Show Notes: linuxunplugged.com/466

The post The Night of a Thousand Errors | LINUX Unplugged 466 first appeared on Jupiter Broadcasting.

Show Notes: linuxactionnews.com/165

The post Linux Action News 165 first appeared on Jupiter Broadcasting.

Show Notes: coder.show/348

The post Dependency Dangers | Coder Radio 348 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Cisco’s Talos Intelligence Group Blog: Player 3 Has Entered the Game: Say Hello to ‘WannaCry’

FCC Filings Overwhelmingly Support Net Neutrality Once Anti-Net Neutrality Spam is Removed

• Net Neutrality II: Last Week Tonight with John Oliver (HBO)

• Because of a procedural quirk, the FCC will not be considering any comments on the issue of net neutrality that are submitted over the next week or so.

• https://youtu.be/qI5y-_sqJT0 — follow up video

Feedback

• IPv6 only

• ZoL and other Linux Filesystems

Round Up:

• Ways in which the WannaCry ransomware could have been much worse

• Postmortem for outage of us-east-1

• 1.9 million Bell customer email addresses stolen by ‘anonymous hacker’ – Technology & Science – CBC News

• Appcanary – Everything you need to know about HTTP security headers

• GitHub – schollz/howmanypeoplearearound: Count the number of people around you by monitoring wifi signals

The post Kill Switch Engage | TechSNAP 320 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

House Passes Long-Sought Email Privacy Bill

• The U.S. House of Representatives on Monday approved a bill that would update the nation’s email surveillance laws so that federal investigators are required to obtain a court-ordered warrant for access to older stored emails.

• This is a very short piece of legislation. You can read it quickly, but it is an amendment. Basically, it’s copy/cut/pasting into the existing act, so you have to read it in context of the OLD act.

• Under the current law, U.S. authorities can legally obtain stored emails older than 180 days using only a subpoena issued by a prosecutor or FBI agent without the approval of a judge.

• Based on a 1986 law created in the days when cell phones did not contain email. Back then, the standard was store and forward, not the central storage so common today. There was no cloud.

• EFF’s Surveillance Self-Defense guide.

• This is very important. What is also important is protecting privacy when crossing borders. Your rights must be preserved when crossing borders. Trouble is, it seems we have no rights when doing so.

Here’s What Transport for London Learned From Tracking Your Phone On the Tube

• Advertising? I can see how this is useful for more than just advertising. Traffic flow. Knowing about time from A to B. Mention EZPass and monitoring of badges to determine flow.

• Signs announced trial, opt out by disabling wifi.

• The documents also seem to suggest that if TfL switched on tracking full time it could offer real time crowding information to passengers – so we could see a CityMapper of the not-too-distant future telling us which stations to avoid.

• That sounds simlar to how Waze and Google Maps collect real-time data on traffic congestion.

• Collecting information is one thing. Controlling access to that information is vital. As we’ve seen so many times in the past, it is the use of that data for unintended purposes which is of most concern.

• Rainbow tables

GitLab Postmortem of database outage of January 31

• This came from Shawn. We covered this incident in eposide 305.

• I want to make it clear from the start, we are not mocking GitLab. There is no joy to be taken here.

• On January 31st 2017, we experienced a major service outage for one of our products, the online service GitLab.com. The outage was caused by an accidental removal of data from our primary database server.

• What a horrible feeling that engineer then had. Imagine, for a moment. Production has just been wiped out… OMG.

• Backups could not be found, nor could they be used. It was all gone.

• I can imagine lots and lots of waiting for stuff to finish. Very stressful. Much hope, but very stressful.

• Wow, could not access their own projects. Ouch. Almost want their own repo offline, but then accusations of not dog fooding, etc.

• Prometheus monitorin

• Some places take the approach of making staging the hot backup for production. Exactly the same. Move production onto staging hardware if required.

• “I don’t remember where I saw it (probably hackernews), but someone proposed to constantly recreate staging from production’s backup. This way we would have an up-to-date staging version and frequently tested backup recovery process.”

