forward – Jupiter Broadcasting

Self Healing Internet | TechSNAP 76

chris — Thu, 20 Sep 2012 16:42:00 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

The story about an antivirus that detects itself, IE’s awful zero day exploits, and the Internets amazing ability to route around problems.

Plus: A huge batch of your feedback, and so much more in this week’s episode of TechSNAP!

Thanks to:

GoDaddy.com

Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

SPECIAL OFFER! Save 20% off your order!
Code: go20off5

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains

Direct Download:

RSS Feeds:

Support the Show:

Purchase anything at Amazon.com
Purchase anything at Think Geek using this link
Purchase anything at Newegg using this link
Contribute directly on our donation page or check out our advertising options and reach millions of amazing people!
Grab our Chrome Extension and auto-tag your shopping session for us!

Fill out my Wufoo form!

Show Notes:

Sophos anti-virus detects it self

Earlier this week Sophos released a scheduled update to their anti-virus definition files
The new definitions detected the Sophos updating process, and a number of other auto-updating applications, as variants of the malware Shh/Updater-B
In addition to setting of a huge volume of false positives, the detection also resulted in the quarantine, blocking or deletion of parts of the Sophos updater
The updated definitions that solve the problem were released on Wed, 19 Sep 2012 21:32 BST
However, the updated definitions could not be downloaded by Sophos, because the updater had been broken
This is an especially large issue for enterprise deployments of Sophos
The Sophos support number was down, the call volume was so great that most people could not even get into the hold queue

0-day Flaw in Internet Explorer active in the wild

Internet Explorer versions 6 through 9 are vulnerable to a new series of attacks
Exploits for a previously unknown use-after-free memory corruption vulnerability, in addition to three more exploits that were found and tied to a hacker group in China known as Nitro (the same group responsible for exploits of two zero-day Java flaws disclosed three weeks ago)
Security researcher Eric Romang discovered the first of the exploits last weekend while monitoring an infected server
When a user lands on an infected page, the exploit installs the PoisonIvy remote access Trojan
Jaime Blasco of AlienVault Labs then discovered three additional exploits, one of which drops the PlugX trojan
The new exploits appear to be targeted at defense contractors in the U.S. and India
An unknown exploit was found in a Defense News Portal site in India, it had been served for at least four days
Microsoft is slated to release a patch on Friday , until then, a ‘fixit’ patch is available
A new metasploit module to test for and exploit the vulnerability has been released
Additional Coverage

The “top secret” room where 260 Internet Service Providers connect

Nearly every carrier neutral data center in the world contains a MeetMe room
MeetMe rooms more often used for private peering, rather than internet transit
Transit is when you buy ‘Internet’ service from another provider, they provide you with a ‘default route’ that you can send traffic to, and it will be delivered to anywhere on the internet
Peering is where providers swap traffic that is specifically destin to each others networks, so if Provider A peers with Provider B, Provider A must use their transit connection to reach provider C, only traffic between A and B (and their customers) are allowed across the ‘peering’ link
If 1 Wilshire (the building in question) were to go entirely offline, all connections in and out severed, the Internet would continue to operate, traffic would be routed around the missing nodes
Performance would be degraded, and it is possible that some of the ‘backup’ routes could not handle all of the traffic, but the network would not cease to work
The Internet is based on the principle of being able to get data from Point A to any Point B, reliably
To do this, the Internet’s backbone providers use BGP4 routing protocol (Border Gateway Protocol)
Most Internet Transit providers have maps that look like this:
nLayer
Hurricane Electric
Abovenet (Zayo)
Level3
NTT
Vocus (Australian)
As you can see on most all of these maps, there are almost always multiple paths that a packet can take to get from point A to point B

Feedback:

How to access other machines on my LAN remotely?
pf vs IPTables
IPTables:
iptables -A INPUT -i eth0 -p tcp -s 192.168.200.0/24 –dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp –sport 22 -m state –state ESTABLISHED -j ACCEPT
pf:
pass in log quick on $EXT_NIC proto tcp from 192.168.200.0/24 to any port 22 keep state
Apache vs NGINX AGAIN!
Setting up a system where sensitive documents can be moved securely to an encrypted machine.
Microsoft sdelete
FreeNAS vs OpenFiler?
How are passwords cracked without locking the accounts?
pfSense 2.1 Due Out Soon
Dell Voice Powered by Fongo is storing passwords in Plain Text
Episode 80 ideas

Special Community Events

Lynx Music:

He goes by Illusionist Lynx and he’s used MATH to make music (and a bunch of ther cool methods) check out his pay-what-you-want music on his bandcamp site: Illusionist Lynx

Nicholas is getting married, and he needs your HELP!

Nicholas is live streaming his marriage proposal, and hopes to have the JB audience tune in, and maybe help get his girl friend to the right location!

The site people can visit is https://rachelwillyoumarryme.com/

Visit his site an hour before the event (countdown on his website)
When the call to action comes, help him spam his girlfriend into arriving at the correct location.
To help organize, show up early and watch the show’s subreddit!

Have some fun:

What will be in the news the week in October when Allan is at Euro BSD Con? Let make a prediction on the head lines or just make up funny stuff to read

What I wish the new hires “knew”

Round-Up:

The post Self Healing Internet | TechSNAP 76 first appeared on Jupiter Broadcasting.

Skype Exposes Pirates | TechSNAP 29

chris — Thu, 27 Oct 2011 18:43:12 +0000

Coming up on this week’s TechSNAP…

Researches have developed a way to tie your file sharing to your Skype account. We’ll share the details on how this works, and what you can do to prevent being tracked!

Plus we cover the Ultimate way to host your own email, and what happened when Chinese hackers took control of US Satellites!

All that and more, on this week’s episode of TechSNAP!

Direct Download Links:

Subscribe via RSS and iTunes:

[ad#shownotes]

Show Notes:

Audible.com:

Ready Player One

Suspected Chinese Military Hackers take control of US Satellites

On four separate occasions during 2007 and 2008 US satellites were hijacked by way of their ground control stations.
The effected satellites were Landsat–7 (Terrain Mapping and Satellite Photography, example 1 example 2) and Terra AM–1 (Climate and Environmental Monitoring, 2010 Hurricane Karl)
While the US does not directly accuse the Chinese government in writing, these types of actions are consistent with known war plans that involve disabling communications, command and control, and GPS satellites as a precursor to war.
In one incident with NASA’s Terra AM–1, “the responsible party achieved all steps required to command the satellite,” however the attackers never actually took control of the satellite.
It was not until the 2008 investigation that the previous compromises in 2007 were detected
This raises an important question, are the US military and other NATO members, too reliant of satellite communications and GPS?
In a recent NATO exercise called ‘Joint Warrior’, it was planned to jam GPS satellite signals, however the jamming was suspended after pressure on the governments over civilian safety concerns. Story

Researchers develop a procedure to link Skype users to their Bittorrent downloads

The tools developed by the researchers at New York University allow any to determine a strong correlation between bittorrent downloads and a specific skype user.
Importantly, unlike RIAA/MPAA law suites, the researchers consider the possibility of false positives because of multiple users behind NAT.
The researchers resolve this issue by probing both the skype and bittorrent clients after a correlation is suspected. By generating a response from both clients at nearly the same time and comparing the IP ID (similar to a sequence number) of the packets, if the ID numbers are close together, than it is extremely likely that the response was generated by the same physical machine. If the IDs are very different, then it is likely that the Skype and BitTorrent users are on different machines, and there is no correlation between them.
This same technique could be made to work with other VoIP and P2P applications, and could be used to gather enough evidence to conclusively prove a bittorrent user’s identity.
This situation can be mitigated by using the feature of some OS’s that randomizes the IP ID to prevent such tracking. (net.inet.ip.random_id in FreeBSD, separate ‘scrub random-id’ feature in the BSD PF firewall)
The discovery could also be prevented by fixing the skype client such that it will not reply with its IP address if the privacy settings do not allow calls from that user. The current system employed by the researches does not actually place a call to the user, just tricks skype into thinking that a call will be placed, and skype then leaks the sensitive information by returning its IP address or initiating a connection to the attacker.
Read the full research paper

