SourceForge sees downtime, and we examine their infrastructure, a new pervasive hackgroup has been exposed and their track record is fascinating.

Plus a Hacking Team Round up, a wide variety of audience questions, our answers & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

SourceForge Downtime

• SourceForge suffered a large data corruption problem and was down for a number of days, slowly restoring services as they could
• “The Slashdot Media sites experienced an outage commencing last Thursday. We responded immediately and confirmed the issue was related to filesystem corruption on our storage platform. This incident impacted all block devices on our Ceph cluster. We consulted with our storage vendor when forming our next steps”
• As part of this, we learned a bit about the backends of sourceforge and slashdot
• Server platform is CentOS Linux.
• We use an Open Source virtualization platform and have in recent years achieved a 75%+ reduction in physical server count through widespread virtualization.
• We use an Open Source storage platform, Ceph, with spinning disks and SSD.
• The storage backing our services is a mix of ext4, XFS and NFS.
• Our backup solution is Open Source, backing on to popular cloud storage platforms.
• Our sites use Open Source database platforms including MongoDB and flavors of MySQL and PostgreSQL.
• We leverage scalable data solutions including Hadoop and ElasticSearch.
• Slashdot is backed by Perl. SourceForge is backed by Python. Both language stacks are entirely Open Source.
• And the SourceForge developer services are backed by the Apache Allura code base, which we Open Sourced and delivered to the Apache incubation process.
• “We’re prioritizing the project web service (used by many projects using custom vhosts), mailing lists, and the ability to upload data to our download service. Downloads (40+ TB of data)”
• Most Recent Update – Sourceforge Blog
• A Post mortem is expected once everything is restored

Black Vine Group behind Anthem breach

• In a report last week Symantec said it was Black Vine that broke into the health insurer “Anthem” system’s and stole more than 80 million patients records.
• The group has the resources to customize malware, and uses zero-day vulnerabilities in Microsoft Internet Explorer to launch watering-hole attacks.
• Black Vine’s malware Mivast, was used in the Anthem breach, according to Symantec.
• Anthem said the hack likely began in May 2014, but that it didn’t realize its systems had been compromised until January. The company, which is one of the largest health insurance providers in the U.S., disclosed the breach in February. Hackers made off with personal data including names, birth dates, member ID numbers and Social Security numbers.
• Like other Black Vine attacks, The Mivast malware was signed with a fake digital certificate. (more on that below)
• Since 2012 Black Vine has gone after other businesses that deal with sensitive and critical data, including organizations in the aerospace, technology and finance industries, according to Symantec. The majority of the attacks (82 percent) were waged against U.S. businesses.
• During its research, Symantec discovered Black Vine began using exploits around the same time as other hacking groups. Each group delivered different malware and went after certain organizations,
• The fact that they used the same exploits as other groups suggests the attackers relied on the same distribution network.
• One of the group’s first attacks came in December 2012 against gas turbine manufacturer Capstone Turbine, Symantec said.
• That hack used the IE exploit CVE-2012-4792 and delivered the Sakurel malware.
• Symantec noted that the malware was signed with a digital certificate attributed to a company called Micro Digital, fooling Windows into believing the program was legitimate.
• In 2013 and 2014, Black Vine targeted companies in the aviation and aerospace industries. One third-party blog cited by Symantec noted that in 2013 specific employees at a global airline were sent spear phishing emails containing a URL that instructed them to download Hurix.
• Symantec claimed some Black Vine members have ties to Topsec, a Chinese IT security company, and the group has access to the Edlerwood framework
• PDF

Hacking Team Roundup:

• Hacking Team claims it always sold exploits and malware strictly within the law
• Hacking Team and Boeing planned Drones that would infect your computer via WiFi etc
• Microsoft issues patch for Windows Kernel 0-day leaked in Hacking Team breach
• Netragard, a company that buys and sells exploits, has decided to stop buying exploits after the fallout from the Hacking Team compromise
• FBI agents deceive judges, ignore time limits, don’t tell computer owners after they’ve been hacked, and don’t get ‘super-warrants’ for webcam snooping
• Hacking Team promises to rebuild its surveillance software
• An interview with Hacking Team’s CEO

FreeNAS Mini Review by Toms Hardware

Feedback:

• PfSense Kills SSDs?

• Recommended RAID for Random Read Performance

• Scale Out Storage over ZFS? – Like GlusterFS

• ssl ponderings

• SysAdmin Day Book Sale

• LINUX Unplugged 103 Multitrack Remaster – FEEDBACK REQUESTED

Round Up:

• Intel’s 3D memory is 1,000 times faster than modern storage
• “Dating” site Ashley Madison, which specialized in organizing discreet affairs, was compromised and is being extorted by the attackers. Attack was apparently motivated by the fact that the site charges a $19 fee to erase your personal information, and then apparently doesn’t actually erase it
• New FCC Rules May Prevent Installing OpenWRT on WiFi Routers
• Reported Samsung SSD TRIM bug was actually a bug in linux
• Google officially ends forced Google+ integration—First up: YouTube
• Author of DenDroid malware worked as white-hat intern at FireEye
• One of the people responsible for SWATting Krebs in 2013 has pled guilty
• Experian hit with a class action lawsuite over actions involving ID Theft Service

The post SourceForge's Downfall | TechSNAP 225 first appeared on Jupiter Broadcasting.

A new major security breach at a large health insurance firm could expose 10s of millions, a phone phishing scam anyone could fall for & we celebrate our 200th episode with your TechSNAP stories.

Then its a storage spectacular Q&A & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Security breach at health insurance firm Anthem, could expose 10s of millions

• “Anthem Inc., the nation’s second largest health insurer, disclosed Wednesday that hackers had broken into its servers and stolen Social Security numbers and other personal data from all of its business lines. “
• “Anthem didn’t specify how many consumer records may have been breached, but it did say all of the company’s business units are affected. The figures from Anthem’s Web site offer a glimpse at just how big this breach could be: “With nearly 69 million people served by its affiliated companies including more than 37 million enrolled in its family of health plans, Anthem is one of the nation’s leading health benefits companies.””
• “The company said it is conducting an extensive IT forensic investigation to determine what members are impacted.”
• It is reported that Anthem has hired Mandiant to investigate the attack
• Exposed data:
• Full Name
• date of birth
• member ID
• Social Security number
• address
• phone numbers
• email addresses
• employment information
• “According to Anthem’s statement, the impacted (plan/brands) include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare. The company said impacted members will receive notice via mail which will advise them of the protections being offered to them as well as any next steps.”
• “Anthem said once the attack was discovered, the company immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation.”
• More detailed information is not available yet, but I am sure we’ll be following this story in the weeks to come
• Additional Coverage – ThreatPost
• Additional Coverage

Hacked hotel phones used in bank phishing scam

• “A recent phishing campaign targeting customers of several major U.S. banks was powered by text messages directing recipients to call hacked phone lines at Holiday Inn locations in the south. Such attacks are not new, but this one is a timely reminder that phishers increasingly are using lures blasted out via SMS as more banks turn to text messaging to communicate with customers about account activity.”
• “The above-mentioned phishing attacks were actually a mix of scams known as “SMiShing” — phishing lures sent via SMS text message — and voice phishing or “vishing,” where consumers are directed to call a number that answers with a voice prompt spoofing the bank and instructing the caller to enter his credit card number and expiration date”
• It seems Holiday Inn’s telephone switching system may have been hacked, and used to record and exfiltrate the stolen information
• It is likely the hotel also lost out on business from customers actually trying to reach the hotel, and instead getting fake voice prompts for various banks
• “According to Jan Volzke, Numbercop’s chief executive, these scams typically start on a Saturday afternoon and run through the weekend when targeted banks are typically closed.”
• ““Two separate Holiday Inns getting hijacked in such short time suggests there is a larger issue at work with their telephone system provider,” he said. “That phone line is probably sitting right next to the credit card machine of the Holiday Inn. In a way this is just another retail terminal, and if they can’t secure their phone lines, maybe you shouldn’t be giving them your credit card.”
• “A front desk clerk who answered the line on Tuesday said the hotel received over 100 complaints from people who got text messages prompting them to call the hotel’s main number during the time it was hacked.”
• “Numbercop says the text message lures were sent using email-to-SMS gateways, but that the company also has seen similar campaigns sent from regular in-network numbers (prepaid mobile phones e.g.), which can be harder to catch. In addition, Volzke said, phishers often will target AT&T and Verizon users for use in furthering these schemes.”
• Volzke says it’s unfortunate that more financial institutions aren’t communicating with their customers via mobile banking apps. “Banking apps are among the most frequently downloaded and used apps,” Volzke said. “If the user has an app from the bank installed, then if the bank really has something to say they should use the in-app messaging method, not text messages which can be spoofed and are not secure. And yet we see almost no bank making use of this.”
• “Regardless of whether you communicate with your bank via text message, avoid calling phone numbers or clicking links that appear to have been sent via text message from your bank. Also, be extremely wary of any incoming calls from someone calling from your bank. If you think there may be an issue with your account, your best bet is to simply call the number on the back of your credit or debit card.”
• Example call recording from Numbercop

