HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

DYN, a large managed DNS provider was taken down by a DDoS

• “Criminals on Friday morning massively attacked Dyn, a company that provides core Internet services for Twitter, Github, SoundCloud, Spotify, Reddit and a host of other sites, causing outages and slowness for many of Dyn’s customers.”
• “In a statement, Dyn said that this morning, October 21, Dyn received a global distributed denial of service (DDoS) attack on its DNS infrastructure on the east coast starting at around 7:10 a.m. ET (11:10 UTC).”
• “DNS traffic resolved from east coast name server locations are experiencing a service interruption during this time. Updates will be posted as information becomes available,” the company wrote.
• “The attack on DYN comes just hours after DYN researcher Doug Madory presented a talk on DDoS attacks in Dallas, Texas at a meeting of the North American Network Operators Group (NANOG). Madory’s talk — available here on Youtube.com — delved deeper into research that he and I teamed up on to produce the data behind the story DDoS Mitigation Firm Has History of Hijacks.”
• When I heard about the attack on Friday, I didn’t assume it actually had anything to do with Krebs…
• Krebs: Hacked Cameras and DVRs powered massive Internet outage
• Miria and Bashlight join forces to attack DYN
• “According to researchers at security firm Flashpoint, today’s attack was launched at least in part by a Mirai-based botnet. Allison Nixon, director of research at Flashpoint said: At least one Mirai [control server] issued an attack command to hit Dyn. Some people are theorizing that there were multiple botnets involved here. What we can say is that we’ve seen a Mirai botnet participating in the attack.”
• DYN’s official Blog statement about the attack
• “It’s likely that at this point you’ve seen some of the many news accounts of the Distributed Denial of Service (DDoS) attack Dyn sustained against our Managed DNS infrastructure this past Friday, October 21. We’d like to take this opportunity to share additional details and context regarding the attack. At the time of this writing, we are carefully monitoring for any additional attacks. Please note that our investigation regarding root cause continues and will be the topic of future updates. It is worth noting that we are unlikely to share all details of the attack and our mitigation efforts to preserve future defenses.”
• “At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet.”
• DYN DDoS attack was the work of script kiddies, not politically motivated
• Traditional Media is terrible at covering things like this:
• Tens of Millions of IP Addresses Used to Take Down Twitter, Netflix in ‘Unprecedented’ Cyberattack
• Twitter was not attacked, and they were not down. They just happened to use DYN for their DNS, so it wasn’t resolving for a lot of people
• DNSMadeEasy.com

Are the days of booter services numbered?

