French Security Firm Vupen discovers and collects zero day exploits then sells them to intelligence agencies

• At Google’s recent hack-a-thon, they offered $60,000 for each bug in Chrome that hackers disclosed to them, so that they would fix them
• Vupen (whose name stands for “vulnerability research” and “penetration testing”) was at the conference, and had an exploit for Chrome, however they said “We wouldn’t share this with Google for even $1 million, We don’t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers.”
• Vupen claims to only sell to NATO governments and their partners and that they have a strict policy of only dealing with democratic governments, however they admits that their exploits could fall into the wrong hands
• Many make analogies of Vupen as a Cyber Warfare Arms Dealer
• The problem with selling weapons is that they can then be transferred to other parties, a situation illustrated last year when telecom surveillance gear from Blue Coat Systems was sold to a United Arab Emirates firm but ended up being used to tracking political dissidents in Syria
• Governments pay a $100,000/year subscription for access to the catalogue of zero day exploits
• Each individual exploit must be purchased separately and is not sold exclusively, meaning that the other Vupen customers have access to it as well
• Vupen claims to have off the self undisclosed vulnerabilities in Micro­soft Word, Adobe Reader, Google’s ­Android, Apple’s iOS and every major browser
• Most exploits sell for far in excess of the 6 figure subscription you pay just to find out about their existence
• When Vupen started in 2008 the company and its researchers initially worked with some software vendors to patch the flaws. However after taking $1.5 million in venture capital from 360 Capital Partners and Gant & Partners, the firm found that it could earn far more by keeping its findings under wraps and selling them at a premium

Anti-dissident Malware spread via Skype in Syria

• Hackers loyal to the government of Syria have taken to spreading malware to dissidents via Skype
• The tool that purports to allow you to change your MAC address to better hide your identity and avoid detection by the government, is actually a standard RAT trojan, and gives the attacks full control over your system, including keylogging and access to your documents
• The trojan connects to a command and control server in Syria hosted in an IP range belonging to the Government Owned Syrian Telecommunications Establishment
• Other malware also distributed via skype chats carries a facebook icon, but installs a different malware variant
• The attackers seem to be using Skype as a method of social engineering and tricking users in to running the files, they do not appear to have exploited Skype in any way.

First ever trans-arctic fibre lines will be installed this summer

• The cables are called Artic Fibre and Arctic Link and will cross the Canadian Northwest Passage. A third cable, ROTACS (Russian Optical Trans-Arctic Submarine Cable System), will skirt the north coast of Scandinavia and Russia.
• The completed cables are estimated to cost between $600 million and $1.5 billion each
• The new cables will reduce the internet latency between London, England and Tokyo, Japan from the current average of 230 ms by approximately 60ms (30%) to 170ms
• The reduced latency will benefit financial markets and automated trading as well as increasing the available bandwidth
• These new fibres will also offer much needed redundancy, currently all fibre between Europe and Asia goes through choke points in the Middle East or the Luzon Strait between the Philippine and South China seas

Feedback:

Q: (Bilbo) How does HLS (HTTP Live Streaming) work?
A: ScaleEngine has offered an HLS stream for JupiterBroadcasting for quite some time, but HLS was only implemented by Apple’s iOS at the time. Since then, some Android 3.x and all Android 4.x devices have added support for the protocol. This week, version 2.0.1 of VLC was released which fixed the last remaining bug that prevented the stream from working. It is now possible to watch the live stream reliably from your desktop via VLC, as well as from most mobile devices and tablets. Unlike the original VLC stream we offered, which used the RTSP protocol, the HLS stream is much smoother. RTSP used separate connections for audio and video, which could cause them to get out of sync, and RTSP was notorious for working poorly through NAT.

And HLS stream relies on a process called packetization, where the live video stream is divided into separate small files, called segments. The default segment size is 10 seconds. So in an HLS stream, the first request to our server returns a playlist, detailing the different streams that are offered (if multiple bit rates are offered, if there is an audio only version, etc). Your device then creates a session and requests the appropriate stream playlist. This playlist will contain the most recent segments of the live stream, and look something like this:

#EXTM3U
#EXT-X-ALLOW-CACHE:NO
#EXT-X-TARGETDURATION:3
#EXT-X-MEDIA-SEQUENCE:698
#EXTINF:3,
media_698.ts?wowzasessionid=418744583
#EXTINF:3,
media_699.ts?wowzasessionid=418744583
#EXTINF:3,
media_700.ts?wowzasessionid=418744583

As you can see here, the playlist contains 3 segments, each 3 seconds long. Your client will start by requesting the first, and continue requesting each segment on the playlist (the number of segments on the playlist is adjustable server side). Once your client has requested all of the segments on the last playlist, it will request the next playlist, which will contain new segments.

