25k UNIX systems spread infections to over half a million Windows boxes, and the method of attack simply put, is brilliant we’ll share the details!

Google DNS gets hijacked we’ll explain how, and then a great big batch of your question, a rocking round up, and much much more!

On this week’s TechSNAP!

Thanks to:

— Show Notes: —

Allan’s Trip

• bhyvecon Tokyo – Slides and Videos

• AsiaBSDCon 2014

• iXsystems G+ Photo Album

• AsiaBSDCON 2014 Recap | iXsystems, Inc.

Operation Windigo

• The attack leverages previously compromised (how is unknown) servers, and using them to scan for other hosts to compromise, serve malware, infect sites hosted on the compromised servers with malware, and to send spam

• Victims have included cPanel and Kernel.org (the official Linux kernel archive)

• “The Ebury backdoor deployed by the Windigo cybercrime operation does not exploit a vulnerability in Linux or OpenSSH,”

• During an analysis of stolen credentials, the researchers found:

  • 66% of the stolen passwords contained only alpha numeric characters

  • 41% of the stolen credentials were for the root user

• Remote login as root should never be allowed. Disable root login over SSH and login as a regular user and use su or sudo. If you use sudo you should read Sudo Mastery and probably SSH Mastery too.

• The researchers also found 23 victims running Windows 98, and 1 running Windows 95

• “We found an official mirror of CentOS packages infected with Linux/Ebury. Fortunately, no package files were seemingly altered by the malicious operators. However knowing that Linux RPM packages are cryptographically signed such tampering is probably infeasible”

• However, amateur administrators have been conditioned to accept unknown GPG keys for CentOS repositories.

• When users visit an infected site, Windows users are given malware, Mac users are served ads for dating sites, and iPhone users are served ads for “strong pornography”, likely as these are each the most profitable way to exploit such users

• The operators maintain control on the infected servers by installing a backdoor in the OpenSSH instance. The backdoor provides them with a remote root shell even if local credentials are changed on the infected host

• The attackers used a number of techniques to remain stealthy:

  • Use Unix pipes as much as possible when deploying their backdoor to avoid landing files on the filesystem

  • Leave no trace in log files when using the backdoor

  • Change original signatures in the package manager for the modified file

  • Avoid exfiltrating information when a network interface is in promiscuous mode

  • Use POSIX shared memory segments with random system user owners to store stolen credentials

  • Inject code at runtime into three OpenSSH binaries instead of modifying the original OpenSSH files on disk

  • Change OpenSSH daemon configuration in memory instead of on disk

• Centralize their backdoor in a library instead of an executable (libkeyutils.so)

• Researcher PDF

Google Public DNS (8.8.8.8) suffers brief BGP hijack redirecting it to Venezuela

• At approximately 17:23 UTC on March 15th, a router on the British Telecom Latin America network (BT LATAM, AS 7908) in Venezuela began announcing 8.8.8.8/32

• A /32 prefix is unusual, most BGP routers will not propagate such short prefixes, only passing routes of /24 or larger. This resulted in the bad route not spreading as far, however because routing tables always take the ‘most specific’ match, it resulted in more of the traffic being rerouted than would have normally been the case

• This resulted in most all traffic in Venezuela and Brazil, among other networks, including a University Network in Florida, to be misdirected to a server in Venezuela

• The false BGP (Border Gateway Protocol) announcement was retracted 23 minutes later

• It is possible that this was an effort by the Venezuelan government to intercept traffic bound for the Google Public DNS service, and it was accidently leaked upstream, disrupting the internet outside of Venezuela

• Similar cases have happened in Pakistan and other countries attempting to block Youtube and other services

• The network that sent the request, Madory said, “leaked other internal routes earlier in the day. So I suppose someone was tinkering with the network over the weekend. We see routing goof-ups like this almost every day.”

