Windows exploits for sale at a great price, how the Internet works, yes, seriously & it’s awesome!

Plus we solve some of your problems, a great roundup & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Windows 0-day exploit for sale, only $90,000

• “A hacker going by the handle BuggiCorp is selling a zero-day vulnerability affecting all Windows OS versions that can allow an attacker to elevate privileges for software processes to the highest level available in Windows, known as SYSTEM”
• That actually seems like a low price, the vulnerability must not be quite the ‘game over’ scenario you might expect
• The claim is that the exploit will be sold to only one person, and will include the source code and a working demo
• Two videos of the exploit in action have been posted
• The first show the exploit working against a fully patched (May) Windows 10
• The second show the exploit bypassing all EMET mitigations
• “How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time”
• The reason for the lower price is likely this:
• “This type of flaw is always going to be used in tandem with another vulnerability to successfully deliver and run the attacker’s malicious code”
• To exploit this flaw, you need to have access to the victim’s machine. It cannot be exploited against a remote unsuspecting victim
• Of course, there are lots of malware droppers and exploit kits that provide this functionality
• “The seller claims his exploit works on every version of Windows from Windows 2000 on up to Microsoft’s flagship Windows 10 operating system.”
• “Jeff Jones, a cybersecurity strategist with Microsoft, said the company was aware of the exploit sales thread, but stressed that the claims were still unverified. Asked whether Microsoft would ever consider paying for information about the zero-day vulnerability, Jones pointed to the company’s bug bounty program that rewards security researchers for reporting vulnerabilities. According to Microsoft, the program to date has paid out more than $500,000 in bounties.”
• Microsoft does pay for bugs, but maybe not as much as the black market does
• “Microsoft heavily restricts the types of vulnerabilities that qualify for bounty rewards, but a bug like the one on sale for $90,000 would in fact qualify for a substantial bounty reward. Last summer, Microsoft raised its reward for information about a vulnerability that can fully bypass EMET from $50,000 to $100,000. Incidentally, Microsoft said any researcher with a vulnerability or who has questions can reach out to the Microsoft Security Response Center to learn more about the program and process.”
• Zerodium’s pay scale for Microsoft LPE bugs is “up to $30,000”
• The biggest factor in the actual value of an exploit to the buyer, is its longevity. How long before Microsoft figures out what the issue is and patches it
• This can be directly proportional to how widely the exploit is used. The more people it is used against, the more likely researchers will be able to get their hands on it and figure out what the problem is
• Additional Coverage

