interests. Initially, we use it to contact you to discover if you are interested in purchasing our services. When we contact you, you can opt-out from future contact attempts. Any follow-ups after a successful contact is made are based on your consent.

Data sources

Hosting and content delivery

We use Github, Github pages, and Netlify to deliver our website and relevant content to you. We also use HubSpot for sending email to you in few cases: 1) we have identified you might be interested in our products, 2) you have opted into our newsletter, or 3) your employer has subscribed to our services which require email communication beyond the communication badrap.io service itself sends. In order to work as efficient content delivery platforms, they may collect and use information that web browsers expose automatically, such as the browser version, IP address, site-specific cookies, device identifiers, language preference, referring site, the time of access and user’s operating system. These services should collect only minimal information required to deliver the content and we don’t use these services to collect any information for processing. Some of these services may provide you an option to register directly as their user to improve the user experience. If you have directly registered to any of these services, we advise you to study their respective privacy policies.

Analytics

We use Plausible.io to collect information about our website visitors and their behaviour while on the website. Plausible.io is a privacy-focused website analytics provider that collects anonymous statistics and does not use cookies. You can review the Plausible.io data policy to see how their analytics service works.

Marketing and customer relationship management (CRM)

We search for publicly available data to discover leads. We use Linkedin, RocketReach and Alma Talent company search to identify people in roles implying they may be interested in our products. We also use online forms to collect product inquiries and subscriptions from leads and customers. We use HubSpot, Stripe and DepositFix to record their contact information. We record the company name and optionally email, your name, VAT number, payment details and phone number, depending on what information is available or provided. We use this information to contact you if you are interested in purchasing our services or to provide you the services you have subscribed to. Further contacts are based on your consent.

Customer Success and Support Emails

We use Google Workspace, Microsoft Office 365 and Hubspot for email communications with customers. This includes support requests, customer success discussions, general inquiries and sales discussions. When you contact us, you consent and acknowledge that we will be processing any personal data you may include in your email with the aforementioned third-party services.

Customer Meetings

We use Google Calendar and Microsoft Office 365 to book customer meetings, and Google Meet and Microsoft Teams for conducting online meetings. We may also offer you the chance to book meetings with our personnel using Hubspot's Meetings tool, which is connected to our Microsoft or Google calendars. Hubspot's Meetings tool may be offered as an option for booking a meeting e.g. inside selected playbooks, on the web site or in our email signatures. Please note that your usage of the Hubspot Meetings tool is based on your own explicit and unambiguous consent, and it is covered by Hubspot's own privacy policy.

Embedded Content

We may sometimes embed media content such as videos onto our playbooks and web pages. This embedded media content may reside at an external hosting provider, such as Youtube. When we embed media content, we do it in a way that will share as little user information as possible with the content hosting provider. When viewing embedded content hosted at a third-party service provider, your viewing and interactions with the content are covered by the hosting provider's privacy policy. This means that you may have to review their privacy policy and to provide consent in order to view or interact with the embedded media.

Playbooks

We use ActiveCampaign for automating playbooks, such as Employee Cyber Hygiene online training and trials. Customers provide their email address or email addresses for us. Participants may submit further information via forms. Playbook automation requires us to track the progress of the users. Sometimes we also provide progress statistics to the playbook customers.

Your rights as a data subject

You have the following rights according to GDPR regarding the processing of your personal data. You can exercise your rights by contacting us by email.

Right of access: You have the right to check at any time, what personal information we have stored about you.

Right to object: You have the right to object to our processing of your personal data, if you think that our processing does not happen according to the GDPR or if you think we have no lawful basis for processing your data.

Right to erasure: You have the right to remove your personal data at any time.

Right to data portability: You have the right to request a machine-readable summary of your personal data from us, so that you can transfer them to another service provider.

Right to lodge a complaint: You have the right to complain to the supervisory authority if you think we are in violation of your rights, in violation of GDPR, or the Finnish law regarding personal data protection. The supervisory authority in this case is the Office of the Data Protection Ombudsman (Tietosuojavaltuutettu) in Finland.

Right to object to direct marketing: You have the right to object to using your personal data for direct marketing purposes.

Duration of processing

Email addresses submitted by the users are retained until the user unsubscribes. If a subscriber requests a permanent opt-out from any future marketing, then that opt-out address is retained until the person in question requests to be removed from the opt-out list.

Data recipients

Visitor information is processed only by named employees of Badrap Oy, who are responsible for developing and maintaining the website. Email addresses and subscriptions are processed by our sales and marketing personnel. Currently we employ no subcontractors or other third parties to process any personal information.

Data transfers outside of EU

Content delivery services utilize geographically distributed servers in order to deliver the content efficiently, making it difficult to determine the actual location where short-lived visitor data automatically submitted by the web browsers is stored.

External services used by us for content delivery and marketing collect and process data outside of the EU. Where possible we have configured these services to anonymize collected IP addresses. We use only service providers that comply with an adequate level of data privacy as required by the GDPR and that are committed to following relevant EU regulations.

Automated individual decision-making

Your personal data is not used for automated individual decision-making or profiling.

Data protection principles and measures

We don’t collect or ask you for personal information unless we truly need it. We control and keep track of who has access to the services used to process the data. We use transport layer encryption (TLS) to protect your interaction with our website. We occasionally review the implementation of our website and the related services we rely on against this privacy policy.

',41);function h(m,y){const t=c("RouteLink");return d(),s("div",null,[u,e("p",null,[a("We at Badrap Oy provide badrap.io service for consumers, and related commercial products for businesses. If you are a badrap.io user, the relevant privacy policy is "),i(t,{to:"/privacy.html"},{default:n(()=>[a("here")]),_:1}),a(". This privacy policy explains why and how we, as a data controller, process our business users' personal information for legitimate business interests.")]),p])}const f=o(l,[["render",h],["__file","privacy-company.html.vue"]]),b=JSON.parse('{"path":"/privacy-company.html","title":"Privacy Policy for Badrap Oy","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Data controller contact details","slug":"data-controller-contact-details","link":"#data-controller-contact-details","children":[]},{"level":2,"title":"Types of data collected","slug":"types-of-data-collected","link":"#types-of-data-collected","children":[]},{"level":2,"title":"Purpose and legal basis for processing","slug":"purpose-and-legal-basis-for-processing","link":"#purpose-and-legal-basis-for-processing","children":[]},{"level":2,"title":"Data sources","slug":"data-sources","link":"#data-sources","children":[{"level":3,"title":"Hosting and content delivery","slug":"hosting-and-content-delivery","link":"#hosting-and-content-delivery","children":[]},{"level":3,"title":"Analytics","slug":"analytics","link":"#analytics","children":[]},{"level":3,"title":"Marketing and customer relationship management (CRM)","slug":"marketing-and-customer-relationship-management-crm","link":"#marketing-and-customer-relationship-management-crm","children":[]},{"level":3,"title":"Customer Success and Support Emails","slug":"customer-success-and-support-emails","link":"#customer-success-and-support-emails","children":[]},{"level":3,"title":"Customer Meetings","slug":"customer-meetings","link":"#customer-meetings","children":[]},{"level":3,"title":"Embedded Content","slug":"embedded-content","link":"#embedded-content","children":[]},{"level":3,"title":"Playbooks","slug":"playbooks","link":"#playbooks","children":[]}]},{"level":2,"title":"Your rights as a data subject","slug":"your-rights-as-a-data-subject","link":"#your-rights-as-a-data-subject","children":[]},{"level":2,"title":"Duration of processing","slug":"duration-of-processing","link":"#duration-of-processing","children":[]},{"level":2,"title":"Data recipients","slug":"data-recipients","link":"#data-recipients","children":[]},{"level":2,"title":"Data transfers outside of EU","slug":"data-transfers-outside-of-eu","link":"#data-transfers-outside-of-eu","children":[]},{"level":2,"title":"Automated individual decision-making","slug":"automated-individual-decision-making","link":"#automated-individual-decision-making","children":[]},{"level":2,"title":"Data protection principles and measures","slug":"data-protection-principles-and-measures","link":"#data-protection-principles-and-measures","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"privacy-company.md"}');export{f as comp,b as data}; +import{_ as o,c as s,a as e,d as a,b as i,w as n,e as r,r as c,o as d}from"./app-DhWbOGxr.js";const l={},u=e("h1",{id:"privacy-policy-for-badrap-oy",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#privacy-policy-for-badrap-oy"},[e("span",null,"Privacy Policy for Badrap Oy")])],-1),p=r('

Data controller contact details

Company name: Badrap Oy
Address: Teknologiantie 11
90590 Oulu
Finland
Email: contact@badrap.io
Business ID: 2846254-9

Types of data collected

When discovering leads, we may collect your name, company, email address, and phone number. Our hosting, content delivery and analytics services collect visitor information in the form of IP addresses and cookies automatically submitted by your web browser.

We process your personal information for purposes of focusing and localizing marketing content, generating leads for our sales, distributing factual information and news related to our company and products and measuring and improving the website user experience.

Legal basis for processing personal information is our legitimate business interests. Initially, we use it to contact you to discover if you are interested in purchasing our services. When we contact you, you can opt-out from future contact attempts. Any follow-ups after a successful contact is made are based on your consent.

Data sources

Hosting and content delivery

We use Github, Github pages, and Netlify to deliver our website and relevant content to you. We also use HubSpot for sending email to you in few cases: 1) we have identified you might be interested in our products, 2) you have opted into our newsletter, or 3) your employer has subscribed to our services which require email communication beyond the communication badrap.io service itself sends. In order to work as efficient content delivery platforms, they may collect and use information that web browsers expose automatically, such as the browser version, IP address, site-specific cookies, device identifiers, language preference, referring site, the time of access and user’s operating system. These services should collect only minimal information required to deliver the content and we don’t use these services to collect any information for processing. Some of these services may provide you an option to register directly as their user to improve the user experience. If you have directly registered to any of these services, we advise you to study their respective privacy policies.

Analytics

We use Plausible.io to collect information about our website visitors and their behaviour while on the website. Plausible.io is a privacy-focused website analytics provider that collects anonymous statistics and does not use cookies. You can review the Plausible.io data policy to see how their analytics service works.

Marketing and customer relationship management (CRM)

We search for publicly available data to discover leads. We use Linkedin, RocketReach and Alma Talent company search to identify people in roles implying they may be interested in our products. We also use online forms to collect product inquiries and subscriptions from leads and customers. We use HubSpot, Stripe and DepositFix to record their contact information. We record the company name and optionally email, your name, VAT number, payment details and phone number, depending on what information is available or provided. We use this information to contact you if you are interested in purchasing our services or to provide you the services you have subscribed to. Further contacts are based on your consent.

Customer Success and Support Emails

We use Google Workspace, Microsoft Office 365 and Hubspot for email communications with customers. This includes support requests, customer success discussions, general inquiries and sales discussions. When you contact us, you consent and acknowledge that we will be processing any personal data you may include in your email with the aforementioned third-party services.

Customer Meetings

We use Google Calendar and Microsoft Office 365 to book customer meetings, and Google Meet and Microsoft Teams for conducting online meetings. We may also offer you the chance to book meetings with our personnel using Hubspot's Meetings tool, which is connected to our Microsoft or Google calendars. Hubspot's Meetings tool may be offered as an option for booking a meeting e.g. inside selected playbooks, on the web site or in our email signatures. Please note that your usage of the Hubspot Meetings tool is based on your own explicit and unambiguous consent, and it is covered by Hubspot's own privacy policy.

Embedded Content

We may sometimes embed media content such as videos onto our playbooks and web pages. This embedded media content may reside at an external hosting provider, such as Youtube. When we embed media content, we do it in a way that will share as little user information as possible with the content hosting provider. When viewing embedded content hosted at a third-party service provider, your viewing and interactions with the content are covered by the hosting provider's privacy policy. This means that you may have to review their privacy policy and to provide consent in order to view or interact with the embedded media.

Playbooks

We use ActiveCampaign for automating playbooks, such as Employee Cyber Hygiene online training and trials. Customers provide their email address or email addresses for us. Participants may submit further information via forms. Playbook automation requires us to track the progress of the users. Sometimes we also provide progress statistics to the playbook customers.

Your rights as a data subject

You have the following rights according to GDPR regarding the processing of your personal data. You can exercise your rights by contacting us by email.

Right of access: You have the right to check at any time, what personal information we have stored about you.

Right to object: You have the right to object to our processing of your personal data, if you think that our processing does not happen according to the GDPR or if you think we have no lawful basis for processing your data.

Right to erasure: You have the right to remove your personal data at any time.

Right to data portability: You have the right to request a machine-readable summary of your personal data from us, so that you can transfer them to another service provider.

Right to lodge a complaint: You have the right to complain to the supervisory authority if you think we are in violation of your rights, in violation of GDPR, or the Finnish law regarding personal data protection. The supervisory authority in this case is the Office of the Data Protection Ombudsman (Tietosuojavaltuutettu) in Finland.

Right to object to direct marketing: You have the right to object to using your personal data for direct marketing purposes.

Duration of processing

Email addresses submitted by the users are retained until the user unsubscribes. If a subscriber requests a permanent opt-out from any future marketing, then that opt-out address is retained until the person in question requests to be removed from the opt-out list.

Data recipients

Visitor information is processed only by named employees of Badrap Oy, who are responsible for developing and maintaining the website. Email addresses and subscriptions are processed by our sales and marketing personnel. Currently we employ no subcontractors or other third parties to process any personal information.

Data transfers outside of EU

Content delivery services utilize geographically distributed servers in order to deliver the content efficiently, making it difficult to determine the actual location where short-lived visitor data automatically submitted by the web browsers is stored.

External services used by us for content delivery and marketing collect and process data outside of the EU. Where possible we have configured these services to anonymize collected IP addresses. We use only service providers that comply with an adequate level of data privacy as required by the GDPR and that are committed to following relevant EU regulations.

Automated individual decision-making

Your personal data is not used for automated individual decision-making or profiling.

Data protection principles and measures

We don’t collect or ask you for personal information unless we truly need it. We control and keep track of who has access to the services used to process the data. We use transport layer encryption (TLS) to protect your interaction with our website. We occasionally review the implementation of our website and the related services we rely on against this privacy policy.

',41);function h(m,y){const t=c("RouteLink");return d(),s("div",null,[u,e("p",null,[a("We at Badrap Oy provide badrap.io service for consumers, and related commercial products for businesses. If you are a badrap.io user, the relevant privacy policy is "),i(t,{to:"/privacy.html"},{default:n(()=>[a("here")]),_:1}),a(". This privacy policy explains why and how we, as a data controller, process our business users' personal information for legitimate business interests.")]),p])}const f=o(l,[["render",h],["__file","privacy-company.html.vue"]]),b=JSON.parse('{"path":"/privacy-company.html","title":"Privacy Policy for Badrap Oy","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Data controller contact details","slug":"data-controller-contact-details","link":"#data-controller-contact-details","children":[]},{"level":2,"title":"Types of data collected","slug":"types-of-data-collected","link":"#types-of-data-collected","children":[]},{"level":2,"title":"Purpose and legal basis for processing","slug":"purpose-and-legal-basis-for-processing","link":"#purpose-and-legal-basis-for-processing","children":[]},{"level":2,"title":"Data sources","slug":"data-sources","link":"#data-sources","children":[{"level":3,"title":"Hosting and content delivery","slug":"hosting-and-content-delivery","link":"#hosting-and-content-delivery","children":[]},{"level":3,"title":"Analytics","slug":"analytics","link":"#analytics","children":[]},{"level":3,"title":"Marketing and customer relationship management (CRM)","slug":"marketing-and-customer-relationship-management-crm","link":"#marketing-and-customer-relationship-management-crm","children":[]},{"level":3,"title":"Customer Success and Support Emails","slug":"customer-success-and-support-emails","link":"#customer-success-and-support-emails","children":[]},{"level":3,"title":"Customer Meetings","slug":"customer-meetings","link":"#customer-meetings","children":[]},{"level":3,"title":"Embedded Content","slug":"embedded-content","link":"#embedded-content","children":[]},{"level":3,"title":"Playbooks","slug":"playbooks","link":"#playbooks","children":[]}]},{"level":2,"title":"Your rights as a data subject","slug":"your-rights-as-a-data-subject","link":"#your-rights-as-a-data-subject","children":[]},{"level":2,"title":"Duration of processing","slug":"duration-of-processing","link":"#duration-of-processing","children":[]},{"level":2,"title":"Data recipients","slug":"data-recipients","link":"#data-recipients","children":[]},{"level":2,"title":"Data transfers outside of EU","slug":"data-transfers-outside-of-eu","link":"#data-transfers-outside-of-eu","children":[]},{"level":2,"title":"Automated individual decision-making","slug":"automated-individual-decision-making","link":"#automated-individual-decision-making","children":[]},{"level":2,"title":"Data protection principles and measures","slug":"data-protection-principles-and-measures","link":"#data-protection-principles-and-measures","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"privacy-company.md"}');export{f as comp,b as data}; diff --git a/assets/privacy.html-Bb0Nze7P.js b/assets/privacy.html-BS1mkR75.js similarity index 98% rename from assets/privacy.html-Bb0Nze7P.js rename to assets/privacy.html-BS1mkR75.js index 2b0642b0..cfcb1764 100644 --- a/assets/privacy.html-Bb0Nze7P.js +++ b/assets/privacy.html-BS1mkR75.js @@ -1 +1 @@ -import{_ as t,c as e,o as i,e as a}from"./app-CxPUdK5a.js";const s={},o=a('

TIEDOTE TIETOSUOJASELOSTEEN PÄIVITYKSESTÄ

Vaihdamme sivustoanalytiikkaan käyttämäämme palveluntarjoajaa 22.7.2021 klo 16:00 Suomen aikaa. Tällä hetkellä käytämme sivustoanalytiikkaan Google Analytics-teknologioita. Muutoksen jälkeen emme enää käytä Google Analytics-teknologioita, vaan siirrymme käyttämään Plausible.io-palvelua. Siirtymän yhteydessä päivitämme tämän tietosuojaselosteen vastaavilta osin.

badrap.io:n tietosuojaseloste

Badrap Oy ylläpitää badrap.io-palvelua. Käsittelemme henkilötietojasi EU:n yleisen tietosuoja-asetuksen sekä muun vallitsevan lainsäädännön mukaisesti. Tässä selosteessa kerromme sinulle tietojesi käsittelyn perusteista ja tiedotamme sinulle oikeuksistasi.

Rekisterinpitäjän yhteystiedot

Badrap Oy
Teknologiantie 18 B
90590 Oulu
Sähköposti: support@badrap.io
Y-tunnus 2846254-9

Henkilötietojen käsittelyn tarkoitukset ja oikeusperuste

Badrap Oy käsittelee badrap.io-palveluun rekisteröityvien käyttäjien henkilötietoja palvelun mahdollistamiseksi. Oikeusperuste rekisteröityneiden käyttäjien henkilötietojen käsittelylle on rekisteröidyn yksiselitteinen suostumus. Sinun täytyy itse rekisteröidä omat tietosi palveluun, ja kysymme erikseen suostumusta ennenkuin henkilötietojasi lisätään käyttäjätilisi alle.

Rekisteröimättömien käyttäjien henkilötietojen käsittelyn oikeusperuste on rekisterinpitäjän oikeutettu etu. Teemme sivujemme kävijöistä anonymisoitua tilastointia Google Analytics-teknologioilla. Sen avulla tiedämme että joku vieraili sivuillamme.

Käsittelemämme henkilötiedot

  • Sähköpostiosoitteesi
  • Yksi tai useampia käyttämiäsi IP-osoitteita, jotka itse rekisteröit halutessasi palveluun
  • Tietoturvatutkijoiden varoitukset seuraamillesi IP-osoitteille

Tietolähteet

Saamme henkilötietojasi sinun luvallasi sinulta itseltäsi palveluun rekisteröitymisen tai sen käytön yhteydessä. Voit valita itse yhdistätkö tietyn IP-osoitteen omaan seurantaasi. Tietoihisi lisätyt IP-osoitteet yhdistetään sähköpostiosoitteeseesi (käyttäjätiliin). Myöhemmin voit yhdistää lisää IP-osoitteita käyttäjätietoihisi. IP-osoitteen lisääminen tietoihisi vaatii sinulta aina erillistä hyväksyntää. Voit milloin tahansa nähdä kaikki omat tietosi käyttäjätilisi alta, poistaa IP-osoitteita tiedoistasi, tai poistaa koko käyttäjätilisi.

Tietoturvavaroituksia saamme tietoturvatutkijoilta ja pahansuopaa verkkoliikennettä seuraavilta tutkimusryhmiltä. Mikäli palveluun rekisteröimäsi IP-osoite löytyy tietoturvatutkijoiden listoilta, välitämme sinulle kaikki kyseiseen IP-osoitteeseen liittyvät tiedot mitä tietoturvatutkijat ovat meille toimittaneet. Henkilötietojasi ei koskaan luovuteta tietoturvatutkijoille tai muille kolmansille osapuolille - vain sinä näet omat tietosi.

Rekisteröidyn oikeudet

Sinulla on seuraavat tietosuoja-asetuksen mukaiset oikeudet henkilötietojesi käsittelyyn liittyen. Voit käyttää oikeuksiasi joko suoraan palvelun kautta, tai olemalla meihin yhteydessä sähköpostitse.

Tarkastusoikeus: Sinulla on oikeus milloin tahansa tarkastaa, mitä henkilötietoja sinusta on tietokannassamme. Helpoiten voit tehdä tämän kirjautumalla käyttäjätilillesi ja katsomalla tietosi käyttäjäsivulta.

Vastustamisoikeus: Sinulla on oikeus vastustaa henkilötietojen käsittelyä, jos toimintamme on mielestäsi tietosuoja-asetuksen vastaista tai käsittelemme tietojasi perusteetta.

Poisto-oikeus: Sinulla on oikeus poistaa henkilötietosi palvelusta milloin tahansa. Helpoiten tämä käy kirjautumalla palveluun sisään ja poistamalla käyttäjätilisi itse.

Oikeus siirtää tiedot järjestelmästä toiseen: Sinulla on oikeus pyytää meiltä koneluettava kooste tiedoistasi, jotta voit siirtää ne toiselle palveluntarjoajalle. Mikäli haluat käyttää oikeuttasi, ota meihin yhteyttä sähköpostilla.

Valitusoikeus: Sinulla on oikeus valittaa tietosuojavaltuutetulle, jos rikomme mielestäsi oikeuksiasi, EU:n yleistä tietosuoja-asetusta tai Suomen tietosuojalakia.

Suoramarkkinointikielto: Sinulla on oikeus kieltää tietojesi käyttäminen suoramarkkinointiin. Ota huomioon, että emme käytä tietojasi suoramarkkinointiin emmekä luovuta niitä muille tahoille, jotka saattaisivat käyttää niitä suoramarkkinointiin.

Käsittelyn kesto

Käsittelemme tietojasi niin kauan kuin käyttäjätilisi on olemassa. Voit poistaa käyttäjätilisi itse milloin tahansa. Kun poistat käyttäjätilisi, kaikki tietosi poistuvat järjestelmistämme.

Tietojen vastaanottajat

Tietoihisi on pääsy vain erikseen nimetyillä Badrapin omilla työntekijöillä, jotka kehittävät ja ylläpitävät palvelua. Emme siirrä tietojasi kolmansille osapuolille tai käytä ulkopuolisten palveluntarjoajien työntekijöitä alihankkijoina.

Tietojen siirto EU:n ulkopuolelle

Osa palvelun teknisestä toteutuksesta on ulkoistettu: Google Analytics käytön tilastointiin, Mailgun sähköpostien automaattiseen lähetykseen rekisteröityneille käyttäjille, sekä Google Cloud SQL tietojen varastointia varten. Edellytämme käyttämiltämme ulkomaisilta palveluntarjoajilta, että heidän sijaintimaissaan on tietosuoja-asetuksen mukainen riittävä tietosuojan taso, ja että he ovat sitoutuneet noudattamaan EU:n yleistä tietosuoja-asetusta.

Tietojen käyttö automaattiseen päätöksentekoon

Henkilötietojasi ei käytetä automaattiseen päätöksentekoon tai profilointiin.

Tietojen suojauksen periaatteet

Tietojasi säilytetään ja käsitellään parhaiden mahdollisten kulloinkin tiedossamme olevien teknisten ja organisatoristen tietosuoja- ja tietoturvakäytäntöjen avulla. Käytämme salausta tiedonsiirrossa ja varastoinnissa, pääsynhallintaa ja lokivalvontaa tietoihin pääsyssä, sekä varmuuskopiointia ja versiointia tietokantojen ja käyttäjätietojen eheyden ja saatavuuden varmistamiseksi. Varmistamme että henkilöstömme ymmärtää tietosuojan tärkeyden ja osaa toimia asianmukaisesti. Työntekijämme noudattavat henkilötietojen salassapitovelvollisuutta tietosuoja-asetuksen vaatimusten mukaisesti. Tietovuodon sattuessa olemme valmiita ilmoittamaan tapahtuneesta tietosuojavaltuutetulle ja rekisteröidyille lainsäädännön määräämässä ajassa. Olemme myös valmiita tarvittaessa esittelemään käytäntöjämme valvontaviranomaiselle. Kehitämme käytäntöjämme jatkuvasti entisestään ja parannamme palvelun tietoturvaa.

Käyttäjä rekisteröi itse sähköpostiosoitteensa ja IP-osoitteensa badrap.io-palveluun TLS-suojatun yhteyden välityksellä. Käyttäjän luovuttamat tiedot tallennetaan Google Cloud SQL-tietokantaan. Tietokanta on suojattu vahvalla salauksella ja toteuttaa SSAE 16, ISO 27001, PCI DSS v3.0 sekä HIPAA-vaatimukset. Tietokantaan on pääsy vain ylläpitäjiksi erikseen nimetyillä Badrapin työntekijöillä. Sähköpostien välityksessä käytämme TLS-salausta aina kun se on mahdollista. Käyttäjien toimittamista henkilötiedoista ei tehdä fyysisiä kopioita eikä aineistoa käsitellä manuaalisesti.

',33),n=[o];function l(k,u){return i(),e("div",null,n)}const m=t(s,[["render",l],["__file","privacy.html.vue"]]),p=JSON.parse('{"path":"/fi/privacy.html","title":"badrap.io:n tietosuojaseloste","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"TIEDOTE TIETOSUOJASELOSTEEN PÄIVITYKSESTÄ","slug":"tiedote-tietosuojaselosteen-paivityksesta","link":"#tiedote-tietosuojaselosteen-paivityksesta","children":[]},{"level":2,"title":"Rekisterinpitäjän yhteystiedot","slug":"rekisterinpitajan-yhteystiedot","link":"#rekisterinpitajan-yhteystiedot","children":[]},{"level":2,"title":"Henkilötietojen käsittelyn tarkoitukset ja oikeusperuste","slug":"henkilotietojen-kasittelyn-tarkoitukset-ja-oikeusperuste","link":"#henkilotietojen-kasittelyn-tarkoitukset-ja-oikeusperuste","children":[]},{"level":2,"title":"Käsittelemämme henkilötiedot","slug":"kasittelemamme-henkilotiedot","link":"#kasittelemamme-henkilotiedot","children":[]},{"level":2,"title":"Tietolähteet","slug":"tietolahteet","link":"#tietolahteet","children":[]},{"level":2,"title":"Rekisteröidyn oikeudet","slug":"rekisteroidyn-oikeudet","link":"#rekisteroidyn-oikeudet","children":[]},{"level":2,"title":"Käsittelyn kesto","slug":"kasittelyn-kesto","link":"#kasittelyn-kesto","children":[]},{"level":2,"title":"Tietojen vastaanottajat","slug":"tietojen-vastaanottajat","link":"#tietojen-vastaanottajat","children":[]},{"level":2,"title":"Tietojen siirto EU:n ulkopuolelle","slug":"tietojen-siirto-eu-n-ulkopuolelle","link":"#tietojen-siirto-eu-n-ulkopuolelle","children":[]},{"level":2,"title":"Tietojen käyttö automaattiseen päätöksentekoon","slug":"tietojen-kaytto-automaattiseen-paatoksentekoon","link":"#tietojen-kaytto-automaattiseen-paatoksentekoon","children":[]},{"level":2,"title":"Tietojen suojauksen periaatteet","slug":"tietojen-suojauksen-periaatteet","link":"#tietojen-suojauksen-periaatteet","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/privacy.md"}');export{m as comp,p as data}; +import{_ as t,c as e,o as i,e as a}from"./app-DhWbOGxr.js";const s={},o=a('

TIEDOTE TIETOSUOJASELOSTEEN PÄIVITYKSESTÄ

Vaihdamme sivustoanalytiikkaan käyttämäämme palveluntarjoajaa 22.7.2021 klo 16:00 Suomen aikaa. Tällä hetkellä käytämme sivustoanalytiikkaan Google Analytics-teknologioita. Muutoksen jälkeen emme enää käytä Google Analytics-teknologioita, vaan siirrymme käyttämään Plausible.io-palvelua. Siirtymän yhteydessä päivitämme tämän tietosuojaselosteen vastaavilta osin.

badrap.io:n tietosuojaseloste

Badrap Oy ylläpitää badrap.io-palvelua. Käsittelemme henkilötietojasi EU:n yleisen tietosuoja-asetuksen sekä muun vallitsevan lainsäädännön mukaisesti. Tässä selosteessa kerromme sinulle tietojesi käsittelyn perusteista ja tiedotamme sinulle oikeuksistasi.

Rekisterinpitäjän yhteystiedot

Badrap Oy
Teknologiantie 18 B
90590 Oulu
Sähköposti: support@badrap.io
Y-tunnus 2846254-9

Henkilötietojen käsittelyn tarkoitukset ja oikeusperuste

Badrap Oy käsittelee badrap.io-palveluun rekisteröityvien käyttäjien henkilötietoja palvelun mahdollistamiseksi. Oikeusperuste rekisteröityneiden käyttäjien henkilötietojen käsittelylle on rekisteröidyn yksiselitteinen suostumus. Sinun täytyy itse rekisteröidä omat tietosi palveluun, ja kysymme erikseen suostumusta ennenkuin henkilötietojasi lisätään käyttäjätilisi alle.

Rekisteröimättömien käyttäjien henkilötietojen käsittelyn oikeusperuste on rekisterinpitäjän oikeutettu etu. Teemme sivujemme kävijöistä anonymisoitua tilastointia Google Analytics-teknologioilla. Sen avulla tiedämme että joku vieraili sivuillamme.

Käsittelemämme henkilötiedot

  • Sähköpostiosoitteesi
  • Yksi tai useampia käyttämiäsi IP-osoitteita, jotka itse rekisteröit halutessasi palveluun
  • Tietoturvatutkijoiden varoitukset seuraamillesi IP-osoitteille

Tietolähteet

Saamme henkilötietojasi sinun luvallasi sinulta itseltäsi palveluun rekisteröitymisen tai sen käytön yhteydessä. Voit valita itse yhdistätkö tietyn IP-osoitteen omaan seurantaasi. Tietoihisi lisätyt IP-osoitteet yhdistetään sähköpostiosoitteeseesi (käyttäjätiliin). Myöhemmin voit yhdistää lisää IP-osoitteita käyttäjätietoihisi. IP-osoitteen lisääminen tietoihisi vaatii sinulta aina erillistä hyväksyntää. Voit milloin tahansa nähdä kaikki omat tietosi käyttäjätilisi alta, poistaa IP-osoitteita tiedoistasi, tai poistaa koko käyttäjätilisi.

Tietoturvavaroituksia saamme tietoturvatutkijoilta ja pahansuopaa verkkoliikennettä seuraavilta tutkimusryhmiltä. Mikäli palveluun rekisteröimäsi IP-osoite löytyy tietoturvatutkijoiden listoilta, välitämme sinulle kaikki kyseiseen IP-osoitteeseen liittyvät tiedot mitä tietoturvatutkijat ovat meille toimittaneet. Henkilötietojasi ei koskaan luovuteta tietoturvatutkijoille tai muille kolmansille osapuolille - vain sinä näet omat tietosi.

Rekisteröidyn oikeudet

Sinulla on seuraavat tietosuoja-asetuksen mukaiset oikeudet henkilötietojesi käsittelyyn liittyen. Voit käyttää oikeuksiasi joko suoraan palvelun kautta, tai olemalla meihin yhteydessä sähköpostitse.

Tarkastusoikeus: Sinulla on oikeus milloin tahansa tarkastaa, mitä henkilötietoja sinusta on tietokannassamme. Helpoiten voit tehdä tämän kirjautumalla käyttäjätilillesi ja katsomalla tietosi käyttäjäsivulta.

Vastustamisoikeus: Sinulla on oikeus vastustaa henkilötietojen käsittelyä, jos toimintamme on mielestäsi tietosuoja-asetuksen vastaista tai käsittelemme tietojasi perusteetta.

Poisto-oikeus: Sinulla on oikeus poistaa henkilötietosi palvelusta milloin tahansa. Helpoiten tämä käy kirjautumalla palveluun sisään ja poistamalla käyttäjätilisi itse.