• A lot of discussion has been going on about BCP38 (ISPs blocking outbound traffic from IP addresses they do not own, to stop spoofing attacks), but as far as I am aware, not of these recent record setting DDoS attacks rely on spoofing or amplification, they are just pure volume attacks, using 100s of thousands of devices.
• However, most of these booter services use reflection and amplification techniques, because taking out smaller websites and individual private game servers does not require the resources of an entire botnet. A single server can accomplish this with a small amount of amplification
• “These Web-based DDoS-for-hire services don’t run on botnets: They generally employ a handful of powerful servers that are rented from some dodgy “bulletproof” hosting provider. The booter service accepts payment and attack instructions via a front end Web site that is hidden behind Cloudflare (a free DDoS protection service).”
• “To find vulnerable systems that can be leveraged this way, booters employ large-scale Internet scanning services that constantly seek to refresh the list of systems that can be used for amplification and reflection attacks. They do this because, as research has shown (PDF), anywhere from 40-50 percent of the amplifiers vanish or are reassigned new Internet addresses after one week.”
• “Enter researchers from Saarland University in Germany, as well as the Yokohama National University and National Institute of Information and Communications Technology — both in Japan. In a years-long project first detailed in 2015, the researchers looked for scanning that appeared to be kicked off by ne’er-do-wells running booter services.”
• “To accomplish this, the research team built a kind of distributed “honeypot” system — which they dubbed “AmpPot” — designed to mimic services known to be vulnerable to amplification attacks, such as DNS and NTP floods.”
• “To make them attractive to attackers, our honeypots send back legitimate responses,” the researchers wrote in a 2015 paper (PDF). “Attackers, in turn, will abuse these honeypots as amplifiers, which allows us to observe ongoing attacks, their victims, and the DDoS techniques. To prevent damage caused by our honeypots, we limit the response rate. This way, while attackers can still find these ratelimited honeypots, the honeypots stop replying in the face of attacks.”
• “In that 2015 paper, the researchers said they deployed 21 globally-distributed AmpPot instances, which observed more than 1.5 million attacks between February and May 2015. Analyzing the attacks more closely, they found that more than 96% of the attacks stem from single sources, such as booter services.”
• “To distinguish between scans performed by researchers and scans performed with malicious intent we relied on a simple assumption: That no attack would be based on the results of a scan performed by (ethical) researchers,” said Johannes Krupp, one of the main authors of the report. “In fact, thanks to our methodology, we do not have to make this distinction upfront, but we can rather look at the results and say: ‘We found attacks linked to this scanner, therefore this scanner must have been malicious.’ If a scan was truly performed by benign parties, we will not find attacks linked to it.”
• “What’s new in the paper being released today by students at Saarland University’s Center for IT-Security, Privacy and Accountability (CISPA) is the method by which the researchers were able to link these mass-scans to the very amplification attacks that follow soon after.”
• “The researchers worked out a way to encode a secret identifier into the set of AmpPot honeypots that any subsequent attack will use, which varies per scan source. They then tested to see if the scan infrastructure was also used to actually launch (and not just to prepare) the attacks.”
• Using hop count, trilateration, and BGP path searching, the research team was able to link scanners to attack origins
• “These methods revealed some 286 scanners that are used by booter services in preparation for launching amplification attacks. Further, they discovered that roughly 75 percent of those scanners are located in the United States.”
• “Even if these newly-described discovery methods were broadly deployed today, it’s unlikely that booter services would be going away anytime soon. But this research certainly holds the promise that booter service owners will be able to hide the true location of their operations less successfully going forward. and that perhaps more of them will be held accountable for their crimes.”

DirtyCow: Most serious Linux privilege escalation bug ever — actively being exploited

• “A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.”
• “While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it’s not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that’s a part of virtually every distribution of the open-source OS released for almost a decade. What’s more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.”
• “The vulnerability is easiest exploited with local access to a system such as shell accounts. Less trivially, any web server/application vulnerability which allows the attacker to upload a file to the impacted system and execute it also works.”
• What makes the Dirty COW bug unique? “In fact, all the boring normal bugs are way more important, just because there’s a lot more of them. I don’t think some spectacular security hole should be glorified or cared about as being any more “special” than a random spectacular crash due to bad locking.”
• Anyone sharing or have details about the “in the wild exploit”? “An exploit using this technique has been found in the wild from an HTTP packet capture according to Phil Oester.”
• What can be done to prevent this from happening in future? “The security community, we included, must learn to find these inevitable human mistakes sooner. Please support the development effort of software you trust your privacy to. Donate money to the FreeBSD project.”
• Official site for the vulnerability: dirtycow.ninja
• “At the time of public disclosure, the in the wild exploit that we were aware of did not work on Red Hat Enterprise Linux 5 and 6 out of the box because on one side of the race it writes to /proc/self/mem, but /proc/self/mem is not writable on Red Hat Enterprise Linux 5 and 6.
  Since public disclosure several Proof of Concepts (POC) have been published, that use ptrace method, which do work on Red Hat Enterprise Linux 5 & 6.”

Feedback:

• Admin from the WAN side?

• How to secure internet of terrible things?

• Advice on Windows Security

Round Up

• Adobe emits emergency patch for Flash hole malware is exploiting right this minute
• It’s nearly 2017 and JPEGs, PDFs, font files can hijack your Apple Mac, iPhone, iPad
• “Viewing a maliciously crafted JPEG file may lead to arbitrary code execution” — Don’t open JPEGs on your iOS device until you patch
• Every LTE call, text, can be intercepted, blacked out, hacker finds
• Debian package of nginx introduce vulnerability due to flaw in log rotation setup
• Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking
• Using rowhammer bitflips to root android phones
• Full Disclosure: [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)
• Bug Bounties celebrate their 21st birthday

The post Internet Snow Day | TechSNAP 290 first appeared on Jupiter Broadcasting.