NASDAQ web application Directors Desk hacked

Directors Desk is a web application designed to allow executives to share documents and other sensitive information
When NASDAQ was hacked in February, they did not believe that any customer data was stolen
The attackers implanted spyware into the Directors Desk application and were able to spy on the sensitive documents of publicly traded companies as they were passed back and forth through the system
This is another example of the Advanced Persistent Threat (APT) as we saw with the RSA and South Korea Telecom hacks, where the attackers went after a service provider (in his case NASDAQ) to compromise the ultimate targets, the publicly traded companies and their sensitive documents.
It is not known what if any protection or encryption systems were part of Directors Desk, but it seems that the application was obviously lacking some important security measures, including an Intrusion Detection System that would have detected the modifications to the application.

SEC says companies may need to disclose cyber attacks in regulatory filings

The new guidance from the SEC spells out some of the things that companies may need to disclose to investors and others, depending upon their situation.
Some of the potential items companies may need to disclose include:
Discussion of aspects of the registrant’s business or operations that give rise to material cybersecurity risks and the potential costs and consequences
To the extent the registrant outsources functions that have material cyber security risks, description of those functions and how the registrant addresses those risks
Description of cyber incidents experienced by the registrant that are individually, or in the aggregate, material, including a description of the costs and other consequences
Risks related to cyber incidents that may remain undetected for an extended period
“For example, if material intellectual property is stolen in a cyber attack, and the effects of the theft are reasonably likely to be material, the registrant should describe the property that was stolen and the effect of the attack on its results of operations, liquidity, and financial condition and whether the attack would cause reported financial information not to be indicative of future operating results or financial condition,” the statement says.
From the SEC guidance: The federal securities laws, in part, are designed to elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision”
CF Disclosure Guidance: Topic No. 2 – Cybersecurity

Feedback:

Q: Owning my own Email?
Roundcube – Free webmail for the masses
MailServer – Community Ubuntu Documentation
Postfix – Community Ubuntu Documentation
Setting up a Forwarding Account in the Email Control Center – GoDaddy Help Center (Remember to use the coupon code LINUX or LINUX20)
Google apps for your domain (free)

It is definitely advantageous to own the domain that your email address is on. On top of looking more professional than a hotmail, or even gmail address, it also allows you to choose your host and have full control over everything. There are some caveats though, of course you must remember to renew your domain name, else your email stops working (just ask Chris about that one), you also have to be careful about picking where to host your domain, having your site or email hosted by a less reputable service can result in your domain being included on blacklists and stopping delivery of your mail to some users. The biggest problem with hosting your own email, from your home, is that you must keep the server up 24/7, and it must have a reasonable static IP address. If you are going to host from your home, I recommend you get a ‘backup mx’ service, a backup mail server that will collect mail sent to you while you are offline, and then forward it to your server when it is back up. Even if you are using a dedicated server or VPS, this is important, because email is usually the most critical service on your server. The other major issue with hosting your email from home, is that most ISPs block port 25 inbound and outbound, to prevent infected computers from sending spam. This means that you will not be able to send or receive email to other servers. Usually your ISP will require you to have a more expensive business class connection with a dedicated static IP address in order to allow traffic on port 25. Also, a great many spam filtering systems, such as spamassassin, use blacklists that contain the IP ranges of all consumer/home Internet providers, designed to stop spam from virus infected machines, because email should not be send from individual client machines, but through the ISP or Domain email server.

Round Up:

The post Skype Exposes Pirates | TechSNAP 29 first appeared on Jupiter Broadcasting.