Show Notes:

Sophos anti-virus detects it self

• Earlier this week Sophos released a scheduled update to their anti-virus definition files
• The new definitions detected the Sophos updating process, and a number of other auto-updating applications, as variants of the malware Shh/Updater-B
• In addition to setting of a huge volume of false positives, the detection also resulted in the quarantine, blocking or deletion of parts of the Sophos updater
• The updated definitions that solve the problem were released on Wed, 19 Sep 2012 21:32 BST
• However, the updated definitions could not be downloaded by Sophos, because the updater had been broken
• This is an especially large issue for enterprise deployments of Sophos
• The Sophos support number was down, the call volume was so great that most people could not even get into the hold queue

0-day Flaw in Internet Explorer active in the wild

• Internet Explorer versions 6 through 9 are vulnerable to a new series of attacks
• Exploits for a previously unknown use-after-free memory corruption vulnerability, in addition to three more exploits that were found and tied to a hacker group in China known as Nitro (the same group responsible for exploits of two zero-day Java flaws disclosed three weeks ago)
• Security researcher Eric Romang discovered the first of the exploits last weekend while monitoring an infected server
• When a user lands on an infected page, the exploit installs the PoisonIvy remote access Trojan
• Jaime Blasco of AlienVault Labs then discovered three additional exploits, one of which drops the PlugX trojan
• The new exploits appear to be targeted at defense contractors in the U.S. and India
• An unknown exploit was found in a Defense News Portal site in India, it had been served for at least four days
• Microsoft is slated to release a patch on Friday , until then, a ‘fixit’ patch is available
• A new metasploit module to test for and exploit the vulnerability has been released
• Additional Coverage

The “top secret” room where 260 Internet Service Providers connect

• Nearly every carrier neutral data center in the world contains a MeetMe room
• MeetMe rooms more often used for private peering, rather than internet transit
• Transit is when you buy ‘Internet’ service from another provider, they provide you with a ‘default route’ that you can send traffic to, and it will be delivered to anywhere on the internet
• Peering is where providers swap traffic that is specifically destin to each others networks, so if Provider A peers with Provider B, Provider A must use their transit connection to reach provider C, only traffic between A and B (and their customers) are allowed across the ‘peering’ link
• If 1 Wilshire (the building in question) were to go entirely offline, all connections in and out severed, the Internet would continue to operate, traffic would be routed around the missing nodes
• Performance would be degraded, and it is possible that some of the ‘backup’ routes could not handle all of the traffic, but the network would not cease to work
• The Internet is based on the principle of being able to get data from Point A to any Point B, reliably
• To do this, the Internet’s backbone providers use BGP4 routing protocol (Border Gateway Protocol)
• Most Internet Transit providers have maps that look like this:
• nLayer
• Hurricane Electric
• Abovenet (Zayo)
• Level3
• NTT
• Vocus (Australian)
• As you can see on most all of these maps, there are almost always multiple paths that a packet can take to get from point A to point B

Feedback:

• How to access other machines on my LAN remotely?
• pf vs IPTables
• IPTables:
  iptables -A INPUT -i eth0 -p tcp -s 192.168.200.0/24 –dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT
  iptables -A OUTPUT -o eth0 -p tcp –sport 22 -m state –state ESTABLISHED -j ACCEPT
• pf:
  pass in log quick on $EXT_NIC proto tcp from 192.168.200.0/24 to any port 22 keep state
• Apache vs NGINX AGAIN!
• Setting up a system where sensitive documents can be moved securely to an encrypted machine.
• Microsoft sdelete
• FreeNAS vs OpenFiler?
• How are passwords cracked without locking the accounts?
• pfSense 2.1 Due Out Soon
• Dell Voice Powered by Fongo is storing passwords in Plain Text
• Episode 80 ideas

Special Community Events

• Lynx Music:

He goes by Illusionist Lynx and he’s used MATH to make music (and a bunch of ther cool methods) check out his pay-what-you-want music on his bandcamp site: Illusionist Lynx

• Nicholas is getting married, and he needs your HELP!

Nicholas is live streaming his marriage proposal, and hopes to have the JB audience tune in, and maybe help get his girl friend to the right location!

The site people can visit is https://rachelwillyoumarryme.com/

• Visit his site an hour before the event (countdown on his website)
• When the call to action comes, help him spam his girlfriend into arriving at the correct location.
• To help organize, show up early and watch the show’s subreddit!

Have some fun:

• What will be in the news the week in October when Allan is at Euro BSD Con? Let make a prediction on the head lines or just make up funny stuff to read

What I wish the new hires “knew”

Round-Up:

• Patent troll sues Rackspace for hosting Github
• Many ways to break SSL with CRIME attacks, experts warn
• Wrong Number: Why Phone Companies Overcharge For Data
• Microsoft Wants To Nix Data Center Backup Generators
• China Cyberattacks Hit Japan In Island Row: Police
• Flaw in Oracle Database authentication protocol could allow attackers to discover passwords

The post Self Healing Internet | TechSNAP 76 first appeared on Jupiter Broadcasting.