Your TechSNAP Story

• TechSNAP 200

• TechSNAP 200 – FreeNAS Deployed!

• Episode 200 – Thx Allan!

• TechSNAP 200 : How its helped

• Episode 200 – Thx for BSD!

• TechSNAP Changed my Life!

• How has TechSNAP affected me?

• For 200 episode TechSnap

Feedback:

• Network Switches

• Adopted Drive Solution

• QUESTION: ZFS riskiness

• ELI5 Storage: Blocks, Extents, Pages …

Round-Up:

• Forget North Korea – Russian Hackers Are Selling Access To Sony Pictures, Claims US Security Firm
• Why Gmail has better security than your bank does
• Warning – Microsofts Outlook app for iOS breaks your company security
• More flash updates, 16.0.0.305 fixes CVE-2015-0313 through CVE-2015-0330, 15 of the 18 could lead to code execution
• Slew of Flash zero day exploits dominate malware landscape, new exploid kit emerges called Hanjuan
• The problem with crypto-challenges – a challenge constructed of known various bad practises and algorithms, is still hard to crack, does not prove security
• Fix for ‘Fancybox’ plugin for WordPress resolved zero day exploit seen in the wild
• Universal Cross site scripting vulnerability in IE could be used for Phishing or injecting malware into legitimate sites
• More serious bugs found in Siemens “RuggedCom” switches, one allows administrative and settings changes without authentication
• Google designs new SSL warning messages after more research into the subject. The hypothesis of their researched failed, but important lessons were learned

The post Your TechSNAP Story | TechSNAP 200 first appeared on Jupiter Broadcasting.

The Apple rumor mill is in full swing with claims that Apple’s Netflix killer is in the works. We’re a bit skeptical. Twitter & Google patch things up & now it’s time to blame the Russians for the Sony hack!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

Twitter Reaches Deal to Show Tweets in Google Search Results – Bloomberg Business

In the first half of this year, tweets will start to be
visible in Google’s search results as soon as they’re posted,
thanks to a deal giving the Web company access to Twitter’s
firehose, the stream of data generated by the microblogging
service’s 284 million users, people with knowledge of the matter
said Wednesday. Google previously had to crawl Twitter’s site
for the information, which will now be visible automatically.

Apple Talks to TV Programmers About Web TV Service | Re/code

Industry executives say Apple is in talks with TV programmers about deals that would allow Apple to offer an “over the top” pay-TV service, like the one Dish has started selling with its Sling TV product, and the one Sony is getting ready to launch.

The theory is that Apple would put together bundles of programming — but not the entire TV lineup that pay-TV providers generally offer — and sell it directly to consumers, over the Web. That means Apple wouldn’t be reinventing the way TV works today, but offering its own version of it, with its own interface and user experience.

Forget North Korea – Russian Hackers Are Selling Access To Sony Pictures, Claims US Security Firm – Forbes

The firm claimed it has evidence Russian hackers have been silently siphoning off information from Sony’s network for the last few months and may even be the ones responsible for the catastrophic attacks in November, which the US blamed on North Korea. The Russians may have just been working unwittingly alongside the Guardians of Peace hackers, however, who were thought to have shut down Sony for its role in the production of The Interview, a film that depicted the assassination of North Korea leader Kim Jong-Un.

Millions hit by health company hack attack

The attackers stole names, addresses, birthdays and social security numbers of customers from every one of Anthem’s business units.

So far, Anthem has not said how many records were lost or how many people have been affected.

Celebrate TechSNAP 200 with a new look! | Teespring

After 200 episodes of TechSNAP we’d like to introduce the official logo to represent the best systems network and administration podcast around!

The post Apple Trolls Netflix Again | Tech Talk Today 128 first appeared on Jupiter Broadcasting.