Geek's Natural Habitat | TechSNAP 53

Software powering many of the devices we use has a critical flaw that can give an attacker root access, we’ll give you the details.

Plus why the server admins for the Olympics have moved into their data center, and we get on our CISPA sopa box!

All that and more on this week’s TechSNAP!

GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Limited time offer: $5.99 .coms, up to 5 domains! just use our code 599com7

Want to save money on your entire order? Use our code spring7 and save 15%!

Purchase anything at Amazon.com
Purchase anything at Think Geek using this link
Purchase anything at Newegg using this link
Contribute directly on our donation page or check out our advertising options and reach millions of amazing people!
Grab our Chrome Extension and auto-tag your shopping session for us!

Data Center technicians at London’s Interxion data center will sleep on site in specially designed pods
The concern is that the transit systems in London will be overwhelmed by the number of visitors and staff will not be able to make it to the data center in a reasonable amount of time. To avoid this issue, staff will sleep at the Data Center
The sleeping chambers were designed by UK company Podtime, and are designed for workplaces to provide staff an area for “power naps” but can be customized for overnight stays

Backtrack Linux is a distro designed for security analysis, forensics and penetration testing
Backtrack is a very common tool among security professionals
The vulnerability has to do with improper input validation in WICD via DBUS, and could allow an attacker to cause scripts or executables to be run as root whenever specific events occur, such as when the user connects to a wifi network
The ethical hacking class then created a proof of concept exploit and a patch to resolve the issue
Backtrack Linux includes common tools such as metasploit, Aircrack-NG, RFMON and a Cisco scanner

A critical flaw in SAMBA, the open source windows file sharing server can allow an unauthenticated attacker to gain root access
All versions of Samba from 3.0 to 3.6 are vulnerable, save for 3.6.4 the newly released stable version
The Samba project has gone so far as to release patches for older out of support versions of Samba
A remote pre-authentication vulnerability is one of the the worst possible flaws for a public facing service
Samba is extremely popular in embedded appliances including routers, set top boxes, print servers, NASs and media centers
The fact that Samba is one of the most commonly embedded bits of open source software means that this vulnerability will likely exist in the wild for years to come, most users may not even know that they are running samba, let alone a vulnerable version
Many of the devices are no longer supported, or do not even offer the possibility of a firmware upgrade. Even many devices that do offer upgrades, require manual user intervention, and there is always a risk of bricking a device when applying a firmware update

As many as 280,000 people had their Social Security Numbers stolen and approximately 500,000 more victims had less-sensitive personal information (Name, Address, Birth Date) leaked
The Utah health department warns people that they will receive an official letter, and will not be contacted by phone, and that to avoid scammers, they should not give out personal information via phone calls they did not initiate
“A configuration error occurred at the password authentication level, allowing the hacker to circumvent DTS’s security system. DTS has processes in place to ensure the state’s data is secure, but this particular server was not configured according to normal procedure. DTS has identified where the breakdown occurred and has implemented new processes to ensure this type of breach will not happen again.”
While details on the specific configuration error that resulted in the breach are missing, it is interesting to see the blame falling squarely on those responsible rather than blaming cyber criminals or vague references to advanced persistent threat attacks
Threatpost Update
Official Statement

HP Switches in the 54xx ZL series have been shipped with compact flash cards that contain malware
The malware does not harm the switch, but if the flash card is inserted in to a PC it can result in that PC being compromised by the malware
HP offers two fixes, a ‘software purge option’, that uses commands in the switches management interface to delete the malware from the flash card (no downtime required), or HP will ship you a new management module, once you power down your switch and swap it out, you return the malware infected one
This incident highlights concerns about the security of the technology supply chain, and the recent efforts by the Open Trusted Technology Provider Standard
Official HP Advisory

Geek’s Natural Habitat | TechSNAP 53