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

Zurmo CRM

Zurmo is an Open Source Customer Relationship Management (CRM) application that is mobile, social, and gamified. We use a test-driven methodology for building every part of the application. This means you can create and maintain a custom-built CRM system or platform with the assurance that future updates are not going to break your installation. Head over to the forums to learn more.

Contact Management

• Full view of Contact details
• 360 view of Accounts
• Lead Management
• Quickly find info with Global Search

Activity Overview

• Meetings, Tasks, Notes, and Attachments all in one place
• Roll Up to see activities from related records
• Latest activities widget, easy view of historical information

Deal Tracking

• Sales Force Automation
• Create and Manage Opportunities
• Track Sales Pipeline
• Probability of Closure

Manual Install Guide

Bitnami Script

• Cloud Hosting – Bitnami

Open Source is No Joke

The short version: Most Open Source Customer Relationship Management (CRM) applications are not fully functioning CRMs because they usually lack Reporting and Workflow. CRMs without these two features are useless. We want people to get value out of Zurmo. So we’re adding functionality that is usually available only in paid, Enterprise editions. Why? The current model teases people and insults our intelligence. We want people to take Zurmo and make it better. We want there to be a tool out there that’s easy to work with and to develop. By building software so a lot of people will use it, we’ll benefit by supporting it. That’s why we’re including all these features like Reporting and Workflow for free.

The long version: If you’re looking for a joke, watch a Jim Carry movie. Dumb and Dumber fits the bill. If you are looking for Open Source Customer Relationship Management (CRM) that’s along the same lines of ineptitude, just do a Google search. You have a bunch to pick from. Call them “teasers”. Call them bait and switch. Call them whatever you’d like. Just surely don’t call them full functioning CRM systems. I am serious. And please don’t call me Shirley.

— PICKS —

Runs Linux

CVS RUNS LINUX!!

Sent in by Anon Ymous (very clever)

Desktop App Pick

Flux

Ever notice how people texting at night have that eerie blue glow? Or wake up ready to write down the Next Great Idea, and get blinded by your computer screen? During the day, computer screens look good—they’re designed to look like the sun. But, at 9PM, 10PM, or 3AM, you probably shouldn’t be looking at the sun.

f.lux fixes this: it makes the color of your computer’s display adapt to the time of day, warm at night and like sunlight during the day. It’s even possible that you’re staying up too late because of your computer. You could use f.lux because it makes you sleep better, or you could just use it just because it makes your computer look better.

• redshift: Redshift adjusts the color temperature of your screen according to your surroundings. This may help your eyes hurt less if you are working in front of the screen at night.

Redshift adjusts the color temperature of your screen according to your surroundings. This may help your eyes hurt less if you are working in front of the screen at night.

• redshift – GNOME Shell Extensions

Spotlight

ShowTerm

It’s showtime in a terminal near you! Put on your best colours, resize to 80 columns, and let your fingers fly!

Termshows are purely text based. This makes them ideal for demoing instructions (as the user can copy-paste), making fail-safe “live-coding” sessions (plain text is very scalable), and sharing all your l33t terminal hacks.

• Each termshow gets its own link. You can add hash-fragments to customize playback,
• All shows are in plain text
• Easy to install
• Easy to use

Donate to OpenStreetMap | OpenStreetMap

OpenStreetMap is the largest open geographic database in the world, the data infrastructure for multitudes of mapping projects around the globe. Your donation to the OpenStreetMap Foundation will cover our core operational expenses in supporting the OpenStreetMap project: hardware costs, legal fees, administrative assistant and other expenses of our working groups and administration.

— NEWS —

• Ting data price drop
• Ting drops data prices to $10 GB beyond the first gig

Hotfix Your Ubuntu Kernels with the Canonical Livepatch Service!

Today, Canonical has publicly launched the Canonical Livepatch Service — an authenticated, encrypted, signed stream of Linux livepatches that apply to the 64-bit Intel/AMD architecture of the Ubuntu 16.04 LTS (Xenial) Linux 4.4 kernel, addressing the highest and most critical security vulnerabilities, without requiring a reboot in order to take effect. This is particularly amazing for Container hosts — Docker, LXD, etc. — as all of the containers share the same kernel, and thus all instances benefit.

• Live kernel patching from Canonical now available for Ubuntu 16.04 LTS

“Most serious” Linux privilege-escalation bug ever is under active exploit

The vulnerability, a variety known as a race condition, was found in the way Linux memory handles a duplication technique called copy on write. Untrusted users can exploit it to gain highly privileged write-access rights to memory mappings that would normally be read-only_

• Dirty COW — Critical Linux Kernel Flaw Being Exploited in the Wild

Why is the Flaw called Dirty COW?

The bug, marked as “High” priority, gets its name from the copy-on-write (COW) mechanism in the Linux kernel, which is so broken that any application or malicious program can tamper with read-only root-owned executable files and setuid executables.

“A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings,” reads the website dedicated to Dirty COW.

“An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.”

The Dirty COW vulnerability has been present in the Linux kernel since version 2.6.22 in 2007, and is also believed to be present in Android, which is powered by the Linux kernel.

• Kernel Local Privilege Escalation – CVE-2016-5195 – Red Hat Customer Portal

• Bug 1384344 – CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage

• VulnerabilityDetails · dirtycow/dirtycow.github.io Wiki · GitHub

There are proof of concept available here.

Impact

• An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
• This flaw allows an attacker with a local system account to modify on-disk binaries, bypassing the standard permission mechanisms that would prevent modification without an appropriate permission set.

How

• The In The Wild exploit relied on writing to /proc/self/mem on one side of the race.
• The In The Wild exploit relied on using ptrace.
• The attack relies on racing the madvise(MADV_DONTNEED) system call while having the page of the executable mmapped in memory.

IOT Targeted in Recent DDOS attacks of DNS

DNS, the internet traffic management company hit by DDoS attacks Friday which affected more than 80 popular websites, says it believes that smart devices such as webcams and thermostats were infiltrated to carry out the attacks.

Scores of websites including PayPal, Reddit, Amazon, Spotify and Twitter were unavailable Friday as three separate distributed denial of service (DDoS) attacks disrupted the New Hampshire based server’s operations.

Feedback:

Mail Bag

Name: Corey L

Subject: System 76 Same As Clevo?

Message: Hello Chris and Noah,

Would i be able to use the system 76 PPA on a generic Clevo laptop of the same model that the Oryx Pro is built upon. I have an opportunity to purchase one second hand from a Windows user, and I’m sure i could get everything working under Ubuntu 16.10 (except for crappy wireless) .

The model is NP8152-S

Thank you both,
Best regards,
Corey L

Name: LJ

Subject: Ubuntu 16.04 / 16.10 Followup

Message: Message: Hi Noah,

Regarding the wifi problems you have been facing with ubuntu 16.04 (and probably 16.10), please check the instructions/script in the file attached.

It may be a dirty solution but in the end it works and it it completely transparent to the user.

Keep the good work

Regards
LJ from Portugal

• Script To Fix Wifi

• Open a terminal and type the following:

• sudo nano /etc/systemd/system/wifi-resume.service
• Copy/Paste the script in there with a right click.
• Exit with ctrl + o and ctrl + x
• Now to activate it:

sudo systemctl enable wifi-resume.service

Script:

#/etc/systemd/system/wifi-resume.service
#sudo systemctl enable wifi-resume.service
[Unit]
Description=Restart networkmanager at resume
After=suspend.target
After=hibernate.target
After=hybrid-sleep.target

[Service]
Type=oneshot
ExecStart=/bin/systemctl restart network-manager.service

[Install]
WantedBy=suspend.target
WantedBy=hibernate.target
WantedBy=hybrid-sleep.target

Salty Noah?

Call in: 1-877-347-0011

New Show: User Error

• User Error | Jupiter Broadcasting

Catch the show LIVE SUNDAY:

• Noon Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux
• Altispeed Technologies
• System76 – system76

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

The post Livepatch Your CoW | LAS 440 first appeared on Jupiter Broadcasting.