Show Notes: linuxunplugged.com/300

The post Ultimate Fedora Test | LINUX Unplugged 300 first appeared on Jupiter Broadcasting.

Spyware creator mSpy hacked, find out why this breach is particularly egregious, what’s wrong with pcap & why RSA’s death has been greatly exaggerated.

Plus a great batch of questions, a rocking round up & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

What is wrong with pcap filters

• pcap filters are the language used to filter packet captures, and is used by tcpdump, wireshark and the like
• This post is an attempt to look at some classes of problems that the pcap filtering language fails on, why those deficiencies exist, and why I continue using it even despite the flaws.
• It also includes a link to a video about the history of pcap
• Just to be clear, libpcap is an amazing piece of software. It was originally written for one purpose, and it really is my fault that I end up too often using it for a different one.
• pcap is a usermode implementation of BPF, allowing
• BPF (Berkeley Packet Filter) is a UNIX interface that allows an application to read and write raw packets
• In addition to providing the interface to get raw packets into an application (like tcpdump) so you can read them, it also has the ability to filter the packets, so you only have to read the ones you care about
• This is especially important when there are gigabits per second of traffic flowing back and forth
• BPF Internals – Part 1
• Why We Need eBPF
• Towards Faster Trace Filters using eBPF and JIT

Mobile Spyware Maker mSpy Hacked, Customer Data Leaked

• mSpy, the makers of a dubious software-as-a-service product that claims to help more than two million people spy on the mobile devices of their kids and partners, appears to have been massively hacked.
• Last week, a huge trove of data apparently stolen from the company’s servers was posted on the Deep Web, exposing countless emails, text messages, payment and location data on an undetermined number of mSpy “users.”
• KrebsOnSecurity learned of the apparent breach from an anonymous source who shared a link to a Web page that is only reachable via Tor.
• The Tor-based site hosts several hundred gigabytes worth of data taken from mobile devices running mSpy’s products, including some four million events logged by the software.
• The message left by the unknown hackers who’ve claimed responsibility for this intrusion suggests that the data dump includes information on more than 400,000 users, including Apple IDs and passwords, tracking data, and payment details on some 145,000 successful transactions.
• There is a crazy amount of personal and sensitive data in this cache, including photos, calendar data, corporate email threads, and very private conversations. Also included in the data dump are thousands of support request emails from people around the world who paid between $8.33 to as much as $799 for a variety of subscriptions to mSpy’s surveillance software.
• U.S. regulators and law enforcers have taken a dim view of companies that offer mobile spyware services like mSpy. In September 2014, U.S. authorities arrested a 31-year-old Hammad Akbar, the CEO of a Lahore-based company that makes a spyware app called StealthGenie. The FBI noted that while the company advertised StealthGenie’s use for “monitoring employees and loved ones such as children,” the primary target audience was people who thought their partners were cheating. Akbar was charged with selling and advertising wiretapping equipment.
• mSpy Denies Breach, Even as Customers Confirm I
• Child spy firm hit by blackmailers – BBC News

About the supposed factoring of a 4096 bit RSA key

• Last week a blog was posted claiming to have published the factoring of a 4096-bit RSA key
• “The key in question was the PGP key of a well-known Linux kernel developer.”
• The other of the rebuttal post, thinks that the researchers are mistaken
• He thinks this because, he once thought that he had factored the same key, but then found out otherwise.
• A little background:
  • “RSA public keys consist of two values called N and e. The N value, called the modulus, is the interesting one here. It is the product of two very large prime numbers. The security of RSA relies on the fact that these two numbers are secret. If an attacker would be able to gain knowledge of these numbers he could use them to calculate the private key. That’s the reason why RSA depends on the hardness of the factoring problem. If someone can factor N he can break RSA. For all we know today factoring is hard enough to make RSA secure (at least as long as there are no large quantum computers).”
  • “Now imagine you have two RSA keys, but they have been generated with bad random numbers. They are different, but one of their primes is the same. That means we have N1=pq1 and N2=pq2. In this case RSA is no longer secure, because calculating the greatest common divisor (GCD) of two large numbers can be done very fast with the euclidean algorithm, therefore one can calculate the shared prime value.”
• “PGP keyservers have been around since quite some time and they have a property that makes them especially interesting for this kind of research: They usually never delete anything. You can add a key to a keyserver, but you cannot remove it, you can only mark it as invalid by revoking it. Therefore using the data from the keyservers gives you a large set of cryptographic keys.”
• He noticed that some keys appeared to contain subkeys that are near identical copies of a valid subkey, but with tiny errors
• “I don’t know how they appear on the key servers, I assume they are produced by network errors, harddisk failures or software bugs. It may also be that someone just created them in some experiment.”
• “The important thing is: Everyone can generate a subkey to any PGP key and upload it to a key server. That’s just the way the key servers work. They don’t check keys in any way. However these keys should pose no threat to anyone. The only case where this could matter would be a broken implementation of the OpenPGP key protocol that does not check if subkeys really belong to a master key.”
• “However you won’t be able to easily import such a key into your local GnuPG installation. If you try to fetch this faulty sub key from a key server GnuPG will just refuse to import it. The reason is that every sub key has a signature that proves that it belongs to a certain master key. For those faulty keys this signature is obviously wrong.”
• “Now here’s my personal tie in to this story: Last year I started a project to analyze the data on the PGP key servers. And at some point I thought I had found a large number of vulnerable PGP keys – including the key in question here. In a rush I wrote a mail to all people affected. Only later I found out that something was not right and I wrote to all affected people again apologizing. Most of the keys I thought I had found were just faulty keys on the key servers.”

Feedback:

• digital preservation

• Pfsense question

• ZFS … is Raidz2 fault tolerance offset by rebuild stress/time?

• FreeBSD Mastery: ZFS has been sent to the publisher

Round Up:

• U.S. Gov Insists It Doesn’t Stockpile Zero-Day Exploits to Hack Enemies
• (Beginners level) Analyzing unknown binary files using information entropy
• Philadelphia City Council website hacked
• Collecting intelligence about a website via its robots.txt
• Google declares that mobile search tops desktop t
• Penn State’s College of Engineering has disconnected its network from the Internet in response to two sophisticated cyberattacks
• Huawei launches 10KB LiteOS to power the internet of things
• HTML5 keylogger (doesn’t seem to catch repeated letters)
• Hackers are draining bank accounts via the Starbucks app
• St. Louis Federal Reserve Suffers Domain Hijack / DNS Breach

The post Spy vs MSpy | TechSNAP 216 first appeared on Jupiter Broadcasting.