Citrix Discloses Security Breach of Internal Network (zdnet.com) 43
Citrix disclosed today a security breach during which hackers accessed the company's internal network. In a short statement posted on its blog, Citrix Chief Security Information Officer Stan Black said Citrix found out about the hack from the FBI earlier this week. From a report: "On March 6, 2019, the FBI contacted Citrix to advise they had reason to believe that international cyber criminals gained access to the internal Citrix network," Black said. "While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security," the Citrix exec added. Black said hackers accessed and downloaded business documents, but Citrix wasn't able to identify what specific documents had been stolen at the time of his announcement today.
My work slogan: Citrix is a bad idea. (Score:3, Insightful)
I know Citrix is a godsend for people who have to deal with Software Deployment and updates. But it is really just a gross hack to make software accessible over the network that were never designed to be such. On most Citrix Setups I am able to get more access to apps that I wasn't given permission for. Mostly due to the fact that Windows security wasn't designed for Citrix in mind. A right click here, view file path, or a help file that opens IE. I now have access to applications on the server that I wasn't really meant to have.
If you think Citrix is a good idea, then you probably should be looking at different software, such as more Web Based (HTML) Application. Because you will be better off.
Re: (Score:3, Insightful)
Sometimes Citrix is the answer because there's some dogshit legacy app that you're stuck with. It's not a good idea, it's just barely tolerable.
Re: (Score:2)
As someone that's done all that for the last 20 years for apps that have been around for 20 year prior to me, "tolerable" perhaps in the modern sense, but in comparison the the "dogshit legacy app" it might be considered considerably more. Citrix is a vast improvement over what existed, which perhaps isn't saying much, but still.
That said, to the previous poster, yes I've seen the security stuff first hand. I don't exactly advertise it to users, but it's there, every now and again I accidentally "oh hello t
Re: (Score:1)
Another cute trick is to disable the goddam network card.
I did that a lot and the custodians were never aware.
It created a lot of problems and a few techs tightened things up and accidentally protected the card, but most never learned.
Re: (Score:2)
Oh? I use SSH for remote development and updates. Citrix is a symptom of an inferior system that is unsuitable for professional work.
Re: (Score:2)
Citrix is a hack for a bad development model that was popular during the 1990s.
Re: (Score:2)
Not arguing the usefulness or effectiveness of Citrix software, but Citrix is responsible for Windows Terminal Services and has been since NT4. They wrote it. It is very much part of Windows and pretty much always has been
Citrix ... (Score:2)
... didn't know they had been hacked and, when informed that they were breached, didn't know what the hackers got.
Clueless.
Re: (Score:2)
And they were apparently compromised because somebody from outside got in using a weak password. Criminally negligent is what I call that.
Why would anybody hack Citrix? (Score:2)
They have nothing of value to steal. Must have been a practice attack or somebody that was forced to user their products and wants revenge for that.