Oikeus siirtää tiedot järjestelmästä toiseen: Sinulla on oikeus pyytää meiltä koneluettava kooste tiedoistasi, jotta voit siirtää ne toiselle palveluntarjoajalle. Mikäli haluat käyttää oikeuttasi, ota meihin yhteyttä sähköpostilla.

Valitusoikeus: Sinulla on oikeus valittaa tietosuojavaltuutetulle, jos rikomme mielestäsi oikeuksiasi, EU:n yleistä tietosuoja-asetusta tai Suomen tietosuojalakia.

Suoramarkkinointikielto: Sinulla on oikeus kieltää tietojesi käyttäminen suoramarkkinointiin. Ota huomioon, että emme käytä tietojasi suoramarkkinointiin emmekä luovuta niitä muille tahoille, jotka saattaisivat käyttää niitä suoramarkkinointiin.

Käsittelyn kesto

Käsittelemme tietojasi niin kauan kuin käyttäjätilisi on olemassa. Voit poistaa käyttäjätilisi itse milloin tahansa. Kun poistat käyttäjätilisi, kaikki tietosi poistuvat järjestelmistämme.

Tietojen vastaanottajat

Tietoihisi on pääsy vain erikseen nimetyillä Badrapin omilla työntekijöillä, jotka kehittävät ja ylläpitävät palvelua. Emme siirrä tietojasi kolmansille osapuolille tai käytä ulkopuolisten palveluntarjoajien työntekijöitä alihankkijoina.

Tietojen siirto EU:n ulkopuolelle

Osa palvelun teknisestä toteutuksesta on ulkoistettu: Google Analytics käytön tilastointiin, Mailgun sähköpostien automaattiseen lähetykseen rekisteröityneille käyttäjille, sekä Google Cloud SQL tietojen varastointia varten. Edellytämme käyttämiltämme ulkomaisilta palveluntarjoajilta, että heidän sijaintimaissaan on tietosuoja-asetuksen mukainen riittävä tietosuojan taso, ja että he ovat sitoutuneet noudattamaan EU:n yleistä tietosuoja-asetusta.

Tietojen käyttö automaattiseen päätöksentekoon

Henkilötietojasi ei käytetä automaattiseen päätöksentekoon tai profilointiin.

Tietojen suojauksen periaatteet

Tietojasi säilytetään ja käsitellään parhaiden mahdollisten kulloinkin tiedossamme olevien teknisten ja organisatoristen tietosuoja- ja tietoturvakäytäntöjen avulla. Käytämme salausta tiedonsiirrossa ja varastoinnissa, pääsynhallintaa ja lokivalvontaa tietoihin pääsyssä, sekä varmuuskopiointia ja versiointia tietokantojen ja käyttäjätietojen eheyden ja saatavuuden varmistamiseksi. Varmistamme että henkilöstömme ymmärtää tietosuojan tärkeyden ja osaa toimia asianmukaisesti. Työntekijämme noudattavat henkilötietojen salassapitovelvollisuutta tietosuoja-asetuksen vaatimusten mukaisesti. Tietovuodon sattuessa olemme valmiita ilmoittamaan tapahtuneesta tietosuojavaltuutetulle ja rekisteröidyille lainsäädännön määräämässä ajassa. Olemme myös valmiita tarvittaessa esittelemään käytäntöjämme valvontaviranomaiselle. Kehitämme käytäntöjämme jatkuvasti entisestään ja parannamme palvelun tietoturvaa.

Käyttäjä rekisteröi itse sähköpostiosoitteensa ja IP-osoitteensa badrap.io-palveluun TLS-suojatun yhteyden välityksellä. Käyttäjän luovuttamat tiedot tallennetaan Google Cloud SQL-tietokantaan. Tietokanta on suojattu vahvalla salauksella ja toteuttaa SSAE 16, ISO 27001, PCI DSS v3.0 sekä HIPAA-vaatimukset. Tietokantaan on pääsy vain ylläpitäjiksi erikseen nimetyillä Badrapin työntekijöillä. Sähköpostien välityksessä käytämme TLS-salausta aina kun se on mahdollista. Käyttäjien toimittamista henkilötiedoista ei tehdä fyysisiä kopioita eikä aineistoa käsitellä manuaalisesti.

',33),n=[o];function l(k,u){return i(),e("div",null,n)}const m=t(s,[["render",l],["__file","privacy.html.vue"]]),p=JSON.parse('{"path":"/fi/privacy.html","title":"badrap.io:n tietosuojaseloste","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"TIEDOTE TIETOSUOJASELOSTEEN PÄIVITYKSESTÄ","slug":"tiedote-tietosuojaselosteen-paivityksesta","link":"#tiedote-tietosuojaselosteen-paivityksesta","children":[]},{"level":2,"title":"Rekisterinpitäjän yhteystiedot","slug":"rekisterinpitajan-yhteystiedot","link":"#rekisterinpitajan-yhteystiedot","children":[]},{"level":2,"title":"Henkilötietojen käsittelyn tarkoitukset ja oikeusperuste","slug":"henkilotietojen-kasittelyn-tarkoitukset-ja-oikeusperuste","link":"#henkilotietojen-kasittelyn-tarkoitukset-ja-oikeusperuste","children":[]},{"level":2,"title":"Käsittelemämme henkilötiedot","slug":"kasittelemamme-henkilotiedot","link":"#kasittelemamme-henkilotiedot","children":[]},{"level":2,"title":"Tietolähteet","slug":"tietolahteet","link":"#tietolahteet","children":[]},{"level":2,"title":"Rekisteröidyn oikeudet","slug":"rekisteroidyn-oikeudet","link":"#rekisteroidyn-oikeudet","children":[]},{"level":2,"title":"Käsittelyn kesto","slug":"kasittelyn-kesto","link":"#kasittelyn-kesto","children":[]},{"level":2,"title":"Tietojen vastaanottajat","slug":"tietojen-vastaanottajat","link":"#tietojen-vastaanottajat","children":[]},{"level":2,"title":"Tietojen siirto EU:n ulkopuolelle","slug":"tietojen-siirto-eu-n-ulkopuolelle","link":"#tietojen-siirto-eu-n-ulkopuolelle","children":[]},{"level":2,"title":"Tietojen käyttö automaattiseen päätöksentekoon","slug":"tietojen-kaytto-automaattiseen-paatoksentekoon","link":"#tietojen-kaytto-automaattiseen-paatoksentekoon","children":[]},{"level":2,"title":"Tietojen suojauksen periaatteet","slug":"tietojen-suojauksen-periaatteet","link":"#tietojen-suojauksen-periaatteet","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/privacy.md"}');export{m as comp,p as data}; diff --git a/assets/privacy.html--nAiX17R.js b/assets/privacy.html-D6xKhr5P.js similarity index 99% rename from assets/privacy.html--nAiX17R.js rename to assets/privacy.html-D6xKhr5P.js index 131f8029..4218e772 100644 --- a/assets/privacy.html--nAiX17R.js +++ b/assets/privacy.html-D6xKhr5P.js @@ -1 +1 @@ -import{_ as e,c as a,o,e as r}from"./app-CxPUdK5a.js";const t={},s=r('

badrap.io Privacy Policy

Badrap Ltd develops and maintains this service. We process your personal data according to the General Data Protection Regulation (GDPR) of the European Union, as well as according to all other relevant legislation according to Finnish and EU law. In this privacy policy we explain our basis for processing your personal information, and inform you of your rights regarding your personal data.

Data controller contact details

Badrap Oy
Teknologiantie 11
90590 Oulu
Finland
Email: contact@badrap.io
Business ID: 2846254-9

Badrap processes the personal information of its registered users in order to provide the service to the users. The legal basis for processing is explicit consent of the data subject - your own consent. You can create an account to the service yourself and submit your data if you choose to do so. We always ask for explicit consent before any of your personal data is stored under your user account.

For users who use our service without creating an user account, the legal basis for processing personal data is our legitimate interests.

We use Plausible.io to collect anonymous visitor statistics on our site. Plausible.io is a privacy-focused website analytics provider that allows us to know someone visited our service. You can review the Plausible.io data policy to see how their analytics service works. The legal basis for collecting website visitor statistics is our legitimate interests.

What personal information do we process?

  • One or more email addresses that you may choose to register into our service
  • One or more IP addresses that you may choose to register into our service
  • Security researchers' warnings regarding your registered IP addresses and email addresses ("assets")

Data sources

We receive your personal data with your explicit consent when you create an account for the service and when you use the service. You can choose to register your assets (IP addresses or email addresses that you use) under your user account. If you register an asset, it will be associated with your user account. You can add more assets under your user account. Registering a new asset under your account always requires your explicit consent. You can at any time see all of your personal data under your user account page, remove any registered assets from your account, or remove your whole user account completely.

We receive information security warnings from security researchers and research groups who follow malicious Internet traffic. If an asset that you have registered is found in any security researchers' warning lists, we will forward you any information regarding your asset that we have received from security researchers. As a rule, your personal data is not transferred to security researchers or any other third parties - only you yourself have access to your own personal data.

Your rights as a data subject

You have the following rights according to GDPR regarding the processing of your personal data. You can exercise your rights either directly through our service, or by contacting us by email.

Right of access: You have the right to check at any time, what personal information we have stored in our database about you. You can do this yourself by logging in to your user account and checking your personal information from your account page.

Right to object: You have the right to object our processing of your personal data, if you think that our processing does not happen according to the GDPR or if you think we have no lawful basis for processing your data. You can exercise this right by removing your user account and refraining from using the service.

Right to erasure: You have the right to remove your personal data from the service at any time. The easiest way to do this is to log in to the service and to remove your user account.

Right to data portability: You have the right to request a machine-readable summary of your personal data from us, so that you can transfer them to another service provider. If you want to exercise your rights, please contact us by email.

Right to lodge a complaint: You have the right to complain to the supervisory authority if you think we are in violation of your rights, in violation of GDPR, or the Finnish law regarding personal data protection. The supervisory authority in this case is the Office of the Data Protection Ombudsman (Tietosuojavaltuutettu) in Finland.

Right to object to direct marketing: You have the right to object to using your personal data for direct marketing purposes. Please keep in mind that we never use your data for direct marketing, nor do we transfer your data to third parties who could use it for direct marketing.

Duration of processing

We process your personal information as long as your user account exists or as long as you keep using the service. If you have created a user account, you can at any time delete your account yourself. When you delete your account, all of your personal information is erased from our systems. If you use the service without a user account as an anonymous user, you can at any time just stop using the service and refrain from using it again. This will cease our processing of your personal data.

Data recipients

Your personal data can be accessed by named employees of Badrap Ltd, who develop and maintain the service. As a rule, we do not transfer your data to third parties or use external service providers as subcontractors.

Data Breach Monitoring

As part of our data breach monitoring service, we offer an integrated search function against security researcher Troy Hunt's Have I Been Pwned data breach reporting database. This search function allows you to search for your email addresses from the Have I Been Pwned data breach service, and to be automatically notified if any new data breaches are published which contain personal information relating to your email addresses.

Have I Been Pwned privacy policy states they do not store or log your email addresses in any way when a query is performed. If you do not trust Badrap or Have I Been Pwned for processing your email addresses securely, you can always refrain from enabling and using the Have I Been Pwned search feature in Badrap.

Note that you have to always provide your explicit and unambiguous consent to use Badrap's Have I Been Pwned search feature, and that you can revoke this consent from your account settings at any time.

Support Emails

When you choose to contact us by email for general service inquiries, support requests or any other questions, we use Google Workspace, Microsoft Office 365 and Hubspot to receive, process and answer your emails. When you contact us, you consent and acknowledge that we will be processing any personal data you may include in your email with the aforementioned third-party services.

Embedded Content

We may sometimes embed media content such as videos onto our playbooks and web pages. This embedded media content may reside at an external hosting provider, such as Youtube. When we embed media content, we do it in a way that will share as little user information as possible with the content hosting provider. When viewing embedded content hosted at a third-party service provider, your viewing and interactions with the content are covered by the hosting provider's privacy policy. This means that you may have to review their privacy policy and to provide consent in order to view or interact with the embedded media.

Data transfers outside of EU

Some parts of our technical service implementation use external components: we use Mailgun for sending automatic email notifications to registered users, and Google Cloud SQL for storing information. We require our foreign service providers that their countries have an adequate level of data privacy as required by the GDPR, and that they are committed to follow the GDPR and other relevant EU regulations.

Automated individual decision-making

Your personal data is NOT used for automated individual decision-making or profiling.

Data protection principles and measures

Your personal data is stored and processed according to the best possible current technical and organizational privacy and security practices that we know of. We use encryption in all data transfer and storage, access control and auditing in all access to data, as well as backups and version control to ensure the integrity and availability of databases and user account data. We constantly ensure that all our employees are aware of the importance of data privacy and that everyone works according to best practices. Our employees are required to uphold a non-disclosure policy for personal data according to the GDPR. When a data breach happens, we are prepared to report the incident to the supervisory authority as well as to the data subjects within the required time limits specified by legislature. We are also prepared to present our practices and measures to the supervisory authority, if needed. We constantly strive to develop our practices and measures further in order to improve the security and privacy of our service.

Technically the process goes as follows: The user (you) registers his/her/their email addresses and IP addresses to the service via a TLS-encrypted session. The data provided by the user is stored into a Google Cloud SQL database. The database is secured with strong encryption and it implements SSAE 16, ISO 27001, PCI DSS v3.0 and HIPAA requirements. Only named Badrap employees who maintain the service can access the database. All email transmissions are done over TLS-encrypted connections whenever possible. No physical copies are ever made of users' personal data and no personal data is ever processed manually.

',40),i=[s];function n(c,d){return o(),a("div",null,i)}const u=e(t,[["render",n],["__file","privacy.html.vue"]]),h=JSON.parse('{"path":"/privacy.html","title":"badrap.io Privacy Policy","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Data controller contact details","slug":"data-controller-contact-details","link":"#data-controller-contact-details","children":[]},{"level":2,"title":"Purpose and legal basis for processing","slug":"purpose-and-legal-basis-for-processing","link":"#purpose-and-legal-basis-for-processing","children":[]},{"level":2,"title":"What personal information do we process?","slug":"what-personal-information-do-we-process","link":"#what-personal-information-do-we-process","children":[]},{"level":2,"title":"Data sources","slug":"data-sources","link":"#data-sources","children":[]},{"level":2,"title":"Your rights as a data subject","slug":"your-rights-as-a-data-subject","link":"#your-rights-as-a-data-subject","children":[]},{"level":2,"title":"Duration of processing","slug":"duration-of-processing","link":"#duration-of-processing","children":[]},{"level":2,"title":"Data recipients","slug":"data-recipients","link":"#data-recipients","children":[{"level":3,"title":"Data Breach Monitoring","slug":"data-breach-monitoring","link":"#data-breach-monitoring","children":[]},{"level":3,"title":"Support Emails","slug":"support-emails","link":"#support-emails","children":[]},{"level":3,"title":"Embedded Content","slug":"embedded-content","link":"#embedded-content","children":[]}]},{"level":2,"title":"Data transfers outside of EU","slug":"data-transfers-outside-of-eu","link":"#data-transfers-outside-of-eu","children":[]},{"level":2,"title":"Automated individual decision-making","slug":"automated-individual-decision-making","link":"#automated-individual-decision-making","children":[]},{"level":2,"title":"Data protection principles and measures","slug":"data-protection-principles-and-measures","link":"#data-protection-principles-and-measures","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"privacy.md"}');export{u as comp,h as data}; +import{_ as e,c as a,o,e as r}from"./app-DhWbOGxr.js";const t={},s=r('

badrap.io Privacy Policy

Badrap Ltd develops and maintains this service. We process your personal data according to the General Data Protection Regulation (GDPR) of the European Union, as well as according to all other relevant legislation according to Finnish and EU law. In this privacy policy we explain our basis for processing your personal information, and inform you of your rights regarding your personal data.

Data controller contact details

Badrap Oy
Teknologiantie 11
90590 Oulu
Finland
Email: contact@badrap.io
Business ID: 2846254-9

Badrap processes the personal information of its registered users in order to provide the service to the users. The legal basis for processing is explicit consent of the data subject - your own consent. You can create an account to the service yourself and submit your data if you choose to do so. We always ask for explicit consent before any of your personal data is stored under your user account.

For users who use our service without creating an user account, the legal basis for processing personal data is our legitimate interests.

We use Plausible.io to collect anonymous visitor statistics on our site. Plausible.io is a privacy-focused website analytics provider that allows us to know someone visited our service. You can review the Plausible.io data policy to see how their analytics service works. The legal basis for collecting website visitor statistics is our legitimate interests.

What personal information do we process?

  • One or more email addresses that you may choose to register into our service
  • One or more IP addresses that you may choose to register into our service
  • Security researchers' warnings regarding your registered IP addresses and email addresses ("assets")

Data sources

We receive your personal data with your explicit consent when you create an account for the service and when you use the service. You can choose to register your assets (IP addresses or email addresses that you use) under your user account. If you register an asset, it will be associated with your user account. You can add more assets under your user account. Registering a new asset under your account always requires your explicit consent. You can at any time see all of your personal data under your user account page, remove any registered assets from your account, or remove your whole user account completely.

We receive information security warnings from security researchers and research groups who follow malicious Internet traffic. If an asset that you have registered is found in any security researchers' warning lists, we will forward you any information regarding your asset that we have received from security researchers. As a rule, your personal data is not transferred to security researchers or any other third parties - only you yourself have access to your own personal data.

Your rights as a data subject

You have the following rights according to GDPR regarding the processing of your personal data. You can exercise your rights either directly through our service, or by contacting us by email.

Right of access: You have the right to check at any time, what personal information we have stored in our database about you. You can do this yourself by logging in to your user account and checking your personal information from your account page.

Right to object: You have the right to object our processing of your personal data, if you think that our processing does not happen according to the GDPR or if you think we have no lawful basis for processing your data. You can exercise this right by removing your user account and refraining from using the service.

Right to erasure: You have the right to remove your personal data from the service at any time. The easiest way to do this is to log in to the service and to remove your user account.

Right to data portability: You have the right to request a machine-readable summary of your personal data from us, so that you can transfer them to another service provider. If you want to exercise your rights, please contact us by email.

Right to lodge a complaint: You have the right to complain to the supervisory authority if you think we are in violation of your rights, in violation of GDPR, or the Finnish law regarding personal data protection. The supervisory authority in this case is the Office of the Data Protection Ombudsman (Tietosuojavaltuutettu) in Finland.

Right to object to direct marketing: You have the right to object to using your personal data for direct marketing purposes. Please keep in mind that we never use your data for direct marketing, nor do we transfer your data to third parties who could use it for direct marketing.

Duration of processing

We process your personal information as long as your user account exists or as long as you keep using the service. If you have created a user account, you can at any time delete your account yourself. When you delete your account, all of your personal information is erased from our systems. If you use the service without a user account as an anonymous user, you can at any time just stop using the service and refrain from using it again. This will cease our processing of your personal data.

Data recipients

Your personal data can be accessed by named employees of Badrap Ltd, who develop and maintain the service. As a rule, we do not transfer your data to third parties or use external service providers as subcontractors.

Data Breach Monitoring

As part of our data breach monitoring service, we offer an integrated search function against security researcher Troy Hunt's Have I Been Pwned data breach reporting database. This search function allows you to search for your email addresses from the Have I Been Pwned data breach service, and to be automatically notified if any new data breaches are published which contain personal information relating to your email addresses.

Have I Been Pwned privacy policy states they do not store or log your email addresses in any way when a query is performed. If you do not trust Badrap or Have I Been Pwned for processing your email addresses securely, you can always refrain from enabling and using the Have I Been Pwned search feature in Badrap.

Note that you have to always provide your explicit and unambiguous consent to use Badrap's Have I Been Pwned search feature, and that you can revoke this consent from your account settings at any time.

Support Emails

When you choose to contact us by email for general service inquiries, support requests or any other questions, we use Google Workspace, Microsoft Office 365 and Hubspot to receive, process and answer your emails. When you contact us, you consent and acknowledge that we will be processing any personal data you may include in your email with the aforementioned third-party services.

Embedded Content

We may sometimes embed media content such as videos onto our playbooks and web pages. This embedded media content may reside at an external hosting provider, such as Youtube. When we embed media content, we do it in a way that will share as little user information as possible with the content hosting provider. When viewing embedded content hosted at a third-party service provider, your viewing and interactions with the content are covered by the hosting provider's privacy policy. This means that you may have to review their privacy policy and to provide consent in order to view or interact with the embedded media.

Data transfers outside of EU

Some parts of our technical service implementation use external components: we use Mailgun for sending automatic email notifications to registered users, and Google Cloud SQL for storing information. We require our foreign service providers that their countries have an adequate level of data privacy as required by the GDPR, and that they are committed to follow the GDPR and other relevant EU regulations.

Automated individual decision-making

Your personal data is NOT used for automated individual decision-making or profiling.

Data protection principles and measures

Your personal data is stored and processed according to the best possible current technical and organizational privacy and security practices that we know of. We use encryption in all data transfer and storage, access control and auditing in all access to data, as well as backups and version control to ensure the integrity and availability of databases and user account data. We constantly ensure that all our employees are aware of the importance of data privacy and that everyone works according to best practices. Our employees are required to uphold a non-disclosure policy for personal data according to the GDPR. When a data breach happens, we are prepared to report the incident to the supervisory authority as well as to the data subjects within the required time limits specified by legislature. We are also prepared to present our practices and measures to the supervisory authority, if needed. We constantly strive to develop our practices and measures further in order to improve the security and privacy of our service.

Technically the process goes as follows: The user (you) registers his/her/their email addresses and IP addresses to the service via a TLS-encrypted session. The data provided by the user is stored into a Google Cloud SQL database. The database is secured with strong encryption and it implements SSAE 16, ISO 27001, PCI DSS v3.0 and HIPAA requirements. Only named Badrap employees who maintain the service can access the database. All email transmissions are done over TLS-encrypted connections whenever possible. No physical copies are ever made of users' personal data and no personal data is ever processed manually.

',40),i=[s];function n(c,d){return o(),a("div",null,i)}const u=e(t,[["render",n],["__file","privacy.html.vue"]]),h=JSON.parse('{"path":"/privacy.html","title":"badrap.io Privacy Policy","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Data controller contact details","slug":"data-controller-contact-details","link":"#data-controller-contact-details","children":[]},{"level":2,"title":"Purpose and legal basis for processing","slug":"purpose-and-legal-basis-for-processing","link":"#purpose-and-legal-basis-for-processing","children":[]},{"level":2,"title":"What personal information do we process?","slug":"what-personal-information-do-we-process","link":"#what-personal-information-do-we-process","children":[]},{"level":2,"title":"Data sources","slug":"data-sources","link":"#data-sources","children":[]},{"level":2,"title":"Your rights as a data subject","slug":"your-rights-as-a-data-subject","link":"#your-rights-as-a-data-subject","children":[]},{"level":2,"title":"Duration of processing","slug":"duration-of-processing","link":"#duration-of-processing","children":[]},{"level":2,"title":"Data recipients","slug":"data-recipients","link":"#data-recipients","children":[{"level":3,"title":"Data Breach Monitoring","slug":"data-breach-monitoring","link":"#data-breach-monitoring","children":[]},{"level":3,"title":"Support Emails","slug":"support-emails","link":"#support-emails","children":[]},{"level":3,"title":"Embedded Content","slug":"embedded-content","link":"#embedded-content","children":[]}]},{"level":2,"title":"Data transfers outside of EU","slug":"data-transfers-outside-of-eu","link":"#data-transfers-outside-of-eu","children":[]},{"level":2,"title":"Automated individual decision-making","slug":"automated-individual-decision-making","link":"#automated-individual-decision-making","children":[]},{"level":2,"title":"Data protection principles and measures","slug":"data-protection-principles-and-measures","link":"#data-protection-principles-and-measures","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"privacy.md"}');export{u as comp,h as data}; diff --git a/assets/rdp.html-Dltkm16M.js b/assets/rdp.html-BgPamftI.js similarity index 96% rename from assets/rdp.html-Dltkm16M.js rename to assets/rdp.html-BgPamftI.js index c2eda98e..3c339dbf 100644 --- a/assets/rdp.html-Dltkm16M.js +++ b/assets/rdp.html-BgPamftI.js @@ -1 +1 @@ -import{_ as r,c as s,a as e,d as o,b as n,w as a,e as i,r as l,o as c}from"./app-CxPUdK5a.js";const p={},d=i('

Open RDP service

Problem description

Our data source has detected in your network an open and unprotected RDP (Remote Desktop Protocol) desktop-sharing service, which anyone can access from the Internet.

RDP is a common protocol used to share your computer desktop with someone else. It is commonly used to allow family members to administer relatives' computers remotely, or to allow IT support to access and service your computer from somewhere else.

While there is a valid use for RDP for remote administration, having your computer open for anyone from the Internet is likely not what you want.

Often RDP is enabled on work computers when they are being used inside the office network. When you move the computer to a home network, as a result of a misconfiguration the RDP service may be left open, and visible to the whole Internet.

Having the RDP service open may allow attackers to attempt to control your computer and observe what you are doing on your screen. This may allow unauthorized attackers to steal your passwords, confidential work or personal information, bank account details, anything you do on your computer.

Suggestions for repair

',8),h=e("p",null,[o("When you have located the vulnerable computer, we recommend disabling the RDP service from it. Search for instructions from the Internet with the keywords "),e("code",null,"disable rdp"),o(" and include your operating system version to further refine the search results, e.g. "),e("code",null,"disable rdp windows 10"),o(".")],-1),u=e("p",null,[o("See "),e("a",{href:"https://www.lifewire.com/disable-windows-remote-desktop-153337",target:"_blank",rel:"noopener noreferrer"},"Disable Remote Desktop from Windows 10"),o(" for step-by-step instructions for Windows PCs.")],-1),m=e("p",null,"If the RDP service is on intentionally and you want to keep it that way, at least block access to the service from the Internet at your firewall or home router. If the service is needed for work, ask your IT support to configure the service in a secure way.",-1);function f(w,y){const t=l("RouteLink");return c(),s("div",null,[d,e("p",null,[o("First of all you need to identify the computer which has the vulnerable service open. "),n(t,{to:"/locate.html"},{default:a(()=>[o("Please read our instructions on locating vulnerable devices.")]),_:1})]),h,u,m])}const g=r(p,[["render",f],["__file","rdp.html.vue"]]),b=JSON.parse('{"path":"/types/rdp.html","title":"Open RDP service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/rdp.md"}');export{g as comp,b as data}; +import{_ as r,c as s,a as e,d as o,b as n,w as a,e as i,r as l,o as c}from"./app-DhWbOGxr.js";const p={},d=i('

Open RDP service

Problem description

Our data source has detected in your network an open and unprotected RDP (Remote Desktop Protocol) desktop-sharing service, which anyone can access from the Internet.

RDP is a common protocol used to share your computer desktop with someone else. It is commonly used to allow family members to administer relatives' computers remotely, or to allow IT support to access and service your computer from somewhere else.

While there is a valid use for RDP for remote administration, having your computer open for anyone from the Internet is likely not what you want.

Often RDP is enabled on work computers when they are being used inside the office network. When you move the computer to a home network, as a result of a misconfiguration the RDP service may be left open, and visible to the whole Internet.

Having the RDP service open may allow attackers to attempt to control your computer and observe what you are doing on your screen. This may allow unauthorized attackers to steal your passwords, confidential work or personal information, bank account details, anything you do on your computer.

Suggestions for repair

',8),h=e("p",null,[o("When you have located the vulnerable computer, we recommend disabling the RDP service from it. Search for instructions from the Internet with the keywords "),e("code",null,"disable rdp"),o(" and include your operating system version to further refine the search results, e.g. "),e("code",null,"disable rdp windows 10"),o(".")],-1),u=e("p",null,[o("See "),e("a",{href:"https://www.lifewire.com/disable-windows-remote-desktop-153337",target:"_blank",rel:"noopener noreferrer"},"Disable Remote Desktop from Windows 10"),o(" for step-by-step instructions for Windows PCs.")],-1),m=e("p",null,"If the RDP service is on intentionally and you want to keep it that way, at least block access to the service from the Internet at your firewall or home router. If the service is needed for work, ask your IT support to configure the service in a secure way.",-1);function f(w,y){const t=l("RouteLink");return c(),s("div",null,[d,e("p",null,[o("First of all you need to identify the computer which has the vulnerable service open. "),n(t,{to:"/locate.html"},{default:a(()=>[o("Please read our instructions on locating vulnerable devices.")]),_:1})]),h,u,m])}const g=r(p,[["render",f],["__file","rdp.html.vue"]]),b=JSON.parse('{"path":"/types/rdp.html","title":"Open RDP service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/rdp.md"}');export{g as comp,b as data}; diff --git a/assets/service-description.html-DepB6qo7.js b/assets/service-description.html-DJ6wIeal.js similarity index 97% rename from assets/service-description.html-DepB6qo7.js rename to assets/service-description.html-DJ6wIeal.js index eb017702..0e7a4992 100644 --- a/assets/service-description.html-DepB6qo7.js +++ b/assets/service-description.html-DJ6wIeal.js @@ -1 +1 @@ -import{_ as e,c as t,o as a,e as i}from"./app-CxPUdK5a.js";const n={},s=i('

Service Description

Some commercial contracts we make with our customers may require us to describe certain aspects of our service. In the spirit of transparency, we publish the description here.

A detailed specification of the content and implementation of the service

Security researchers who produce security content send their findings to badrap.io. Users who consume security content sign up to badrap.io to register their assets and receive targeted information related to those assets. Users may also choose to share their assets to security researchers to receive more content.

The supplier's subcontractors who process personal data

We do not subcontract the processing of personal data. We may have data recipients. An up-to-date list of data recipients is always available at https://docs.badrap.io/privacy.html .

The procedures in place to secure (backup) the client's material in the service

We only store a minimal amount of configuration information to relay relevant messages to and from you. We design and operate the service so that encryption is used for data transfer and storage whenever possible, according to standard security practices.

We backup our production database at least once per day. We store these backups for a minimum of seven days.

Installation, modification and maintenance windows

As we are serving a global audience, we may perform installations, modifications and maintenance around the clock. Typical service interruptions are minimal, lasting only a few seconds or minutes.

The location where the service is produced

All data in our service is stored in data centres within the EU. Maintenance and management are conducted in Finland. See our privacy policy for more details: https://docs.badrap.io/privacy.html.

',13),r=[s];function o(c,d){return a(),t("div",null,r)}const p=e(n,[["render",o],["__file","service-description.html.vue"]]),h=JSON.parse(`{"path":"/service-description.html","title":"Service Description","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"A detailed specification of the content and implementation of the service","slug":"a-detailed-specification-of-the-content-and-implementation-of-the-service","link":"#a-detailed-specification-of-the-content-and-implementation-of-the-service","children":[]},{"level":2,"title":"The supplier's subcontractors who process personal data","slug":"the-supplier-s-subcontractors-who-process-personal-data","link":"#the-supplier-s-subcontractors-who-process-personal-data","children":[]},{"level":2,"title":"The procedures in place to secure (backup) the client's material in the service","slug":"the-procedures-in-place-to-secure-backup-the-client-s-material-in-the-service","link":"#the-procedures-in-place-to-secure-backup-the-client-s-material-in-the-service","children":[]},{"level":2,"title":"Installation, modification and maintenance windows","slug":"installation-modification-and-maintenance-windows","link":"#installation-modification-and-maintenance-windows","children":[]},{"level":2,"title":"The location where the service is produced","slug":"the-location-where-the-service-is-produced","link":"#the-location-where-the-service-is-produced","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"service-description.md"}`);export{p as comp,h as data}; +import{_ as e,c as t,o as a,e as i}from"./app-DhWbOGxr.js";const n={},s=i('

Service Description

Some commercial contracts we make with our customers may require us to describe certain aspects of our service. In the spirit of transparency, we publish the description here.

A detailed specification of the content and implementation of the service

Security researchers who produce security content send their findings to badrap.io. Users who consume security content sign up to badrap.io to register their assets and receive targeted information related to those assets. Users may also choose to share their assets to security researchers to receive more content.

The supplier's subcontractors who process personal data

We do not subcontract the processing of personal data. We may have data recipients. An up-to-date list of data recipients is always available at https://docs.badrap.io/privacy.html .

The procedures in place to secure (backup) the client's material in the service

We only store a minimal amount of configuration information to relay relevant messages to and from you. We design and operate the service so that encryption is used for data transfer and storage whenever possible, according to standard security practices.

We backup our production database at least once per day. We store these backups for a minimum of seven days.

Installation, modification and maintenance windows

As we are serving a global audience, we may perform installations, modifications and maintenance around the clock. Typical service interruptions are minimal, lasting only a few seconds or minutes.

The location where the service is produced

All data in our service is stored in data centres within the EU. Maintenance and management are conducted in Finland. See our privacy policy for more details: https://docs.badrap.io/privacy.html.

',13),r=[s];function o(c,d){return a(),t("div",null,r)}const p=e(n,[["render",o],["__file","service-description.html.vue"]]),h=JSON.parse(`{"path":"/service-description.html","title":"Service Description","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"A detailed specification of the content and implementation of the service","slug":"a-detailed-specification-of-the-content-and-implementation-of-the-service","link":"#a-detailed-specification-of-the-content-and-implementation-of-the-service","children":[]},{"level":2,"title":"The supplier's subcontractors who process personal data","slug":"the-supplier-s-subcontractors-who-process-personal-data","link":"#the-supplier-s-subcontractors-who-process-personal-data","children":[]},{"level":2,"title":"The procedures in place to secure (backup) the client's material in the service","slug":"the-procedures-in-place-to-secure-backup-the-client-s-material-in-the-service","link":"#the-procedures-in-place-to-secure-backup-the-client-s-material-in-the-service","children":[]},{"level":2,"title":"Installation, modification and maintenance windows","slug":"installation-modification-and-maintenance-windows","link":"#installation-modification-and-maintenance-windows","children":[]},{"level":2,"title":"The location where the service is produced","slug":"the-location-where-the-service-is-produced","link":"#the-location-where-the-service-is-produced","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"service-description.md"}`);export{p as comp,h as data}; diff --git a/assets/smb.html-BT2tqUye.js b/assets/smb.html-BiahTyun.js similarity index 94% rename from assets/smb.html-BT2tqUye.js rename to assets/smb.html-BiahTyun.js index b92e5bc6..2599c9af 100644 --- a/assets/smb.html-BT2tqUye.js +++ b/assets/smb.html-BiahTyun.js @@ -1 +1 @@ -import{_ as s,c as o,a,d as e,b as i,w as n,e as l,r as u,o as k}from"./app-CxPUdK5a.js";const r={},p=l('

Avoin SMB-tiedostojakopalvelu

Ongelman kuvaus

Olemme havainneet verkossasi salaamattoman SMB-palvelun, johon kuka tahansa voi ottaa yhteyttä Internetistä.

SMB on protokolla, jota käytetään esimerkiksi tiedostojen ja tulostimien jakamiseen verkossa. Yleisesti ottaen tällaiset verkkojaot on parasta rajoittaa ainoastaan kotisi tai työpaikkasi sisäverkkoon. SMB-yhteydet ovat nimittäin oletusarvoisesti salaamattomia. Lisäksi kyseisen protokollan toteutuksissa on havaittu vuosien saatossa lukuisia tietoturvaongelmia.

Liian avoin SMB-palvelu voi jakaa kovalevysi sisältöä, kuvia ja dokumentteja koko maailmalle. Jos palvelu vielä sattuu olemaan haavoittuvainen, tarjoaa se pahantekijöille mahdollisuuden ottaa koko tietokone haltuun.

Korjausehdotuksia

',6),m=a("p",null,"Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun käytöstä. Jos kyseessä on kotitietokoneesi ja haluat pitää palvelun päällä, siirrä ainakin laitteet palomuurin taakse tai ota tietokoneesi oma palomuuri käyttöön. Rajoita siis palvelu näkymään ainoastaan paikalliseen verkkoosi.",-1),v=a("p",null,[e("Hakusanoilla "),a("code",null,"disable smb"),e(" löydät käyttöjärjestelmääsi ja laitteeseesi liittyvät SMB-palvelun poisto-ohjeet.")],-1);function h(d,c){const t=u("RouteLink");return k(),o("div",null,[p,a("p",null,[e("Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. "),i(t,{to:"/fi/locate.html"},{default:n(()=>[e("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),m,v])}const _=s(r,[["render",h],["__file","smb.html.vue"]]),y=JSON.parse('{"path":"/fi/types/smb.html","title":"Avoin SMB-tiedostojakopalvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/smb.md"}');export{_ as comp,y as data}; +import{_ as s,c as o,a,d as e,b as i,w as n,e as l,r as u,o as k}from"./app-DhWbOGxr.js";const r={},p=l('

Avoin SMB-tiedostojakopalvelu

Ongelman kuvaus

Olemme havainneet verkossasi salaamattoman SMB-palvelun, johon kuka tahansa voi ottaa yhteyttä Internetistä.

SMB on protokolla, jota käytetään esimerkiksi tiedostojen ja tulostimien jakamiseen verkossa. Yleisesti ottaen tällaiset verkkojaot on parasta rajoittaa ainoastaan kotisi tai työpaikkasi sisäverkkoon. SMB-yhteydet ovat nimittäin oletusarvoisesti salaamattomia. Lisäksi kyseisen protokollan toteutuksissa on havaittu vuosien saatossa lukuisia tietoturvaongelmia.

Liian avoin SMB-palvelu voi jakaa kovalevysi sisältöä, kuvia ja dokumentteja koko maailmalle. Jos palvelu vielä sattuu olemaan haavoittuvainen, tarjoaa se pahantekijöille mahdollisuuden ottaa koko tietokone haltuun.

Korjausehdotuksia

',6),m=a("p",null,"Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun käytöstä. Jos kyseessä on kotitietokoneesi ja haluat pitää palvelun päällä, siirrä ainakin laitteet palomuurin taakse tai ota tietokoneesi oma palomuuri käyttöön. Rajoita siis palvelu näkymään ainoastaan paikalliseen verkkoosi.",-1),v=a("p",null,[e("Hakusanoilla "),a("code",null,"disable smb"),e(" löydät käyttöjärjestelmääsi ja laitteeseesi liittyvät SMB-palvelun poisto-ohjeet.")],-1);function h(d,c){const t=u("RouteLink");return k(),o("div",null,[p,a("p",null,[e("Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. "),i(t,{to:"/fi/locate.html"},{default:n(()=>[e("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),m,v])}const _=s(r,[["render",h],["__file","smb.html.vue"]]),y=JSON.parse('{"path":"/fi/types/smb.html","title":"Avoin SMB-tiedostojakopalvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/smb.md"}');export{_ as comp,y as data}; diff --git a/assets/smb.html-BQll2f3l.js b/assets/smb.html-CN1PCiis.js similarity index 95% rename from assets/smb.html-BQll2f3l.js rename to assets/smb.html-CN1PCiis.js index 36c01e51..99260204 100644 --- a/assets/smb.html-BQll2f3l.js +++ b/assets/smb.html-CN1PCiis.js @@ -1 +1 @@ -import{_ as n,c as r,a as e,d as t,b as s,w as a,e as i,r as c,o as l}from"./app-CxPUdK5a.js";const d={},h=i('

Open SMB service

Problem description

Our data source has detected in your network an open and unprotected SMB service, which anyone can access from the Internet.

SMB is a common Internet protocol used to share access to files and printers in home and office networks. In general these kinds of network shares should be limited to work only from the local network, not from the Internet. SMB connections are unencrypted by default, and over the years countless security vulnerabilities have been found in services using SMB.

An open SMB service can share the contents of your hard drives including your personal documents and images to the whole world. If your SMB service happens to also contain vulnerabilities, bad guys can use it to take control of your computer and use it to launch further attacks inside your network.

Suggestions for repair

',6),u=e("p",null,[t("When you have located the vulnerable device, we recommend disabling the SMB service from it. Search for instructions from the Internet with the keywords "),e("code",null,"disable smb"),t(" and include your device or operating system version to further refine the search results.")],-1),p=e("p",null,"If the SMB service is on intentionally and you want to keep it that way, at least block access to the service from the Internet at your firewall or home router.",-1);function m(f,v){const o=c("RouteLink");return l(),r("div",null,[h,e("p",null,[t("First of all you need to identify the device which has the vulnerable service open. "),s(o,{to:"/locate.html"},{default:a(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),u,p])}const y=n(d,[["render",m],["__file","smb.html.vue"]]),g=JSON.parse('{"path":"/types/smb.html","title":"Open SMB service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/smb.md"}');export{y as comp,g as data}; +import{_ as n,c as r,a as e,d as t,b as s,w as a,e as i,r as c,o as l}from"./app-DhWbOGxr.js";const d={},h=i('

Open SMB service

Problem description

Our data source has detected in your network an open and unprotected SMB service, which anyone can access from the Internet.

SMB is a common Internet protocol used to share access to files and printers in home and office networks. In general these kinds of network shares should be limited to work only from the local network, not from the Internet. SMB connections are unencrypted by default, and over the years countless security vulnerabilities have been found in services using SMB.

An open SMB service can share the contents of your hard drives including your personal documents and images to the whole world. If your SMB service happens to also contain vulnerabilities, bad guys can use it to take control of your computer and use it to launch further attacks inside your network.

Suggestions for repair

',6),u=e("p",null,[t("When you have located the vulnerable device, we recommend disabling the SMB service from it. Search for instructions from the Internet with the keywords "),e("code",null,"disable smb"),t(" and include your device or operating system version to further refine the search results.")],-1),p=e("p",null,"If the SMB service is on intentionally and you want to keep it that way, at least block access to the service from the Internet at your firewall or home router.",-1);function m(f,v){const o=c("RouteLink");return l(),r("div",null,[h,e("p",null,[t("First of all you need to identify the device which has the vulnerable service open. "),s(o,{to:"/locate.html"},{default:a(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),u,p])}const y=n(d,[["render",m],["__file","smb.html.vue"]]),g=JSON.parse('{"path":"/types/smb.html","title":"Open SMB service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/smb.md"}');export{y as comp,g as data}; diff --git a/assets/snmp.html-q7B2tUR0.js b/assets/snmp.html-BiBpPTxM.js similarity index 94% rename from assets/snmp.html-q7B2tUR0.js rename to assets/snmp.html-BiBpPTxM.js index 83233c6e..d6b1b763 100644 --- a/assets/snmp.html-q7B2tUR0.js +++ b/assets/snmp.html-BiBpPTxM.js @@ -1 +1 @@ -import{_ as i,c as l,a,d as e,b as s,w as n,e as o,r as u,o as k}from"./app-CxPUdK5a.js";const p={},v=o('

Avoin SNMP-palvelu

Ongelman kuvaus

SNMP, tuo Internet-palveluiden kasariveteraani. Tämän palvelun ei kannata olla näkyvillä Internetiin. Palvelun avulla nimittäin kuka tahansa voi kysellä tietoja IP-osoitteessasi olevista laitteista. Eikä siinä kaikki.

SNMP-palvelu on kätevä työkalu Internetin pahiksille. He kimmottavat ja vahvistavat hyökkäyksiään muita vastaan tämän palvelun avulla. Olet ehkä kuullut uutisissa joskus palvelunestohyökkäyksistä? Näillä niitä tehdään.

Uhrille homma näyttää siltä, että hyökkäys tulee tästä osoitteesta. Hyvä palvelu pahiksille, paha maine omistajalle. Ei jatkoon.

Korjausehdotuksia

',6),h=a("p",null,[e("Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun välittömästi käytöstä. Etsi laitteeseesi tai käyttöjärjestelmään sopivat ohjeet kirjoittamalla hakukoneeseen "),a("code",null,"disable snmp"),e(" ja laitteeseen liittyvä tarkenne, esimerkiksi: "),a("code",null,"disable snmp apple airport")],-1),m=a("p",null,"Saattaa olla että löydät vain ohjeita, joissa kerrotaan miten SNMP-palvelu laitetaan päälle. Onneksi tätäkin ohjeita voi soveltaa: etsi ohjeista miten palvelu kytketään päälle ja tee juuri päinvastainen toimenpide – palvelun voi myös sammuttaa samasta paikasta.",-1);function r(d,c){const t=u("RouteLink");return k(),l("div",null,[v,a("p",null,[e("Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. "),s(t,{to:"/fi/locate.html"},{default:n(()=>[e("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),h,m])}const _=i(p,[["render",r],["__file","snmp.html.vue"]]),y=JSON.parse('{"path":"/fi/types/snmp.html","title":"Avoin SNMP-palvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/snmp.md"}');export{_ as comp,y as data}; +import{_ as i,c as l,a,d as e,b as s,w as n,e as o,r as u,o as k}from"./app-DhWbOGxr.js";const p={},v=o('

Avoin SNMP-palvelu

Ongelman kuvaus

SNMP, tuo Internet-palveluiden kasariveteraani. Tämän palvelun ei kannata olla näkyvillä Internetiin. Palvelun avulla nimittäin kuka tahansa voi kysellä tietoja IP-osoitteessasi olevista laitteista. Eikä siinä kaikki.

SNMP-palvelu on kätevä työkalu Internetin pahiksille. He kimmottavat ja vahvistavat hyökkäyksiään muita vastaan tämän palvelun avulla. Olet ehkä kuullut uutisissa joskus palvelunestohyökkäyksistä? Näillä niitä tehdään.

Uhrille homma näyttää siltä, että hyökkäys tulee tästä osoitteesta. Hyvä palvelu pahiksille, paha maine omistajalle. Ei jatkoon.

Korjausehdotuksia

',6),h=a("p",null,[e("Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun välittömästi käytöstä. Etsi laitteeseesi tai käyttöjärjestelmään sopivat ohjeet kirjoittamalla hakukoneeseen "),a("code",null,"disable snmp"),e(" ja laitteeseen liittyvä tarkenne, esimerkiksi: "),a("code",null,"disable snmp apple airport")],-1),m=a("p",null,"Saattaa olla että löydät vain ohjeita, joissa kerrotaan miten SNMP-palvelu laitetaan päälle. Onneksi tätäkin ohjeita voi soveltaa: etsi ohjeista miten palvelu kytketään päälle ja tee juuri päinvastainen toimenpide – palvelun voi myös sammuttaa samasta paikasta.",-1);function r(d,c){const t=u("RouteLink");return k(),l("div",null,[v,a("p",null,[e("Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. "),s(t,{to:"/fi/locate.html"},{default:n(()=>[e("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),h,m])}const _=i(p,[["render",r],["__file","snmp.html.vue"]]),y=JSON.parse('{"path":"/fi/types/snmp.html","title":"Avoin SNMP-palvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/snmp.md"}');export{_ as comp,y as data}; diff --git a/assets/snmp.html-BUnVwCVL.js b/assets/snmp.html-Cb4kpTd6.js similarity index 95% rename from assets/snmp.html-BUnVwCVL.js rename to assets/snmp.html-Cb4kpTd6.js index 696dfc6c..3e243b6b 100644 --- a/assets/snmp.html-BUnVwCVL.js +++ b/assets/snmp.html-Cb4kpTd6.js @@ -1 +1 @@ -import{_ as o,c as s,a as e,d as t,b as n,w as i,e as r,r as c,o as l}from"./app-CxPUdK5a.js";const d={},h=r('

Open SNMP service

Problem description

SNMP is a veteran of Internet services from the 80's. This service should not be open to the Internet from your devices. If it is open, anyone could find out information about your devices at your IP address. And that's not even all of it!

The SNMP service is also handy for Internet bad guys when they make denial-of-service attacks. They can amplify their attacks using the SNMP service. If you have heard of denial-of-service attacks, this is one of the common services used to create those attacks.

When a bad guy uses your SNMP service to launch an attack towards someone else, the actual victim of the attack sees the attack coming from your IP address. SNMP is great for bad guys, and it can bring bad reputation to you if an attack happens.

Suggestions for repair

',6),p=e("p",null,[t("When you have located the vulnerable device, we recommend disabling the service from it. Search for instructions from the Internet with the keywords "),e("code",null,"disable snmp"),t(" and your device brand and model, for instance: "),e("code",null,"disable snmp apple airport")],-1),u=e("p",null,"Sometimes you may be able to only find instructions on how to enable the SNMP service in your device. If this happens, just perform the exact opposite actions and disable the service - usually you can enable and disable the service from the same location in your device's administration interface.",-1),m=e("p",null,"If the SNMP service is on intentionally and you want to keep it that way, at least block access to it from the Internet at your firewall or home router.",-1);function f(v,y){const a=c("RouteLink");return l(),s("div",null,[h,e("p",null,[t("First of all you need to identify the device which has the vulnerable service open. "),n(a,{to:"/locate.html"},{default:i(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),p,u,m])}const g=o(d,[["render",f],["__file","snmp.html.vue"]]),_=JSON.parse('{"path":"/types/snmp.html","title":"Open SNMP service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/snmp.md"}');export{g as comp,_ as data}; +import{_ as o,c as s,a as e,d as t,b as n,w as i,e as r,r as c,o as l}from"./app-DhWbOGxr.js";const d={},h=r('

Open SNMP service

Problem description

SNMP is a veteran of Internet services from the 80's. This service should not be open to the Internet from your devices. If it is open, anyone could find out information about your devices at your IP address. And that's not even all of it!

The SNMP service is also handy for Internet bad guys when they make denial-of-service attacks. They can amplify their attacks using the SNMP service. If you have heard of denial-of-service attacks, this is one of the common services used to create those attacks.

When a bad guy uses your SNMP service to launch an attack towards someone else, the actual victim of the attack sees the attack coming from your IP address. SNMP is great for bad guys, and it can bring bad reputation to you if an attack happens.

Suggestions for repair

',6),p=e("p",null,[t("When you have located the vulnerable device, we recommend disabling the service from it. Search for instructions from the Internet with the keywords "),e("code",null,"disable snmp"),t(" and your device brand and model, for instance: "),e("code",null,"disable snmp apple airport")],-1),u=e("p",null,"Sometimes you may be able to only find instructions on how to enable the SNMP service in your device. If this happens, just perform the exact opposite actions and disable the service - usually you can enable and disable the service from the same location in your device's administration interface.",-1),m=e("p",null,"If the SNMP service is on intentionally and you want to keep it that way, at least block access to it from the Internet at your firewall or home router.",-1);function f(v,y){const a=c("RouteLink");return l(),s("div",null,[h,e("p",null,[t("First of all you need to identify the device which has the vulnerable service open. "),n(a,{to:"/locate.html"},{default:i(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),p,u,m])}const g=o(d,[["render",f],["__file","snmp.html.vue"]]),_=JSON.parse('{"path":"/types/snmp.html","title":"Open SNMP service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/snmp.md"}');export{g as comp,_ as data}; diff --git a/assets/spamlist.html-tke5fmdm.js b/assets/spamlist.html-DnKLsU8E.js similarity index 97% rename from assets/spamlist.html-tke5fmdm.js rename to assets/spamlist.html-DnKLsU8E.js index b9ca4da1..531957b2 100644 --- a/assets/spamlist.html-tke5fmdm.js +++ b/assets/spamlist.html-DnKLsU8E.js @@ -1 +1 @@ -import{_ as s,c as i,a as e,d as a,b as o,w as n,e as r,r as l,o as d}from"./app-CxPUdK5a.js";const p={},c=e("h1",{id:"spam-list",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#spam-list"},[e("span",null,"Spam List")])],-1),h=e("h2",{id:"problem-description",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#problem-description"},[e("span",null,"Problem description")])],-1),u=e("p",null,"Your email address and possibly other personal data related to it has been stolen or accidentally exposed, and it has been collected into a list used by spammers (online unsolicited marketers). Usually this happens when you provide your email address and other personal data to a company or organization when you subscribe to a service, and that company or organization then gets hacked or otherwise fails to protect your personal data adequately.",-1),m=r('

Along with your email address, a spam list may include personal information such as home addresses or phone numbers, depending what information you have given to the service and what has been exposed. Spam lists can be published online or sold and used to send unsolicited marketing emails or scams on behalf of unsuspecting victims, either targeting you or making the spam emails look like they originate from you.

Information about these kinds of spam lists along with exposed email addresses are collected by a widely-publicized and credible data breach and spam list reporting service Have I Been Pwned, operated by security researcher Troy Hunt. You can read more about the spam list incidents collected by them at Have I Been Pwned and spam lists of personal information.

Suggestions for repair

Since your email address and possibly other personal information has already been exposed, the most important thing is to stay calm. In many cases the information has leaked already a long time ago, and you cannot unfortunately change the fact that it has happened. Often, the company or organization from where your data got stolen might have already sent you a notification email about the incident, telling you which personal information was exposed. What you can do is be mindful of your personal data in the future and consider where you provide it.

Protecting against future incidents

',5),y=e("p",null,"Many of you have heard of the EU's General Data Protection Regulation (GDPR) - it is one step towards better privacy online, with increased security against personal data breaches. You need to also consider why and where you are submitting your personal information such as home address or phone number, and what are the potential risks if such data becomes exposed and published.",-1);function f(g,b){const t=l("RouteLink");return d(),i("div",null,[c,h,u,e("p",null,[a("A spam list is a special category of "),o(t,{to:"/types/databreach.html"},{default:n(()=>[a("data breaches")]),_:1}),a(". A spam list usually contains much of the similar personal information as a data breach, but it does not include your passwords.")]),m,e("p",null,[a("Treat your personal information online like money – you need to have a good reason to give it away. Support efforts to increase consumer privacy rights, be it on a political or voluntary level. Favour companies who demonstrate they care about your privacy. Having an easy-to-understand privacy policy that explains how your personal information is handled and protected is one good sign. (Here is Badrap's "),o(t,{to:"/docs/privacy.html"},{default:n(()=>[a("privacy policy")]),_:1}),a(".)")]),y])}const w=s(p,[["render",f],["__file","spamlist.html.vue"]]),_=JSON.parse('{"path":"/types/spamlist.html","title":"Spam List","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]},{"level":2,"title":"Protecting against future incidents","slug":"protecting-against-future-incidents","link":"#protecting-against-future-incidents","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/spamlist.md"}');export{w as comp,_ as data}; +import{_ as s,c as i,a as e,d as a,b as o,w as n,e as r,r as l,o as d}from"./app-DhWbOGxr.js";const p={},c=e("h1",{id:"spam-list",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#spam-list"},[e("span",null,"Spam List")])],-1),h=e("h2",{id:"problem-description",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#problem-description"},[e("span",null,"Problem description")])],-1),u=e("p",null,"Your email address and possibly other personal data related to it has been stolen or accidentally exposed, and it has been collected into a list used by spammers (online unsolicited marketers). Usually this happens when you provide your email address and other personal data to a company or organization when you subscribe to a service, and that company or organization then gets hacked or otherwise fails to protect your personal data adequately.",-1),m=r('

Along with your email address, a spam list may include personal information such as home addresses or phone numbers, depending what information you have given to the service and what has been exposed. Spam lists can be published online or sold and used to send unsolicited marketing emails or scams on behalf of unsuspecting victims, either targeting you or making the spam emails look like they originate from you.

Information about these kinds of spam lists along with exposed email addresses are collected by a widely-publicized and credible data breach and spam list reporting service Have I Been Pwned, operated by security researcher Troy Hunt. You can read more about the spam list incidents collected by them at Have I Been Pwned and spam lists of personal information.

Suggestions for repair

Since your email address and possibly other personal information has already been exposed, the most important thing is to stay calm. In many cases the information has leaked already a long time ago, and you cannot unfortunately change the fact that it has happened. Often, the company or organization from where your data got stolen might have already sent you a notification email about the incident, telling you which personal information was exposed. What you can do is be mindful of your personal data in the future and consider where you provide it.

Protecting against future incidents

',5),y=e("p",null,"Many of you have heard of the EU's General Data Protection Regulation (GDPR) - it is one step towards better privacy online, with increased security against personal data breaches. You need to also consider why and where you are submitting your personal information such as home address or phone number, and what are the potential risks if such data becomes exposed and published.",-1);function f(g,b){const t=l("RouteLink");return d(),i("div",null,[c,h,u,e("p",null,[a("A spam list is a special category of "),o(t,{to:"/types/databreach.html"},{default:n(()=>[a("data breaches")]),_:1}),a(". A spam list usually contains much of the similar personal information as a data breach, but it does not include your passwords.")]),m,e("p",null,[a("Treat your personal information online like money – you need to have a good reason to give it away. Support efforts to increase consumer privacy rights, be it on a political or voluntary level. Favour companies who demonstrate they care about your privacy. Having an easy-to-understand privacy policy that explains how your personal information is handled and protected is one good sign. (Here is Badrap's "),o(t,{to:"/docs/privacy.html"},{default:n(()=>[a("privacy policy")]),_:1}),a(".)")]),y])}const w=s(p,[["render",f],["__file","spamlist.html.vue"]]),_=JSON.parse('{"path":"/types/spamlist.html","title":"Spam List","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]},{"level":2,"title":"Protecting against future incidents","slug":"protecting-against-future-incidents","link":"#protecting-against-future-incidents","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/spamlist.md"}');export{w as comp,_ as data}; diff --git a/assets/subdomain.html-BdkTII2J.js b/assets/subdomain.html-CHgc-oVW.js similarity index 98% rename from assets/subdomain.html-BdkTII2J.js rename to assets/subdomain.html-CHgc-oVW.js index ff13564e..51e969b7 100644 --- a/assets/subdomain.html-BdkTII2J.js +++ b/assets/subdomain.html-CHgc-oVW.js @@ -1,4 +1,4 @@ -import{_ as e,c as i,o as a,e as s}from"./app-CxPUdK5a.js";const t={},n=s(`

Subdomain Takeover Risk

Your domain has a stale DNS entry (a "subdomain") pointing to a third-party provider, which may be open to abuse.

Problem description

A CNAME entry in your DNS records points to a third-party address, which apparently is not used anymore.

A potential attacker may be able to take over your subdomain by starting their own service inside the third-party service provider.

If the attacker succeeds, they can exploit the situation as follows:

  • Typical: the attacker uses your brand and domain to legitimize sharing of malicious content (malware, or material for scams).
  • Advanced: the attacker can exploit the services under your domain by bypassing the "same origin protection" used in modern browsers. In practice, the attacker injects their own code to the browser of a user using a service under your domain. The browser agrees to execute the code as it comes from the same domain where the attacked service resides.

More information about subdomain takeovers:

  • https://0xpatrik.com/subdomain-takeover-basics/
  • https://developer.mozilla.org/en-US/docs/Web/Security/Subdomain_takeovers

Verifying the issue

You can use DNS lookups to verify the issue. For example, you can use the "dig" command in a terminal in Linux or MacOS.

Normal situation, before a subdomain takeover issue exists

Your subdomain CNAME record points to a third-party service provider. The provider has an A or AAAA record that points to a valid IP address.

$ dig mysubdomain.example.com
+import{_ as e,c as i,o as a,e as s}from"./app-DhWbOGxr.js";const t={},n=s(`
Subdomain Takeover Risk
Your domain has a stale DNS entry (a "subdomain") pointing to a third-party provider, which may be open to abuse.
Problem description
A CNAME entry in your DNS records points to a third-party address, which apparently is not used anymore.
A potential attacker may be able to take over your subdomain by starting their own service inside the third-party service provider.
If the attacker succeeds, they can exploit the situation as follows:
  • Typical: the attacker uses your brand and domain to legitimize sharing of malicious content (malware, or material for scams).
  • Advanced: the attacker can exploit the services under your domain by bypassing the "same origin protection" used in modern browsers. In practice, the attacker injects their own code to the browser of a user using a service under your domain. The browser agrees to execute the code as it comes from the same domain where the attacked service resides.
More information about subdomain takeovers:
  • https://0xpatrik.com/subdomain-takeover-basics/
  • https://developer.mozilla.org/en-US/docs/Web/Security/Subdomain_takeovers
Verifying the issue
You can use DNS lookups to verify the issue. For example, you can use the "dig" command in a terminal in Linux or MacOS.
Normal situation, before a subdomain takeover issue exists
Your subdomain CNAME record points to a third-party service provider. The provider has an A or AAAA record that points to a valid IP address.
$ dig mysubdomain.example.com
 [extra text removed]
 ;; ANSWER SECTION:
 mysubdomain.example.com.    281  IN  CNAME subdomain.example-cloudserviceprovider.com
@@ -13,4 +13,4 @@ import{_ as e,c as i,o as a,e as s}from"./app-CxPUdK5a.js";const t={},n=s(`
;; QUESTION SECTION:
 mysubdomain.example.com.    IN  A
 [no ANSWER SECTION, extra text removed]
-
Suggestions for repair
  1. Double-check that the subdomain is not used anymore.
  2. Remove the subdomain CNAME record from your DNS.
  3. You can investigate how likely it is that attackers can launch their own service in the third-party address that your CNAME record points to.
  4. Whatever the result is, we recommend cleaning unused records from your DNS. In other words, investigation provides little added value.
Protecting against future incidents
  1. When you set up a new service, first create a virtual host or cloud service for it. After that, set up your DNS CNAME entry.
  2. When you decommission a service, first remove its DNS CNAME entry. After that, decommission the virtual host or cloud service.
`,24),r=[n];function o(l,d){return a(),i("div",null,r)}const c=e(t,[["render",o],["__file","subdomain.html.vue"]]),m=JSON.parse('{"path":"/types/subdomain.html","title":"Subdomain Takeover Risk","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Verifying the issue","slug":"verifying-the-issue","link":"#verifying-the-issue","children":[{"level":3,"title":"Normal situation, before a subdomain takeover issue exists","slug":"normal-situation-before-a-subdomain-takeover-issue-exists","link":"#normal-situation-before-a-subdomain-takeover-issue-exists","children":[]},{"level":3,"title":"Current, vulnerable situation","slug":"current-vulnerable-situation","link":"#current-vulnerable-situation","children":[]},{"level":3,"title":"After remediation","slug":"after-remediation","link":"#after-remediation","children":[]}]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]},{"level":2,"title":"Protecting against future incidents","slug":"protecting-against-future-incidents","link":"#protecting-against-future-incidents","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/subdomain.md"}');export{c as comp,m as data};
+

Suggestions for repair

  1. Double-check that the subdomain is not used anymore.
  2. Remove the subdomain CNAME record from your DNS.
  3. You can investigate how likely it is that attackers can launch their own service in the third-party address that your CNAME record points to.
  4. Whatever the result is, we recommend cleaning unused records from your DNS. In other words, investigation provides little added value.

Protecting against future incidents

  1. When you set up a new service, first create a virtual host or cloud service for it. After that, set up your DNS CNAME entry.
  2. When you decommission a service, first remove its DNS CNAME entry. After that, decommission the virtual host or cloud service.
`,24),r=[n];function o(l,d){return a(),i("div",null,r)}const c=e(t,[["render",o],["__file","subdomain.html.vue"]]),m=JSON.parse('{"path":"/types/subdomain.html","title":"Subdomain Takeover Risk","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Verifying the issue","slug":"verifying-the-issue","link":"#verifying-the-issue","children":[{"level":3,"title":"Normal situation, before a subdomain takeover issue exists","slug":"normal-situation-before-a-subdomain-takeover-issue-exists","link":"#normal-situation-before-a-subdomain-takeover-issue-exists","children":[]},{"level":3,"title":"Current, vulnerable situation","slug":"current-vulnerable-situation","link":"#current-vulnerable-situation","children":[]},{"level":3,"title":"After remediation","slug":"after-remediation","link":"#after-remediation","children":[]}]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]},{"level":2,"title":"Protecting against future incidents","slug":"protecting-against-future-incidents","link":"#protecting-against-future-incidents","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/subdomain.md"}');export{c as comp,m as data}; diff --git a/assets/telnet.html-987288tA.js b/assets/telnet.html-C0BLJASu.js similarity index 94% rename from assets/telnet.html-987288tA.js rename to assets/telnet.html-C0BLJASu.js index 54c811ea..04d104fe 100644 --- a/assets/telnet.html-987288tA.js +++ b/assets/telnet.html-C0BLJASu.js @@ -1 +1 @@ -import{_ as l,c as n,a as e,d as a,b as i,w as s,e as o,r as u,o as k}from"./app-CxPUdK5a.js";const r={},p=o('

Avoin Telnet-palvelu

Ongelman kuvaus

Telnet - tuo ikivanha Internet-palvelu, jota ei soisi enää näkyvän - varsinkaan avoinna Internetiin! Avonainen Telnet-palvelu kertoo kolmesta mahdollisesta ongelmasta:

  1. Jos joku oikeasti käyttää palvelua, kaikki liikenne liikkuu salaamattomana Internetissä. Pahikset voivat nähdä kaiken mitä Telnet-yhteydellä teet. Pahikset voivat myös kaapata palvelun ja sitä tarjoavan laitteen itselleen.

  2. Jos Telnet-palvelun päälläolo on yllätys, siinä saattaa myös olla helposti arvattava oletussalasana käytössä.

  3. Laitteessa, jossa Telnet on auki on todennäköisesti monta muutakin tietoturvaongelmaa.

Korjausehdotuksia

',5),h=e("p",null,[a("Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun välittömästi käytöstä. Etsi laitteeseesi tai käyttöjärjestelmään sopivat ohjeet kirjoittamalla hakukoneeseen "),e("code",null,"disable telnet"),a(" ja laitteeseen liittyvä tarkenne, esimerkiksi kotireitittimen malli: "),e("code",null,"disable telnet telewell tw-ea501")],-1);function v(d,m){const t=u("RouteLink");return k(),n("div",null,[p,e("p",null,[a("Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. "),i(t,{to:"/fi/locate.html"},{default:s(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),h])}const _=l(r,[["render",v],["__file","telnet.html.vue"]]),j=JSON.parse('{"path":"/fi/types/telnet.html","title":"Avoin Telnet-palvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/telnet.md"}');export{_ as comp,j as data}; +import{_ as l,c as n,a as e,d as a,b as i,w as s,e as o,r as u,o as k}from"./app-DhWbOGxr.js";const r={},p=o('

Avoin Telnet-palvelu

Ongelman kuvaus

Telnet - tuo ikivanha Internet-palvelu, jota ei soisi enää näkyvän - varsinkaan avoinna Internetiin! Avonainen Telnet-palvelu kertoo kolmesta mahdollisesta ongelmasta:

  1. Jos joku oikeasti käyttää palvelua, kaikki liikenne liikkuu salaamattomana Internetissä. Pahikset voivat nähdä kaiken mitä Telnet-yhteydellä teet. Pahikset voivat myös kaapata palvelun ja sitä tarjoavan laitteen itselleen.

