bpf – Jupiter Broadcasting

A while ago I did a blog post about how long DNS resolvers hold results in cache for, using RIPE Atlas probes testing against their default resolvers (in a lot of cases, the DNS cache on their modem/router).

Unauthenticated LAN remote code execution in AsusWRT

However due to a number of coding errors, it is possible for an unauthenticated attacker in the LAN to achieve remote code execution in the router as the root user.

AI is moving towards acceptance in cyber security, says Check Point

Artificial intelligence (AI) is making headway in the security industry as a means to better analyse mountains of information, but will not be widely adopted in the short term because of a lack of actionable data and human expertise, according to security services supplier Check Point.

Alphabet is launching a new CyberSecurity unit.

Alphabet, the parent company of Google, announced today that they will be launching Chronicle, a new business unit that will focus on Cyber Security, using their servers and infrastructure. The new organization hopes to focus on machine learning and artificial intelligence to assist in the fight against cybercrime moving forward.

Google Project Zero claims new BitTorrent flaw could enable cyber crooks get into users’ PCs

Google Project Zero security researchers have found what they claim is a “critical flaw” in the Transmission BitTorrent client that could enable cyber crooks to take control of users’ computers.

Kubernetes

Kubernetes, at its basic level, is a system for managing containerized applications across a cluster of nodes. In many ways, Kubernetes was designed to address the disconnect between the way that modern, clustered infrastructure is designed, and some of the assumptions that most applications and services have about their environments.

Fun fact: The seven spokes in the Kubernetes logo refer to the project’s original name, “Project Seven of Nine.”

We’ve been running Kubernetes for deep learning research for over two years. While our largest-scale workloads manage bare cloud VMs directly, Kubernetes provides a fast iteration cycle, reasonable scalability, and a lack of boilerplate which makes it ideal for most of our experiments. We now operate several Kubernetes clusters (some in the cloud and some on physical hardware), the largest of which we’ve pushed to over 2,500 nodes. This cluster runs in Azure on a combination of D15v2 and NC24 VMs.

Feedback

Talk more about Windows
Starting with Ansible Quick
Gary points everyone to: Some best practises of how to use ansible
Ansible Console
- GitHub – dominis/ansible-shell: Interactive ansible shell
Ad-hoc Commands

If infrastructures are to be treated as a code than projects that manage them must be treated as software projects. As your infrastructure code gets bigger and bigger you have more problems to deal with it. Code layout, variable precedence, small hacks here and there. Therefore, organization of your code is very important, and in this repository you can find some of the best practices (in our opinion) to manage your infrastructure code.

About the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan

The post Too Many Containers | TechSNAP 353 first appeared on Jupiter Broadcasting.

Spy vs MSpy | TechSNAP 216

chris — Thu, 28 May 2015 08:36:33 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Spyware creator mSpy hacked, find out why this breach is particularly egregious, what’s wrong with pcap & why RSA’s death has been greatly exaggerated.

Plus a great batch of questions, a rocking round up & much, much more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

What is wrong with pcap filters

pcap filters are the language used to filter packet captures, and is used by tcpdump, wireshark and the like
This post is an attempt to look at some classes of problems that the pcap filtering language fails on, why those deficiencies exist, and why I continue using it even despite the flaws.
It also includes a link to a video about the history of pcap
Just to be clear, libpcap is an amazing piece of software. It was originally written for one purpose, and it really is my fault that I end up too often using it for a different one.
pcap is a usermode implementation of BPF, allowing
BPF (Berkeley Packet Filter) is a UNIX interface that allows an application to read and write raw packets
In addition to providing the interface to get raw packets into an application (like tcpdump) so you can read them, it also has the ability to filter the packets, so you only have to read the ones you care about
This is especially important when there are gigabits per second of traffic flowing back and forth
BPF Internals – Part 1
Why We Need eBPF
Towards Faster Trace Filters using eBPF and JIT