Feedback:

• Should I convert to FreeNAS

• Follow Up Bacula

• possible malware distributor

Round Up:

• No more ransom – from Alejandro

• Semi-Critical Intel Atom C2000 SoC Flaw Discovered, Hardware Fix Required – from Shawn

• Ticketbleed – from Shawn

• Yahoo, MSN Struck by Advanced Malvertising Campaign

• Factory That Made Exploding Galaxy Note 7 Batteries Catches Fire

• US Judge Ordered Google to Hand Over Emails Stored On Foreign Servers to FBI

• Vizio settles with FTC, will pay $2.2 million and delete user data

• WordPress Kept Users And Hackers In The Dark While Secretly Fixing Critical Zero-Day

• Diehard Coders Just Rescued NASA’s Earth Science Data

• University attacked by its own vending machines, smart light bulbs & 5,000 IoT devices

• Bored with ho-hum cloud backups? Use Usenet (yes, Usenet!) instead

• Unpacking the rack-mount chassis – YouTube

• Moving tower system into rack mount chassis – YouTube

• Yes, an APC AR3100 rack can fit into a Subaru Outback

• APC AR3100 rack assembly – YouTube

• Moving the rack into place – YouTube

The post Metadata Matters | TechSNAP 306 first appeared on Jupiter Broadcasting.

Zero-day exploits striking over 100 systems, if you think copying links to bash scripts from the internet is okay, maybe you shouldn’t be root & the day Google automated itself off the internet.

Plus your questions, our answers, a huge round up & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Zero-day exploits against Microsoft used against PoS systems of over 100 companies

• “More than 100 North American companies were attacked by crooks exploiting a Windows zero day vulnerability. The attacks began in early March and involved the zero day vulnerability CVE-2016-0167 reported and partially fixed in April’s Patch Tuesday security bulletins by Microsoft. The zero day was found by researchers at FireEye, who on Tuesday disclosed details.”
• “The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability””
• “FireEye said the flaw is a local elevation of privilege flaw in the win32k Windows Graphics subsystem. Attackers are able to exploit the flaw once they are able to remotely execute code on the targeted PC. Microsoft patched the vulnerability on April 12 and released a subsequent update (MS16-062) this week”
• “In March 2016, a financially motivated threat actor launched several tailored spear phishing campaigns primarily targeting the retail, restaurant, and hospitality industries. The emails contained variations of Microsoft Word documents with embedded macros that, when enabled, downloaded and executed a malicious downloader that we refer to as PUNCHBUGGY.”
• “PUNCHBUGGY is a dynamic-link library (DLL) downloader, existing in both 32-bit and 64-bit versions, that can obtain additional code over HTTPS. This downloader was used by the threat actor to interact with compromised systems and move laterally across victim environments.”
• “In some victim environments, the threat actor exploited a previously unknown elevation of privilege (EoP) vulnerability in Microsoft Windows to selectively gain SYSTEM privileges on a limited number of compromised machines”
• “This actor has conducted operations on a large scale and at a rapid pace, displaying a level of operational awareness and ability to adapt their operations on the fly. These abilities, combined with targeted usage of an EoP exploit and the reconnaissance required to individually tailor phishing emails to victims, potentially speaks to the threat actors’ operational maturity and sophistication”
• “Security experts say, as more U.S. companies snuff out point of sale malware by deploying chip-and-PIN bank card technology, attackers are rushing to exploit existing magnetic strip card systems still vulnerable to malware. FireEye, for example, reported last month that that a group of hackers that go by the name Bears Inc. are behind the latest barrage of attacks with a custom-built point of sale malware called Treasurehunt. This latest zero day vulnerability follows the same trend.”
• I would argue that chip&pin does not make the PoS terminal any less vulnerable to malware
• While it does make it harder to clone cards, it think it should not be viewed as a solution to malware
• FireEye Report

If you think doing curl|bash is ok, you shouldn’t have root

• “Installing software by piping from curl to bash is obviously a bad idea and a knowledgeable user will most likely check the content first. So wouldn’t it be great if a malicious payload would only render when piped to bash?”
• So, we all know it is bad, some some people do it anyway. They tell themselves it is alright because they check the contents of the script before they run it
• That only works if what you end up downloading is the same as what you actually reviewed
• “Luckily the behaviour of curl (and wget) changes subtly when piped into bash. This allows an attacker to present two different versions of their script depending on the context :)”
• “It’s not that the HTTP requests from curl when piped to bash look any different than those piped to stdout, in fact for all intents and purposes they are identical”
• “Execution in bash is performed line by line and so the speed that bash can ingest data is limited by the speed of execution of the script. This means if we return a sleep at the start of our script the TCP send stream will pause while we wait for the sleep to execute. This pause can be detected and used to render different content streams.”
• “Unfortunately it’s not just a simple case of wrapping a socket.send(“sleep 10”) in a timer and waiting for a send call to block. The send and receive TCP streams in linux are buffered on a per socket basis, so we have to fill up these buffers before the call to send data will block. We know the buffer is full when the receiving client to replies to a packet with the Window Size flag set to 0”
• “The only character you can really use to fill the buffer is a null byte as it won’t render in most consoles. It also won’t render in chrome when the charset text/html is specified. As we don’t know the content-length data is transferred with chunked encoding with each chunk being a string of null bytes same size as the TCP send buffer.”
• So, the attacker sends chunks of null bytes until all of the buffers on the client side are full, because bash is sleeping and not reading any more data yet
• So the attacker just has to see if you are piping the content to bash, or to your terminal or browser. Only in the case of bash do they send the “payload”
• There is a nice demo included in the article