  2. Jos Telnet-palvelun päälläolo on yllätys, siinä saattaa myös olla helposti arvattava oletussalasana käytössä.

  3. Laitteessa, jossa Telnet on auki on todennäköisesti monta muutakin tietoturvaongelmaa.

Korjausehdotuksia

',5),h=e("p",null,[a("Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun välittömästi käytöstä. Etsi laitteeseesi tai käyttöjärjestelmään sopivat ohjeet kirjoittamalla hakukoneeseen "),e("code",null,"disable telnet"),a(" ja laitteeseen liittyvä tarkenne, esimerkiksi kotireitittimen malli: "),e("code",null,"disable telnet telewell tw-ea501")],-1);function v(d,m){const t=u("RouteLink");return k(),n("div",null,[p,e("p",null,[a("Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. "),i(t,{to:"/fi/locate.html"},{default:s(()=>[a("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),h])}const _=l(r,[["render",v],["__file","telnet.html.vue"]]),j=JSON.parse('{"path":"/fi/types/telnet.html","title":"Avoin Telnet-palvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/telnet.md"}');export{_ as comp,j as data}; diff --git a/assets/telnet.html-CFTfXnZz.js b/assets/telnet.html-CxdK7qUP.js similarity index 95% rename from assets/telnet.html-CFTfXnZz.js rename to assets/telnet.html-CxdK7qUP.js index 78baf963..f0baa2a6 100644 --- a/assets/telnet.html-CFTfXnZz.js +++ b/assets/telnet.html-CxdK7qUP.js @@ -1 +1 @@ -import{_ as n,c as a,a as e,d as t,b as s,w as r,e as i,r as l,o as d}from"./app-CxPUdK5a.js";const c={},h=i('

Open Telnet service

Problem description

Telnet, that age-old Internet service, which should no longer even exist - let alone be open to everyone on the Internet! An open Telnet service tells you about three possible problems in your network:

  1. If someone actually uses it for something, all of the Telnet traffic is transmitted unencrypted, which means that bad guys may be able to eavesdrop what is done over the Telnet connection. Bad guys who listen in are also able to hijack your device and use it for their own purposes.

  2. If it is a surprise to you that the Telnet service is on, your device also may have an easily guessable default password that bad guys can use (or have already used) to take control of your device.

  3. A device which has an open Telnet service very likely has many other security vulnerabilities. Modern, well-designed devices with security updates usually do not use Telnet anymore.

Suggestions for repair

',5),u=e("p",null,[t("When you have located the vulnerable device, we recommend disabling the Telnet service immediately. Search for instructions from the Internet with the keywords "),e("code",null,"disable telnet"),t(" and your device brand and model, for instance: "),e("code",null,"disable telnet telewell tw-ea501")],-1),p=e("p",null,"After you disable the Telnet service, you should at least change the administrator password for your device, or consider resetting your device to factory defaults (and then disabling Telnet again if necessary) in order to protect your device from bad guys who have already potentially abused your device.",-1);function v(y,f){const o=l("RouteLink");return d(),a("div",null,[h,e("p",null,[t("First of all you need to identify the device which has the vulnerable service open. "),s(o,{to:"/locate.html"},{default:r(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),u,p])}const b=n(c,[["render",v],["__file","telnet.html.vue"]]),g=JSON.parse('{"path":"/types/telnet.html","title":"Open Telnet service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/telnet.md"}');export{b as comp,g as data}; +import{_ as n,c as a,a as e,d as t,b as s,w as r,e as i,r as l,o as d}from"./app-DhWbOGxr.js";const c={},h=i('

Open Telnet service

Problem description

Telnet, that age-old Internet service, which should no longer even exist - let alone be open to everyone on the Internet! An open Telnet service tells you about three possible problems in your network:

  1. If someone actually uses it for something, all of the Telnet traffic is transmitted unencrypted, which means that bad guys may be able to eavesdrop what is done over the Telnet connection. Bad guys who listen in are also able to hijack your device and use it for their own purposes.

  2. If it is a surprise to you that the Telnet service is on, your device also may have an easily guessable default password that bad guys can use (or have already used) to take control of your device.

  3. A device which has an open Telnet service very likely has many other security vulnerabilities. Modern, well-designed devices with security updates usually do not use Telnet anymore.

Suggestions for repair

',5),u=e("p",null,[t("When you have located the vulnerable device, we recommend disabling the Telnet service immediately. Search for instructions from the Internet with the keywords "),e("code",null,"disable telnet"),t(" and your device brand and model, for instance: "),e("code",null,"disable telnet telewell tw-ea501")],-1),p=e("p",null,"After you disable the Telnet service, you should at least change the administrator password for your device, or consider resetting your device to factory defaults (and then disabling Telnet again if necessary) in order to protect your device from bad guys who have already potentially abused your device.",-1);function v(y,f){const o=l("RouteLink");return d(),a("div",null,[h,e("p",null,[t("First of all you need to identify the device which has the vulnerable service open. "),s(o,{to:"/locate.html"},{default:r(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),u,p])}const b=n(c,[["render",v],["__file","telnet.html.vue"]]),g=JSON.parse('{"path":"/types/telnet.html","title":"Open Telnet service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/telnet.md"}');export{b as comp,g as data}; diff --git a/assets/tftp.html-7lCbqBhd.js b/assets/tftp.html-3wvTG_p0.js similarity index 93% rename from assets/tftp.html-7lCbqBhd.js rename to assets/tftp.html-3wvTG_p0.js index f3bdf6be..8881ec8f 100644 --- a/assets/tftp.html-7lCbqBhd.js +++ b/assets/tftp.html-3wvTG_p0.js @@ -1 +1 @@ -import{_ as l,c as n,a as t,d as e,b as s,w as i,r as o,o as u}from"./app-CxPUdK5a.js";const k={},r=t("h1",{id:"avoin-tftp-palvelu",tabindex:"-1"},[t("a",{class:"header-anchor",href:"#avoin-tftp-palvelu"},[t("span",null,"Avoin TFTP-palvelu")])],-1),h=t("h2",{id:"ongelman-kuvaus",tabindex:"-1"},[t("a",{class:"header-anchor",href:"#ongelman-kuvaus"},[t("span",null,"Ongelman kuvaus")])],-1),p=t("p",null,"Onko verkkosi toiminut joskus huonosti? Vika ei aina ole välttämättä palveluntarjoajassa. Pahikset saattavat käyttää tässä IP-osoitteessa olevaa avointa TFTP-palvelua hyväkseen palvelunestohyökkäyksissä.",-1),m=t("h2",{id:"korjausehdotuksia",tabindex:"-1"},[t("a",{class:"header-anchor",href:"#korjausehdotuksia"},[t("span",null,"Korjausehdotuksia")])],-1),d=t("p",null,[e("Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun välittömästi käytöstä. Etsi laitteeseesi tai käyttöjärjestelmään sopivat ohjeet kirjoittamalla hakukoneeseen "),t("code",null,"disable tftp"),e(" ja laitteeseen liittyvä tarkenne, esimerkiksi kotireitittimen malli: "),t("code",null,"disable tftp netgear nighthawk")],-1);function c(v,f){const a=o("RouteLink");return u(),n("div",null,[r,h,p,t("p",null,[e("Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää "),s(a,{to:"/fi/categories.html#amplifikaatiohyokkaykset"},{default:i(()=>[e("täältä")]),_:1}),e(".")]),m,t("p",null,[e("Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. "),s(a,{to:"/fi/locate.html"},{default:i(()=>[e("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),d])}const j=l(k,[["render",c],["__file","tftp.html.vue"]]),y=JSON.parse('{"path":"/fi/types/tftp.html","title":"Avoin TFTP-palvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"fi/types/tftp.md"}');export{j as comp,y as data}; +import{_ as l,c as n,a as t,d as e,b as s,w as i,r as o,o as u}from"./app-DhWbOGxr.js";const k={},r=t("h1",{id:"avoin-tftp-palvelu",tabindex:"-1"},[t("a",{class:"header-anchor",href:"#avoin-tftp-palvelu"},[t("span",null,"Avoin TFTP-palvelu")])],-1),h=t("h2",{id:"ongelman-kuvaus",tabindex:"-1"},[t("a",{class:"header-anchor",href:"#ongelman-kuvaus"},[t("span",null,"Ongelman kuvaus")])],-1),p=t("p",null,"Onko verkkosi toiminut joskus huonosti? Vika ei aina ole välttämättä palveluntarjoajassa. Pahikset saattavat käyttää tässä IP-osoitteessa olevaa avointa TFTP-palvelua hyväkseen palvelunestohyökkäyksissä.",-1),m=t("h2",{id:"korjausehdotuksia",tabindex:"-1"},[t("a",{class:"header-anchor",href:"#korjausehdotuksia"},[t("span",null,"Korjausehdotuksia")])],-1),d=t("p",null,[e("Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun välittömästi käytöstä. Etsi laitteeseesi tai käyttöjärjestelmään sopivat ohjeet kirjoittamalla hakukoneeseen "),t("code",null,"disable tftp"),e(" ja laitteeseen liittyvä tarkenne, esimerkiksi kotireitittimen malli: "),t("code",null,"disable tftp netgear nighthawk")],-1);function c(v,f){const a=o("RouteLink");return u(),n("div",null,[r,h,p,t("p",null,[e("Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää "),s(a,{to:"/fi/categories.html#amplifikaatiohyokkaykset"},{default:i(()=>[e("täältä")]),_:1}),e(".")]),m,t("p",null,[e("Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. "),s(a,{to:"/fi/locate.html"},{default:i(()=>[e("Lue ohjeet laitteen paikallistamiseksi.")]),_:1})]),d])}const j=l(k,[["render",c],["__file","tftp.html.vue"]]),y=JSON.parse('{"path":"/fi/types/tftp.html","title":"Avoin TFTP-palvelu","lang":"fi","frontmatter":{},"headers":[{"level":2,"title":"Ongelman kuvaus","slug":"ongelman-kuvaus","link":"#ongelman-kuvaus","children":[]},{"level":2,"title":"Korjausehdotuksia","slug":"korjausehdotuksia","link":"#korjausehdotuksia","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"fi/types/tftp.md"}');export{j as comp,y as data}; diff --git a/assets/tftp.html-Ddm1bE5s.js b/assets/tftp.html-wLx--ROU.js similarity index 94% rename from assets/tftp.html-Ddm1bE5s.js rename to assets/tftp.html-wLx--ROU.js index e599474b..c8c90c62 100644 --- a/assets/tftp.html-Ddm1bE5s.js +++ b/assets/tftp.html-wLx--ROU.js @@ -1 +1 @@ -import{_ as r,c as s,a as e,d as t,b as n,w as a,r as i,o as l}from"./app-CxPUdK5a.js";const c={},d=e("h1",{id:"open-tftp-service",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#open-tftp-service"},[e("span",null,"Open TFTP service")])],-1),h=e("h2",{id:"problem-description",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#problem-description"},[e("span",null,"Problem description")])],-1),p=e("p",null,"Is your Internet working badly? Sometimes your service provider is not to blame. Bad guys can use your open TFTP service to launch a denial-of-service attack . As a result, your Internet connection can work really slowly or not at all, and the actual victim of the attack has things even worse.",-1),u=e("h2",{id:"suggestions-for-repair",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#suggestions-for-repair"},[e("span",null,"Suggestions for repair")])],-1),f=e("p",null,[t("When you have located the vulnerable device, we recommend disabling the TFTP service from it. Search for instructions from the Internet with the keywords "),e("code",null,"disable tftp"),t(" and your device brand and model, for instance: "),e("code",null,"disable tftp netgear nighthawk")],-1),m=e("p",null,"If the TFTP service is on intentionally and you want to keep it that way, at least block access to the service from the Internet at your firewall or home router.",-1);function v(_,g){const o=i("RouteLink");return l(),s("div",null,[d,h,p,e("p",null,[t("If you want to understand better how these kinds of so-called amplification attacks work, please see "),n(o,{to:"/categories.html#amplification-attacks"},{default:a(()=>[t("here")]),_:1}),t(".")]),u,e("p",null,[t("First of all you need to identify the device which has the vulnerable service open. "),n(o,{to:"/locate.html"},{default:a(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),f,m])}const y=r(c,[["render",v],["__file","tftp.html.vue"]]),k=JSON.parse('{"path":"/types/tftp.html","title":"Open TFTP service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/tftp.md"}');export{y as comp,k as data}; +import{_ as r,c as s,a as e,d as t,b as n,w as a,r as i,o as l}from"./app-DhWbOGxr.js";const c={},d=e("h1",{id:"open-tftp-service",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#open-tftp-service"},[e("span",null,"Open TFTP service")])],-1),h=e("h2",{id:"problem-description",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#problem-description"},[e("span",null,"Problem description")])],-1),p=e("p",null,"Is your Internet working badly? Sometimes your service provider is not to blame. Bad guys can use your open TFTP service to launch a denial-of-service attack . As a result, your Internet connection can work really slowly or not at all, and the actual victim of the attack has things even worse.",-1),u=e("h2",{id:"suggestions-for-repair",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#suggestions-for-repair"},[e("span",null,"Suggestions for repair")])],-1),f=e("p",null,[t("When you have located the vulnerable device, we recommend disabling the TFTP service from it. Search for instructions from the Internet with the keywords "),e("code",null,"disable tftp"),t(" and your device brand and model, for instance: "),e("code",null,"disable tftp netgear nighthawk")],-1),m=e("p",null,"If the TFTP service is on intentionally and you want to keep it that way, at least block access to the service from the Internet at your firewall or home router.",-1);function v(_,g){const o=i("RouteLink");return l(),s("div",null,[d,h,p,e("p",null,[t("If you want to understand better how these kinds of so-called amplification attacks work, please see "),n(o,{to:"/categories.html#amplification-attacks"},{default:a(()=>[t("here")]),_:1}),t(".")]),u,e("p",null,[t("First of all you need to identify the device which has the vulnerable service open. "),n(o,{to:"/locate.html"},{default:a(()=>[t("Please read our instructions on locating vulnerable devices.")]),_:1})]),f,m])}const y=r(c,[["render",v],["__file","tftp.html.vue"]]),k=JSON.parse('{"path":"/types/tftp.html","title":"Open TFTP service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/tftp.md"}');export{y as comp,k as data}; diff --git a/assets/tos.html-CTPtZAS5.js b/assets/tos.html-BLHOeTQv.js similarity index 97% rename from assets/tos.html-CTPtZAS5.js rename to assets/tos.html-BLHOeTQv.js index 76fb5223..4fb573d6 100644 --- a/assets/tos.html-CTPtZAS5.js +++ b/assets/tos.html-BLHOeTQv.js @@ -1 +1 @@ -import{_ as e,c as i,o as t,e as a}from"./app-CxPUdK5a.js";const r={},o=a('

Badrap Terms of Service

By using badrap.io, you agree to these conditions. Please read them carefully.

Intended use

The Service is free for personal use and for internal use in companies with up to five employees. You may register assets to the Service to receive relevant security and privacy warnings. If you have more than five employees or want to use paid features contact us at contact@badrap.io. Your commercial right to use is granted by a separate purchase or trial agreement and payment of the related initial or renewal fees and other charges (“Fees”). In this case you have a non-transferable and non-exclusive right to use the service solely for your internal business purposes in accordance with the commercial terms of the purchase or trial agreement and this Terms of Service.

Intellectual property

The copyright and all other intellectual property rights in and related to the Service (including all text, graphics, code, files and links) belong to our licensors or us (Badrap Oy). You agree not to reproduce, duplicate, copy, sell, resell or exploit any portion of the Service beyond the Intended Use without express written permission by us.

Modifications to the Service

We reserve the right to modify the Service without notice at any time.

Prohibited use

You are prohibited from using the site or its contents: (a) to directly or indirectly violate any international or local regulations, rules, laws, or ordinances; (b) to infringe upon or violate intellectual property rights; (c) to harass, abuse, insult, harm, intimidate, or discriminate; (d) to submit false or misleading information; or (e) to interfere with the security of the Service or the Internet.

Limitation of liability

You expressly agree that your use of the Service is at your sole risk. The Service and everything delivered to you through the Service are (except as expressly stated by us) provided 'as is' and 'as available' for your use, without any representations, warranties, either express or implied, including all implied warranties or conditions of merchantability, merchantable quality, fitness for a particular purpose, durability, title, and non-infringement.

Termination

If in our sole judgment you fail, or we suspect that you have failed, to comply with any term or provision of these Terms of Service, we may terminate this agreement at any time without notice and you will remain liable for all amounts due up to and including the date of termination; and/or accordingly may deny you access to our Services.

Governing law and Arbitration

These Terms of Service and any separate agreements whereby we provide you Services shall be governed by and construed in accordance with the laws of Finland.

Any dispute, controversy or claim arising out of or relating to this contract, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce. The number of arbitrators shall be three. The seat of arbitration shall be Helsinki. The language of the arbitration shall be English.

Contact information

Questions about the Terms of Service should be sent to us at support@badrap.io

Privacy of our registered users

Submission of personal information to the Service (badrap.io) is governed by our Privacy Policy: https://docs.badrap.io/privacy.html

Terms of service specific to companies

In addition to our generic End User Terms of Service given above, the following terms apply to Companies and the processing of data that Companies and their Employees provide to us.

  1. We comply to GDPR.
  2. We do not subcontract data processing without your permission.
  3. We process the data you provide for the purpose of relaying security and privacy warnings related to your assets. Duration of the processing is for as long as you keep your account active and store your data in our Service. We stop the processing and remove the data when you terminate your account. You may at any time review your stored data under your user account.
  4. When we provide the Service to a Company, we act as a Data Processor according to the definitions of the GDPR. The Company whose Employees use our Service acts as a Data Controller. The Company's Employees share their personal data as Data Subjects.
  5. You will be notified of any data breaches in our Service that relate to the data you have provided to us for processing.
  6. For inquiries related to privacy and personal data processing, contact us at support@badrap.io.
',24),n=[o];function s(l,c){return t(),i("div",null,n)}const h=e(r,[["render",s],["__file","tos.html.vue"]]),p=JSON.parse('{"path":"/tos.html","title":"Badrap Terms of Service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Intended use","slug":"intended-use","link":"#intended-use","children":[]},{"level":2,"title":"Intellectual property","slug":"intellectual-property","link":"#intellectual-property","children":[]},{"level":2,"title":"Modifications to the Service","slug":"modifications-to-the-service","link":"#modifications-to-the-service","children":[]},{"level":2,"title":"Prohibited use","slug":"prohibited-use","link":"#prohibited-use","children":[]},{"level":2,"title":"Limitation of liability","slug":"limitation-of-liability","link":"#limitation-of-liability","children":[]},{"level":2,"title":"Termination","slug":"termination","link":"#termination","children":[]},{"level":2,"title":"Governing law and Arbitration","slug":"governing-law-and-arbitration","link":"#governing-law-and-arbitration","children":[]},{"level":2,"title":"Contact information","slug":"contact-information","link":"#contact-information","children":[]},{"level":2,"title":"Privacy of our registered users","slug":"privacy-of-our-registered-users","link":"#privacy-of-our-registered-users","children":[]},{"level":2,"title":"Terms of service specific to companies","slug":"terms-of-service-specific-to-companies","link":"#terms-of-service-specific-to-companies","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"tos.md"}');export{h as comp,p as data}; +import{_ as e,c as i,o as t,e as a}from"./app-DhWbOGxr.js";const r={},o=a('

Badrap Terms of Service

By using badrap.io, you agree to these conditions. Please read them carefully.

Intended use

The Service is free for personal use and for internal use in companies with up to five employees. You may register assets to the Service to receive relevant security and privacy warnings. If you have more than five employees or want to use paid features contact us at contact@badrap.io. Your commercial right to use is granted by a separate purchase or trial agreement and payment of the related initial or renewal fees and other charges (“Fees”). In this case you have a non-transferable and non-exclusive right to use the service solely for your internal business purposes in accordance with the commercial terms of the purchase or trial agreement and this Terms of Service.

Intellectual property

The copyright and all other intellectual property rights in and related to the Service (including all text, graphics, code, files and links) belong to our licensors or us (Badrap Oy). You agree not to reproduce, duplicate, copy, sell, resell or exploit any portion of the Service beyond the Intended Use without express written permission by us.

Modifications to the Service

We reserve the right to modify the Service without notice at any time.

Prohibited use

You are prohibited from using the site or its contents: (a) to directly or indirectly violate any international or local regulations, rules, laws, or ordinances; (b) to infringe upon or violate intellectual property rights; (c) to harass, abuse, insult, harm, intimidate, or discriminate; (d) to submit false or misleading information; or (e) to interfere with the security of the Service or the Internet.

Limitation of liability

You expressly agree that your use of the Service is at your sole risk. The Service and everything delivered to you through the Service are (except as expressly stated by us) provided 'as is' and 'as available' for your use, without any representations, warranties, either express or implied, including all implied warranties or conditions of merchantability, merchantable quality, fitness for a particular purpose, durability, title, and non-infringement.

Termination

If in our sole judgment you fail, or we suspect that you have failed, to comply with any term or provision of these Terms of Service, we may terminate this agreement at any time without notice and you will remain liable for all amounts due up to and including the date of termination; and/or accordingly may deny you access to our Services.

Governing law and Arbitration

These Terms of Service and any separate agreements whereby we provide you Services shall be governed by and construed in accordance with the laws of Finland.

Any dispute, controversy or claim arising out of or relating to this contract, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce. The number of arbitrators shall be three. The seat of arbitration shall be Helsinki. The language of the arbitration shall be English.

Contact information

Questions about the Terms of Service should be sent to us at support@badrap.io

Privacy of our registered users

Submission of personal information to the Service (badrap.io) is governed by our Privacy Policy: https://docs.badrap.io/privacy.html

Terms of service specific to companies

In addition to our generic End User Terms of Service given above, the following terms apply to Companies and the processing of data that Companies and their Employees provide to us.

  1. We comply to GDPR.
  2. We do not subcontract data processing without your permission.
  3. We process the data you provide for the purpose of relaying security and privacy warnings related to your assets. Duration of the processing is for as long as you keep your account active and store your data in our Service. We stop the processing and remove the data when you terminate your account. You may at any time review your stored data under your user account.
  4. When we provide the Service to a Company, we act as a Data Processor according to the definitions of the GDPR. The Company whose Employees use our Service acts as a Data Controller. The Company's Employees share their personal data as Data Subjects.
  5. You will be notified of any data breaches in our Service that relate to the data you have provided to us for processing.
  6. For inquiries related to privacy and personal data processing, contact us at support@badrap.io.
',24),n=[o];function s(l,c){return t(),i("div",null,n)}const h=e(r,[["render",s],["__file","tos.html.vue"]]),p=JSON.parse('{"path":"/tos.html","title":"Badrap Terms of Service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Intended use","slug":"intended-use","link":"#intended-use","children":[]},{"level":2,"title":"Intellectual property","slug":"intellectual-property","link":"#intellectual-property","children":[]},{"level":2,"title":"Modifications to the Service","slug":"modifications-to-the-service","link":"#modifications-to-the-service","children":[]},{"level":2,"title":"Prohibited use","slug":"prohibited-use","link":"#prohibited-use","children":[]},{"level":2,"title":"Limitation of liability","slug":"limitation-of-liability","link":"#limitation-of-liability","children":[]},{"level":2,"title":"Termination","slug":"termination","link":"#termination","children":[]},{"level":2,"title":"Governing law and Arbitration","slug":"governing-law-and-arbitration","link":"#governing-law-and-arbitration","children":[]},{"level":2,"title":"Contact information","slug":"contact-information","link":"#contact-information","children":[]},{"level":2,"title":"Privacy of our registered users","slug":"privacy-of-our-registered-users","link":"#privacy-of-our-registered-users","children":[]},{"level":2,"title":"Terms of service specific to companies","slug":"terms-of-service-specific-to-companies","link":"#terms-of-service-specific-to-companies","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"tos.md"}');export{h as comp,p as data}; diff --git a/assets/traficom.html-DFa_0WX1.js b/assets/traficom.html-Bes53oE1.js similarity index 95% rename from assets/traficom.html-DFa_0WX1.js rename to assets/traficom.html-Bes53oE1.js index 64a473c0..b5295092 100644 --- a/assets/traficom.html-DFa_0WX1.js +++ b/assets/traficom.html-Bes53oE1.js @@ -1 +1 @@ -import{_ as t,c as a,o as e,e as i}from"./app-CxPUdK5a.js";const n="/assets/traficom-10-install-DkrmTnAH.png",s="/assets/traficom-20-perms-8gZkczhz.png",o="/assets/traficom-30-id-EY4_ejdZ.png",r={},l=i('

Traficom

Traficom app allows you to share your asset information with NCSC-FI (Kyberturvallisuuskeskus), the National Cyber Security Centre of Finland.

Sharing your Badrap asset information with NCSC-FI allows you to receive more accurate incident and vulnerability information about your valuable online resources.

By installing the app, you agree to share the list of your network assets (IP addresses and domain names) from Badrap to NCSC-FI. When you share the app installation ID with NCSC-FI, they can tell your assets belong to your organization.

Note that NCSC-FI is responsible for communicating about cyber security incidents and vulnerabilities with companies, organizations and individuals within Finland. If you are a Badrap user outside of Finland, you are probably better served by contacting your own local cyber security coordination centre.

Installation

  1. Open the Traficom app page.
  2. Click Install.
  1. Review the permissions the app requests. Click Install the app.
  1. Send the app installation ID by email to kyberturvallisuuskeskus@traficom.fi.
  1. Note that the installation ID is not a secret, and only NCSC-FI can use it to list your assets through Badrap's app API.

Uninstalling the app

  1. Open the Traficom app page and click Uninstall.
  2. That's it, you're done.
',15),p=[l];function c(h,d){return e(),a("div",null,p)}const u=t(r,[["render",c],["__file","traficom.html.vue"]]),f=JSON.parse('{"path":"/apps/traficom.html","title":"Traficom","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Installation","slug":"installation","link":"#installation","children":[]},{"level":2,"title":"Uninstalling the app","slug":"uninstalling-the-app","link":"#uninstalling-the-app","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"apps/traficom.md"}');export{u as comp,f as data}; +import{_ as t,c as a,o as e,e as i}from"./app-DhWbOGxr.js";const n="/assets/traficom-10-install-DkrmTnAH.png",s="/assets/traficom-20-perms-8gZkczhz.png",o="/assets/traficom-30-id-EY4_ejdZ.png",r={},l=i('

Traficom

Traficom app allows you to share your asset information with NCSC-FI (Kyberturvallisuuskeskus), the National Cyber Security Centre of Finland.

Sharing your Badrap asset information with NCSC-FI allows you to receive more accurate incident and vulnerability information about your valuable online resources.

By installing the app, you agree to share the list of your network assets (IP addresses and domain names) from Badrap to NCSC-FI. When you share the app installation ID with NCSC-FI, they can tell your assets belong to your organization.

Note that NCSC-FI is responsible for communicating about cyber security incidents and vulnerabilities with companies, organizations and individuals within Finland. If you are a Badrap user outside of Finland, you are probably better served by contacting your own local cyber security coordination centre.

Installation

  1. Open the Traficom app page.
  2. Click Install.
  1. Review the permissions the app requests. Click Install the app.
  1. Send the app installation ID by email to kyberturvallisuuskeskus@traficom.fi.
  1. Note that the installation ID is not a secret, and only NCSC-FI can use it to list your assets through Badrap's app API.

Uninstalling the app

  1. Open the Traficom app page and click Uninstall.
  2. That's it, you're done.
',15),p=[l];function c(h,d){return e(),a("div",null,p)}const u=t(r,[["render",c],["__file","traficom.html.vue"]]),f=JSON.parse('{"path":"/apps/traficom.html","title":"Traficom","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Installation","slug":"installation","link":"#installation","children":[]},{"level":2,"title":"Uninstalling the app","slug":"uninstalling-the-app","link":"#uninstalling-the-app","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"apps/traficom.md"}');export{u as comp,f as data}; diff --git a/assets/vnc.html-D9LE4BKT.js b/assets/vnc.html-CKb8ICul.js similarity index 96% rename from assets/vnc.html-D9LE4BKT.js rename to assets/vnc.html-CKb8ICul.js index 89e524e6..f3c72f57 100644 --- a/assets/vnc.html-D9LE4BKT.js +++ b/assets/vnc.html-CKb8ICul.js @@ -1 +1 @@ -import{_ as r,c as n,a as e,d as o,b as s,w as a,e as i,r as c,o as l}from"./app-CxPUdK5a.js";const p={},h=i('

Open VNC service

Problem description

Our data source has detected in your network an open and unprotected VNC (Virtual Network Computing) desktop-sharing service, which anyone can access from the Internet.

VNC is a common Internet protocol used to share your computer desktop with someone else. It is commonly used to allow family members to administer relatives' computers remotely, or to allow IT support to access and service your computer from somewhere else.

While there is a valid use for VNC for remote administration, having your computer open for anyone from the Internet is likely not what you want.

Often VNC is enabled on work computers when they are being used inside the office network. When you move the computer to a home network, as a result of a misconfiguration the VNC service may be left open, and visible to the whole Internet.

Having the VNC service open may allow attackers to attempt to control your computer and observe what you are doing on your screen. This may allow unauthorized attackers to steal your passwords, confidential work or personal information, bank account details, anything you do on your computer.

Suggestions for repair

',8),u=e("p",null,[o("When you have located the vulnerable computer, we recommend disabling the VNC service from it. Search for instructions from the Internet with the keywords "),e("code",null,"disable vnc"),o(" and include your operating system version to further refine the search results, e.g. "),e("code",null,"disable vnc windows 10"),o(".")],-1),d=e("p",null,[o("See "),e("a",{href:"http://asknorton.com/how-to-block-vnc-in-a-computer-to-prevent-remote-access/",target:"_blank",rel:"noopener noreferrer"},"How to Block VNC in a Computer to Prevent Remote Access"),o(" for step-by-step instructions for Windows PCs.")],-1),m=e("p",null,"If the VNC service is on intentionally and you want to keep it that way, at least block access to the service from the Internet at your firewall or home router. If the service is needed for work, ask your IT support to configure the service in a secure way.",-1);function f(v,y){const t=c("RouteLink");return l(),n("div",null,[h,e("p",null,[o("First of all you need to identify the computer which has the vulnerable service open. "),s(t,{to:"/locate.html"},{default:a(()=>[o("Please read our instructions on locating vulnerable devices.")]),_:1})]),u,d,m])}const g=r(p,[["render",f],["__file","vnc.html.vue"]]),b=JSON.parse('{"path":"/types/vnc.html","title":"Open VNC service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723117730000},"filePathRelative":"types/vnc.md"}');export{g as comp,b as data}; +import{_ as r,c as n,a as e,d as o,b as s,w as a,e as i,r as c,o as l}from"./app-DhWbOGxr.js";const p={},h=i('

Open VNC service

Problem description

Our data source has detected in your network an open and unprotected VNC (Virtual Network Computing) desktop-sharing service, which anyone can access from the Internet.

VNC is a common Internet protocol used to share your computer desktop with someone else. It is commonly used to allow family members to administer relatives' computers remotely, or to allow IT support to access and service your computer from somewhere else.

While there is a valid use for VNC for remote administration, having your computer open for anyone from the Internet is likely not what you want.

Often VNC is enabled on work computers when they are being used inside the office network. When you move the computer to a home network, as a result of a misconfiguration the VNC service may be left open, and visible to the whole Internet.

Having the VNC service open may allow attackers to attempt to control your computer and observe what you are doing on your screen. This may allow unauthorized attackers to steal your passwords, confidential work or personal information, bank account details, anything you do on your computer.