Mobile Spyware Maker mSpy Hacked, Customer Data Leaked

mSpy, the makers of a dubious software-as-a-service product that claims to help more than two million people spy on the mobile devices of their kids and partners, appears to have been massively hacked.
Last week, a huge trove of data apparently stolen from the company’s servers was posted on the Deep Web, exposing countless emails, text messages, payment and location data on an undetermined number of mSpy “users.”
KrebsOnSecurity learned of the apparent breach from an anonymous source who shared a link to a Web page that is only reachable via Tor.
The Tor-based site hosts several hundred gigabytes worth of data taken from mobile devices running mSpy’s products, including some four million events logged by the software.
The message left by the unknown hackers who’ve claimed responsibility for this intrusion suggests that the data dump includes information on more than 400,000 users, including Apple IDs and passwords, tracking data, and payment details on some 145,000 successful transactions.
There is a crazy amount of personal and sensitive data in this cache, including photos, calendar data, corporate email threads, and very private conversations. Also included in the data dump are thousands of support request emails from people around the world who paid between $8.33 to as much as $799 for a variety of subscriptions to mSpy’s surveillance software.
U.S. regulators and law enforcers have taken a dim view of companies that offer mobile spyware services like mSpy. In September 2014, U.S. authorities arrested a 31-year-old Hammad Akbar, the CEO of a Lahore-based company that makes a spyware app called StealthGenie. The FBI noted that while the company advertised StealthGenie’s use for “monitoring employees and loved ones such as children,” the primary target audience was people who thought their partners were cheating. Akbar was charged with selling and advertising wiretapping equipment.
mSpy Denies Breach, Even as Customers Confirm I
Child spy firm hit by blackmailers – BBC News

About the supposed factoring of a 4096 bit RSA key

Last week a blog was posted claiming to have published the factoring of a 4096-bit RSA key
“The key in question was the PGP key of a well-known Linux kernel developer.”
The other of the rebuttal post, thinks that the researchers are mistaken
He thinks this because, he once thought that he had factored the same key, but then found out otherwise.
A little background:
- “RSA public keys consist of two values called N and e. The N value, called the modulus, is the interesting one here. It is the product of two very large prime numbers. The security of RSA relies on the fact that these two numbers are secret. If an attacker would be able to gain knowledge of these numbers he could use them to calculate the private key. That’s the reason why RSA depends on the hardness of the factoring problem. If someone can factor N he can break RSA. For all we know today factoring is hard enough to make RSA secure (at least as long as there are no large quantum computers).”
- “Now imagine you have two RSA keys, but they have been generated with bad random numbers. They are different, but one of their primes is the same. That means we have N1=pq1 and N2=pq2. In this case RSA is no longer secure, because calculating the greatest common divisor (GCD) of two large numbers can be done very fast with the euclidean algorithm, therefore one can calculate the shared prime value.”
“PGP keyservers have been around since quite some time and they have a property that makes them especially interesting for this kind of research: They usually never delete anything. You can add a key to a keyserver, but you cannot remove it, you can only mark it as invalid by revoking it. Therefore using the data from the keyservers gives you a large set of cryptographic keys.”
He noticed that some keys appeared to contain subkeys that are near identical copies of a valid subkey, but with tiny errors
“I don’t know how they appear on the key servers, I assume they are produced by network errors, harddisk failures or software bugs. It may also be that someone just created them in some experiment.”
“The important thing is: Everyone can generate a subkey to any PGP key and upload it to a key server. That’s just the way the key servers work. They don’t check keys in any way. However these keys should pose no threat to anyone. The only case where this could matter would be a broken implementation of the OpenPGP key protocol that does not check if subkeys really belong to a master key.”
“However you won’t be able to easily import such a key into your local GnuPG installation. If you try to fetch this faulty sub key from a key server GnuPG will just refuse to import it. The reason is that every sub key has a signature that proves that it belongs to a certain master key. For those faulty keys this signature is obviously wrong.”
“Now here’s my personal tie in to this story: Last year I started a project to analyze the data on the PGP key servers. And at some point I thought I had found a large number of vulnerable PGP keys – including the key in question here. In a rush I wrote a mail to all people affected. Only later I found out that something was not right and I wrote to all affected people again apologizing. Most of the keys I thought I had found were just faulty keys on the key servers.”

Feedback:

digital preservation
Pfsense question
ZFS … is Raidz2 fault tolerance offset by rebuild stress/time?
FreeBSD Mastery: ZFS has been sent to the publisher

Round Up:

The post Spy vs MSpy | TechSNAP 216 first appeared on Jupiter Broadcasting.