• Additional Coverage

• There are BCPs and RFCs that cover ways to prevent this kind of hijacking, by only allowing ASs to announce prefixes they control, however there is a lot of administrative overhead, especially when an ISP announces routes for its customers

• There is another system, RPKI, that allows a network to specify which AS numbers are allowed to announce an IP block, as well as specifying the maximum prefix length, to prevent someone from announcing a more specific prefix (like in this case)

• However RPKI has not yet received wide adoption

• Providers ignore routing and DNS security

Feedback:

• Follow Up to HIPAA Question

• Better answer for David with wifi latency

• Soooo, I got one of those \”Your computer is infected\” scam calls a little bit ago.

• Single server, SSH multiple users over LAN and SFTP single user over internet

• Wifi Security Fix

• Sharing Resources Between 2 or more computers

• Unraid to Freenas

• SSH Config Exmaple

Round Up:

• In sudden announcement, US to give up control of DNS root zone

• Snowden gives TED talk — “Here\’s how we take back the Internet”

• File advertised as MtGox data archive is actually bitcoin stealing malware

• Why people get malware

• Google Hangouts, Gmail Chat And Google Spreadsheets Go Down

• Full disclosure mailing list shuts down after member requests some content be redacted

• NTP Amplification DDoS Attacks Increasing

• Weev (posted link to AT&T iPad activation database that was left publically accessible) is in jail because the government can’t understand what he did. \”He had download the entire iOS system on his computer, he had to decrypt it, he had to do all of these things I don\’t even understand,\” Assistant US Attorney Glenn Moramarco argued

• Tech Giants Knew About Prism All Along, the NSA\’s Top Lawyer Says

• Hashing MAC addresses does not really improve privacy. The limit address space means calculating the hash table of every possible MAC address only takes minutes

• New development model, Unreal Engine 4 with source code (on Github) will be available to everyone for $19/month and 5% of gross sales revenue

• Survey finds 16% of websites running old vulnerable versions of PHP. The vuln only applies to CGI type installations, which many of these may not be. Also, it is possible that some of these are redhat/centos installations which are patched but have frozen version numbers

The post Worst Server Practices | TechSNAP 154 first appeared on Jupiter Broadcasting.

The security breach that rocked Linux to it’s core has expanded, and we cover the breaking details.

Then – It’s our preview look at Ubuntu 11.10. Are they are on the right course? Or is this release turning into another disaster? We find out!

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com Use our codes LINUX to save 10% at checkout, or LINUX20 to save 20% on hosting!

Subscribe…— The Linux Action Show! —iTunes MP3iTunes Large VideoiTunes iPod VideoLarge Video RSSiPod Video RSSMP3 Audio RSSOgg Audio RSS— ALL SHOWS —iTunes Large VideoiTunes MP3Large Video RSSMP3 Audio RSSOGG Audio RSS— PODCAST NETWORKS —StitcherMiroZuneiTunes

[ad#shownotes]

Episode Show Notes:

Runs Linux:

Marcos Garcia software enables entire Industries, to Run Linux!

• More Info
• Short video

Android Pick:

• Linux Commands
• Android Picks so far thanks to Madjo in the IRC Chat room!

Linux Pick:

• Community Hack Allows Linux/Wine users to experience OnLive

• Linux App Picks so far. Thanks to Madjo!

BSD Pick:

• Many computer systems around the world have been possessed by penguins; some have even been possessed by dead rats. In light of this, it is desirable to exorcise these evil spirits, and replace them with a nice, friendly daemon
• More to the point, there are a number of dedicated server hosting companies which only offer Linux; being able to remotely replace Linux with FreeBSD makes the offerings from these companies available to those who want to run FreeBSD.