Suggestions for repair

',8),u=e("p",null,[o("When you have located the vulnerable computer, we recommend disabling the VNC service from it. Search for instructions from the Internet with the keywords "),e("code",null,"disable vnc"),o(" and include your operating system version to further refine the search results, e.g. "),e("code",null,"disable vnc windows 10"),o(".")],-1),d=e("p",null,[o("See "),e("a",{href:"http://asknorton.com/how-to-block-vnc-in-a-computer-to-prevent-remote-access/",target:"_blank",rel:"noopener noreferrer"},"How to Block VNC in a Computer to Prevent Remote Access"),o(" for step-by-step instructions for Windows PCs.")],-1),m=e("p",null,"If the VNC service is on intentionally and you want to keep it that way, at least block access to the service from the Internet at your firewall or home router. If the service is needed for work, ask your IT support to configure the service in a secure way.",-1);function f(v,y){const t=c("RouteLink");return l(),n("div",null,[h,e("p",null,[o("First of all you need to identify the computer which has the vulnerable service open. "),s(t,{to:"/locate.html"},{default:a(()=>[o("Please read our instructions on locating vulnerable devices.")]),_:1})]),u,d,m])}const g=r(p,[["render",f],["__file","vnc.html.vue"]]),b=JSON.parse('{"path":"/types/vnc.html","title":"Open VNC service","lang":"en-US","frontmatter":{},"headers":[{"level":2,"title":"Problem description","slug":"problem-description","link":"#problem-description","children":[]},{"level":2,"title":"Suggestions for repair","slug":"suggestions-for-repair","link":"#suggestions-for-repair","children":[]}],"git":{"updatedTime":1723118227000},"filePathRelative":"types/vnc.md"}');export{g as comp,b as data}; diff --git a/categories.html b/categories.html index eecb8a2e..32087e70 100644 --- a/categories.html +++ b/categories.html @@ -33,11 +33,11 @@ About different categories of attacks | Badrap docs - - + +

About different categories of attacks

Amplification attacks

Denial-of-service attacks are common incidents, where an attacker employs vulnerable machines on the Internet to send large amounts of malicious traffic to a victim organization, blocking the Internet connection of the victim and preventing the victim's services to work normally. An amplification attack is a form of denial-of-service attack, where the attacker uses an open Internet service somewhere to amplify the effects of the attack. Many innocent services found even in Internet users' home routers can act as an Internet megaphone, amplifying and making a small denial-of-service attack become a massive network outage.

To simplify, an attacker sends small data messages to your vulnerable device. Your device reacts to these messages by sending very large messages to the victim targeted by the attacker. The victim sees your IP address among possibly hundreds of thousands of other IP addresses as the source of the attack.

You can view a more technical explanation of this type of attack in this Youtube video. The example in this video shows an amplification attack happening via the common DNS service, but the principle remains the same no matter what vulnerable service is used.

This very common form of attacks can easily bring even a massive enterprise service to its knees. At the same time, your Internet connection is likely blocked during the attack, and your Internet service provider can block your service temporarily to protect you and others from abuse.

Take care of your Internet connectivity, your reputation and future victims of amplification attacks. Block services that can be abused by criminals!

- + diff --git a/esg.html b/esg.html index 79a40f27..d872b45c 100644 --- a/esg.html +++ b/esg.html @@ -33,11 +33,11 @@ Environmental, Social and Governance Policy - Badrap Oy | Badrap docs - - + +

Environmental, Social and Governance Policy - Badrap Oy

This Environmental, Social and Governance Policy has been approved on 2021-03-24 by the board of directors to be used at Badrap Oy.

Corporate Responsibility Statement

Safety, security and privacy of our customers, society, people, our employees and our partners are the highest priorities for us. We follow laws, regulations and good corporate governance practices. We respect human rights, labour rights, consider the environment and have anti-corruption measures. Our Code of Conduct has short policy statements on Environmental Protection, Health and Safety, Child and Forced Labour, Anti-Bribery, Anti-Discrimination, Taxes, Security Research and Open Source and Community Work.

Code of Conduct

Our environmental, social and corporate governance (ESG) policies are the basis for our Code of Conduct. Our ESG policies are approved by our board. We periodically review and communicate our Code of Conduct to our staff, suppliers and partners. Our Code of Conduct is public and it is shared openly.

Supplier Code of Conduct

Our Code of Conduct and its major updates are communicated to the suppliers and partners and we expect them to uphold the same standards and to obey the legal obligations and local regulations.

Anti-Bribery Policy

We have zero tolerance towards acts of bribery and corruption, by any employee or anyone acting on our behalf. We, our partners and suppliers should "not offer, promise or give undue pecuniary or other advantage to public officials or the employees of business partners. ... Enterprises should not use third parties such as agents and other intermediaries, consultants, representatives, distributors, consortia, contractors and suppliers and joint venture partners for channelling undue pecuniary or other advantages to public officials, or to employees of their business partners or to their relatives or business associates.", see also further guidelines in chapter "Combating Bribery, Bribe Solicitation and Extortion" in OECD's OECD Guidelines for Multinational Enterprises.

Anti-Discrimination Policy

We have zero tolerance for discrimination, see https://www.syrjinta.fi/syrjinta (Finnish) and https://www.syrjinta.fi/web/en/discrimination (English). We follow the Finnish law on non-discrimination.

Child & Forced Labour Policy

We forbid use of child and forced labour as defined by the Finnish laws, see Laki nuorista työntekijöistä and Valtioneuvoston asetus nuorille työntekijöille erityisen haitallisista ja vaarallisista töistä.

Environmental Policy

As a bare minimum we, our suppliers and partners are to follow environmental laws, in Finland see Luonnonsuojelulaki. However, we strongly encourage going beyond that. We will be periodically reviewing United Nations' Sustainable Development goals for goal setting and adoption in our operations.

Health and Safety Policy

We follow Finnish laws for health and safety in employment and workplace, see Työterveyshuoltolaki and Työturvallisuuslaki. Local laws should be respected abroad.

Open Source and Community Work

Our employees and suppliers are encouraged to participate in community efforts such as developing and contributing to free open source software (FOSS). Contributing to the common good is a shared interest.

Security Research

Our employees and suppliers who participate in security and vulnerability research are encouraged to work responsibly and disclose any findings with care (e.g. using a responsible disclosure model).

Tax Policy

We have a zero tolerance to tax evasion and the facilitation of tax evasion. We are not engaged in aggressive tax planning. Our headquarters is in Finland and we follow local tax laws in regions where we operate.

Standard Clause for Suppliers and Partners

All Suppliers and Partners can include the following standard clause (or equivalent content in their own language) into their contract terms to demonstrate their willingness to uphold our ESG standards.

"The Supplier/Contractor/Partner has received a copy of the Company's Code of Conduct at https:/docs.badrap.io/esg.html and agrees to uphold or to exceed the same standards and to obey legal obligations and local regulations."

- + diff --git a/faq.html b/faq.html index 68183d12..4d842e43 100644 --- a/faq.html +++ b/faq.html @@ -33,11 +33,11 @@ Frequently Asked Questions | Badrap docs - - + +

Frequently Asked Questions

Why did you make this service?

We've worked a long time in information security. A really long time. We've witnessed the benefits of exchanging security information, and the downsides of blocking information flows. We know how hard it is for Internet users to search for their own data from various services. We have friends and family who roll their eyes about infosec news and wonder if they have vulnerable devices in their own networks. We want to make exchanging security information so easy and efficient, that both home users as well as enterprises can search for their own data easily and find out if they are vulnerable.

Is there any danger if I search for my own data in your service?

Absolutely not. Information about your personal network assets (e.g., IP addresses, email addresses) already exists out in the Internet. By searching for your own data through our service, you just search for your own assets from existing data sets published by security researchers. We could show the results for your assets as soon as you enter our site, but we decided to put the search functionality behind a button, so that we do not do anything without your explicit consent, and that we can separate users who are really interested in our service from random passers-by.

Why is this a free service?

Some say if you are not paying for the product, you are the product. This refers to companies who provide free services for individuals in order to sell ads. This is not our business model. We want to democratize security information, and free service for individuals was always part of that plan. And of course, we hope that some of the happy Badrap users will become Badrap customers later. We have commercial services for companies, who want to protect their employees and infrastructure. We've also received private funding from the founders, ScanABC, as well as some public funding from TEKES. If you like the service and think we're doing an important job, please use it as much as you can and tell others about it. This helps us verify our ideas and to prove that this kind of service is truly needed in today's world.

Where do the security researchers' warnings come from?

We've started by requesting data from a few extremely credible and well-qualified sources which we know really well. These same sources are used by many other organizations who are interested in security and vulnerability observations. We are also constantly looking to add more good-quality sources for vulnerability information. Our current partners are:

Are you monitoring me or my networks?

Short answer: no.

You can find a longer answer in our privacy policy. We improve our service based on usage statistics, just like all other Internet websites out there. Our difference is that we continuously try to think about how we could improve your privacy even more when using the service.

A quick demonstration about this. We use Google Analytics to collect statistics about our visitors, just like other web sites. Statistics are important to us so that we can improve the service. Here's how you can prevent us from collecting your visitor analytics.

You can block our analytics by using an adblocker extension in your web browser. For instance, uBlock Origin is a good extension to use with Google Chrome. For mobile devices, you can use a privacy-oriented browser such as Ghostery or Firefox Focus. Now that we told you this, please allow our site analytics in the privacy tool of your choice and block everything else. 😃

If I create an account, will you send me spam?

No way. If you want, you can request automatic notifications on any new information regarding your IP addresses or email addresses. If any new vulnerabilities appear, you will get a notification via email. We also may inform you about major updates to the service as well as new features that affect its use substantially. You can always remove any registered assets from your notifications as well as deny all email notifications completely.

What is the data breach monitoring service (or "Have I Been Pwned integration")?

We started off Badrap by allowing you to search for security information relating to your important IP addresses. However, IP addresses are just one type of valuable network asset. We have added email addresses as another asset type that you can search for and get notified about. For this, we integrate with security researcher Troy Hunt's data breach search engine Have I Been Pwned. It allows you to search for information relating to your email addresses among publically available data breach datasets. These data breaches may include in addition to your email addresses other personal data such as passwords, home address, telephone number, etc. In addition to IP addresses and email addresses, we may also add other asset types in the future - let us know if you have some good ideas!

What is a data breach and what can it contain?

A data breach usually contains personal data stolen or inadvertently made public from a closed database. The most typical form of data breach happens when you register for a service, the service contains some kind of security vulnerability or is otherwise inadequately protected, and your personal data is copied from the service database. Data breaches typically contain your email addresses, any other personal data, passwords, and in really severe cases even things like credit card details or bank account information. You can read more about data breaches from our instructions.

How does the Have I Been Pwned search feature work?

The Have I Been Pwned search feature works similarly to what we have been doing with IP addresses. You register your email address into our service so that we believe you have a right to search for available security information relating to it. You may register multiple email addresses, as long as you can verify that you have access to those addresses. We then help you search for security information relating to your email addresses from available good-quality sources. Initially, we use security researcher Troy Hunt's widely publicized and credible data breach reporting service Have I Been Pwned to tell you about publically known security incidents relating to your email addresses, such as data breaches.

The Have I Been Pwned search feature works slightly differently in the sense that when you enable the feature for your Badrap user account and register one or more email addresses as your assets, we have to submit your registered email addresses to the I Have Been Pwned search interface. That service does not log any searches or store your email addresses when searched. We explicitly ask for your consent and permission if you want to enable the Have I Been Pwned search functionality. As with any other services, if you do not trust Badrap or Have I Been Pwned to handle your email addresses properly, you can simply choose not to enable the Have I Been Pwned search feature.

How do I register multiple email addresses?

Your Badrap user account is initially tied to one primary email address, the one you provide when you create your account. When you register, we send you a verification link to that email address, and you use that link to verify that you own that address. After you have created an account, you may add other email addresses under your account. In the same way than upon initial registration, we will send a verification link to each email address that you want to register, and you must use that link to verify you have access to those additional addresses. After you register a new email address, it will show up under your user account as another network asset - the same way that happens when you register multiple IP addresses. You will also get another notification email to that address, confirming that the address was successfully registered.

What happens if someone else tries to claim my email address?

You will always get a verification link if anyone tries to register your email address to Badrap. If you have not registered that email address yourself, you can simply ignore the verification request. If you have registered the address yourself or want to give someone else permission to register your email address on your behalf, you may accept the request. You can also opt to remove your address from Badrap completely by clicking on the "remove this email address" link in the verification email. This will remove your email address from all registered assets in Badrap, under yourself and any other user accounts that have registered it.

Finally

We hope we were able to answer your questions above!

You can always check the status of your current IP address with any web browser without creating an account. However, by registering you can also search for information regarding your email addresses and possibly other personal assets in the future. By registering you can also get notifications regarding your registered assets, which means you will automatically receive any new security warnings by email. That way you can easily get up-to-date information on all of the different IP addresses that you use daily at home, at work, or at the coffee shop, as well as new security information relating to your email addresses.

Create an account »

- + diff --git a/fi/categories.html b/fi/categories.html index b504b8eb..168c3253 100644 --- a/fi/categories.html +++ b/fi/categories.html @@ -33,11 +33,11 @@ Tietoa hyökkäyskategorioista | Badrap docs - - + +

Tietoa hyökkäyskategorioista

Amplifikaatiohyökkäykset

Amplifikaatiohyökkäys perustuu siihen, että hyökkääjä kimmottaa palvelunestohyökkäyksensä jonkin muun avoimen palvelun kautta. Moni sinällään viaton kotireitittimistäkin löytyvä palvelu toimii ikään kuin Internetin megafonina. Ne vahvistavat ja tekevät alunperin pienestä hyökkäyksestä paljon suuremman.

Hyökkääjä lähettää siis pieniä viestejä laitteellesi. Laitteesi vahvistaa viestiä ja lähettää suuria viestejä hyökkäjän kohteelle. Kohteelle näyttää, että IP-osoitteesi on yksi sadoista tuhansista hyökkääjistä.

Teknisemmän kuvauksen löydät esimerkiksi tästä havainnollistavasta Youtube-videosta. Videon esimerkki käyttää hyväkseen DNS-palveluita, mutta periaate on kuitenkin täsmälleen sama muissakin amplifikaatiohyökkäyksissä.

Tämä on yksi muutamasta tekniikasta, millä hyökkääjät saavat palvelun kuin palvelun polvilleen. Samalla oma Internet-yhteytesi tukkeutuu ja palveluntarjoajasi saattaa katkaista yhteytesi suojellakseen muita.

Pidä huoli netistäsi, maineestasi ja tulevista uhreista. Hankkiudu eroon rikollisia auttavista palveluista!

- + diff --git a/fi/faq.html b/fi/faq.html index 9c6c10f1..31a9986f 100644 --- a/fi/faq.html +++ b/fi/faq.html @@ -33,11 +33,11 @@ Usein kysytyt kysymykset | Badrap docs - - + +

Usein kysytyt kysymykset

Mitä hyötyä palvelusta on?

Badrap välittää tietoturvatutkijoiden varoitukset sinulle. Se yhdistää useiden tutkijoiden tuottamat tiedot yhteen paikkaan ja selittää mahdolliset havainnot kansantajuisesti. Lisäksi Badrap neuvoo mitä sinun kannattaa tehdä, jos havaintoja löytyy. Sinun ei tarvitse käyttää jatkuvasti Badrapiä. Jos rekisteröidyt palveluun, Badrap kertoo sinulle uusista varoituksista sähköpostitse.

Huolehdin läheisteni tietoturvasta, onnistuuko se Badrapin avulla?

Lisää läheisten sähköpostiosoitteet tietovuotoseurantaan. Badrap lähettää heille samanlaisen vahvistusviestin, mitä itsekin sait. Kun läheinen antaa hyväksyntänsä, hänen sähköpostiosoitteensa ilmestyy listallesi.

Miksi teitte tämän palvelun?

Olemme työskennelleet tietoturva-alalla pitkään. Tosi pitkään. Olemme nähneet tietoturvatiedon välittämisen edut, ja tiedon blokkaamisen haitat. Tiedämme miten hankala netin käyttäjien on etsiä omia tietojaan eri lähteistä. Meillä on omia lähimmäisiä jotka ihmettelevät tietoturvauutisia ja miettivät onko omassa verkossa haavoittuvia laitteita. Haluamme tehdä tietoturvatietojen välittämisen niin tehokkaaksi, että kotikäyttäjät sekä yritykset voivat etsiä omia tietojaan helposti.

Onko tulosten katsomisesta minulle jotain haittaa?

Ei missään nimessä. IP-osoitettasi koskevat tiedot ovat jo olemassa. Painamalla nappia haet vain omaa osoitettasi tietoturvatutkijoiden tiedoista. Voisimme näyttää tulokset heti kun saavut palveluun, mutta laitoimme tulokset napin taakse, jotta emme tee mitään ilman suostumustasi ja että erotamme palvelusta oikeasti kiinnostuneet käyttäjät satunnaisista sivuille eksyneistä.

Sähköpostiosoitteeseesi liittyvät varoitukset tarkastamme tekemällä kyselyn tietoturvapiireissä mainetta niittäneen Troy Huntin Have I Been Pwned -palvelusta. Tähän tarkastukseen sinun pitää antaa erikseen lupa, koska emme halua paljastaa identiteettiäsi ilman lupaasi. Uskaltaako lupaa antaa? Sekä meidän että Troy Huntin palvelu on F-Securen Herrasmieshakkereiden Mikko Hyppösen ja Tomi Tuomisen suosittelema. He sanoivat "kyllä" ja me olemme samaa mieltä!

Miksi palvelu on ilmainen?

Meillä on erilliset kaupalliset lisäpalvelut kuluttajille suunnatun ilmaispalvelun lisäksi. Kyberhygieniaa työntekijöille -palvelu innostaa ja valistaa yrityksen työntekijöitä huolehtimaan tietoturvasta. Yritykset voivat myös ottaa omia suojattavia kohteitaan seurantaan automaattisesti, erillisten Badrap Appien avulla.

Ilmaispalvelu lisää meidän tunnettuvuuttamme ja on yksi keino muiden joukossa poistaa kaikki tietoturvatiedon välittämiseen liittyvät esteet.

Mistä tietoturvatutkijoiden varoitukset tulevat?

Aloitimme pyytämällä dataa muutamasta meille ennestään tutusta äärimmäisen laadukkaasta ja luotettavasta lähteestä, joita käyttävät myös monet muut tietoturvasta ja haavoittuvuushavainnoista kiinnostuneet tahot.

Ajantasainen lista tietoturvatutkijoista löytyy osoitteesta https://badrap.io/researchers

Minkälaista tietoa Badrapistä saa?

Meillä on kolmea erityyppistä tietoturvatietoa:

  • Tietovuodot - ovatko Internetin palvelut vuotaneet sinun henkilökohtaisia tietojasi.
  • Haavoittuvuudet - onko IP-osoitteessasi, josta kytkeydyt Internetiin, havaittu haavoittuvuuksia, jotka kannattaisi korjata ennen kuin joku käyttää niitä hyväksi.
  • Hyökkäykset - joskus voit olla hyökkääjä tietämättäsi. Jos koneellasi esimerkiksi sattuisi olemaan haittaohjelma, voisi se etsiä aktiivisesti uusia uhreja. Olet itsekin uhri, mutta uuden uhrin näkökulmasta hyökkääjä. Firman nimi tulee muuten tästä: Bad rap - ansaitsematon huono maine, kuten Merriam-Webster termin määrittää.

Seuraatteko minua tai verkkojani?

Lyhyt vastaus: emme.

Pidempi vastaus löytyy tietosuojaselosteestamme. Teemme kävijätilastoihin pohjautuvaa palvelun kehittämistä, kuten kahdeksan biljoonaa muutakin palvelua. Mutta käyttäjiemme yksityisyys on meille tärkeää. Oikeasti! Tämä ei ollut kopioitu korulause.

Demonstroidaanpa: tilastointi on meille tärkeää, jotta voimme kehittää palvelua. Kerromme nyt miten estät tilastoinnin.

Voit estää tilastoinnin käyttämällä selaimessasi sisällön estäjää. Esimerkiksi uBlock Origin toimii sekä [Chromessa][https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm] että Firefoxissa Samalla kun estät tilastoinnin ja mainokset, tukit yhden reitin, jota kautta haittaohjelma saattaisi päästä laitteellesi. Estäjistä löytyy myös tapa tehdä poikkeuksia, jos haluat sallia mainokset joillakin sivustoilla kannatussyistä.

Jos rekisteröidyn, lähetättekö minulle mainoksia?

Emme. Voit halutessasi tilata päivitykset uusista IP-osoitteitasi koskevista tiedoista. Jos uusia haavoittuvuuksia ilmenee, saat sähköpostiin ilmoituksen. Saatamme myös kertoa suuremmista palveluun liittyvistä päivityksistä ja uusista ominaisuuksista, jotka vaikuttavat olennaisesti palvelun käyttöön. Kun olet kirjautunut palveluun, voit säätää sähköpostiasetuksiasi osoitteessa https://badrap.io/settings/account

Lopuksi

Toivottavasti vastasimme kysymyksiisi!

Voit aina tarkistaa IP-osoitteesi selaimella uudestaan kirjautumatta palveluun. Rekisteröitymällä voit kuitenkin tarkastaa sähköpostiisi liittyvät tietovuodot. Rekisteröitymällä voit myös lisätä sinulle tärkeät IP-osoitteet jatkuvaan seurantaan, jolloin saat uudet varoitukset välittömästi sähköpostiisi.

Rekisteröidy käyttäjäksi »

- + diff --git a/fi/index.html b/fi/index.html index ce70e750..c1da9c09 100644 --- a/fi/index.html +++ b/fi/index.html @@ -33,11 +33,11 @@ Badrapin suomenkieliset materiaalit | Badrap docs - - + + - + diff --git a/fi/locate.html b/fi/locate.html index 4c3fd69c..48b1f2a0 100644 --- a/fi/locate.html +++ b/fi/locate.html @@ -33,11 +33,11 @@ Ongelmallisen laitteen paikallistaminen | Badrap docs - - + +

Ongelmallisen laitteen paikallistaminen

Hienoa, että ryhdyit selvittämään asiaa!

Nyt tarvitaan pientä etsivätyötä. Koska Internet toimii hieman monimutkaisesti, emme voi kertoa sinulle IP-osoitteen perusteella tarkalleen mistä laitteesta havainnossasi on kyse. Voimme kuitenkin auttaa sinua löytämään laitteen. Mikäli olet jonkun toisen verkossa, voimme auttaa sinua löytämään tahon kenelle kertoa löydöstäsi.

Tuumasta toimeen! Missä olet tällä hetkellä?

  • Olen kotona
  • Olen muualla kuin kotonani

Olen kotona

Oletko kotona WiFi-verkossasi?

Kotisi langattomassa verkossa ollessasi kyseessä on aika varmasti kotireitittimesi, sillä useimmiten kotisi muut internetiin kytketyt laitteet piilottelevat sen IP-osoitteen takana.

Käy ensitöiksesi tarkistamassa reitittimesi tarkka merkki ja malli. Tiedot löytyvät usein esimerkiksi laitteen pohjassa olevasta tarrasta.

Seuraavaksi etsi netistä kyseisen kotireitittimen käyttöohje. Ohjeessa kerrotaan kuinka reititintä ylläpidetään, miten siihen otetaan etäyhteys ja mitkä ovat sen käyttäjätunnukset. Käyttäjätunnus ja salasana saattavat myös lukea reitittimen pohjassa.

Onneksi olkoon, onnistuit paikallistamaan laitteen ja pystyt nyt ylläpitämään sitä. Lue seuraavaksi toimintaohjeet badrap.io-palvelun antamasta havainnosta ja ryhdy korjaustoimenpiteisiin!

Käytätkö oman puhelimesi tai tabletin mobiiliverkkoa? (3G, 4G/LTE)

Mobiiliverkot ovat hieman hankalampia tapauksia, sillä niissä IP-osoitteet siirtyvät henkilöltä toiselle tiuhaan tahtiin. Joillakin operaattoreilla saman IP-osoitteen takaa voi löytyä tuhansia eri käyttäjiä.

Näet palvelumme IP-osoitekohtaisesta informaatiokortista milloin olet seurannut IP-osoitetta. Vertaa aikaleimoja havainnon raportointiaikaan. Jos havainto on raportoitu myöhemmin, saattaa kyseessä olla sinun laitteesi. Muussa tapauksessa kyseessä voi olla havainto, joka on tehty silloin kun IP-osoite on ollut jonkun toisen käytössä.

Onnistuitko paikallistamaan laitteen? Lue seuraavaksi toimintaohjeet badrap.io-palvelun antamasta havainnosta. Tarkista onko laitteessasi kyseistä ongelmaa ja korjaa se palvelun antamilla ohjeilla!

Olen muualla kuin kotonani

Jos teet havainnon jonkun toisen verkossa, kuten työpaikallasi tai vierasverkossa yrityksessä, hotellissa tai kahvilassa, et voi korjata ongelmaa suoraan itse. Voit kuitenkin auttaa ongelman korjauksessa kertomalla siitä verkon ylläpitäjälle.

Aivan ensimmäiseksi kuitenkin: Kerää aineisto talteen.

Helpoiten tämä onnistuu ottamalla palvelun näyttämistä tiedoista kuvakaappaus. Myös esimerkiksi älypuhelimen kameran kuva käy mainiosti, luovuus kunniaan.

Seuraavaksi etsi käsiisi henkilö, jolle voit kertoa löydöstäsi:

Omalla työpaikalla

Jos olet omalla työpaikallasi, ole yhteydessä työpaikkanne IT-guruun. Välitä badrap.io-palvelun varoitus hänelle ja kysy tietääkö hän IP-osoitteen perusteella mistä laitteesta on kyse. Kysäise samalla voisiko guru korjata ongelman.

Vieraana jonkun toisen työpaikalla

Käytätkö vierailullasi neukkarin vierasverkkoa? Näytä tulos vierailusi isännälle. Hän osaa olla yhteydessä oman työpaikkansa IT-guruun, joka puolestaan voi guruilla verkon takaisin priimakuntoon antamiesi tietojen perusteella.

Koulussa, hotellissa, kahvilassa

Esittele tiedot löydästäsi henkilökunnalle. He tietävät, tai pystyvät selvittämään kuka vastaa paikan tietotekniikasta ja pystyy korjaamaan tilanteen.

- + diff --git a/fi/privacy.html b/fi/privacy.html index 2a7b349b..ac12d51b 100644 --- a/fi/privacy.html +++ b/fi/privacy.html @@ -33,11 +33,11 @@ badrap.io:n tietosuojaseloste | Badrap docs - - + +

TIEDOTE TIETOSUOJASELOSTEEN PÄIVITYKSESTÄ

Vaihdamme sivustoanalytiikkaan käyttämäämme palveluntarjoajaa 22.7.2021 klo 16:00 Suomen aikaa. Tällä hetkellä käytämme sivustoanalytiikkaan Google Analytics-teknologioita. Muutoksen jälkeen emme enää käytä Google Analytics-teknologioita, vaan siirrymme käyttämään Plausible.io-palvelua. Siirtymän yhteydessä päivitämme tämän tietosuojaselosteen vastaavilta osin.

badrap.io:n tietosuojaseloste

Badrap Oy ylläpitää badrap.io-palvelua. Käsittelemme henkilötietojasi EU:n yleisen tietosuoja-asetuksen sekä muun vallitsevan lainsäädännön mukaisesti. Tässä selosteessa kerromme sinulle tietojesi käsittelyn perusteista ja tiedotamme sinulle oikeuksistasi.

Rekisterinpitäjän yhteystiedot

Badrap Oy
Teknologiantie 18 B
90590 Oulu
Sähköposti: support@badrap.io
Y-tunnus 2846254-9

Henkilötietojen käsittelyn tarkoitukset ja oikeusperuste

Badrap Oy käsittelee badrap.io-palveluun rekisteröityvien käyttäjien henkilötietoja palvelun mahdollistamiseksi. Oikeusperuste rekisteröityneiden käyttäjien henkilötietojen käsittelylle on rekisteröidyn yksiselitteinen suostumus. Sinun täytyy itse rekisteröidä omat tietosi palveluun, ja kysymme erikseen suostumusta ennenkuin henkilötietojasi lisätään käyttäjätilisi alle.

Rekisteröimättömien käyttäjien henkilötietojen käsittelyn oikeusperuste on rekisterinpitäjän oikeutettu etu. Teemme sivujemme kävijöistä anonymisoitua tilastointia Google Analytics-teknologioilla. Sen avulla tiedämme että joku vieraili sivuillamme.

Käsittelemämme henkilötiedot

  • Sähköpostiosoitteesi
  • Yksi tai useampia käyttämiäsi IP-osoitteita, jotka itse rekisteröit halutessasi palveluun
  • Tietoturvatutkijoiden varoitukset seuraamillesi IP-osoitteille

Tietolähteet

Saamme henkilötietojasi sinun luvallasi sinulta itseltäsi palveluun rekisteröitymisen tai sen käytön yhteydessä. Voit valita itse yhdistätkö tietyn IP-osoitteen omaan seurantaasi. Tietoihisi lisätyt IP-osoitteet yhdistetään sähköpostiosoitteeseesi (käyttäjätiliin). Myöhemmin voit yhdistää lisää IP-osoitteita käyttäjätietoihisi. IP-osoitteen lisääminen tietoihisi vaatii sinulta aina erillistä hyväksyntää. Voit milloin tahansa nähdä kaikki omat tietosi käyttäjätilisi alta, poistaa IP-osoitteita tiedoistasi, tai poistaa koko käyttäjätilisi.

Tietoturvavaroituksia saamme tietoturvatutkijoilta ja pahansuopaa verkkoliikennettä seuraavilta tutkimusryhmiltä. Mikäli palveluun rekisteröimäsi IP-osoite löytyy tietoturvatutkijoiden listoilta, välitämme sinulle kaikki kyseiseen IP-osoitteeseen liittyvät tiedot mitä tietoturvatutkijat ovat meille toimittaneet. Henkilötietojasi ei koskaan luovuteta tietoturvatutkijoille tai muille kolmansille osapuolille - vain sinä näet omat tietosi.

Rekisteröidyn oikeudet

Sinulla on seuraavat tietosuoja-asetuksen mukaiset oikeudet henkilötietojesi käsittelyyn liittyen. Voit käyttää oikeuksiasi joko suoraan palvelun kautta, tai olemalla meihin yhteydessä sähköpostitse.

Tarkastusoikeus: Sinulla on oikeus milloin tahansa tarkastaa, mitä henkilötietoja sinusta on tietokannassamme. Helpoiten voit tehdä tämän kirjautumalla käyttäjätilillesi ja katsomalla tietosi käyttäjäsivulta.

Vastustamisoikeus: Sinulla on oikeus vastustaa henkilötietojen käsittelyä, jos toimintamme on mielestäsi tietosuoja-asetuksen vastaista tai käsittelemme tietojasi perusteetta.

Poisto-oikeus: Sinulla on oikeus poistaa henkilötietosi palvelusta milloin tahansa. Helpoiten tämä käy kirjautumalla palveluun sisään ja poistamalla käyttäjätilisi itse.

Oikeus siirtää tiedot järjestelmästä toiseen: Sinulla on oikeus pyytää meiltä koneluettava kooste tiedoistasi, jotta voit siirtää ne toiselle palveluntarjoajalle. Mikäli haluat käyttää oikeuttasi, ota meihin yhteyttä sähköpostilla.

Valitusoikeus: Sinulla on oikeus valittaa tietosuojavaltuutetulle, jos rikomme mielestäsi oikeuksiasi, EU:n yleistä tietosuoja-asetusta tai Suomen tietosuojalakia.

Suoramarkkinointikielto: Sinulla on oikeus kieltää tietojesi käyttäminen suoramarkkinointiin. Ota huomioon, että emme käytä tietojasi suoramarkkinointiin emmekä luovuta niitä muille tahoille, jotka saattaisivat käyttää niitä suoramarkkinointiin.

Käsittelyn kesto

Käsittelemme tietojasi niin kauan kuin käyttäjätilisi on olemassa. Voit poistaa käyttäjätilisi itse milloin tahansa. Kun poistat käyttäjätilisi, kaikki tietosi poistuvat järjestelmistämme.

Tietojen vastaanottajat

Tietoihisi on pääsy vain erikseen nimetyillä Badrapin omilla työntekijöillä, jotka kehittävät ja ylläpitävät palvelua. Emme siirrä tietojasi kolmansille osapuolille tai käytä ulkopuolisten palveluntarjoajien työntekijöitä alihankkijoina.

Tietojen siirto EU:n ulkopuolelle

Osa palvelun teknisestä toteutuksesta on ulkoistettu: Google Analytics käytön tilastointiin, Mailgun sähköpostien automaattiseen lähetykseen rekisteröityneille käyttäjille, sekä Google Cloud SQL tietojen varastointia varten. Edellytämme käyttämiltämme ulkomaisilta palveluntarjoajilta, että heidän sijaintimaissaan on tietosuoja-asetuksen mukainen riittävä tietosuojan taso, ja että he ovat sitoutuneet noudattamaan EU:n yleistä tietosuoja-asetusta.

Tietojen käyttö automaattiseen päätöksentekoon

Henkilötietojasi ei käytetä automaattiseen päätöksentekoon tai profilointiin.

Tietojen suojauksen periaatteet

Tietojasi säilytetään ja käsitellään parhaiden mahdollisten kulloinkin tiedossamme olevien teknisten ja organisatoristen tietosuoja- ja tietoturvakäytäntöjen avulla. Käytämme salausta tiedonsiirrossa ja varastoinnissa, pääsynhallintaa ja lokivalvontaa tietoihin pääsyssä, sekä varmuuskopiointia ja versiointia tietokantojen ja käyttäjätietojen eheyden ja saatavuuden varmistamiseksi. Varmistamme että henkilöstömme ymmärtää tietosuojan tärkeyden ja osaa toimia asianmukaisesti. Työntekijämme noudattavat henkilötietojen salassapitovelvollisuutta tietosuoja-asetuksen vaatimusten mukaisesti. Tietovuodon sattuessa olemme valmiita ilmoittamaan tapahtuneesta tietosuojavaltuutetulle ja rekisteröidyille lainsäädännön määräämässä ajassa. Olemme myös valmiita tarvittaessa esittelemään käytäntöjämme valvontaviranomaiselle. Kehitämme käytäntöjämme jatkuvasti entisestään ja parannamme palvelun tietoturvaa.

Käyttäjä rekisteröi itse sähköpostiosoitteensa ja IP-osoitteensa badrap.io-palveluun TLS-suojatun yhteyden välityksellä. Käyttäjän luovuttamat tiedot tallennetaan Google Cloud SQL-tietokantaan. Tietokanta on suojattu vahvalla salauksella ja toteuttaa SSAE 16, ISO 27001, PCI DSS v3.0 sekä HIPAA-vaatimukset. Tietokantaan on pääsy vain ylläpitäjiksi erikseen nimetyillä Badrapin työntekijöillä. Sähköpostien välityksessä käytämme TLS-salausta aina kun se on mahdollista. Käyttäjien toimittamista henkilötiedoista ei tehdä fyysisiä kopioita eikä aineistoa käsitellä manuaalisesti.

- + diff --git a/fi/types/attacksource.html b/fi/types/attacksource.html index dca192a9..d658e02c 100644 --- a/fi/types/attacksource.html +++ b/fi/types/attacksource.html @@ -33,11 +33,11 @@ Verkkohyökkäysten lähde verkossasi | Badrap docs - - + +

Verkkohyökkäysten lähde verkossasi

Ongelman kuvaus

Seuraamastasi IP-osoitteesta on havaittu lähtevän verkkohyökkäyksiä Internetiin. Yleensä tämä tarkoittaa että joku hallitsee laitetta verkoissasi ja käyttää sitä hyökkäyksiin muita netin käyttäjiä vastaan. Laitteesi avulla voidaan etsiä seuraavia uhreja hyökkäyksille, tunkeutua muiden laitteisiin tai verkkoihin, etsiä haavoittuvuuksia verkoissa ja käyttää niitä hyväksi, tai aiheuttaa häiriöitä erilaisten verkkopalveluiden toiminnalle.

Tietoturvatutkijat havaitsevat tämänkaltaisia hyökkäyksiä yleensä honeypot-laitteilla, jotka tarkkailevat niihin tulevaa verkkoliikennettä ja havaitsevat hyökkäysyrityksiä. Hyökkääjän IP-osoite ja hyökkäyksen tyyppi tallennetaan ja siitä voidaan ilmoittaa hyökkäävän laitteen tai verkon omistajalle. Usein myös hyökkäysten uhrit ilmoittavat hyökkäyksistä tietoturvatutkijoille tai tietoturvaviranomaisille.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa laite, joka lähettää hyökkäyksiä ulospäin. Lue ohjeet laitteen paikallistamiseksi.

Kun olet paikallistanut laitteen, suosittelemme resetoimaan sen tehdasasetuksille ja konfiguroimaan uudestaan tai asentamaan laitteen käyttöjärjestelmän kokonaan uudestaan. Jos laitteesi on otettu luvattomaan käyttöön ja se lähettää ulospäin hyökkäyksiä, yleensä on liian hankalaa yrittää puhdistaa haittakoodin jälkiä ilman täydellistä laitteen resetointia.

Kun olet resetoinut laitteen tai asentanut sen uudestaan, sinun tulisi asentaa siihen kaikki saatavilla olevat ohjelmistopäivitykset, jotta laite saadaan suojattua uusilta haltuunottoyrityksiltä. Jos tietoturvapäivityksiä ei ole laitteellesi saatavilla, sinun kannattaa harkita laitteen päivittämistä uuteen versioon tai kokonaan eri malliin, johon on saatavilla säännöllisiä tietoturvapäivityksiä.

- + diff --git a/fi/types/buildingautomation.html b/fi/types/buildingautomation.html index 3c0575a2..f91de450 100644 --- a/fi/types/buildingautomation.html +++ b/fi/types/buildingautomation.html @@ -33,11 +33,11 @@ Taloautomaatiojärjestelmäsi on kytketty Internetiin | Badrap docs - - + +

Taloautomaatiojärjestelmäsi on kytketty Internetiin

Verkossasi on havaittu Internetiin kytketty taloautomaatiojärjestelmä, jolla voidaan kontrolloida rakennuksesi valaistusta, lämmitystä, ilmanvaihtoa ja muita toimintoja. Koska järjestelmä on näkyvissä koko maailmalle Internetin välityksellä, sitä voidaan yrittää käyttää luvattomasti. Jos joku pääsee tunkeutumaan järjestelmään sisälle, hän voi aiheuttaa talollesi ja sen asukkaille vahinkoa tai jopa hengenvaaran muuttamalla talotekniikan asetuksia. Sinun tulisi estää pääsy järjestelmään, jotta talosi olisi suojassa vahingoilta.

Mitä on tapahtunut?

Maaliskuun 2019 alussa Yle Areenassa julkaistiin tietoturvaa käsittelevä 6-osainen ohjelmasarja Team Whack. Yhdessä sarjan jaksoista tietoturvatutkijat etsivät Suomesta Internetiin kytkettyjä Fidelix-merkkisiä taloautomaatiojärjestelmiä ja osoittivat, miten luvattomat käyttäjät voivat päästä varsin helposti muuttamaan talotekniikan asetuksia. Tietoturvatutkijat raportoivat löytämänsä haavoittuvuudet Viestintävirastolle yhteistyössä laitevalmistajan kanssa. Me, eli Badrap ja Remod, autamme nyt haavoittuvien järjestelmien omistajia kuulemaan ongelmasta, ymmärtämään sen vakavuuden ja korjaamaan tilanteen.

Mikä tässä on vaarana?

Taloautomaatiojärjestelmien ei kuulu missään nimessä olla auki Internetiin. Sekä Viestintäviraston Kyberturvallisuuskeskus että taloautomaatiojärjestelmien suomalainen valmistaja Fidelix varoittavat pitämästä järjestelmiä avoimissa verkoissa.

Jos taloautomaatiolaitteistot ovat koko maailman käytettävissä, niitä voi löytää helposti erilaisilla hakukoneilla ja yrittää väärinkäyttää. Pahantahtoiset tunkeilijat voivat kokeilla arvata järjestelmän salasanoja. Usein järjestelmissä on vielä päällä oletussalasanat, jotka ovat hyvin helppoja arvata tai jo valmiiksi tunkeilijoiden tiedossa. Hyökkääjät voivat myös ohittaa salasanatarkistuksen kokonaan järjestelmän tietoturvahaavoittuvuuksien avulla. Palvelunestohyökkäyksellä järjestelmän toimintaa voidaan haitata tai estää kokonaan kohdistamalla järjestelmään poikkeuksellisen paljon verkkoliikennettä Internetistä, vaikka itse järjestelmään ei pääsisikään kirjautumaan sisälle.

Kun hyökkääjä pääsee sisään Internetiin kytkettyyn taloautomaatiojärjestelmään, hän voi hallita monia talon asetuksia. Järjestelmillä voi yleisesti ohjata talon valaistusta, lämmitystä, ilmanvaihtoa ja muita elintärkeitä toimintoja. Hyökkääjä voi myös vaihtaa järjestelmän salasanat, jonka jälkeen oikeat käyttäjät kuten huoltoyhtiö, laitetoimittaja tai isännöitsijä eivät pääse siihen enää sisään. Jos järjestelmääsi hyökätään, pahimmillaan hyökkääjä voi aiheuttaa rakennuksen käyttäjille mitä tahansa lievän epämukavuuden ja jopa hengenvaaran väliltä.

Miksi häiritsette minua?

Tietoturvatutkijat ovat havainneet sinun verkossasi Internetiin kytketyn Fidelix-taloautomaatiojärjestelmän. Haavoittuvan järjestelmän IP-osoite on hallinnassasi. Autamme tietoturvatutkijoita, Viestintävirastoa ja laitevalmistajaa toimittamaan viestin sinulle perille, sekä autamme sinua ymmärtämään mistä on kysymys ja miten ongelman voi korjata. Taloautomaatiojärjestelmien valmistaja Fidelix on ollut koko ajan aktiivisesti mukana tutkimuksessa ja ongelmasta tiedottamisessa, koska myös heille on tärkeää, että heidän järjestelmänsä on asennettu tietoturvaohjeistuksen mukaisesti eivätkä asiattomat käyttäjät pääse niihin käsiksi.

Miten korjaan ongelman?

Pähkinänkuoressa sinun kannattaa tehdä seuraavat asiat mahdollisimman pian:

  • Siirrä taloautomaatiojärjestelmäsi avoimesta Internetistä suljettuun sisäverkkoon, jonne ei pääse ulkopuolelta,
  • TAI estä yleinen pääsy Internetistä taloautomaatiojärjestelmään palomuurilla ja VPN-etäyhteysratkaisulla.
  • Varmista yhdessä laitevalmistajan tai laitetoimittajasi kanssa, että järjestelmään on asennettu viimeisimmät tietoturvapäivitykset.
  • Varmista että järjestelmässä ei käytetä heikkoja oletussalasanoja. Vaihda salasanat uusiin ja riittävän vahvoihin.

Tarkempia korjausohjeita ja yhteystietoja löydät laitevalmistaja Fidelixin tiedotteesta.

Mistä saan apua korjauksiin?

Ota yhteyttä ensisijaisesti taloautomaatiojärjestelmäsi laitetoimittajaan tai huoltoyhtiöön. He neuvovat sinua mielellään tietoturvakäytännöissä ja varmistavat, että laitteisiin pääsee vain suljetusta paikallisesta verkosta tai asianmukaisesti suojatulla etäyhteydellä. He voivat myös auttaa sinua varmistamaan, että järjestelmään on asennettu tietoturvapäivitykset ja että oletussalasanat on vaihdettu turvallisempiin.

Keitä te olette?

Badrap on suomalainen tietoturvayritys, joka haluaa välittää tietoturvatietoa tutkijoilta haavoittuvien laitteiden ja verkkojen omistajille mahdollisimman tehokkaasti. Remod on suomalainen IT-palveluyritys, jonka intohimona on ongelmanratkaisu ja mahdottoman tekeminen mahdolliseksi. Toimimme yhdessä tietoturvatutkijoiden, Viestintäviraston Kyberturvallisuuskeskuksen ja laitevalmistajien kanssa tietoturvallisemman maailman puolesta.

Mistä saan lisätietoja?

- + diff --git a/fi/types/dns.html b/fi/types/dns.html index 217c19e0..b4294a0b 100644 --- a/fi/types/dns.html +++ b/fi/types/dns.html @@ -33,11 +33,11 @@ Liian avoin nimipalvelu | Badrap docs - - + +

Liian avoin nimipalvelu

Ongelman kuvaus

Onko verkkosi toiminut joskus huonosti? Vika ei aina ole välttämättä palveluntarjoajassa. Tässä osoitteessa on liian avoin DNS-palvelu. Pahikset etsivät näitä peittääkseen jälkensä ja vahvistaakseen palvelunestohyökkäyksiään. Samalla yleensä oma verkko tukkeutuu.

Liian avoin nimipalvelu tarkoittaa sitä, että hyökkääjä voi esittää Internetistä käsin palvelimelle pienen kysymyksen ja palvelin antaa takaisin suuren vastauksen. Kun hyökkääjä väärentää lähdeosoitteensa ja lähettää massiivisen määrän kysymyksiä, toimii palvelu palvelunestohyökkäyksen vahvistimena. Kohteena on yleensä joku muu, mutta omakin verkkosi ja/tai palvelusi voivat hajota.

Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää täältä.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. Lue ohjeet laitteen paikallistamiseksi.

Nimipalvelu on päällä ilman hyvää syytä

Omistatko laitteen, etkä tiedä miksi siinä on nimipalvelu päällä? Et todennäköisesti silloin tarvitse sitä. Katso tässä tapauksessa laitteesi ohjeista miten nimipalvelun saisi pois päältä. Etsi avainsanoja "DNS", "Domain Name Service" tai "Name Service". Voit myös etsiä laitteestasi palomuuriominaisuuden, jolla estät pääsyn laitteen palveluihin Internetistä käsin.

Nimipalvelu on tarkoituksella päällä

US-CERTin ohje osoitteessa https://www.us-cert.gov/ncas/alerts/TA13-088A tarjoaa esimerkkejä yleisimmistä nimipalveluohjelmistojen tiukemmista asetuksista. Salli rekursiiviset kyselyt vain omille laitteillesi.

- + diff --git a/fi/types/malware-citeary.html b/fi/types/malware-citeary.html index 3d3a9481..51ad0fc9 100644 --- a/fi/types/malware-citeary.html +++ b/fi/types/malware-citeary.html @@ -33,11 +33,11 @@ Ongelman kuvaus | Badrap docs - - + +

Haittaohjelma: Citeary

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Citeary-haittaohjelma. Citeary on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se kuuluu haittaohjelmien kategoriaan nimeltä madot (worm), jotka pyrkivät kopioimaan itsensä koneellesi kun liität siihen siirrettävän kovalevyn tai USB-muistitikun, käytät verkkolevyä tai tiedostonjakopalveluita, tai klikkaat sähköpostissa tai chat-ohjelmassa saamaasi linkkiä. Yleisin tapa tartunnoille on Windowsin sisäänrakennettu "autorun"-toiminnallisuus, missä suoritetaan automaattisesti ohjelma kun kytket koneeseesi ulkoisen kovalevyn tai muistitikun. Mato-ohjelma pääsee tarttumaan koneellesi tämän automaattisen ohjelman suorituksen yhteydessä. Toinen hyvin tyypillinen tartuntatapa on linkkien klikkaaminen sähköposteista tai pikaviesteistä, jotka yleensä tulevat sinulle jonkun toisen saastuneen koneen omistajalta.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma voi tehdä monenlaista pahaa, esimerkiksi käyttää konettasi hyväksi Internetin palvelunestohyökkäyksissä, varastaa henkilökohtaisia tietojasi, tai käyttää koneesi laskentatehoa kryptovaluuttojen luomiseen tai salasanojen murtamiseen. Haittaohjelma pyrkii yleensä myös tartuttamaan muita koneita verkossasi tai Internetissä. Se voi yrittää lähettää sähköposteja tai chat-viestejä automaattisesti osoitekirjastasi löytyville ystäville ja tuttaville, pyrkimyksenään saada nämä henkilöt puolestaan klikkaamaan viesteissä olevaa linkkiä.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. Lue ohjeet laitteen paikallistamiseksi.

Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen saa poistettua Windows Defenderin avulla: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Citeary.E. Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.

- + diff --git a/fi/types/malware-ircbot.html b/fi/types/malware-ircbot.html index d2267700..0bdc6efe 100644 --- a/fi/types/malware-ircbot.html +++ b/fi/types/malware-ircbot.html @@ -33,11 +33,11 @@ Ongelman kuvaus | Badrap docs - - + +

Haittaohjelma: IRCBot

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut IRCBot-haittaohjelma. IRCBot on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se kuuluu haittaohjelmien kategoriaan nimeltä troijalaiset (tai Troijan hevoset), jotka pääsevät tarttumaan koneellesi kun avaat sähköpostissa tai chat-viestissä olevan linkin tai liitetiedoston.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma antaa hyökkääjälle mahdollisuuden ottaa yhteyttä koneellesi, salakatsella mitä kirjoitat, varastaa henkilökohtaisia tietojasi tai pankkitietojasi, tuhota tiedostoja tai käyttää konettasi muihin ikäviin tarkoituksiin.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. Lue ohjeet laitteen paikallistamiseksi.

Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen saa löydettyä ja poistettua: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Win32%2FIRCBot. Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.

- + diff --git a/fi/types/malware-jadtre.html b/fi/types/malware-jadtre.html index ab229534..d1c9068a 100644 --- a/fi/types/malware-jadtre.html +++ b/fi/types/malware-jadtre.html @@ -33,11 +33,11 @@ Ongelman kuvaus | Badrap docs - - + +

Haittaohjelma: Jadtre

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Jadtre-haittaohjelma. Jadtre on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se pyrkii kopioimaan itsensä koneellesi kun liität koneeseesi siirrettävän kovalevyn tai USB-muistitikun, käytät verkkolevyä tai suoritat EXE-tyyppisen ohjelmatiedoston. Yleisin tapa tartunnoille on Windowsin sisäänrakennettu "autorun"-toiminnallisuus, missä suoritetaan automaattisesti ohjelma kun kytket koneeseesi ulkoisen kovalevyn tai muistitikun. Virus pääsee tarttumaan koneellesi tämän automaattisen ohjelman suorituksen yhteydessä. Toinen hyvin tyypillinen tartuntatapa on EXE-tiedoston suorittaminen, jos tiedostossa on haittakoodia mukana.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma voi tehdä monenlaista pahaa, esimerkiksi käyttää konettasi hyväksi Internetin palvelunestohyökkäyksissä, varastaa henkilökohtaisia tietojasi, tai käyttää koneesi laskentatehoa kryptovaluuttojen luomiseen tai salasanojen murtamiseen. Haittaohjelma pyrkii yleensä myös tartuttamaan muita koneita verkossasi tai Internetissä. Se pyrkii kopioimaan itsensä osaksi koneellasi olevia suoritettavia tiedostoja, kaikille siirrettäville kovalevyille tai muistitikuille mitä yhdistät koneeseesi, tai mihin tahansa verkkolevyille joihin koneeltasi pääsee ja joita ei ole suojattu riittävän vahvoilla salasanoilla.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. Lue ohjeet laitteen paikallistamiseksi.

Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen voi löytää ja poistaa: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:Win32/Jadtre.A. Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.

- + diff --git a/fi/types/malware-palevo.html b/fi/types/malware-palevo.html index f49916a1..9c84fc41 100644 --- a/fi/types/malware-palevo.html +++ b/fi/types/malware-palevo.html @@ -33,11 +33,11 @@ Ongelman kuvaus | Badrap docs - - + +

Haittaohjelma: Palevo

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Palevo-haittaohjelma. Palevo on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se kuuluu haittaohjelmien kategoriaan nimeltä madot (worm), jotka pyrkivät kopioimaan itsensä koneellesi kun liität siihen siirrettävän kovalevyn tai USB-muistitikun, käytät verkkolevyä tai tiedostonjakopalveluita, tai klikkaat sähköpostissa tai chat-ohjelmassa saamaasi linkkiä. Yleisin tapa tartunnoille on Windowsin sisäänrakennettu "autorun"-toiminnallisuus, missä suoritetaan automaattisesti ohjelma kun kytket koneeseesi ulkoisen kovalevyn tai muistitikun. Mato-ohjelma pääsee tarttumaan koneellesi tämän automaattisen ohjelman suorituksen yhteydessä. Toinen hyvin tyypillinen tartuntatapa on linkkien klikkaaminen sähköposteista tai pikaviesteistä, jotka yleensä tulevat sinulle jonkun toisen saastuneen koneen omistajalta.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma voi tehdä monenlaista pahaa, esimerkiksi käyttää konettasi hyväksi Internetin palvelunestohyökkäyksissä, varastaa henkilökohtaisia tietojasi, tai käyttää koneesi laskentatehoa kryptovaluuttojen luomiseen tai salasanojen murtamiseen. Haittaohjelma pyrkii yleensä myös tartuttamaan muita koneita verkossasi tai Internetissä. Se voi yrittää lähettää sähköposteja tai chat-viestejä automaattisesti osoitekirjastasi löytyville ystäville ja tuttaville, pyrkimyksenään saada nämä henkilöt puolestaan klikkaamaan viesteissä olevaa linkkiä.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. Lue ohjeet laitteen paikallistamiseksi.

Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen saa poistettua Windows Defenderin avulla: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm%3AWin32%2FPalevo. Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.

- + diff --git a/fi/types/malware-pushdo.html b/fi/types/malware-pushdo.html index 065369cb..f22accb6 100644 --- a/fi/types/malware-pushdo.html +++ b/fi/types/malware-pushdo.html @@ -33,11 +33,11 @@ Ongelman kuvaus | Badrap docs - - + +

Haittaohjelma: Pushdo

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Pushdo-haittaohjelma (tunnetaan myös nimellä Pandex). Pushdo on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se kuuluu haittaohjelmien kategoriaan nimeltä troijalaiset (tai Troijan hevoset), jotka pääsevät tarttumaan koneellesi kun avaat sähköpostissa tai chat-viestissä olevan linkin tai liitetiedoston.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma antaa hyökkääjälle mahdollisuuden ottaa yhteyttä koneellesi, salakuunnella ja -katsella mitä teet ja kirjoitat, varastaa henkilökohtaisia tietojasi tai pankkitietojasi, tuhota tiedostoja tai käyttää konettasi muihin pahoihin tarkoituksiin.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. Lue ohjeet laitteen paikallistamiseksi.

Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen saa löydettyä ja poistettua: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor%3AWin32%2FPushdo.A. Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.

- + diff --git a/fi/types/malware-sality.html b/fi/types/malware-sality.html index 906fc706..a46c4593 100644 --- a/fi/types/malware-sality.html +++ b/fi/types/malware-sality.html @@ -33,11 +33,11 @@ Ongelman kuvaus | Badrap docs - - + +

Haittaohjelma: Sality

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Sality-haittaohjelma. Sality on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se tarttuu yleensä PC-koneeseen kun käyttäjä avaa tiedoston jonka sisällä on viruskoodi. Tämän haittaohjelman avulla tehdään monenlaista pahaa, esimerkiksi käytetään konettasi roskapostin lähettämiseen ja vastaanottoon, varastetaan henkilökohtaisia tietojasi, tai käytetään koneesi laskentatehoa hyväksi kryptovaluuttojen luomiseen tai salasanojen murtamiseen.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. Lue ohjeet laitteen paikallistamiseksi.

Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen saa poistettua Windows Defenderin avulla: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Sality. Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.

- + diff --git a/fi/types/malware-wapomi.html b/fi/types/malware-wapomi.html index f953a499..68f381f0 100644 --- a/fi/types/malware-wapomi.html +++ b/fi/types/malware-wapomi.html @@ -33,11 +33,11 @@ Ongelman kuvaus | Badrap docs - - + +

Haittaohjelma: Wapomi

Ongelman kuvaus

Verkossasi olevaan Windows-koneeseen on todennäköisesti tarttunut Wapomi-haittaohjelma. Wapomi on hyvin yleinen vain Windows-laitteita vaivaava viruslajike. Se kuuluu haittaohjelmien kategoriaan nimeltä madot (worm), jotka pyrkivät kopioimaan itsensä koneellesi kun liität siihen siirrettävän kovalevyn tai USB-muistitikun, käytät verkkolevyä tai suoritat EXE-tyyppisen ohjelmatiedoston. Yleisin tapa tartunnoille on Windowsin sisäänrakennettu "autorun"-toiminnallisuus, missä suoritetaan automaattisesti ohjelma kun kytket koneeseesi ulkoisen kovalevyn tai muistitikun. Mato-ohjelma pääsee tarttumaan koneellesi tämän automaattisen ohjelman suorituksen yhteydessä. Toinen hyvin tyypillinen tartuntatapa on EXE-tiedoston suorittaminen, jos tiedostossa on haittakoodia mukana.

Tartunnan tapahduttua tämäntyyppinen haittaohjelma voi tehdä monenlaista pahaa, esimerkiksi käyttää konettasi hyväksi Internetin palvelunestohyökkäyksissä, varastaa henkilökohtaisia tietojasi, tai käyttää koneesi laskentatehoa kryptovaluuttojen luomiseen tai salasanojen murtamiseen. Haittaohjelma pyrkii yleensä myös tartuttamaan muita koneita verkossasi tai Internetissä. Se pyrkii kopioimaan itsensä osaksi kaikkia koneellasi olevia EXE-tiedostoja, kaikille siirrettäville kovalevyille tai muistitikuille mitä yhdistät koneeseesi, tai mihin tahansa verkkolevyille joihin koneeltasi pääsee ja joita ei ole suojattu riittävän vahvoilla salasanoilla.

Saastunut PC-koneesi lähettää ulos Internetiin viestejä jotka kertovat että koneesi on mahdollisesti tämän viruksen tartuttama. Tutkimuspartnerimme Fitsec havaitsee tämäntyyppisen virusliikenteen ja ilmoittaa, että IP-osoitteesi jota seuraat Badrapissa on havaittu saastuneiden koneiden joukossa. Koneesi voi olla myös jossain seuraamasi IP-osoitteen takana, jos verkossasi on useita laitteita.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa Windows-kone, jonka haittaohjelma on mahdollisesti saastuttanut. Lue ohjeet laitteen paikallistamiseksi.

Tämän jälkeen sinun kannattaa käyttää virustorjuntaohjelmaa löytämään ja poistamaan haittaohjelma. Microsoftin Windows Defender -virustorjunnan pitäisi osata poistaa tämä haittaohjelma. Myös muiden virustorjuntaohjelmien tekijöiden kuten F-Securen, Symantecin, AVG:n, MacAfeen tai Sophoksen sovellusten pitäisi pystyä tuhoamaan kyseinen haittaohjelma. Microsoft on julkaissut englanninkieliset ohjeet miten viruksen voi löytää ja poistaa: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus%3AWin32%2FJadtre.I. Voit myös tyhjentää koneesi ja asentaa Windowsin uudestaan, jos haluat olla täysin varma siitä että haittakoodi poistuu.

- + diff --git a/fi/types/mdns.html b/fi/types/mdns.html index b9b81317..4951af96 100644 --- a/fi/types/mdns.html +++ b/fi/types/mdns.html @@ -33,11 +33,11 @@ Avoin mDNS-palvelu | Badrap docs - - + +

Avoin mDNS-palvelu

Ongelman kuvaus

Tökkiikö netti? Joskus vika ei olekaan palveluntarjoajassa. Pahikset saattavat käyttää tässä osoitteessa olevaa avointa mDNS-palvelua hyväkseen palvelunestohyökkäyksissä. Tällöin nettisi voi toimia todella hitaasti ja varsinainen hyökkäyksen kohde ei ollenkaan.

Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää täältä.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. Lue ohjeet laitteen paikallistamiseksi.

Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun käytöstä. Jos kyseessä on kotitietokoneesi ja haluat pitää palvelun päällä, siirrä ainakin laitteet palomuurin taakse tai ota tietokoneesi oma palomuuri käyttöön.

Mikäli kyseessä oli laite, jota et voi piilottaa palomuurin taakse, poista palvelu kokonaan käytöstä. Etsi laitteeseesi sopivat ohjeet kirjoittamalla hakukoneeseen disable mdns ja laitteeseen liittyvä tarkenne, esimerkiksi kotireitittimen malli: disable mdns google wifi

- + diff --git a/fi/types/memcached.html b/fi/types/memcached.html index 3ae884d2..42358dd2 100644 --- a/fi/types/memcached.html +++ b/fi/types/memcached.html @@ -33,11 +33,11 @@ Avoin Memcached-palvelu | Badrap docs - - + +

Avoin Memcached-palvelu

Ongelman kuvaus

Kuulitko jo? Pahikset rikkoivat jälleen (28.2.2018) aiemman ennätyksensä palvelunestohyökkäysten tehokkuuden suhteen. Uuteen ennätykseen he pääsivät hyödyntämällä viattomien ihmisten avoimia Memcached-palveluita.

Uutinen kyseenalaisesta ennätyksestä löytyy muun muassa täältä: https://thehackernews.com/2018/03/biggest-ddos-attack-github.html

Amplifikaatiohyökkäykset ovat mahdollista, mikäli palvelu tarjoillaan UDP-protokollan välityksellä. Memcached:n kanssa on vielä toinenkin ongelma, nimittäin palvelu ei tue autentikointia joten ulkopuolisilla on mahdollista käpelöidä siinä olevia tietoja. (Lähde: https://www.shadowserver.org/wiki/pmwiki.php/Services/Open-Memcached)

Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää täältä.

Korjausehdotuksia

Estä ulkopuolisten pääsy palveluun palomuuraamalla portti 11211 umpeen. Mikäli et tarvitse palvelua, ota se kokonaan pois käytöstä.

Hakusanoilla "how to disable memcache" löytyy hyvin ohjeita. Voit liittää hakuusi vielä laitteen, käyttöjärjestelmän tai Linux-distribuution nimen tarkentaaksesi osumatarkkuutta.

- + diff --git a/fi/types/netbios.html b/fi/types/netbios.html index 5d1eb7e0..feececfd 100644 --- a/fi/types/netbios.html +++ b/fi/types/netbios.html @@ -33,11 +33,11 @@ Avoin NetBIOS-palvelu | Badrap docs - - + +

Avoin NetBIOS-palvelu

Ongelman kuvaus

Tökkiikö netti? Joskus vika ei olekaan palveluntarjoajassa. Pahikset saattavat käyttää tässä osoitteessa olevaa avointa NetBIOS-palvelua hyväkseen palvelunestohyökkäyksissä. Tällöin nettisi voi toimia todella hitaasti ja varsinainen hyökkäyksen kohde ei ollenkaan.

Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää täältä.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. Lue ohjeet laitteen paikallistamiseksi.

Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun käytöstä. Jos kyseessä on kotitietokoneesi ja haluat pitää palvelun päällä, siirrä ainakin laitteet palomuurin taakse tai ota tietokoneesi oma palomuuri käyttöön.

Mikäli kyseessä oli laite, jota et voi piilottaa palomuurin taakse, poista palvelu kokonaan käytöstä. Etsi laitteeseesi sopivat ohjeet kirjoittamalla hakukoneeseen disable netbios ja laitteeseen liittyvä tarkenne, esimerkiksi kotireitittimen malli: disable netbios asus rt-ac86u

- + diff --git a/fi/types/ntp.html b/fi/types/ntp.html index 152123d3..caa5da13 100644 --- a/fi/types/ntp.html +++ b/fi/types/ntp.html @@ -33,11 +33,11 @@ Avoin NTP-palvelu | Badrap docs - - + +

Avoin NTP-palvelu

Ongelman kuvaus

Tökkiikö netti? Joskus vika ei olekaan palveluntarjoajassa. Pahikset saattavat käyttää tässä osoitteessa olevaa avointa NTP-palvelua hyväkseen palvelunestohyökkäyksissä. Tällöin nettisi voi toimia todella hitaasti ja varsinainen hyökkäyksen kohde ei ollenkaan.

Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää täältä.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. Lue ohjeet laitteen paikallistamiseksi.

Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun käytöstä. Jos kyseessä on kotitietokoneesi ja haluat pitää palvelun päällä, siirrä ainakin laitteet palomuurin taakse tai ota tietokoneesi oma palomuuri käyttöön.

Mikäli kyseessä oli laite, jota et voi piilottaa palomuurin taakse, poista palvelu kokonaan käytöstä. Etsi laitteeseesi sopivat ohjeet kirjoittamalla hakukoneeseen disable ntp ja laitteeseen liittyvä tarkenne, esimerkiksi kotireitittimen malli: disable ntp linksys wrt32x

- + diff --git a/fi/types/portscan.html b/fi/types/portscan.html index 35171bb7..912eed49 100644 --- a/fi/types/portscan.html +++ b/fi/types/portscan.html @@ -33,11 +33,11 @@ Porttiskannausta havaittu verkostasi | Badrap docs - - + +

Porttiskannausta havaittu verkostasi

Ongelman kuvaus

Seuraamastasi IP-osoitteesta on havaittu liikennettä jolla etsitään hyökkäyskohteita Internetistä. Laitteesi ottaa yhteyttä muihin verkkoihin ja laitteisiin ja tekee niille niin sanottuja porttiskannauksia. Yleensä tämä tarkoittaa että joku hallitsee laitetta verkossasi ja käyttää sitä hyväkseen löytääkseen uusia haavoittuvia laitteita. Laitteesi avulla yritetään siis löytää uusia hyökkäyskohteita.

Tutkimuspartnerimme Telia Darknet havaitsee tämänkaltaisia porttiskannaushyökkäyksiä automaattisesti. Heidän palvelunsa tunnistaa IP-osoitteita joista yritetään tehdä porttiskannauksia heidän hallinnoimiin mutta käyttämättömiin IP-osoitteisiin.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa laite, joka lähettää verkostasi porttiskannausliikennettä ulospäin. Lue ohjeet laitteen paikallistamiseksi.

Kun olet paikallistanut laitteen, suosittelemme resetoimaan sen tehdasasetuksille ja konfiguroimaan uudestaan tai asentamaan laitteen käyttöjärjestelmän kokonaan uudestaan. Jos laitteesi on otettu luvattomaan käyttöön ja se tekee automaattisesti porttiskannauksia, yleensä on liian hankalaa yrittää puhdistaa haittakoodin jälkiä ilman täydellistä laitteen resetointia.

Kun olet resetoinut laitteen tai asentanut sen uudestaan, sinun tulisi asentaa siihen kaikki saatavilla olevat ohjelmistopäivitykset, jotta laitteesi saadaan suojattua uusilta haltuunottoyrityksiltä. Jos tietoturvapäivityksiä ei ole laitteellesi saatavilla, sinun kannattaa harkita laitteen päivittämistä uuteen versioon tai kokonaan eri malliin, johon on saatavilla säännöllisiä tietoturvapäivityksiä.

- + diff --git a/fi/types/smb.html b/fi/types/smb.html index be44928d..8047da8e 100644 --- a/fi/types/smb.html +++ b/fi/types/smb.html @@ -33,11 +33,11 @@ Avoin SMB-tiedostojakopalvelu | Badrap docs - - + +

Avoin SMB-tiedostojakopalvelu

Ongelman kuvaus

Olemme havainneet verkossasi salaamattoman SMB-palvelun, johon kuka tahansa voi ottaa yhteyttä Internetistä.

SMB on protokolla, jota käytetään esimerkiksi tiedostojen ja tulostimien jakamiseen verkossa. Yleisesti ottaen tällaiset verkkojaot on parasta rajoittaa ainoastaan kotisi tai työpaikkasi sisäverkkoon. SMB-yhteydet ovat nimittäin oletusarvoisesti salaamattomia. Lisäksi kyseisen protokollan toteutuksissa on havaittu vuosien saatossa lukuisia tietoturvaongelmia.

Liian avoin SMB-palvelu voi jakaa kovalevysi sisältöä, kuvia ja dokumentteja koko maailmalle. Jos palvelu vielä sattuu olemaan haavoittuvainen, tarjoaa se pahantekijöille mahdollisuuden ottaa koko tietokone haltuun.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. Lue ohjeet laitteen paikallistamiseksi.

Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun käytöstä. Jos kyseessä on kotitietokoneesi ja haluat pitää palvelun päällä, siirrä ainakin laitteet palomuurin taakse tai ota tietokoneesi oma palomuuri käyttöön. Rajoita siis palvelu näkymään ainoastaan paikalliseen verkkoosi.

Hakusanoilla disable smb löydät käyttöjärjestelmääsi ja laitteeseesi liittyvät SMB-palvelun poisto-ohjeet.

- + diff --git a/fi/types/snmp.html b/fi/types/snmp.html index 623f2101..9217305d 100644 --- a/fi/types/snmp.html +++ b/fi/types/snmp.html @@ -33,11 +33,11 @@ Avoin SNMP-palvelu | Badrap docs - - + +

Avoin SNMP-palvelu

Ongelman kuvaus

SNMP, tuo Internet-palveluiden kasariveteraani. Tämän palvelun ei kannata olla näkyvillä Internetiin. Palvelun avulla nimittäin kuka tahansa voi kysellä tietoja IP-osoitteessasi olevista laitteista. Eikä siinä kaikki.

SNMP-palvelu on kätevä työkalu Internetin pahiksille. He kimmottavat ja vahvistavat hyökkäyksiään muita vastaan tämän palvelun avulla. Olet ehkä kuullut uutisissa joskus palvelunestohyökkäyksistä? Näillä niitä tehdään.

Uhrille homma näyttää siltä, että hyökkäys tulee tästä osoitteesta. Hyvä palvelu pahiksille, paha maine omistajalle. Ei jatkoon.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. Lue ohjeet laitteen paikallistamiseksi.

Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun välittömästi käytöstä. Etsi laitteeseesi tai käyttöjärjestelmään sopivat ohjeet kirjoittamalla hakukoneeseen disable snmp ja laitteeseen liittyvä tarkenne, esimerkiksi: disable snmp apple airport

Saattaa olla että löydät vain ohjeita, joissa kerrotaan miten SNMP-palvelu laitetaan päälle. Onneksi tätäkin ohjeita voi soveltaa: etsi ohjeista miten palvelu kytketään päälle ja tee juuri päinvastainen toimenpide – palvelun voi myös sammuttaa samasta paikasta.

- + diff --git a/fi/types/telnet.html b/fi/types/telnet.html index c2d47ba8..45e26ba7 100644 --- a/fi/types/telnet.html +++ b/fi/types/telnet.html @@ -33,11 +33,11 @@ Avoin Telnet-palvelu | Badrap docs - - + +

Avoin Telnet-palvelu

Ongelman kuvaus

Telnet - tuo ikivanha Internet-palvelu, jota ei soisi enää näkyvän - varsinkaan avoinna Internetiin! Avonainen Telnet-palvelu kertoo kolmesta mahdollisesta ongelmasta:

  1. Jos joku oikeasti käyttää palvelua, kaikki liikenne liikkuu salaamattomana Internetissä. Pahikset voivat nähdä kaiken mitä Telnet-yhteydellä teet. Pahikset voivat myös kaapata palvelun ja sitä tarjoavan laitteen itselleen.

  2. Jos Telnet-palvelun päälläolo on yllätys, siinä saattaa myös olla helposti arvattava oletussalasana käytössä.

  3. Laitteessa, jossa Telnet on auki on todennäköisesti monta muutakin tietoturvaongelmaa.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. Lue ohjeet laitteen paikallistamiseksi.

Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun välittömästi käytöstä. Etsi laitteeseesi tai käyttöjärjestelmään sopivat ohjeet kirjoittamalla hakukoneeseen disable telnet ja laitteeseen liittyvä tarkenne, esimerkiksi kotireitittimen malli: disable telnet telewell tw-ea501

- + diff --git a/fi/types/tftp.html b/fi/types/tftp.html index a3646e34..cbc401b0 100644 --- a/fi/types/tftp.html +++ b/fi/types/tftp.html @@ -33,11 +33,11 @@ Avoin TFTP-palvelu | Badrap docs - - + +

Avoin TFTP-palvelu

Ongelman kuvaus

Onko verkkosi toiminut joskus huonosti? Vika ei aina ole välttämättä palveluntarjoajassa. Pahikset saattavat käyttää tässä IP-osoitteessa olevaa avointa TFTP-palvelua hyväkseen palvelunestohyökkäyksissä.

Jos haluat ymmärtää paremmin kuinka tämän tyyppiset, ns. amplifikaatiohyökkäykset toimivat, lue lisää täältä.

Korjausehdotuksia

Ensiksi sinun tulisi tunnistaa laite, jossa palvelu on avoinna. Lue ohjeet laitteen paikallistamiseksi.

Kun olet paikallistanut laitteen, suosittelemme poistamaan palvelun välittömästi käytöstä. Etsi laitteeseesi tai käyttöjärjestelmään sopivat ohjeet kirjoittamalla hakukoneeseen disable tftp ja laitteeseen liittyvä tarkenne, esimerkiksi kotireitittimen malli: disable tftp netgear nighthawk

- + diff --git a/index.html b/index.html index 43f9e778..2f2810cd 100644 --- a/index.html +++ b/index.html @@ -33,11 +33,11 @@ Badrap Documentation | Badrap docs - - + + - + diff --git a/locate.html b/locate.html index af7466a6..ecb8285a 100644 --- a/locate.html +++ b/locate.html @@ -33,11 +33,11 @@ How to locate a vulnerable device | Badrap docs - - + +

How to locate a vulnerable device

Great to see you want to fix things!

A little detective work is required. Due to the way that the Internet works, we are not able to tell you exactly which device in your network may be vulnerable simply based on your IP address. However, we can help you find the vulnerable device. If you are visiting someone else's network, we can help you report your finding to someone else.

Where is the IP address with the reported vulnerability?

  • At my home
  • Somewhere else than my home

At my home

Are you using your home network or Wi-Fi?

If the vulnerability was reported from your home network, the most likely candidate for the vulnerable device is your home router. Usually all other devices connected to the Internet hide behind your home router's IP address.

First find out the brand and exact model number your home router. Usually you can see these from a sticker at the bottom of your device.

Next, search for the user manual of your device from the Internet (or from your home if you have saved it). The user manual explains how to maintain your device, how to configure it and what username and password to use. The username and password can also be printed in a sticker at the bottom of your device.

Congratulations, you've now managed to locate your device and can configure it. Next read our instructions on the specific vulnerability which was reported from your IP address and try to fix the problem!

Are you using a mobile device or a home router with a 4G connection?

Mobile networks can be more challenging in these kinds of cases, since IP addresses can move from one user to another quite quickly. At some mobile operators' networks thousands of individual users can reside behind a single IP address.

You can see under your user account details when you have registered your IP address into our service. Compare the time when you registered the IP address to when the vulnerability observation was made. If the observation has been made later than when you registered your IP, it's more likely that the device in question is yours. If the observation has been reported before, or if your current IP address is no longer the same, it's more likely that the vulnerability exists in some other user's device.

Did you manage to locate the device? Next read our instructions on the specific vulnerability which was reported from your IP address and try to fix the problem!

Somewhere else than my home

If you received a vulnerability notification for an IP address in someone else's network, such as your workplace or a guest network at a company, hotel, or cafe, you may not be able to fix the problem yourself. You can help fix the problem by reporting it to the owner or maintainer of the network.

First things first, collect some evidence.

The easiest way to do this is to take a screenshot of the vulnerability notification shown to you by our service. You can also even take a picture of the results with your mobile phone camera - points for style are not the key here, having the evidence is.

Next, find someone who you can report the finding to:

At your own workplace

If the vulnerability report came for an IP address at your own workplace, contact your IT support. Convey the report from our service to your support personnel and as if they know what device might be affected simply based on the IP address information. Ask also if they can fix the problem.

Visiting someone else's workplace

Are you visiting another company and using a guest network? Show the vulnerability notification to your host. They should be able to contact their IT support team, who can fix the problem based on the data you provide.

At school, at a hotel, cafe, etc.

Show the vulnerability notification to the staff. They should know (or at least they can find out) who is in charge of IT support and can fix the issue.

- + diff --git a/privacy-company.html b/privacy-company.html index efd5c498..b4c775ea 100644 --- a/privacy-company.html +++ b/privacy-company.html @@ -33,11 +33,11 @@ Privacy Policy for Badrap Oy | Badrap docs - - + +

Privacy Policy for Badrap Oy

We at Badrap Oy provide badrap.io service for consumers, and related commercial products for businesses. If you are a badrap.io user, the relevant privacy policy is here. This privacy policy explains why and how we, as a data controller, process our business users' personal information for legitimate business interests.

Data controller contact details

Company name: Badrap Oy
Address: Teknologiantie 11
90590 Oulu
Finland
Email: contact@badrap.io
Business ID: 2846254-9

Types of data collected

When discovering leads, we may collect your name, company, email address, and phone number. Our hosting, content delivery and analytics services collect visitor information in the form of IP addresses and cookies automatically submitted by your web browser.

We process your personal information for purposes of focusing and localizing marketing content, generating leads for our sales, distributing factual information and news related to our company and products and measuring and improving the website user experience.

Legal basis for processing personal information is our legitimate business interests. Initially, we use it to contact you to discover if you are interested in purchasing our services. When we contact you, you can opt-out from future contact attempts. Any follow-ups after a successful contact is made are based on your consent.

Data sources

Hosting and content delivery

We use Github, Github pages, and Netlify to deliver our website and relevant content to you. We also use HubSpot for sending email to you in few cases: 1) we have identified you might be interested in our products, 2) you have opted into our newsletter, or 3) your employer has subscribed to our services which require email communication beyond the communication badrap.io service itself sends. In order to work as efficient content delivery platforms, they may collect and use information that web browsers expose automatically, such as the browser version, IP address, site-specific cookies, device identifiers, language preference, referring site, the time of access and user’s operating system. These services should collect only minimal information required to deliver the content and we don’t use these services to collect any information for processing. Some of these services may provide you an option to register directly as their user to improve the user experience. If you have directly registered to any of these services, we advise you to study their respective privacy policies.

Analytics

We use Plausible.io to collect information about our website visitors and their behaviour while on the website. Plausible.io is a privacy-focused website analytics provider that collects anonymous statistics and does not use cookies. You can review the Plausible.io data policy to see how their analytics service works.

Marketing and customer relationship management (CRM)

We search for publicly available data to discover leads. We use Linkedin, RocketReach and Alma Talent company search to identify people in roles implying they may be interested in our products. We also use online forms to collect product inquiries and subscriptions from leads and customers. We use HubSpot, Stripe and DepositFix to record their contact information. We record the company name and optionally email, your name, VAT number, payment details and phone number, depending on what information is available or provided. We use this information to contact you if you are interested in purchasing our services or to provide you the services you have subscribed to. Further contacts are based on your consent.

Customer Success and Support Emails

We use Google Workspace, Microsoft Office 365 and Hubspot for email communications with customers. This includes support requests, customer success discussions, general inquiries and sales discussions. When you contact us, you consent and acknowledge that we will be processing any personal data you may include in your email with the aforementioned third-party services.

Customer Meetings

We use Google Calendar and Microsoft Office 365 to book customer meetings, and Google Meet and Microsoft Teams for conducting online meetings. We may also offer you the chance to book meetings with our personnel using Hubspot's Meetings tool, which is connected to our Microsoft or Google calendars. Hubspot's Meetings tool may be offered as an option for booking a meeting e.g. inside selected playbooks, on the web site or in our email signatures. Please note that your usage of the Hubspot Meetings tool is based on your own explicit and unambiguous consent, and it is covered by Hubspot's own privacy policy.

Embedded Content

We may sometimes embed media content such as videos onto our playbooks and web pages. This embedded media content may reside at an external hosting provider, such as Youtube. When we embed media content, we do it in a way that will share as little user information as possible with the content hosting provider. When viewing embedded content hosted at a third-party service provider, your viewing and interactions with the content are covered by the hosting provider's privacy policy. This means that you may have to review their privacy policy and to provide consent in order to view or interact with the embedded media.

Playbooks

We use ActiveCampaign for automating playbooks, such as Employee Cyber Hygiene online training and trials. Customers provide their email address or email addresses for us. Participants may submit further information via forms. Playbook automation requires us to track the progress of the users. Sometimes we also provide progress statistics to the playbook customers.

Your rights as a data subject

You have the following rights according to GDPR regarding the processing of your personal data. You can exercise your rights by contacting us by email.

Right of access: You have the right to check at any time, what personal information we have stored about you.

Right to object: You have the right to object to our processing of your personal data, if you think that our processing does not happen according to the GDPR or if you think we have no lawful basis for processing your data.

Right to erasure: You have the right to remove your personal data at any time.

Right to data portability: You have the right to request a machine-readable summary of your personal data from us, so that you can transfer them to another service provider.

Right to lodge a complaint: You have the right to complain to the supervisory authority if you think we are in violation of your rights, in violation of GDPR, or the Finnish law regarding personal data protection. The supervisory authority in this case is the Office of the Data Protection Ombudsman (Tietosuojavaltuutettu) in Finland.

Right to object to direct marketing: You have the right to object to using your personal data for direct marketing purposes.

Duration of processing

Email addresses submitted by the users are retained until the user unsubscribes. If a subscriber requests a permanent opt-out from any future marketing, then that opt-out address is retained until the person in question requests to be removed from the opt-out list.

Data recipients

Visitor information is processed only by named employees of Badrap Oy, who are responsible for developing and maintaining the website. Email addresses and subscriptions are processed by our sales and marketing personnel. Currently we employ no subcontractors or other third parties to process any personal information.

Data transfers outside of EU

Content delivery services utilize geographically distributed servers in order to deliver the content efficiently, making it difficult to determine the actual location where short-lived visitor data automatically submitted by the web browsers is stored.

External services used by us for content delivery and marketing collect and process data outside of the EU. Where possible we have configured these services to anonymize collected IP addresses. We use only service providers that comply with an adequate level of data privacy as required by the GDPR and that are committed to following relevant EU regulations.

Automated individual decision-making

Your personal data is not used for automated individual decision-making or profiling.

Data protection principles and measures

We don’t collect or ask you for personal information unless we truly need it. We control and keep track of who has access to the services used to process the data. We use transport layer encryption (TLS) to protect your interaction with our website. We occasionally review the implementation of our website and the related services we rely on against this privacy policy.

- + diff --git a/privacy.html b/privacy.html index 87fc2ae4..79fa4bae 100644 --- a/privacy.html +++ b/privacy.html @@ -33,11 +33,11 @@ badrap.io Privacy Policy | Badrap docs - - + +

badrap.io Privacy Policy

Badrap Ltd develops and maintains this service. We process your personal data according to the General Data Protection Regulation (GDPR) of the European Union, as well as according to all other relevant legislation according to Finnish and EU law. In this privacy policy we explain our basis for processing your personal information, and inform you of your rights regarding your personal data.

Data controller contact details

Badrap Oy
Teknologiantie 11
90590 Oulu
Finland
Email: contact@badrap.io
Business ID: 2846254-9

Badrap processes the personal information of its registered users in order to provide the service to the users. The legal basis for processing is explicit consent of the data subject - your own consent. You can create an account to the service yourself and submit your data if you choose to do so. We always ask for explicit consent before any of your personal data is stored under your user account.

For users who use our service without creating an user account, the legal basis for processing personal data is our legitimate interests.

We use Plausible.io to collect anonymous visitor statistics on our site. Plausible.io is a privacy-focused website analytics provider that allows us to know someone visited our service. You can review the Plausible.io data policy to see how their analytics service works. The legal basis for collecting website visitor statistics is our legitimate interests.

What personal information do we process?

  • One or more email addresses that you may choose to register into our service
  • One or more IP addresses that you may choose to register into our service
  • Security researchers' warnings regarding your registered IP addresses and email addresses ("assets")

Data sources

We receive your personal data with your explicit consent when you create an account for the service and when you use the service. You can choose to register your assets (IP addresses or email addresses that you use) under your user account. If you register an asset, it will be associated with your user account. You can add more assets under your user account. Registering a new asset under your account always requires your explicit consent. You can at any time see all of your personal data under your user account page, remove any registered assets from your account, or remove your whole user account completely.

We receive information security warnings from security researchers and research groups who follow malicious Internet traffic. If an asset that you have registered is found in any security researchers' warning lists, we will forward you any information regarding your asset that we have received from security researchers. As a rule, your personal data is not transferred to security researchers or any other third parties - only you yourself have access to your own personal data.

Your rights as a data subject

You have the following rights according to GDPR regarding the processing of your personal data. You can exercise your rights either directly through our service, or by contacting us by email.

Right of access: You have the right to check at any time, what personal information we have stored in our database about you. You can do this yourself by logging in to your user account and checking your personal information from your account page.

Right to object: You have the right to object our processing of your personal data, if you think that our processing does not happen according to the GDPR or if you think we have no lawful basis for processing your data. You can exercise this right by removing your user account and refraining from using the service.

Right to erasure: You have the right to remove your personal data from the service at any time. The easiest way to do this is to log in to the service and to remove your user account.

Right to data portability: You have the right to request a machine-readable summary of your personal data from us, so that you can transfer them to another service provider. If you want to exercise your rights, please contact us by email.

Right to lodge a complaint: You have the right to complain to the supervisory authority if you think we are in violation of your rights, in violation of GDPR, or the Finnish law regarding personal data protection. The supervisory authority in this case is the Office of the Data Protection Ombudsman (Tietosuojavaltuutettu) in Finland.

Right to object to direct marketing: You have the right to object to using your personal data for direct marketing purposes. Please keep in mind that we never use your data for direct marketing, nor do we transfer your data to third parties who could use it for direct marketing.

Duration of processing

We process your personal information as long as your user account exists or as long as you keep using the service. If you have created a user account, you can at any time delete your account yourself. When you delete your account, all of your personal information is erased from our systems. If you use the service without a user account as an anonymous user, you can at any time just stop using the service and refrain from using it again. This will cease our processing of your personal data.

Data recipients

Your personal data can be accessed by named employees of Badrap Ltd, who develop and maintain the service. As a rule, we do not transfer your data to third parties or use external service providers as subcontractors.

Data Breach Monitoring

As part of our data breach monitoring service, we offer an integrated search function against security researcher Troy Hunt's Have I Been Pwned data breach reporting database. This search function allows you to search for your email addresses from the Have I Been Pwned data breach service, and to be automatically notified if any new data breaches are published which contain personal information relating to your email addresses.

Have I Been Pwned privacy policy states they do not store or log your email addresses in any way when a query is performed. If you do not trust Badrap or Have I Been Pwned for processing your email addresses securely, you can always refrain from enabling and using the Have I Been Pwned search feature in Badrap.

Note that you have to always provide your explicit and unambiguous consent to use Badrap's Have I Been Pwned search feature, and that you can revoke this consent from your account settings at any time.

Support Emails

When you choose to contact us by email for general service inquiries, support requests or any other questions, we use Google Workspace, Microsoft Office 365 and Hubspot to receive, process and answer your emails. When you contact us, you consent and acknowledge that we will be processing any personal data you may include in your email with the aforementioned third-party services.

Embedded Content

We may sometimes embed media content such as videos onto our playbooks and web pages. This embedded media content may reside at an external hosting provider, such as Youtube. When we embed media content, we do it in a way that will share as little user information as possible with the content hosting provider. When viewing embedded content hosted at a third-party service provider, your viewing and interactions with the content are covered by the hosting provider's privacy policy. This means that you may have to review their privacy policy and to provide consent in order to view or interact with the embedded media.

Data transfers outside of EU

Some parts of our technical service implementation use external components: we use Mailgun for sending automatic email notifications to registered users, and Google Cloud SQL for storing information. We require our foreign service providers that their countries have an adequate level of data privacy as required by the GDPR, and that they are committed to follow the GDPR and other relevant EU regulations.

Automated individual decision-making

Your personal data is NOT used for automated individual decision-making or profiling.

Data protection principles and measures

Your personal data is stored and processed according to the best possible current technical and organizational privacy and security practices that we know of. We use encryption in all data transfer and storage, access control and auditing in all access to data, as well as backups and version control to ensure the integrity and availability of databases and user account data. We constantly ensure that all our employees are aware of the importance of data privacy and that everyone works according to best practices. Our employees are required to uphold a non-disclosure policy for personal data according to the GDPR. When a data breach happens, we are prepared to report the incident to the supervisory authority as well as to the data subjects within the required time limits specified by legislature. We are also prepared to present our practices and measures to the supervisory authority, if needed. We constantly strive to develop our practices and measures further in order to improve the security and privacy of our service.

Technically the process goes as follows: The user (you) registers his/her/their email addresses and IP addresses to the service via a TLS-encrypted session. The data provided by the user is stored into a Google Cloud SQL database. The database is secured with strong encryption and it implements SSAE 16, ISO 27001, PCI DSS v3.0 and HIPAA requirements. Only named Badrap employees who maintain the service can access the database. All email transmissions are done over TLS-encrypted connections whenever possible. No physical copies are ever made of users' personal data and no personal data is ever processed manually.

- + diff --git a/service-description.html b/service-description.html index 503a26c4..81639635 100644 --- a/service-description.html +++ b/service-description.html @@ -33,11 +33,11 @@ Service Description | Badrap docs - - + +

Service Description

Some commercial contracts we make with our customers may require us to describe certain aspects of our service. In the spirit of transparency, we publish the description here.

A detailed specification of the content and implementation of the service

Security researchers who produce security content send their findings to badrap.io. Users who consume security content sign up to badrap.io to register their assets and receive targeted information related to those assets. Users may also choose to share their assets to security researchers to receive more content.

The supplier's subcontractors who process personal data

We do not subcontract the processing of personal data. We may have data recipients. An up-to-date list of data recipients is always available at https://docs.badrap.io/privacy.html .

The procedures in place to secure (backup) the client's material in the service

We only store a minimal amount of configuration information to relay relevant messages to and from you. We design and operate the service so that encryption is used for data transfer and storage whenever possible, according to standard security practices.

We backup our production database at least once per day. We store these backups for a minimum of seven days.

Installation, modification and maintenance windows

As we are serving a global audience, we may perform installations, modifications and maintenance around the clock. Typical service interruptions are minimal, lasting only a few seconds or minutes.

The location where the service is produced

All data in our service is stored in data centres within the EU. Maintenance and management are conducted in Finland. See our privacy policy for more details: https://docs.badrap.io/privacy.html.

- + diff --git a/tos.html b/tos.html index 38f01211..2cdf2343 100644 --- a/tos.html +++ b/tos.html @@ -33,11 +33,11 @@ Badrap Terms of Service | Badrap docs - - + +

Badrap Terms of Service

By using badrap.io, you agree to these conditions. Please read them carefully.

Intended use

The Service is free for personal use and for internal use in companies with up to five employees. You may register assets to the Service to receive relevant security and privacy warnings. If you have more than five employees or want to use paid features contact us at contact@badrap.io. Your commercial right to use is granted by a separate purchase or trial agreement and payment of the related initial or renewal fees and other charges (“Fees”). In this case you have a non-transferable and non-exclusive right to use the service solely for your internal business purposes in accordance with the commercial terms of the purchase or trial agreement and this Terms of Service.

Intellectual property

The copyright and all other intellectual property rights in and related to the Service (including all text, graphics, code, files and links) belong to our licensors or us (Badrap Oy). You agree not to reproduce, duplicate, copy, sell, resell or exploit any portion of the Service beyond the Intended Use without express written permission by us.

Modifications to the Service

We reserve the right to modify the Service without notice at any time.

Prohibited use

You are prohibited from using the site or its contents: (a) to directly or indirectly violate any international or local regulations, rules, laws, or ordinances; (b) to infringe upon or violate intellectual property rights; (c) to harass, abuse, insult, harm, intimidate, or discriminate; (d) to submit false or misleading information; or (e) to interfere with the security of the Service or the Internet.

Limitation of liability

You expressly agree that your use of the Service is at your sole risk. The Service and everything delivered to you through the Service are (except as expressly stated by us) provided 'as is' and 'as available' for your use, without any representations, warranties, either express or implied, including all implied warranties or conditions of merchantability, merchantable quality, fitness for a particular purpose, durability, title, and non-infringement.

Termination

If in our sole judgment you fail, or we suspect that you have failed, to comply with any term or provision of these Terms of Service, we may terminate this agreement at any time without notice and you will remain liable for all amounts due up to and including the date of termination; and/or accordingly may deny you access to our Services.

Governing law and Arbitration

These Terms of Service and any separate agreements whereby we provide you Services shall be governed by and construed in accordance with the laws of Finland.

Any dispute, controversy or claim arising out of or relating to this contract, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce. The number of arbitrators shall be three. The seat of arbitration shall be Helsinki. The language of the arbitration shall be English.

Contact information

Questions about the Terms of Service should be sent to us at support@badrap.io

Privacy of our registered users

Submission of personal information to the Service (badrap.io) is governed by our Privacy Policy: https://docs.badrap.io/privacy.html

Terms of service specific to companies

In addition to our generic End User Terms of Service given above, the following terms apply to Companies and the processing of data that Companies and their Employees provide to us.

  1. We comply to GDPR.
  2. We do not subcontract data processing without your permission.
  3. We process the data you provide for the purpose of relaying security and privacy warnings related to your assets. Duration of the processing is for as long as you keep your account active and store your data in our Service. We stop the processing and remove the data when you terminate your account. You may at any time review your stored data under your user account.
  4. When we provide the Service to a Company, we act as a Data Processor according to the definitions of the GDPR. The Company whose Employees use our Service acts as a Data Controller. The Company's Employees share their personal data as Data Subjects.
  5. You will be notified of any data breaches in our Service that relate to the data you have provided to us for processing.
  6. For inquiries related to privacy and personal data processing, contact us at support@badrap.io.
- + diff --git a/types/abandoned-server.html b/types/abandoned-server.html index f1194047..4a2d020d 100644 --- a/types/abandoned-server.html +++ b/types/abandoned-server.html @@ -33,8 +33,8 @@ Abandoned Server | Badrap docs - - + +

Abandoned Server

A computer with an Internet-facing IP address at your organization seems to be running an old operating system, which no longer receives security updates. The system may be vulnerable and should be decommissioned or upgraded.

Problem description

Based on version details of services visible to the Internet, a server, workstation or laptop in your network is running an out-of-date operating system. The operating system version has reached its end-of-life (EOL) phase, support for it has ended, and security updates are no longer released for it. You should assume that the server already contains unpatched vulnerabilities that an attacker can exploit, and continues to accumulate more vulnerabilities as time goes on.

Verifying the issue

On Linux systems, the following commands can be used to check which operating system version and release the affected computer is running.

Debian/Ubuntu and derivatives:

$ lsb_release -a
@@ -50,6 +50,6 @@
 OS Name: Microsoft Windows 10 Enterprise
 OS Version: 10.0.19045 N/A Build 19045

The following links explain support timelines and EOL dates for the most common operating system releases. For other operating systems and versions, you can find the information online easily by searching for "OS name" (e.g. "OpenBSD") and "EOL" or "end-of-life".

Suggestions for repair

  1. If the server or workstation is not actively used or needed anymore, decommission it.
  2. If the server is still needed, replace it with a completely reinstalled server with a currently supported operating system.
  3. If you cannot replace the server with a freshly installed one, upgrade the operating system in place to a currently supported version. Please note that in this case known vulnerabilities may already have been abused and the system may be compromised.

Further considerations

  • Is the finding valid, and the operating system version is no longer supported?
  • Is the computer a server, a workstation or a laptop?
  • Does the computer contain information that should not end up in the wrong hands?
  • Has the computer contained such information at some point in the past?
  • If the computer is a server, is it actively used, or can it be decommissioned?

Protecting against future incidents

  1. Make sure that you use operating system versions that are actively supported.
  2. Whenever a new operating system version is released, upgrade your systems before the old version reaches its end-of-life phase.
  3. Make sure that you have named service owners who follow vulnerability reports and install updates whenever new vulnerabilities are announced.
  4. Continue to identify and decommission old legacy servers which have reached their end-of-life and which are no longer needed.
- + diff --git a/types/attacksource.html b/types/attacksource.html index ccb0a88e..a7f752f2 100644 --- a/types/attacksource.html +++ b/types/attacksource.html @@ -33,11 +33,11 @@ Attack Source | Badrap docs - - + +

Attack Source

Problem description

This IP has been identified as a source of attacks. Usually this means that someone else is controlling your device and using it to attack others. Your device may be used to find new victims to infect, gain unauthorized access to to other devices, scan networks for vulnerabilities and try to exploit them, or cause disruption to normal Internet services.

These forms of attacks are detected automatically by researchers with devices called honeypots, which simply listen for attack attempts and record the attacker IP address and attack type when an attack is detected. Sometimes also the victims of these attack attempts alert researchers that they have seen an attack from a particular IP.

Our research partner Deutsche Telekom Honeypot Project operates a network of honeypots around the world as part of their Cyber Early Warning System.

Suggestions for repair

First of all you need to identify the device which is sending out these attacks. Please read our instructions on locating vulnerable devices.

After you find the correct device, we recommend you to reset it to its factory settings or perform a full reinstall of the operating system. If your device is compromised and sending out attacks, it is usually too complex to try to clean the system without a full reset.

After you reset the device or reinstall the operating system, you should install all of the latest software updates to make sure your system will not be compromised in the same way again. If no security updates are available, you might consider switching to a different device, which is updated against known vulnerabilities.

- + diff --git a/types/databreach.html b/types/databreach.html index 63a219ab..d0ef4cf4 100644 --- a/types/databreach.html +++ b/types/databreach.html @@ -33,11 +33,11 @@ Data Breach | Badrap docs - - + +

Data Breach

Problem description

Your email address and possibly other personal data related to it has been stolen or accidentally exposed from a database. Usually, this happens when you provide your email address and other personal data to a company or organization when you subscribe to a service, and that company or organization then gets hacked or otherwise fails to protect your personal data adequately.

Along with your email address, a data breach may include personal information such as passwords, home addresses, phone numbers or credit card numbers, depending what information you have given to the service and what has been exposed. Breached data can be published online or used by hackers for bad purposes.

Information about these kinds of data breaches along with exposed email addresses are collected by a widely-publicized and credible data breach reporting service Have I Been Pwned, operated by security researcher Troy Hunt. You can read more about the data breaches collected by them at Who's been pwned. You can also learn more about data breaches in general in their FAQ.

Suggestions for repair

Since the data breach has already occurred, the most important thing is to stay calm. Many of the reported data breaches happened a long time ago. In most of the reported data breaches, the company or organization from where your data got stolen has already sent you a notification about the breach, asking you to protect your account by changing your password and providing other advice on how to stay safe. If you have done these things after the breach occurred, you should be quite safe. Your information can of course still be found among the breached data, but your account is protected from abuse.

If you have not known about the breach or if you have not yet acted according to the instructions, you should go to the affected service and change your password immediately. If you have been using the same password in other services, you should change those passwords too. In general, you should always use a different password for different services, so that data stolen from one service provider cannot be used to hack your other services.

Protecting against future data breaches

There are many other common-sense things you can do to protect against data breaches in the future. These are a few well-proven suggestions:

  • Use hard-to-guess passwords. Do not use common words (e.g., your own name) or numbers (1234). Use random words or characters, with punctuation marks and numbers thrown in to further reduce guessability.
  • Use a password manager application to generate and store good passwords on your behalf.
  • Use two-factor authentication in services that support it. That way, if an attacker gets hold of your password, they still cannot access your account easily.
- + diff --git a/types/dns.html b/types/dns.html index f42a362d..bd74d9ee 100644 --- a/types/dns.html +++ b/types/dns.html @@ -33,11 +33,11 @@ Open DNS service | Badrap docs - - + +

Open DNS service

Problem description

Has your Internet connection sometimes been working badly? Your service provider is not always the source of the problem. It seems that your IP address has an open DNS service. Bad guys in the Internet search and abuse these services to cover their tracks and to amplify their denial-of-service attacks. When your DNS service is being abused, as a side effect your own Internet connection can become unusable.

An open DNS service means simply, that an attacker can send your device a small request message from the Internet, and your device will send back a large response message. If an attacker forges their source address and send a massive amount of small requests to your device, your device amplifies the attack by sending a massive amount of large responses to a third party (the actual victim of the attack). The victim is usually someone else than you, but as a result of the attack your own Internet connection usually breaks down.

If you want to understand better how these kinds of so-called amplification attacks work, please see here.

Suggestions for repair

First of all you need to identify the device which has the vulnerable service open. Please read our instructions on locating vulnerable devices.

If your DNS service is on without your knowledge or a valid reason

Do you own a device but don't know why its DNS service is visible to the Internet? This most likely means you do not need the service to be open. See your device instructions on how to disable DNS from being accessible from the Internet. Look for keywords "DNS", "Domain Name Service" or "Name Service". You could also look for a firewall function in your device, that could be used to block access to the DNS service from the Internet.

If your DNS service is on intentionally

See these instructions from US-CERT for examples on how to harden most common DNS services: https://www.us-cert.gov/ncas/alerts/TA13-088A.

You should allow recursive queries only for your own devices.

- + diff --git a/types/eol-server.html b/types/eol-server.html index f90bdcaa..fd45743a 100644 --- a/types/eol-server.html +++ b/types/eol-server.html @@ -33,11 +33,11 @@ End Of Life Server | Badrap docs - - + + - + diff --git a/types/expired-certificate.html b/types/expired-certificate.html index 18adae98..57e22951 100644 --- a/types/expired-certificate.html +++ b/types/expired-certificate.html @@ -33,11 +33,11 @@ Expired Certificate | Badrap docs - - + +

Expired Certificate

A TLS certificate issued to a host at your organization has expired. The certificate has not yet been renewed.

Problem description

Publically available Certificate Transparency logs contain information on all TLS certificates that have been generated into use. According to those logs, a certificate assigned to a host in your organization has expired, and it has not yet been renewed. When a certificate expires, services relying on TLS on that host no longer work correctly, and those services may not be reachable by their intended users.

Verifying the issue

You can use a public Certificate Transparency logs search engine such as crt.sh to check the status of your certificate. Replace the hostname in the query string with your hostname.

  • https://crt.sh/?q=host.example.com

Note that if you are replacing a host-specific certificate with a wildcard certificate (e.g. "*.example.com"), this may be a perfectly valid reason to let the old host certificate expire.

Suggestions for repair

  1. Check if the host and service with the TLS certificate is still in active use. If the server is no longer needed, decommission it.
  2. If the service is in active use, find out who is responsible for renewing TLS certificates for your organization.
  3. Ask them to renew the TLS certificate and to install the new certificate in place.

Protecting against future incidents

  1. Monitor your TLS certificates actively for expiration.
  2. Renew your actively used certificates automatically, if possible.
  3. Make sure that you have named service owners who are responsible for maintaining certificates on their systems.
  4. Decommission legacy servers when they are no longer needed.
- + diff --git a/types/exposed-service.html b/types/exposed-service.html index c4ea6178..590a692a 100644 --- a/types/exposed-service.html +++ b/types/exposed-service.html @@ -33,11 +33,11 @@ Exposed Service | Badrap docs - - + +

Exposed Service

A computer with an Internet-facing IP address at your organization has a database, remote administration or a file sharing service exposed to the Internet. Attackers may try to abuse these exposed services to steal data or to gain access to the server. The exposed service should be verified and isolated, if it does not need to be exposed to the public.

Problem description

Databases, remote administration interfaces or file shares should not be visible directly to the Internet, unless there is a very specific need. Databases accidentally left open to the Internet are a common cause for severe data breaches.

Even if the system is carefully configured to require proper access control, any new vulnerabilities in the exposed services may be abused by attackers before security updates are released and installed.

Verifying the issue

You can check if Shodan.io has identified your exposed service with the following query. Replace the example IP address in the query string with your server IP.

  • https://www.shodan.io/search?query=127.0.0.1

Make sure to pay attention to the "last seen" timestamp in Shodan's information page. If the issue was last observed some time ago, it may already be fixed. If the issue has been observed recently, the service is likely still exposed. Despite what Shodan says, always verify the issue by checking the server itself or by trying to connect to the exposed service.

Suggestions for repair

  1. Find out if the server is still being used. If it is not needed any more, decommission it.
  2. If the server cannot be decommissioned, verify if its services really need to be publicly visible to the Internet.
  3. Make sure that the exposed service is properly access-controlled, at a minimum with a non-default username and password.
  4. If the services do not need to be visible to the Internet, block access with a firewall and/or configure the service to only accept connection attempts from within your own organization.
  5. If remote connectivity is necessary, consider if the remote connection could be arranged securely. For instance, consider requiring a VPN.
  6. Check from logs if the server has been accessed without authorization.

Further considerations

  • Does the server contain confidential information for you or your customers?
  • Is the server properly access-controlled?
  • Have any passwords relating to the server been available anywhere (please note e.g. default passwords, or passwords that might have leaked to the public through application code accessing the server)?
  • How are you ensuring that all available security updates for the server are regularly installed and maintained?
  • How are you monitoring possible exploitation attempts against the server?
  • If the server is running a database, can it be remotely accessed without encryption?

Protecting against future incidents

  1. When designing a new service, try to limit its exposure to a minimum.
  2. Allow access to the service only from a limited set of trusted IP addresses or networks.
  3. Never expose a service with a default username or password to the public. Use a strong username and password for authentication.
  4. Allow access to the service only after some form of authentication and authorization (e.g. a VPN or single sign-on). Require users to use multi-factor authentication, if possible.
  5. Make sure that you have named service owners who follow vulnerability reports and install updates whenever new vulnerabilities are announced.
  6. Continue to identify exposed services automatically. Decommission any servers which are no longer needed.
- + diff --git a/types/malware-citeary.html b/types/malware-citeary.html index 58c87761..4c3826c0 100644 --- a/types/malware-citeary.html +++ b/types/malware-citeary.html @@ -33,11 +33,11 @@ Problem description | Badrap docs - - + +

Malware: Citeary

Problem description

A Windows computer in your network is likely infected with the Citeary malware. Citeary is a very common type of malware that affects only Windows systems. It belongs to a category of malware called worms, which usually copy themselves automatically onto your computer from a removable drive or USB stick, from network drives, through email attachments, filesharing services or links received through instant messaging chat applications. The infection most often happens through a Windows feature called "autorun", in which a program is automatically executed when you plug in a USB memory stick or a removable drive. The worm infects your machine through this automatic execution mechanism. Another very common way to infect your machine is if you click a link in an email or chat message you receive from someone whose computer has also been infected by this malware.

After your computer has been infected, this family of malware can be used to perform many kinds of bad actions, such as using your computer to make denial-of-service attacks against other victims in the Internet, to steal your sensitive personal or financial data, or perform computing tasks such as mining cryptocurrency or cracking passwords. The malware is also trying to spread to other computers in your network and elsewhere in the Internet. It may try to send emails or chat messages to your friends or other people in your address book, and get those people to click the link that causes an infection.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

First of all you need to identify the computer in your network which is likely infected by this type of malware. Please read our instructions on locating vulnerable devices.

You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to detect this malware and fix your computer: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Citeary.E. You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.

- + diff --git a/types/malware-ircbot.html b/types/malware-ircbot.html index e8c218a9..f0445395 100644 --- a/types/malware-ircbot.html +++ b/types/malware-ircbot.html @@ -33,11 +33,11 @@ Problem description | Badrap docs - - + +

Malware: IRCBot

Problem description

A Windows computer in your network is likely infected with the IRCBot malware. IRCBot is a very common type of malware that affects only Windows systems. It belongs to a category of malware called trojans, which usually infect your machine when you open a link or an attachment in an email or in an instant messaging chat.

After your computer has been infected, this family of malware allows an attacker to remotely connect to your computer, eavesdrop on everything you type on your computer, steal your personal and financial data, delete your files, or use your computer for other malicious purposes.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

First of all you need to identify the computer in your network which is likely infected by this type of malware. Please read our instructions on locating vulnerable devices.

You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to detect this type or malware and fix your computer: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Win32%2FIRCBot. You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.

- + diff --git a/types/malware-jadtre.html b/types/malware-jadtre.html index da1a146f..83ab9529 100644 --- a/types/malware-jadtre.html +++ b/types/malware-jadtre.html @@ -33,11 +33,11 @@ Problem description | Badrap docs - - + +

Malware: Jadtre

Problem description

A Windows computer in your network is likely infected with the Jadtre malware. Jadtre is a very common type of virus that affects only Windows systems. It usually copies itself automatically onto your computer from a removable drive or USB stick, from network drives, or when you execute an EXE program file which is infected with this worm. The infection most often happens through a Windows feature called "autorun", in which a program is automatically executed when you plug in a USB memory stick or a removable drive. The virus infects your machine through this automatic execution mechanism.

After your computer has been infected, this family of malware can be used to perform many kinds of bad actions, such as using your computer to make denial-of-service attacks against other victims in the Internet, to steal your sensitive personal or financial data, or perform computing tasks such as mining cryptocurrency or cracking passwords. The malware is also trying to spread to other computers in your network and elsewhere in the Internet. It usually tries to copy itself to executable files on your computer, to any removable drives or USB sticks you attach to your computer, or to any shared network drives that are reachable from your machine and that are not protected with strong passwords.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

First of all you need to identify the computer in your network which is likely infected by this type of malware. Please read our instructions on locating vulnerable devices.

You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to find this malware and fix your computer: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:Win32/Jadtre.A. You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.

- + diff --git a/types/malware-palevo.html b/types/malware-palevo.html index 94f29856..b798db25 100644 --- a/types/malware-palevo.html +++ b/types/malware-palevo.html @@ -33,11 +33,11 @@ Problem description | Badrap docs - - + +

Malware: Palevo

Problem description

A Windows computer in your network is likely infected with the Palevo malware. Palevo is a very common type of malware that affects only Windows systems. It belongs to a category of malware called worms, which usually copy themselves automatically onto your computer from a removable drive or USB stick, from network drives, through email attachments, filesharing services or links received through instant messaging chat applications. The infection most often happens through a Windows feature called "autorun", in which a program is automatically executed when you plug in a USB memory stick or a removable drive. The worm infects your machine through this automatic execution mechanism. Another very common way to infect your machine is if you click a link in an email or chat message you receive from someone whose computer has also been infected by this malware.

After your computer has been infected, this family of malware can be used to perform many kinds of bad actions, such as using your computer to make denial-of-service attacks against other victims in the Internet, to steal your sensitive personal or financial data, or perform computing tasks such as mining cryptocurrency or cracking passwords. The malware is also trying to spread to other computers in your network and elsewhere in the Internet. It may try to send emails or chat messages to your friends or other people in your address book, and get those people to click the link that causes an infection.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

First of all you need to identify the computer in your network which is likely infected by this type of malware. Please read our instructions on locating vulnerable devices.

You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to use Windows Defender to fix your computer: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm%3AWin32%2FPalevo. You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.

- + diff --git a/types/malware-pushdo.html b/types/malware-pushdo.html index 1fb43639..1889f00b 100644 --- a/types/malware-pushdo.html +++ b/types/malware-pushdo.html @@ -33,11 +33,11 @@ Problem description | Badrap docs - - + +

Malware: Pushdo

Problem description

A Windows computer in your network is likely infected with the Pushdo malware (also known with the name Pandex). Pushdo is a very common type of malware that affects only Windows systems. It belongs to a category of malware called trojans, which usually infect your machine when you open a link or an attachment in an email or in an instant messaging chat.

After your computer has been infected, this family of malware allows an attacker to remotely connect to your computer, eavesdrop on everything you see and type on your computer, steal your personal and financial data, delete your files, or use your computer for other malicious purposes.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

First of all you need to identify the computer in your network which is likely infected by this type of malware. Please read our instructions on locating vulnerable devices.

You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to detect this type or malware and fix your computer: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor%3AWin32%2FPushdo.A. You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.

- + diff --git a/types/malware-sality.html b/types/malware-sality.html index c354def4..946b63bb 100644 --- a/types/malware-sality.html +++ b/types/malware-sality.html @@ -33,11 +33,11 @@ Problem description | Badrap docs - - + +

Malware: Sality

Problem description

A Windows computer in your network is likely infected with the Sality malware. Sality is a very common type of malicious code that affects only Windows systems. It usually infects your PC when you open a file with malicious contents. It can be used to perform many kinds of bad actions, such as using your computer to send and receive spam emails, stealing your sensitive personal or financial data, or performing computing tasks such as mining cryptocurrency or cracking passwords.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

First of all you need to identify the computer in your network which is likely infected by this type of malware. Please read our instructions on locating vulnerable devices.

You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to use Windows Defender to fix your computer: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Sality. You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.

- + diff --git a/types/malware-wapomi.html b/types/malware-wapomi.html index 29065608..082bdd7c 100644 --- a/types/malware-wapomi.html +++ b/types/malware-wapomi.html @@ -33,11 +33,11 @@ Problem description | Badrap docs - - + +

Malware: Wapomi

Problem description

A Windows computer in your network is likely infected with the Wapomi malware. Wapomi is a very common type of malware that affects only Windows systems. It belongs to a category of malware called worms, which usually copy themselves automatically onto your computer from a removable drive or USB stick, from network drives, or when you execute an EXE program file which is infected with this worm. The infection most often happens through a Windows feature called "autorun", in which a program is automatically executed when you plug in a USB memory stick or a removable drive. The worm infects your machine through this automatic execution mechanism.

After your computer has been infected, this family of malware can be used to perform many kinds of bad actions, such as using your computer to make denial-of-service attacks against other victims in the Internet, to steal your sensitive personal or financial data, or perform computing tasks such as mining cryptocurrency or cracking passwords. The malware is also trying to spread to other computers in your network and elsewhere in the Internet. It usually tries to copy itself to every EXE file on your computer, to any removable drives or USB sticks you attach to your computer, or to any shared network drives that are reachable from your machine and that are not protected with strong passwords.

Your infected PC is sending out messages to the Internet that indicate that it is likely infected with this malware. Our research partner Fitsec has detected these messages and have identified that the IP address that you are following is potentially infected, or the potentially infected host is in a network behind this IP address.

Suggestions for repair

First of all you need to identify the computer in your network which is likely infected by this type of malware. Please read our instructions on locating vulnerable devices.

You should then use an antivirus tool to scan and disinfect your Windows computer. Microsoft Windows Defender application should be able to detect and remove this malware. Other common antivirus software from vendors such as F-Secure, Symantec, AVG, MacAfee or Sophos can also find and remove it. Microsoft has published these instructions how to find this malware and fix your computer: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus%3AWin32%2FJadtre.I. You can also consider reinstalling your computer with a fresh Windows installation to make sure you get rid of the malware infection.

- + diff --git a/types/mdns.html b/types/mdns.html index 68aaca91..1bac7ceb 100644 --- a/types/mdns.html +++ b/types/mdns.html @@ -33,11 +33,11 @@ Open mDNS service | Badrap docs - - + +

Open mDNS service

Problem description

Is your Internet working badly? Sometimes your service provider is not to blame. Bad guys can use your open mDNS service to launch a denial-of-service attack. As a result, your Internet connection can work really slowly or not at all, and the actual victim of the attack has things even worse.

If you want to understand better how these kinds of so-called amplification attacks work, please see here.

Suggestions for repair

First of all you need to identify the device which has the vulnerable service open. Please read our instructions on locating vulnerable devices.

When you have located the vulnerable device, we recommend disabling the mDNS service from it. Search for instructions from the Internet with the keywords disable mdns and your device brand and model, for instance: disable mdns google wifi

If the mDNS service is on intentionally and you want to keep it that way, at least block access to the mDNS service from the Internet at your firewall or home router.

- + diff --git a/types/memcached.html b/types/memcached.html index 3c338f88..a7bf4da3 100644 --- a/types/memcached.html +++ b/types/memcached.html @@ -33,11 +33,11 @@ Open Memcached service | Badrap docs - - + +

Open Memcached service

Problem description

Have you read the news? Internet bad guys broke their previous record of denial-of-service attack effectiveness on Feb 28, 2018. This record-breaking attack was made by abusing the Memcached services of innocent third parties.

Here's one report of this rather questionable record attack: https://thehackernews.com/2018/03/biggest-ddos-attack-github.html

Amplification attacks abusing services that run on top of the UDP protocol are common. There is also another issue with Memcached, as it does not support authentication outsiders can tamper with the service data. (Source: https://www.shadowserver.org/wiki/pmwiki.php/Services/Open-Memcached)

If you want to understand better how these kinds of so-called amplification attacks work, please see here.

Suggestions for repair

Block access to the service from the Internet by blocking incoming UDP port 11211 at your firewall. If you do not need the Memcached service to be on, disable it.

You can find good instructions by searching for the keywords how to disable memcached. To refine the results even further, add your device, operating system or name of Linux distribution to the search terms.

- + diff --git a/types/netbios.html b/types/netbios.html index 72c71fdc..5dd71d35 100644 --- a/types/netbios.html +++ b/types/netbios.html @@ -33,11 +33,11 @@ Open Netbios service | Badrap docs - - + +

Open Netbios service

Problem description

Is your Internet working badly? Sometimes your service provider is not to blame. Bad guys can use your open NetBIOS service to launch a denial-of-service attack. As a result, your Internet connection can work really slowly or not at all, and the actual victim of the attack has things even worse.

If you want to understand better how these kinds of so-called amplification attacks work, please see here.

Suggestions for repair

First of all you need to identify the device which has the vulnerable service open. Please read our instructions on locating vulnerable devices.

When you have located the vulnerable device, we recommend disabling the NetBIOS service from it. Search for instructions from the Internet with the keywords disable netbios and your device brand and model, for instance: disable netbios asus rt-ac96u

If the NetBIOS service is on intentionally and you want to keep it that way, at least block access to the NetBIOS service from the Internet at your firewall or home router.

- + diff --git a/types/ntp.html b/types/ntp.html index 7c474ee8..344004a9 100644 --- a/types/ntp.html +++ b/types/ntp.html @@ -33,11 +33,11 @@ Open NTP service | Badrap docs - - + +

Open NTP service

Problem description

Is your Internet working badly? Sometimes your service provider is not to blame. Bad guys can use your open NTP service to launch a denial-of-service attack. As a result, your Internet connection can work really slowly or not at all, and the actual victim of the attack has things even worse.

If you want to understand better how these kinds of so-called amplification attacks work, please see here.

Suggestions for repair

First of all you need to identify the device which has the vulnerable service open. Please read our instructions on locating vulnerable devices.

When you have located the vulnerable device, we recommend disabling the NTP service from it. Search for instructions from the Internet with the keywords disable ntp and your device brand and model, for instance: disable ntp linksys wrt32x

If the NTP service is on intentionally and you want to keep it that way, at least block access to the NTP service from the Internet at your firewall or home router.

- + diff --git a/types/portscan.html b/types/portscan.html index 8350a200..1cfd6c2d 100644 --- a/types/portscan.html +++ b/types/portscan.html @@ -33,11 +33,11 @@ Port Scan Source | Badrap docs - - + +

Port Scan Source

Problem description

This IP has been identified to scan the Internet for potential attack targets. Your device is connecting to other networks and devices in the Internet and scanning them for open ports. Usually this means that someone is controlling a device in your network and using it to find other vulnerable devices. Your device is being used to actively find new victims to infect or attack.

These kinds of port scans are detected automatically by our research partner Telia Darknet. They operate a service that identifies IP addresses which are making port scans for their unused IP address space.

Suggestions for repair

First of all you need to identify the device in your network which is making these port scans. Please read our instructions on locating vulnerable devices.

After you find the correct device, we recommend you to reset it to its factory settings or perform a full reinstall of the operating system. If your device is compromised and actively sending out attacks, it is usually too complex to try to clean the system without a full reset.

After you reset the device or reinstall the operating system, you should install all of the latest software updates to make sure your system will not be compromised in the same way again. If no security updates are available, you might consider switching to a different device, which is updated against known vulnerabilities.

- + diff --git a/types/rdp.html b/types/rdp.html index 72dd7358..cf0051fe 100644 --- a/types/rdp.html +++ b/types/rdp.html @@ -33,11 +33,11 @@ Open RDP service | Badrap docs - - + +

Open RDP service

Problem description

Our data source has detected in your network an open and unprotected RDP (Remote Desktop Protocol) desktop-sharing service, which anyone can access from the Internet.

RDP is a common protocol used to share your computer desktop with someone else. It is commonly used to allow family members to administer relatives' computers remotely, or to allow IT support to access and service your computer from somewhere else.

While there is a valid use for RDP for remote administration, having your computer open for anyone from the Internet is likely not what you want.

Often RDP is enabled on work computers when they are being used inside the office network. When you move the computer to a home network, as a result of a misconfiguration the RDP service may be left open, and visible to the whole Internet.

Having the RDP service open may allow attackers to attempt to control your computer and observe what you are doing on your screen. This may allow unauthorized attackers to steal your passwords, confidential work or personal information, bank account details, anything you do on your computer.

Suggestions for repair

First of all you need to identify the computer which has the vulnerable service open. Please read our instructions on locating vulnerable devices.

When you have located the vulnerable computer, we recommend disabling the RDP service from it. Search for instructions from the Internet with the keywords disable rdp and include your operating system version to further refine the search results, e.g. disable rdp windows 10.

See Disable Remote Desktop from Windows 10 for step-by-step instructions for Windows PCs.

If the RDP service is on intentionally and you want to keep it that way, at least block access to the service from the Internet at your firewall or home router. If the service is needed for work, ask your IT support to configure the service in a secure way.

- + diff --git a/types/smb.html b/types/smb.html index 1affbd49..dfae42ab 100644 --- a/types/smb.html +++ b/types/smb.html @@ -33,11 +33,11 @@ Open SMB service | Badrap docs - - + +

Open SMB service

Problem description

Our data source has detected in your network an open and unprotected SMB service, which anyone can access from the Internet.

SMB is a common Internet protocol used to share access to files and printers in home and office networks. In general these kinds of network shares should be limited to work only from the local network, not from the Internet. SMB connections are unencrypted by default, and over the years countless security vulnerabilities have been found in services using SMB.

An open SMB service can share the contents of your hard drives including your personal documents and images to the whole world. If your SMB service happens to also contain vulnerabilities, bad guys can use it to take control of your computer and use it to launch further attacks inside your network.

Suggestions for repair

First of all you need to identify the device which has the vulnerable service open. Please read our instructions on locating vulnerable devices.

When you have located the vulnerable device, we recommend disabling the SMB service from it. Search for instructions from the Internet with the keywords disable smb and include your device or operating system version to further refine the search results.

If the SMB service is on intentionally and you want to keep it that way, at least block access to the service from the Internet at your firewall or home router.

- + diff --git a/types/snmp.html b/types/snmp.html index 64d04f4b..0b3ab09a 100644 --- a/types/snmp.html +++ b/types/snmp.html @@ -33,11 +33,11 @@ Open SNMP service | Badrap docs - - + +

Open SNMP service

Problem description

SNMP is a veteran of Internet services from the 80's. This service should not be open to the Internet from your devices. If it is open, anyone could find out information about your devices at your IP address. And that's not even all of it!

The SNMP service is also handy for Internet bad guys when they make denial-of-service attacks. They can amplify their attacks using the SNMP service. If you have heard of denial-of-service attacks, this is one of the common services used to create those attacks.

When a bad guy uses your SNMP service to launch an attack towards someone else, the actual victim of the attack sees the attack coming from your IP address. SNMP is great for bad guys, and it can bring bad reputation to you if an attack happens.

Suggestions for repair

First of all you need to identify the device which has the vulnerable service open. Please read our instructions on locating vulnerable devices.

When you have located the vulnerable device, we recommend disabling the service from it. Search for instructions from the Internet with the keywords disable snmp and your device brand and model, for instance: disable snmp apple airport

Sometimes you may be able to only find instructions on how to enable the SNMP service in your device. If this happens, just perform the exact opposite actions and disable the service - usually you can enable and disable the service from the same location in your device's administration interface.

If the SNMP service is on intentionally and you want to keep it that way, at least block access to it from the Internet at your firewall or home router.

- + diff --git a/types/spamlist.html b/types/spamlist.html index 8c121871..4416b51a 100644 --- a/types/spamlist.html +++ b/types/spamlist.html @@ -33,11 +33,11 @@ Spam List | Badrap docs - - + +

Spam List

Problem description

Your email address and possibly other personal data related to it has been stolen or accidentally exposed, and it has been collected into a list used by spammers (online unsolicited marketers). Usually this happens when you provide your email address and other personal data to a company or organization when you subscribe to a service, and that company or organization then gets hacked or otherwise fails to protect your personal data adequately.

A spam list is a special category of data breaches. A spam list usually contains much of the similar personal information as a data breach, but it does not include your passwords.

Along with your email address, a spam list may include personal information such as home addresses or phone numbers, depending what information you have given to the service and what has been exposed. Spam lists can be published online or sold and used to send unsolicited marketing emails or scams on behalf of unsuspecting victims, either targeting you or making the spam emails look like they originate from you.

Information about these kinds of spam lists along with exposed email addresses are collected by a widely-publicized and credible data breach and spam list reporting service Have I Been Pwned, operated by security researcher Troy Hunt. You can read more about the spam list incidents collected by them at Have I Been Pwned and spam lists of personal information.

Suggestions for repair

Since your email address and possibly other personal information has already been exposed, the most important thing is to stay calm. In many cases the information has leaked already a long time ago, and you cannot unfortunately change the fact that it has happened. Often, the company or organization from where your data got stolen might have already sent you a notification email about the incident, telling you which personal information was exposed. What you can do is be mindful of your personal data in the future and consider where you provide it.

Protecting against future incidents

Treat your personal information online like money – you need to have a good reason to give it away. Support efforts to increase consumer privacy rights, be it on a political or voluntary level. Favour companies who demonstrate they care about your privacy. Having an easy-to-understand privacy policy that explains how your personal information is handled and protected is one good sign. (Here is Badrap's privacy policy.)

Many of you have heard of the EU's General Data Protection Regulation (GDPR) - it is one step towards better privacy online, with increased security against personal data breaches. You need to also consider why and where you are submitting your personal information such as home address or phone number, and what are the potential risks if such data becomes exposed and published.

- + diff --git a/types/subdomain.html b/types/subdomain.html index 5ebedff3..0c2fe818 100644 --- a/types/subdomain.html +++ b/types/subdomain.html @@ -33,8 +33,8 @@ Subdomain Takeover Risk | Badrap docs - - + +

Subdomain Takeover Risk

Your domain has a stale DNS entry (a "subdomain") pointing to a third-party provider, which may be open to abuse.

Problem description

A CNAME entry in your DNS records points to a third-party address, which apparently is not used anymore.

A potential attacker may be able to take over your subdomain by starting their own service inside the third-party service provider.

If the attacker succeeds, they can exploit the situation as follows:

  • Typical: the attacker uses your brand and domain to legitimize sharing of malicious content (malware, or material for scams).
  • Advanced: the attacker can exploit the services under your domain by bypassing the "same origin protection" used in modern browsers. In practice, the attacker injects their own code to the browser of a user using a service under your domain. The browser agrees to execute the code as it comes from the same domain where the attacked service resides.

More information about subdomain takeovers:

  • https://0xpatrik.com/subdomain-takeover-basics/
  • https://developer.mozilla.org/en-US/docs/Web/Security/Subdomain_takeovers

Verifying the issue

You can use DNS lookups to verify the issue. For example, you can use the "dig" command in a terminal in Linux or MacOS.

Normal situation, before a subdomain takeover issue exists

Your subdomain CNAME record points to a third-party service provider. The provider has an A or AAAA record that points to a valid IP address.

$ dig mysubdomain.example.com
@@ -53,6 +53,6 @@
 mysubdomain.example.com.    IN  A
 [no ANSWER SECTION, extra text removed]

Suggestions for repair

  1. Double-check that the subdomain is not used anymore.
  2. Remove the subdomain CNAME record from your DNS.
  3. You can investigate how likely it is that attackers can launch their own service in the third-party address that your CNAME record points to.
  4. Whatever the result is, we recommend cleaning unused records from your DNS. In other words, investigation provides little added value.

Protecting against future incidents

  1. When you set up a new service, first create a virtual host or cloud service for it. After that, set up your DNS CNAME entry.
  2. When you decommission a service, first remove its DNS CNAME entry. After that, decommission the virtual host or cloud service.
- + diff --git a/types/telnet.html b/types/telnet.html index 697efca5..8401cf1c 100644 --- a/types/telnet.html +++ b/types/telnet.html @@ -33,11 +33,11 @@ Open Telnet service | Badrap docs - - + +

Open Telnet service

Problem description

Telnet, that age-old Internet service, which should no longer even exist - let alone be open to everyone on the Internet! An open Telnet service tells you about three possible problems in your network:

  1. If someone actually uses it for something, all of the Telnet traffic is transmitted unencrypted, which means that bad guys may be able to eavesdrop what is done over the Telnet connection. Bad guys who listen in are also able to hijack your device and use it for their own purposes.

  2. If it is a surprise to you that the Telnet service is on, your device also may have an easily guessable default password that bad guys can use (or have already used) to take control of your device.

  3. A device which has an open Telnet service very likely has many other security vulnerabilities. Modern, well-designed devices with security updates usually do not use Telnet anymore.

Suggestions for repair

First of all you need to identify the device which has the vulnerable service open. Please read our instructions on locating vulnerable devices.

When you have located the vulnerable device, we recommend disabling the Telnet service immediately. Search for instructions from the Internet with the keywords disable telnet and your device brand and model, for instance: disable telnet telewell tw-ea501

After you disable the Telnet service, you should at least change the administrator password for your device, or consider resetting your device to factory defaults (and then disabling Telnet again if necessary) in order to protect your device from bad guys who have already potentially abused your device.

- + diff --git a/types/tftp.html b/types/tftp.html index 5d65a16f..834d1283 100644 --- a/types/tftp.html +++ b/types/tftp.html @@ -33,11 +33,11 @@ Open TFTP service | Badrap docs - - + +

Open TFTP service

Problem description

Is your Internet working badly? Sometimes your service provider is not to blame. Bad guys can use your open TFTP service to launch a denial-of-service attack . As a result, your Internet connection can work really slowly or not at all, and the actual victim of the attack has things even worse.

If you want to understand better how these kinds of so-called amplification attacks work, please see here.

Suggestions for repair

First of all you need to identify the device which has the vulnerable service open. Please read our instructions on locating vulnerable devices.

When you have located the vulnerable device, we recommend disabling the TFTP service from it. Search for instructions from the Internet with the keywords disable tftp and your device brand and model, for instance: disable tftp netgear nighthawk

If the TFTP service is on intentionally and you want to keep it that way, at least block access to the service from the Internet at your firewall or home router.

- + diff --git a/types/vnc.html b/types/vnc.html index bf3dd741..edf8f55c 100644 --- a/types/vnc.html +++ b/types/vnc.html @@ -33,11 +33,11 @@ Open VNC service | Badrap docs - - + +

Open VNC service

Problem description

Our data source has detected in your network an open and unprotected VNC (Virtual Network Computing) desktop-sharing service, which anyone can access from the Internet.

VNC is a common Internet protocol used to share your computer desktop with someone else. It is commonly used to allow family members to administer relatives' computers remotely, or to allow IT support to access and service your computer from somewhere else.

While there is a valid use for VNC for remote administration, having your computer open for anyone from the Internet is likely not what you want.

Often VNC is enabled on work computers when they are being used inside the office network. When you move the computer to a home network, as a result of a misconfiguration the VNC service may be left open, and visible to the whole Internet.

Having the VNC service open may allow attackers to attempt to control your computer and observe what you are doing on your screen. This may allow unauthorized attackers to steal your passwords, confidential work or personal information, bank account details, anything you do on your computer.

Suggestions for repair

First of all you need to identify the computer which has the vulnerable service open. Please read our instructions on locating vulnerable devices.

When you have located the vulnerable computer, we recommend disabling the VNC service from it. Search for instructions from the Internet with the keywords disable vnc and include your operating system version to further refine the search results, e.g. disable vnc windows 10.

See How to Block VNC in a Computer to Prevent Remote Access for step-by-step instructions for Windows PCs.

If the VNC service is on intentionally and you want to keep it that way, at least block access to the service from the Internet at your firewall or home router. If the service is needed for work, ask your IT support to configure the service in a secure way.

- +