Your player will start playing as soon as the first segment is ready, and will continue adding new segments to the end of the buffer as it plays, attempting to keep up or ahead of the playback.

This effect can be best demonstrated by the VLC debugging output:

info: HTTP Live Streaming (videocdn-us.geocdn.scaleengine.net:1935/jblive-iphone/live/jblive.stream/playlist.m3u8)
info: Meta playlist
info: Live Playlist HLS protocol version: 1
info: Choose segment 0/3 (sequence=774)
info: downloaded segment 774 from stream 0
info: downloaded segment 775 from stream 0
info: playing segment 774 from stream 0
info: downloaded segment 776 from stream 0
info: playing segment 775 from stream 0
info: Reloading HLS live meta playlist
info: Live Playlist HLS protocol version: 1
info: updating hls stream (program-id=1, bandwidth=875507) has 3 segments
info: – segment 777 appended
info: downloaded segment 777 from stream 0
info: playing segment 776 from stream 0
info: Reloading HLS live meta playlist
info: updating hls stream (program-id=1, bandwidth=875507) has 3 segments
info: – segment 778 appended
info: downloaded segment 778 from stream 0
info: Reloading HLS live meta playlist
info: Live Playlist HLS protocol version: 1
info: updating hls stream (program-id=1, bandwidth=875507) has 3 segments
info: Reloading HLS live meta playlist
info: Live Playlist HLS protocol version: 1
info: updating hls stream (program-id=1, bandwidth=875507) has 3 segments
info: playing segment 777 from stream 0
info: Reloading HLS live meta playlist
info: Live Playlist HLS protocol version: 1
info: updating hls stream (program-id=1, bandwidth=875507) has 3 segments
info: – segment 779 appended
info: downloaded segment 779 from stream 0

< snip >

info: Live Playlist HLS protocol version: 1
info: updating hls stream (program-id=1, bandwidth=875507) has 3 segments
info: – segment 784 appended
info: playing segment 783 from stream 0
info: downloaded segment 784 from stream 0
info: Reloading HLS live meta playlist
info: Live Playlist HLS protocol version: 1
info: updating hls stream (program-id=1, bandwidth=875507) has 3 segments
info: – segment 785 appended
info: downloaded segment 785 from stream 0
info: playing segment 784 from stream 0

We are sysadmins @ reddit. Ask us anything! Best of:

• https://www.reddit.com/r/sysadmin/comments/r6zfv/we_are_sysadmins_reddit_ask_us_anything/c43g1t2
• For reference, the peak output of ScaleEngine on Wednesday afternoon was 6273 megabits/second, but most of the 6 gigabits of that was streaming video
• ScaleEngine services more than 3 billion HTTP requests per month with a peak in excess of 1800 requests per second
• https://www.reddit.com/r/sysadmin/comments/r6zfv/we_are_sysadmins_reddit_ask_us_anything/c43ev8a
• https://www.reddit.com/r/sysadmin/comments/r6zfv/we_are_sysadmins_reddit_ask_us_anything/c43fdxk

Round Up:

• Disaster strikes Norwegian government web portal
• ICANN plagued by conflict of interest among board members
• ICANN Confirms That It’s Going To Make It Easier For Governments To Seize Domains
• RDP proof of concept triggers blue screen of death – Applications – SC Magazine Australia
• US nuclear security deals with 10 million ‘significant’ online attacks each day
• Seagate reaches 1Tb per square inch, hard drive to reach 60TB capacity
• For Pi day, Judge rules that music based on Pi is not copyrightable
• Mozilla considering reversing its stance on support for H264 to remain competitive in the mobile market. H264 support will rely on codec support in the underlaying OS to avoid the need to License H264 or force downstream providers to do so
• Megaupload Seizure Order “Null and Void” Says High Court