News:

• Security breach on Linux.com, LinuxFoundation.org
• ‘Lightworks’ To Land On Linux In December
• Google: Make source code available after innovation is complete
  
• Google sells patents to HTC to fight Apple suit
• Larry meets Larry to talk tons of money
• Benchmarks suggest that FreeBSD’s Linuxulator may be faster at Linux gaming than the real Linux kernel
• Linus Torvalds And Github
• Haiku Gains Early VirtualBox Guest Addition Drivers

Ubuntu 11.10 Preview:

• Uses Linux v3.0.3 and has [other goodies](OneiricOcelot/TechnicalOverview – Ubuntu Wiki too!
• The Nasty Battery Power Usage On Ubuntu 11.10
• Bug #818830 Sandy Bridge serious power regression from kernel 3.0.0–6 to 3.0.0–7
• Huge power regression in kernel 3.x on Sandy Bridge laptops
• Download the Daily Ubuntu 11.10 daily Build
• Power Usage Unity, Unity 2D & GNOME Shell

Find us on Google+

• Chris
• Allan

Find us on Twitter:

• Chris – ChrisLAS
• Allan – AllanJude

Follow the network on Facebook:

• Jupiter Broadcasting on Facebook

Catch the show LIVE at 10am on Sunday:

• https://jblive.tv

The post Ubuntu 11.10 Preview | LAS | s18e06 first appeared on Jupiter Broadcasting.

It’s our review of Mandriva 2011!

Plus we cover the early rumors of MeeGo’s death, Mark Shuttleworth’s bet against the mobile operators, and the major security issues that struck Linux this week.

All this week on, The Linux Action Show!

Thanks to:

GoDaddy.com Use our codes LINUX to save 10% at checkout, or LINUX20 to save 20% on hosting!

Subscribe…— The Linux Action Show! —iTunes MP3iTunes Large VideoiTunes iPod VideoLarge Video RSSiPod Video RSSMP3 Audio RSSOgg Audio RSS— ALL SHOWS —iTunes Large VideoiTunes MP3Large Video RSSMP3 Audio RSSOGG Audio RSS— PODCAST NETWORKS —StitcherMiroZuneiTunes

[ad#shownotes]

Episode Show Notes:

Runs Linux:

Dual-band Wi-Fi router, Runs Linux

Android Pick:

• ETERNITY WARRIORS
• Android Picks so far thanks to Madjo in the IRC Chat room!

Linux Pick:

• wibom: Wine bottle management
• Linux App Picks so far. Thanks to Madjo!

News:

• MeeGo OS fading fast? Intel says it’s ‘still committed’
• Ohio LinuxFest 2011
• Oracle retires licence for distributing its Java with Linux
• Mark Shuttleworth donates USD$400k to the Serval Batphone – Peer to Peer telephony using Android
• Upcoming Linux Game ‘Blocks That Matter’ Wins $ 40,000 playable demo is out for download
• Watch Jupiter Broadcasting rock PAX
• Kernel.org security breach
• Kernel.org attackers did not know what they had
• Debian and Ubuntu patch apache from the ‘killer’ DoS
• More info on both stories in this week’s TechSNAP

Mandriva 2011 Review:

• Mandriva Desktop 2011 review
• 2011.0 Mandriva Tour
• 2011.0 Release Notes
• Mageia – Based on Mandriva Distribution
• Mandriva 2011 vs Mageia 1

Find us on Google+

• Allan
• Chris

Find us on Twitter:

• Allan – Allanjude
• Chris – ChrisLAS

Follow the network on Facebook:

• Jupiter Broadcasting on Facebook

Catch the show LIVE at 10am on Sunday:

• https://jblive.tv

The post Mandriva 2011 Review | LAS | s18e05 first appeared on Jupiter Broadcasting.

Google and openDNS join forces to improve the speed of your downloads, find out what they are doing and how it works!

Plus gmail suffered another man in the middle attack, and Kernel.org gets some egg on their face!

All that and more, on this week’s episode of TechSNAP!

Direct Download Links:

HD Video | Large Video | Mobile Video | WebM Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:
Subscribe... --RSS-- TechSNAP HD TechSNAP Large TechSNAP Mobile TechSNAP MP3 TechSNAP OGG --iTunes-- TechSNAP iTunes HD TechSNAP iTunes Mobile TechSNAP iTunes Large TechSNAP iTunes MP3

[ad#shownotes]

Show Notes: