Security by the Horns | TechSNAP 83
Posted on: November 8, 2012
del.icio.us
blinklist
digg
Facebook
Furl
ma.gnolia
Newsvine
Pownce
reddit
StumbleUpon
Technorati
Twitter
How a hardware failure in Indonesia took Google down in California, stealing Crypto keys from virtual machines, and the trouble with Sophos. And an inside look at how Netflix crams so much storage into a teclo near you.
Plus a big batch of your questions, a packed round up, and so much more…
On this week’s of TechSNAP!
Thanks to:
Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!
BONOUS ROUND PROMO:
Get your .COMs just $5.99 per year up to 3 domains! Additional .COMs just $7.99 per year!
CODE: 599tech
SPECIAL OFFER! Save 20% off your order!
Code: go20off5
Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains
Direct Download:HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent RSS Feeds:HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed |
Support the Show:
|
Show Notes:
Get TechSNAP on your Android:
Browser Affiliate Extension:
- Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox
- At around 02:24 UTC on November 6th, about 3–5% of the internet lost the ability to reach Google
- Apparently due to a hardware failure, routers at the Indonesian ISP Moratel started broadcasting BGP routes for Google’s IP ranges
- This caused traffic to be routed to Indonesia for anyone who was fewer hops away from Moratel than from Google
- This had the largest impact in Hong Kong and on the US West Coast, because Moratel’s largest upstream providers is PCCW, a large Hong Kong based transit provider with a lot of peering in California
- The problem was fixed around 02:50 UTC when Moratel shutdown the failed router and disabled peering with Google
- Detailed Analysis
- The researchers demonstrated the ability to steal the private encryption keys from a victim VM from an attacker VM on the same physical machine
- This means that an attacker than rents an Amazon EC2 instance on the same physical node as you, may be able to steal your private encryption keys
- There are obvious security implications of this for both Public and Private cloud hosting
- The researchers used an access-driven side channel attack, along with some novel methods of avoiding noise and detecting when their VM was running on a different processor than the victim VM, and they were no longer sharing a cache
- The researchers were able to reconstruct the 457-bit private exponent of a 4096 bit modulus with high accuracy, leaving the attacker to brute force on 10,000 possible exponents to find the correct one
- The attack uses Instruction Cache Spying, and Inter Process Interrupts to preempt the CPU of the victim VM on a regular basis in order to get consistent readings
- Full Paper
- A google security engineer, Tavis Ormandy, working on his own time has discovered a number of flaws in the Sophos antivirus
- He recommends against using Sophos unless the company can adapt to avoid making numerous newbie mistakes, and to issue patches much more quickly
- Ormandy has released a paper titled Sophail: Applied attacks against Sophos Antivirus
- “Active Sophos users should refrain from testing the examples described in this paper on production systems. Disk I/O on Sophos installations is intercepted by a minifilter that requires a userspace process to permit the operation. Interfering with the userspace process will cause I/O to fail systemwide, panic your machine and cause irretrievable data loss.”
- Specifically, a number of the flaws are the result of “poor development practices and coding standards”
- Ormandy also found that Sophos BOPS (Buffer Overflow Protection System), designed to provide “faux-ASLR” on XP systems, disabled real ASLR on Vista and 7, “allowing attackers to develop reliable exploits for what might otherwise have been safe systems.”
- Ormandy was also critical of Sophos for a lack of response when he reported numerous working exploits against their product
- Sophos Response (with timeline)
- Sophos plans to fix another vulnerability, where a malformed file can cause Sophos to halt entirely, on November 28th
- Sophos initially estimated it would take six months to produce a patch that involved fixing a “single line of code”. According to Ormandy, Sophos subsequently agreed to two months.
- Two years ago, Ormandy was the center of a controversy after he released a proof of concept exploit for a Windows XP flaw just five days after reporting it to Microsoft
- Secure logging : techsnap
- auditdistd
- NetBSD syslog w/ TCP and TLS
- syslog-ng
- Retiree who loves TechSNAP!
- Unfair load balancing?
- What’s with the URLs?
- Spying on the Scammers
- MegaUpload redo is shut down even before debut
- Firefox gets strict about enforcement of HTTPS protection
- Microsoft to drop Messenger, switch to Skype
- Skype gave personal information on a 16 year old user to a private security firm
- Apple considering using iPad processors in future Macs
- VUPEN claims to have 0-day exploits for Windows 8 and IE 10 even before its release
- Hacker leaks VMware ESX kernel source code online
- Some smart meters broadcast your usage data over unencrypted wifi for everyone to read
- During EFF case, government claims you don’t own your data stored in the cloud, and they can access it at any time
- IEEE develops standards for voting machines
How a Network Snafu in Indonesia Blocked Google in California
Researchers use side channel attack to steal the crypto keys from a virtual machine
*
+ More images of @Netflix CDN hardware from #MeetBSD