Post Mortem: When google automated itself off the internet

• “On Monday, 11 April, 2016, Google Compute Engine instances in all regions lost external connectivity for a total of 18 minutes, from 19:09 to 19:27 Pacific Time.”
• This is the story of how automation knocked all of GCE off of the internet
• “Google uses contiguous groups of internet addresses — known as IP blocks — for Google Compute Engine VMs, network load balancers, Cloud VPNs, and other services which need to communicate with users and systems outside of Google. These IP blocks are announced to the rest of the internet via the industry-standard BGP protocol, and it is these announcements which allow systems outside of Google’s network to ‘find’ GCP services regardless of which network they are on.”
• “To maximize service performance, Google’s networking systems announce the same IP blocks from several different locations in our network, so that users can take the shortest available path through the internet to reach their Google service. This approach also enhances reliability; if a user is unable to reach one location announcing an IP block due to an internet failure between the user and Google, this approach will send the user to the next-closest point of announcement. This is part of the internet’s fabled ability to ‘route around’ problems, and it masks or avoids numerous localized outages every week as individual systems in the internet have temporary problems.”
• Also know as “anycast”
• “At 14:50 Pacific Time on April 11th, our engineers removed an unused GCE IP block from our network configuration, and instructed Google’s automated systems to propagate the new configuration across our network. By itself, this sort of change was harmless and had been performed previously without incident. However, on this occasion our network configuration management software detected an inconsistency in the newly supplied configuration. The inconsistency was triggered by a timing quirk in the IP block removal – the IP block had been removed from one configuration file, but this change had not yet propagated to a second configuration file also used in network configuration management. In attempting to resolve this inconsistency the network management software is designed to ‘fail safe’ and revert to its current configuration rather than proceeding with the new configuration. However, in this instance a previously-unseen software bug was triggered, and instead of retaining the previous known good configuration, the management software instead removed all GCE IP blocks from the new configuration and began to push this new, incomplete configuration to the network.”
• “One of our core principles at Google is ‘defense in depth’, and Google’s networking systems have a number of safeguards to prevent them from propagating incorrect or invalid configurations in the event of an upstream failure or bug. These safeguards include a canary step where the configuration is deployed at a single site and that site is verified to still be working correctly, and a progressive rollout which makes changes to only a fraction of sites at a time, so that a novel failure can be caught at an early stage before it becomes widespread. In this event, the canary step correctly identified that the new configuration was unsafe. Crucially however, a second software bug in the management software did not propagate the canary step’s conclusion back to the push process, and thus the push system concluded that the new configuration was valid and began its progressive rollout.”
• So, the automation software detected that the new configuration was bad, but, ignored this signal and went ahead anyway
• “As the rollout progressed, those sites which had been announcing GCE IP blocks ceased to do so when they received the new configuration. The fault tolerance built into our network design worked correctly and sent GCE traffic to the the remaining sites which were still announcing GCE IP blocks.”
• “With no sites left announcing GCE IP blocks, inbound traffic from the internet to GCE dropped quickly, reaching >95% loss by 19:09. Internal monitors generated dozens of alerts in the seconds after the traffic loss became visible at 19:08, and the Google engineers who had been investigating a localized failure of the asia-east1 VPN now knew that they had a widespread and serious problem. They did precisely what we train for, and decided to revert the most recent configuration changes made to the network even before knowing for sure what the problem was. This was the correct action, and the time from detection to decision to revert to the end of the outage was thus just 18 minutes.”
• “With the immediate outage over, the team froze all configuration changes to the network, and worked in shifts overnight to ensure first that the systems were stable and that there was no remaining customer impact, and then to determine the root cause of the problem. By 07:00 on April 12 the team was confident that they had established the root cause as a software bug in the network configuration management software.”
• Moving forward, Google will add:
• Monitoring targeted GCE network paths to detect if they change or cease to function
• Comparing the IP block announcements before and after a network configuration change to ensure that they are identical in size and coverage
• Semantic checks for network configurations to ensure they contain specific Cloud IP blocks.
• “We take all outages seriously, but we are particularly concerned with outages which affect multiple zones simultaneously because it is difficult for our customers to mitigate the effect of such outages. This incident report is both longer and more detailed than usual precisely because we consider the April 11th event so important, and we want you to understand why it happened and what we are doing about it. It is our hope that, by being transparent and providing considerable detail, we both help you to build more reliable services, and we demonstrate our ongoing commitment to offering you a reliable Google Cloud platform.”

Drama at the Internet’s malware dumping ground

• VirusTotal is a popular online malware aggregation service started in 2004, and acquired by Google in 2012.
• It allows researchers and users to submit malware samples which are tested against the static detection engines of some 50+ anti-virus vendors
• An example analysis
• However, there is concern that many “NextGen” Security startups, are just abusing the VirusTotal API rather than building their own detection engine
• Worse, this type of use doesn’t contribute anything back to the community
• So Google has changed the Terms of Services: “All scanning companies will now be required to integrate their detection scanner in the public VT interface, in order to be eligible to receive antivirus results as part of their VirusTotal API services”
• “Additionally, new scanners joining the community will need to prove a certification and/or independent reviews from security testers according to best practices of Anti-Malware Testing Standards Organization (AMTSO)”
• Traditional vendors have applauded the move:
• Trend Micro
• MalwareBytes
• Of course, there is also a response from the other side
• The AV Bomb That Never Was
• Includes responses from Cylance, and SentinelOne, two of the larger “NextGen” security companies
• Also has summaries from Palo Alto Networks and CrowdStrike
• How this actually impacts the industry is yet to be seen, but I don’t expect much outside of a few shady startups going away, but they were going to do that anyway
• Additional Coverage

Feedback:

• Remote Access

• Remote Tracking of Log files

• Logstash | Elastic
• How To Install Elasticsearch, Logstash, and Kibana (ELK Stack) on Ubuntu 14.04 | DigitalOcean

• Centralized Logging with ELK Stack (Elasticsearch, Logstash, and Kibana) On Ubuntu 14.04 | DigitalOcean

• FreeNAS DMZ

• Adobe releases emergency patch, Flash 21.0.0.242, to fix Zero Day

Round Up:

• FBI Can Obtain A Warrant If You Run Tor Come December
• AllWinner ships SDK containing a custom kernel with root backdoor, used in many devices including the OrangePi, BananaPi, Cubietruck, pcDuino8 Uno, and many more. Just echo “rootmydevice” > /proc/sunxi_debug/sunxi_debug and you own the device
• Schools are recording student’s results on the blockchain
• Developers of the “SmartGrid” developed their own crypto, which is never a “smart” idea
• Medical Equipment Crashes During Heart Procedure Because of Antivirus Scan
• 40 Maps that explain the origins of the Internet
• This Isn’t a Google Streetview Car, It’s a Government Spy Truck
• In the online black market of exploits, what is the cost of getting caught?
• How we found a bug in Amazon’s Elastic Load Balancer
• PornHub offers new Bug Bountry program, rewards of up to $25,000
• Security Researcher arrested for pointing out SQL injection flaw in voting system
• Attackers targetting SAP, the most enterprisey or enterprise software
• Twitter to block the US Federal Government from accessing its data mining service
• Data on Google employees leaks when benefits contractor accidently emails details including SSN to the benefits manager of another company
• A policy that requires you to frequently change your password is likely to lead to you using a weaker password
• US Congress blocks Yahoo Mail, Gmail, and Google App Spot, in attempt to stem flood of ransomware attacks

The post Curl Sleeper Agent | TechSNAP 266 first appeared on Jupiter Broadcasting.

The Belkin router apocalypse takes users offline all over the world, Infected ATMs spit out money on cue, plus isolating your network, a great batch of your questions & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Become a supporter on Patreon:

— Show Notes: —

Belkin router apocolypse, world wide outage of almost all Belkin routers

• “Starting approximately midnight on October 7, Belkin began experiencing an issue with a service configured in certain Belkin router models that causes a failure when it checks for general network connectivity by pinging a site hosted by Belkin.”
• It seems Belkin routers check to see if “the internet is up” by pinging or connecting to heartbeat.belkin.com. When this service went down, all of those routers decided the internet was ‘down’, and stopped letting customers use the Internet, despite the fact that the rest of the Internet was fine
• “One of our cloud services associated with maintaining router operations was negatively impacted by a change made in our data center that caused a false denial of service. Normal operations were restored by 3PM PST, but some users might still need to reset their router and/or cable modem to regain connectivity. Moving forward, we will continue to monitor, improve and validate the system to ensure our routers continue to work properly in the event connectivity to our cloud environment is not available. “
• The fact that the routers rely on only a single signal, a response from heartbeat.belkin.com, to determine if the internet is working, seems wrong.
• Even so, it doesn’t explain why the routers ‘give up’ and stops users accessing the Internet
• It appears this has to do with the DNS Resolver in the Router, which stops attempting to resolve addresses when it cannot reach the Belkin site. Users to manually change their DNS servers to Google Public DNS or OpenDNS had their service restored
• What if the Belkin site goes down? (Like it did). What if there is a routing or transit issue? What if access to the Belkin site is blocked in your country?
• “If your service has not yet been restored, please unplug your router and plug it back in after waiting 1 minute. Wait 5 more minutes and the router should reconnect.”
• There were rumours that this issue was caused by a firmware update. Belkin denies this, although it is not clear if they had pushed a firmware update around the same time or not
• Interesting: Apparently Belkin’s call center got a high volume of calls. How many users call their Router manufacturer when they have an issue, rather than their ISP? My Cisco router/modem only had my ISPs phone number on it.
• Belkin Status Page
• Belkin Community Forums
• Additional Coverage: Internet Storm Center

Infected ATMs spit out money on queue, without debiting anyones bank account

• “What do you need in order to withdraw cash from an ATM?”
• First, you need to have a debit or credit card, which acts as a key to your bank account
• Second, you must know the PIN code associated with the card; otherwise, the bank wouldn’t approve the transaction.
• Finally, you need to have some money in your account that you can withdraw.
• Or, you just need a bootable CD
• “However, hackers do things differently: they don’t need cards, PIN codes or bank accounts to get money. In reality, all they need is an ATM with some cash in it and a special piece of software.”
• “criminals were somehow able to physically access the ATMs so that they could install the malware via a bootable CD on an embedded Windows machine”
• “The trojan that was used had complex abilities. First, when activated inside of the ATM, it had the ability to turn off the McAfee Solidcare AV software so that it could do its job with ease”
• “Second, to avoid accidental detection, Tyupkin trojan had the ability to stay in a standby mode for an entire week and activate only Sunday and Monday nights.”
• “Third, it had the ability to disable the local network in the case of an emergency, so that the bank could not remotely connect to the ATM to check on what was happening with it.”
• “All an attacker has to do is merely approach an infected ATM and enter a special PIN code in order to access the secret menu that will allow him to make cash withdrawals or control the trojan (for example, to delete it).”
• “To make a withdrawal the person has to know the appropriate commands, as well as a special formula that will calculate a session key — some kind of a two-factor authentication. If both codes are correct, then a second menu will appear that allows the criminal to choose the cassette number and make a withdrawal.”
• “Although one can only dispense 40 banknotes per transaction, it’s possible to dispense any amount of money by simply performing the actions several times over.”

Pair arrested for exploiting flaw in Casino slot machines

• John Kane, a gambling addict, and an accomplice, Andre Nestor, exploited a bug in Game King video poker slot machines
• “It turned out the Game King’s endless versatility was also its fatal flaw. In addition to different game variants, the machine lets you choose the base level of your wagers: At the low-limit Fremont machines, you could select six different denomination levels, from 1 cent to 50 cents a credit”
• “The key to the glitch was that under just the right circumstances, you could switch denomination levels retroactively. That meant you could play at 1 cent per credit for hours, losing pocket change, until you finally got a good hand—like four aces or a royal flush. Then you could change to 50 cents a credit and fool the machine into re-awarding your payout at the new, higher denomination. “
• “Performing that trick consistently wasn’t easy—it involved a complicated misdirection that left the Game King’s internal variables in a state of confusion. But after seven hours rooted to their seats, Kane and Nestor boiled it down to a step-by-step recipe that would work every time. “
• It turns out John Kane was very familiar with the slot machine in question:
• “he blew half a million dollars in 2006 alone—a pace that earned him enough Player’s Club points to pay for his own Game King to play at his home on the outskirts of Vegas, along with technicians to service it. (The machine was just for fun—it didn’t pay jackpots.)“ He’s played more than anyone else in the United States, says his lawyer, Andrew Leavitt. I’m not exaggerating or embellishing. It’s an addiction.”
• Game King 5.0 was released in 2002, however it contained a series of subtle errors in program number G0001640 that evaded laboratory testing and source code review.
• “The bug survived like a cockroach for the next seven years. It passed into new revisions, one after another, ultimately infecting 99 different programs installed in thousands of IGT machines around the world. As far as anyone knows, it went completely undetected until late April 2009, when John Kane was playing at a row of four low-limit Game Kings outside the entrance to a Chinese fast food joint”
• “Kane had some idea of how the glitch operated but hadn’t been able to reliably reproduce it. Working together, the two men began trying different combinations of play, game types, and bet levels, sounding out the bug like bats in the dark.”
• The pair eventually sorted out the details, and managed to get more than $750,000 out of various slot machines before being arrested

Feedback:

• Building a FreeBSD storage backend for my cloud
  • High Availably Storage Technology
  • FreeBSD Wiki about GlusterFS

• Home hybrid router replacement

• Server Isolation

• What to do when cafes have terrible network the security

Round up:

• Adobe is Spying on Users, Collecting Data on Their eBook Libraries
• Shell Shock proof-of-concepts against various applications, also includes one-liners to test your bash against each different vulnerability
• Funny post over at OpenBSD misc@ mailing list: User doesn’t quite understand how bash vulnerability checks work
• Marriott fined $600K by FCC for Wi-Fi blocking scam – Android Authority
• Defense contractor Raytheon gets patent for ‘smart mouse’ technology, based on smart grip technology for guns, authenticate the user by the way they hold their mouse
• Popular electricity smart meters in Spain can be hacked, researchers say
• Backblaze updates Drive Reliability numbers, still lacking some detail
• SQL Injection Vulnerability in ‘Yahoo! Contributors Network’
• JPMorgan Chase breach exposes data on 83 million customers. No credit card or social security data was taken. However, security experts remain skeptical that this breach is as low-impact as the bank is suggestion

The post Belkin Heartbeat Stops | TechSNAP 183 first appeared on Jupiter Broadcasting.

Belkin users go offline all over the world due to a router design flaw, Facebook has a private chat app in the works, Adobe spies on you & Comcast gets a customer fired for complaining about their service.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Borked Belkin routers leave many unable to get online | Ars Technica

Owners of Belkin routers around the world are finding themselves unable to get online today. Outages appear to be affecting many different models of Belkin router, and they’re hitting customers on any ISP, with Time Warner Cable and Comcast among those affected. ISPs, inundated with support calls by unhappy users, are directing complaints to Belkin’s support line, which appears to have gone into meltdown in response.

The reason for the massive outages is currently unknown. Initial speculation was that Belkin pushed a buggy firmware update overnight, but on a reddit thread about the problem, even users who claim to have disabled automatic updates have found their Internet connectivity disrupted.

Update: Belkin has given us the following statement:

Starting approximately midnight on October 7, Belkin began experiencing an issue with a service configured in certain Belkin router models that causes a failure when it checks for general network connectivity by pinging a site hosted by Belkin.

If your service has not yet been restored, please unplug your router and plug it back in after waiting 1 minute. Wait 5 more minutes and the router should reconnect. If you have any further issues, please contact our support at (800) 223-5546.

Facebook Readies App Allowing Anonymity – NYTimes.com

The company is working on a stand-alone mobile application that allows users to interact inside of it without having to use their real names, according to two people briefed on Facebook’s plans, who spoke on the condition of anonymity because they were not authorized to discuss the project.

The point, according to these people, is to allow Facebook users to use multiple pseudonyms to openly discuss the different things they talk about on the Internet; topics of discussion which they may not be comfortable connecting to their real names.

There are many unknowns as to how the new app will interact, if at all, with Facebook’s main site. It is unclear if the app will allow anonymous photo sharing, or how friend interactions and existing friend connections will work.

Adobe spies on reading habits over unencrypted web because your ‘privacy is important’ • The Register

Adobe confirmed its Digital Editions software insecurely phones home your ebook reading history to Adobe — to thwart piracy.

And the company insisted the secret snooping is covered in its terms and conditions.

Version 4 of the application makes a note of every page read, and when, in the digital tomes it accesses, and then sends that data over the internet unencrypted to Adobe.

Adobe explained that the data it collects is for digital rights management (DRM) mechanisms that may be demanded by publishers to combat piracy, and gave a detailed list of what and why it needs such specific information:

• User ID: The user ID is collected to authenticate the user.
• Device ID: The device ID is collected for digital right management (DRM) purposes since publishers typically restrict the number of devices an eBook or digital publication can be read on.
• Certified app ID: The Certified App ID is collected as part of the DRM workflow to ensure that only certified apps can render a book, reducing DRM hacks and compromised DRM implementations.
• Device IP: The device IP is collected to determine the broad geo-location, since publishers have different pricing models in place depending on the location of the reader purchasing a given eBook or digital publication.
• Duration for which the book was read: This information is collected to facilitate limited or metered pricing models where publishers or distributors charge readers based on the duration a book is read. For example, a reader may borrow a book for a period of 30 days. While some publishers/distributers charge for 30-days from the date of the download, others follow a metered pricing model and charge for the actual time the book is read.
• Percentage of the book read: This information is collected to allow publishers to implement subscription models where they can charge based on the percentage of the book read. For example, some publishers charge only a percentage of the full price if only a certain percentage of the book is read.

Additionally, the following data is provided by the publisher as part of the actual license and DRM for the ebook:

• Date of purchase or download
• Distributor ID and Adobe content server operator URL
• Metadata of the book provided by publisher (including title, author, publisher list price, ISBN number)

Complain About Comcast, Get Fired From Your Job – Slashdot

When you complain to your cable company, you certainly don’t expect that the cable company will then contact your employer and discuss your complaint. But that’s exactly what happened to one former Comcast customer who says he was fired after the cable company called a partner at his accounting firm. Be careful next time when you exercise your first amendment rights.

• From the article:

At some point shortly after that call, someone from Comcast contacted a partner at the firm to discuss Conal. This led to an ethics investigation and Conal’s subsequent dismissal from his job; a job where he says he’d only received positive feedback and reviews for his work.

Comcast maintained that Conal used the name of his employer in an attempt to get leverage. Conal insists that he never mentioned his employer by name, but believes that someone in the Comcast Controller’s office looked him up online and figured out where he worked.
When he was fired, Conal’s employer explained that the reason for the dismissal was an e-mail from Comcast that summarized conversations between Conal and Comcast employees.

But Conal has never seen this e-mail in order to say whether it’s accurate and Comcast has thus far refused to release any tapes of the phone calls related to this matter._

The post Comcast Carries Grudge | Tech Talk Today 72 first appeared on Jupiter Broadcasting.

Microsoft has been breached, Google suffers a major outage, and finally some solid technical details on Target’s massive credit card hack.

Plus a great batch of your questions, a rockin roundup, and much much more.

Thanks to:

— Show Notes: —

Microsoft breach leads to hackers stealing Law Enforcement documents

• According to the company, a number of Microsoft employees were targeted with attacks aiming to compromise both email and social media accounts, and in some cases, the attacks were successful.
• “It appears that documents associated with law enforcement inquiries were stolen”
• Adrienne Hall, General Manager at Microsoft’s Trustworthy Computing Group, wrote in a blog post.
• He continues: “If we find that customer information related to those requests has been compromised, we will take appropriate action,” Hall continued. “Out of regard for the privacy of our employees and customers – as well as the sensitivity of law enforcement inquiries – we will not comment on the validity of any stolen emails or documents.”
• The attackers have conducted their offensive against both email and social media accounts of Microsoft’s employees, the company did not reveal how many documents might have been exposed neither the nature of the attackers.
• What’s interesting about this is that the incident was significant enough to disclose, indicating that a fair number of documents could have been exposed, or that the company fears some documents will make their way to the public if released by the attackers.
• According to Microsoft, the Syrian Electronic Army may be behind the attacks.
• “Our current information suggests the phishing attacks are related,” Hall told SecurityWeek in an emailed statement.
• In March 2013, Microsoft released its first transparency report, noting that it had received over 70,000 law enforcement requests in 2012.
• Additional Coverage:
• Spear phishing against Microsoft, exposed law enforcement inquiries
• Microsoft Believes Law Enforcement Documents Compromised in Hack
• Microsoft says new phishing attacks targeted law enforcement documents | Ars Technica
• Microsoft: documents were stolen during recent employee email hack | The Verge
• Syrian Electronic Army stole law enforcement docs from Microsoft