ArsTechnica: How the internet works

• “But how does it work? Have you ever thought about how that cat picture actually gets from a server in Oregon to your PC in London? We’re not simply talking about the wonders of TCP/IP or pervasive Wi-Fi hotspots, though those are vitally important as well. No, we’re talking about the big infrastructure: the huge submarine cables, the vast landing sites and data centres with their massively redundant power systems, and the elephantine, labyrinthine last-mile networks that actually hook billions of us to the Internet.”
• The article starts out by looking at submarine cables between the US and the UK
• The amount of shielding on a cable actually depends on how deep it will be deployed. The deeper it is, the less shielding is required. The biggest threat is international shipping.
• “At a 3 mile depth, cable diameter is just 17mm, akin to a marker pen encased by a thick polyethylene insulating sheath. A copper conductor surrounds multiple strands of steel wire that protect the optical fibres at the core, which are inside a steel tube less than 3mm in diameter and cushioned in thixotropic jelly. Armoured cables have the same arrangement internally but are clad with one or more layers of galvanised steel wire, which is wrapped around the entire cable.”
• “Without the copper conductor, you wouldn’t have a subsea cable. Fibre-optic technology is fast and seemingly capable of unlimited bandwidth, but it can’t cover long distances without a little help. Repeaters—effectively signal amplifiers—are required to boost the light transmission over the length of the fibre optic cable. This is easily achieved on land with local power, but on the ocean bed the amplifiers receive a DC voltage from the cable’s copper conductor. And where does that power come from? The cable landing sites at either end of the cable.”
• “Although the customers wouldn’t know it, TGN-A is actually two cables that take diverse paths to straddle the Atlantic. If one cable goes down, the other is there to ensure continuity. The alternative TGN-A lands at a different site some 70 miles (and three terrestrial amplifiers) away and receives its power from there, too. One of these transatlantic subsea cables has 148 amplifiers, while the other slightly longer route requires 149.”
• “To power the cable from this end, we’ve a positive voltage and in New Jersey there’s a negative voltage on the cable. We try and maintain the current—the voltage is free to find the resistance of the cable. It’s about 9,000V, and we share the voltage between the two ends. It’s called a dual-end feed, so we’re on about 4,500V each end. In normal conditions we could power the cable from here to New Jersey without any support from the US.”
• So what happens when a cable is damaged?
• “Once the cable has been found and returned to the cable-repair ship, a new piece of undamaged cable is attached. The ROV [remotely operated vehicle] then returns to the seabed, finds the other end of the cable and makes the second join. It then uses a high-pressure water jet to bury the cable up to 1.5 metres under the seabed”
• “Repairs normally take around 10 days from the moment the cable repair ship is launched, with four to five days spent at the location of the break. Fortunately, such incidents are rare: Virgin Media has only had to deal with two in the past seven years.”
• So once these cables are installed, they are expected to last 25+ years. Of course, if you installed a cable 5 years ago, you are likely to be disappointed with its speed. This is where new technology comes into play, by just replacing the optics at either end of the cable, you can get more data through the same fibres
• “DWDM (Dense Wavelength Division Multiplexing) technology is used to combine the various data channels, and by transmitting these signals at different wavelengths—different coloured light within a specific spectrum—down the fibre optic cable, it effectively creates multiple virtual-fibre channels. In doing so the carrying capacity of the fibre is dramatically increased.”
• DWDM allows between 40 and 160 channels to be combined down a single fibre. So suddenly those 4 strands that could only carry 10 gigabits per second each a few years ago, can carry 400, or 6.4 terabits per second
• The Tata cable featured in the article has a capacity of up to 10 terabits per pair, for a total of 40 terabits.
• “Enter one of the two battery rooms and instead of racks of Yuasa UPS support batteries—with a form factor not too far removed from what you’ll find in your car—the sight is more like a medical experiment. Huge lead-acid batteries in transparent tanks, looking like alien brains in jars, line the room. Maintenance-free with a life of 50 years, this array of 2V batteries amounts to 1600Ah, delivering a guaranteed four hours of autonomy.”
• “There are six generators—three per data centre hall. Each generator is rated to take the full load of the data centre, which is 1.6MVA. They produce 1,280kW each. The total coming into the site is 6MVA, which is probably enough power to run half the town. There is also a seventh generator that handles landlord services. The site stores about 8,000 litres of fuel, enough to last well over 24 hours at full load. At full fuel burn, 220 litres of diesel an hour is consumed, which, if it were a car travelling at 60mph, would notch up a meagre 1.24mpg—figures that make a Humvee seem like a Prius.”
• The article goes on to talk about SLAs and how the fibre network manages quality of service:
• “Latency commitments have to be monitored proactively, too, for customers like Citrix, whose portfolio of virtualisation services and cloud applications will be sensitive to excessive networking delays. Another client that appreciates the need for speed is Formula One. Tata Communications handles the event networking infrastructure for all the teams and the various broadcasters.”
• The article then goes on to talk about getting that connectivity to your house, the “last mile”
• Each of the various technologies is discussed, ADSL, VDSL (78mbps), DOCSIS3 (200mbps, but could go up to 600mbps, with DOCSIS 3.1 offering 10gbps), FTTC, and FTTH
• Of course, they also discuss Wireless and Mobile connectivity
• “Ars will have another in-depth feature on the complexities of managing and rolling out cellular networks soon”, we’ll look forward to that
• “First it was a few plucky cafes and pubs, and then BT turned its customers’ routers into open Wi-Fi hotspots with its “BT with Fon” service. Now we’re moving into major infrastructure plays, such as Wi-Fi across the London Underground and Virgin’s curious “smart pavement” in Chesham, Buckinghamshire. For this project, Virgin Media basically put a bunch of Wi-Fi access points beneath manhole covers made of specially made radio-transparent resin. Virgin maintains a large network of ducts and cabinets across the UK that are connected to the Internet—so why not add a few Wi-Fi access points to share that connectivity with the public?”
• So what is next for the last mile?
• “The next thing on the horizon for Openreach’s POTS network is G.fast, which is best described as an FTTdp (fibre to distribution point) configuration. Again, this is a fibre-to-copper arrangement, but the DSLAM will be placed even closer to the premises, up telegraph poles and under pavements, with a conventional copper twisted pair for the last few tens of metres.”
• “The idea is to get the fibre as close to the customer as possible, while at the same time minimising the length of copper, theoretically enabling connection speeds of anywhere from 500Mbps to 800Mbps. G.fast operates over a much broader frequency spectrum than VDSL2, so longer cable lengths have more impact on its efficiency. However, there has been some doubt whether BT Openreach will be optimising speeds in this way as, for reasons of cost, it could well retreat to the green cabinet to deliver these services and take a hit on speed, which would slide down to 300Mbps.”
• “So, there we have it: the next time you click on a YouTube video, you’ll know exactly how it gets from a server in the cloud to your computer. It might seem absolutely effortless—and it usually is on your part—but now you know the truth: there are deadly 4,000V DC submarine cables, 96 tonnes of batteries, thousands of litres of diesel fuel, millions of miles of last-mile cabling, and redundancy up the wazoo.”
• “The whole setup is only going to get bigger and crazier, too. Smart homes, wearable devices, and on-demand TV and movies are all going to necessitate more bandwidth, more reliability, and more brains in jars. What a time to be alive.”

Feedback:

• Building Your Own Wireless Router

• ICAP Trap

• Proper Backups

• FreeNAS File Transfer Slowdown.

  • dd if=/dev/zero of=zerofile bs=1m count=10k
  • Press control+t for progress output

Round Up:

• Lenovo Yoga Laptops Are Among PCs That Need To Lose This Application
• 93% of phishing emails sent in March contained ransomware
• TeamViewer denies hack after PCs hijacked, PayPal accounts drained Developing: Reddit thread on Teamspeak
• The government can keep your files forever, and use them against you later. This may have impact if eventually the government gains the ability to break the encryption used on your drive
• Jackpot! NASA Just Released 56 Patented Technologies Into the Public Domain
• Hackers extort ransom after finding bugs, call it a public service
• Cluster of “megabreaches” compromises a whopping 642 million passwords
• Microsoft issues headsup about new self propogating ransomware
• More vulnerability in ImageMagick and GraphicsMagick
• Ars Technica provides guide to picking a VPN server
• Google Is Teaching Its Driverless Cars How to Be Bigger Assholes on the Road