SourceForge sees downtime, and we examine their infrastructure, a new pervasive hackgroup has been exposed and their track record is fascinating.
Plus a Hacking Team Round up, a wide variety of audience questions, our answers & much, much more!
Thanks to:
Direct Download:
HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent
RSS Feeds:
HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed
Become a supporter on Patreon:
— Show Notes: —
SourceForge Downtime
- SourceForge suffered a large data corruption problem and was down for a number of days, slowly restoring services as they could
- “The Slashdot Media sites experienced an outage commencing last Thursday. We responded immediately and confirmed the issue was related to filesystem corruption on our storage platform. This incident impacted all block devices on our Ceph cluster. We consulted with our storage vendor when forming our next steps”
- As part of this, we learned a bit about the backends of sourceforge and slashdot
- Server platform is CentOS Linux.
- We use an Open Source virtualization platform and have in recent years achieved a 75%+ reduction in physical server count through widespread virtualization.
- We use an Open Source storage platform, Ceph, with spinning disks and SSD.
- The storage backing our services is a mix of ext4, XFS and NFS.
- Our backup solution is Open Source, backing on to popular cloud storage platforms.
- Our sites use Open Source database platforms including MongoDB and flavors of MySQL and PostgreSQL.
- We leverage scalable data solutions including Hadoop and ElasticSearch.
- Slashdot is backed by Perl. SourceForge is backed by Python. Both language stacks are entirely Open Source.
- And the SourceForge developer services are backed by the Apache Allura code base, which we Open Sourced and delivered to the Apache incubation process.
- “We’re prioritizing the project web service (used by many projects using custom vhosts), mailing lists, and the ability to upload data to our download service. Downloads (40+ TB of data)”
- Most Recent Update – Sourceforge Blog
- A Post mortem is expected once everything is restored
Black Vine Group behind Anthem breach
- In a report last week Symantec said it was Black Vine that broke into the health insurer “Anthem” system’s and stole more than 80 million patients records.
- The group has the resources to customize malware, and uses zero-day vulnerabilities in Microsoft Internet Explorer to launch watering-hole attacks.
- Black Vine’s malware Mivast, was used in the Anthem breach, according to Symantec.
- Anthem said the hack likely began in May 2014, but that it didn’t realize its systems had been compromised until January. The company, which is one of the largest health insurance providers in the U.S., disclosed the breach in February. Hackers made off with personal data including names, birth dates, member ID numbers and Social Security numbers.
- Like other Black Vine attacks, The Mivast malware was signed with a fake digital certificate. (more on that below)
- Since 2012 Black Vine has gone after other businesses that deal with sensitive and critical data, including organizations in the aerospace, technology and finance industries, according to Symantec. The majority of the attacks (82 percent) were waged against U.S. businesses.
- During its research, Symantec discovered Black Vine began using exploits around the same time as other hacking groups. Each group delivered different malware and went after certain organizations,
- The fact that they used the same exploits as other groups suggests the attackers relied on the same distribution network.
- One of the group’s first attacks came in December 2012 against gas turbine manufacturer Capstone Turbine, Symantec said.
- That hack used the IE exploit CVE-2012-4792 and delivered the Sakurel malware.
- Symantec noted that the malware was signed with a digital certificate attributed to a company called Micro Digital, fooling Windows into believing the program was legitimate.
- In 2013 and 2014, Black Vine targeted companies in the aviation and aerospace industries. One third-party blog cited by Symantec noted that in 2013 specific employees at a global airline were sent spear phishing emails containing a URL that instructed them to download Hurix.
- Symantec claimed some Black Vine members have ties to Topsec, a Chinese IT security company, and the group has access to the Edlerwood framework
Hacking Team Roundup:
- Hacking Team claims it always sold exploits and malware strictly within the law
- Hacking Team and Boeing planned Drones that would infect your computer via WiFi etc
- Microsoft issues patch for Windows Kernel 0-day leaked in Hacking Team breach
- Netragard, a company that buys and sells exploits, has decided to stop buying exploits after the fallout from the Hacking Team compromise
- FBI agents deceive judges, ignore time limits, don’t tell computer owners after they’ve been hacked, and don’t get ‘super-warrants’ for webcam snooping
- Hacking Team promises to rebuild its surveillance software
- An interview with Hacking Team’s CEO
FreeNAS Mini Review by Toms Hardware
Feedback:
Round Up:
- Intel’s 3D memory is 1,000 times faster than modern storage
- “Dating” site Ashley Madison, which specialized in organizing discreet affairs, was compromised and is being extorted by the attackers. Attack was apparently motivated by the fact that the site charges a $19 fee to erase your personal information, and then apparently doesn’t actually erase it
- New FCC Rules May Prevent Installing OpenWRT on WiFi Routers
- Reported Samsung SSD TRIM bug was actually a bug in linux
- Google officially ends forced Google+ integration—First up: YouTube
- Author of DenDroid malware worked as white-hat intern at FireEye
- One of the people responsible for SWATting Krebs in 2013 has pled guilty
- Experian hit with a class action lawsuite over actions involving ID Theft Service