Target Update

• An examination of the malware used in the Target breach suggests that the attackers may have had help from a poorly secured feature built into a widely-used IT management software
• As we previously noted the attackers used malware on the POS boxes to send credit card data read from memory to a central control server on Targets internal network.
• The user account “Best1_user” and password “BackupU$r” were used to log in to the shared drive (indicated by the “S:” under the “Resource Type” heading in the image above.
• That username is the same one that gets installed with an IT management software suite called Performance Assurance for Microsoft Servers. This product, according to its maker — Houston, Texas base BMC Software — includes administrator-level user account called “Best1_user.”
• BMC explains the Best1_user account is installed by the software to do routine tasks. That article states that while the Best1_user account is essentially a “system” or “administrator” level account on the host machine
• The Best1_user account appears to be associated with the Performance Assurance component of BMC Software’s Patrol product. According to BMC’s documentation, this account is normally restricted, but the attackers may have usurped control to facilitate lateral movement within the network.” According to a Dell SecureWorks paper being circulated to certain Dell customers.
• According to SecureWorks, one component of the malware installed itself as a service called “BladeLogic,” a service name no doubt designed to mimic another BMC product called BMC BladeLogic Automation Suite.
• According to a trusted Krebs source who uses mostly open-source data to keep tabs on the software and hardware used in various retail environments, BMC’s software is in use at many major retail and grocery chains across the country, including Kroger, Safeway, Home Depot, Sam’s Club and The Vons Companies, among many others.
• Initial entry into the network is suspected to have been facilitated by a SQL injection attack, according to Malcovery.
• Update: BMC says it is working with McAfee to investigate
• Krebs: WSJ says that vendor credentials that were used in the attack may have been from vendor other than BMC
• Additional Coverage – Ars Technica

Google breaks itself, and then fixes itself, while Engineers are busy on Reddit

• At 10:55 a.m. PST this morning, an internal system that generates configurations—essentially, information that tells other systems how to behave—encountered a software bug and generated an incorrect configuration.
• The incorrect configuration was sent to live services over the next 15 minutes, caused users’ requests for their data to be ignored, and those services, in turn, generated errors.
• Users began seeing these errors on affected services at 11:02 a.m., and at that time our internal monitoring alerted Google’s Site Reliability Team. Engineers were still debugging 12 minutes later when the same system, having automatically cleared the original error, generated a new correct configuration at 11:14 a.m. and began sending it; errors subsided rapidly starting at this time.
• By 11:30 a.m. the correct configuration was live everywhere and almost all users’ service was restored.
• Reddit AMA
• Additional Coverage – Reuters
• Additional Coverage – TechCrunch
• Additional Coverage – FoxNews

• FauxShow – Final sticker map! That was quite the experience! Awards Show on Feb 15th

Feedback:

• Unrecoverable read errors, how they affect ZFS
  • Has RAID5 stopped working – No, it never worked
• Dell Poweredge 1800 server
• pfSense firewalls hardware?
  • Amazon.com: PLANEX Wireless N 150Mbps USB2.0 RJ45 Mini Print Server Supports Windows 7 and MAC OS, WPS, IEEE 802.11n/g/b print server support SNMP & HP Web JetAdmin/ Hi-Speed USB – EN, Fast EN – 10Base-T, 100Base-Print Server/2.4 Ghz Wi-Fi Wireless Network LAN Print Server/Mini -103MN for office and SOHO usage supports peer to peer or server based printing 2dBi internal antenna x 1: Electronics
• Using RAID (or RAID-Z) with SSD drives
• cURL vs curling

Round-Up:

• How I lost my $50,000 Twitter username
  • Update: GoDaddy restored account and increase employee training
  • Update: PayPal denies providing attackers with details
• Yes, Virginia, There Really is Social Engineering
• Slashdot headline claims IE market share down to single digits, turns out metrics are only from W3School, so are skewed towards web developers
• Why the backblaze hard drive reliability numbers are wrong
• ISC highlights findings from Cisco Annual Security Report
• Gmail bug sends thousands of emails to the same guy
• If You Used This Secure Webmail Site, the FBI Has Your Inbox
• Department of Justice says company that did background check on Snowden faked over 665,000 background checks
• 4 HTTP security headers you should know about
• LeaseWeb Labs talks about ZFS

The post Google's Automated Outage | TechSNAP 147 first appeared on Jupiter Broadcasting.

A CloudFlare outage takes down three quarter of a million sites, we’ll tell you what went wrong.

Some old school malware gets the job done, Allan’s cool toys from Japan, a big batch of your questions our answers, and much more on this week’s TechSNAP.

Thanks to:

GoDaddy.com Use our code hostdeal4 to score economy hosting for $1 a month, for one year. 35% off your ENTIRE order just use our code go35off4 until the end of the month!
Ting.com Visit techsnap.ting.com to save $25 off your device or service credits.

Support the Show:

   

Support the Show:

   

Support the Show:

   

Support the Show:

   

Support the Show: