Show Notes: techsnap.systems/428

The post RAID Reality Check | TechSNAP 428 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/421

The post Firewall Fun | TechSNAP 421 first appeared on Jupiter Broadcasting.

Show Notes: techsnap.systems/397

The post Quality Tools | TechSNAP 397 first appeared on Jupiter Broadcasting.

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

The Market for Stolen Account Credentials

Usernames and passwords to active accounts at military personnel-only credit union NavyFederal.com fetch $60 apiece,

while credentials to various legal and data aggregation services from Thomson Reuters properties command a $50 price tag.

Hackers Target Plant Safety Systems

FireEye reported that a plant of an unmentioned nature and location (other firms believe it’s in the Middle East) was forced to shut down after a hack targeted its industrial safety system

— it’s the first known instance of a breach like this taking place.

• Source at FireEye

R OBOT Attack: 19-Year-Old Bleichenbacher Attack On Encrypted Web Reintroduced

A 19-year-old vulnerability has been re-discovered in the RSA implementation from at least 8 different vendors—including F5, Citrix, and Cisco—that can give man-in-the-middle attackers access to encrypted messages.

• The ROBOT Attack – Return of Bleichenbacher’s Oracle Threat

• robot-detect: Detection script for the ROBOT vulnerability

WannaCry: End of Year Retrospective

Last November marked the six-month anniversary of WannaCry, arguably the most impactful global cyberattack in history. The persisting WannaCry attack is a re-purposed ransomware strain amplified by (allegedly) leaked exploit code from the NSA.

• Why NSA spied on inexplicably unencrypted Windows crash reports | Ars Technica

Linux Network Namespaces Explained

• Namespaces in operation, part 7: Network namespaces

• namespaces(7) – Linux manual page

• Network Namespaces » ADMIN Magazine

• Network namespaces – Unweaving the web

• How to Get the Network Namespace Associated With a Socket

• Virtual Ethernet devices

• Testing network software with pytest and Linux namespaces

• lldpd » implementation of IEEE 802.1ab (LLDP)

• Routing & Network Namespaces

• VRF for Linux – Cumulus Networks Blog

• linux/vrf.txt at master · torvalds/linux

• Using VRFs with linux

Feedback

Reboot Follow Up

• People REALLY love the MP3 Chapters. Check to see if your Podcast player supports them.

• Overcast

• Pocket Casts
• AntennaPod – Android Apps on Google Play

• Podcast Addict – Android Apps on Google Play

• Why someone would need a keylogger for developing a audio driver.

• DHCPDECLINE over and over again

• DHCP Snooping

Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites

This backdoor code was designed to create a login session for the attacker, who is the plugin author in this case, with administrative privileges, allowing them to gain access to any of the 300,000 websites (using this plugin) remotely without requiring any authentication.

The post All Natural Namespaces | TechSNAP 349 first appeared on Jupiter Broadcasting.

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: Linux Academy

IPSec

Head Office Configuration

GRE Tunnels

/interface gre
add comment=BranchOffice !keepalive name=”To Branch” remote-address=192.168.0.2

OSPF Routing

/routing ospf area
add area-id=0.0.0.1 name=”Area 1″
add area-id=0.0.0.2 name=”Area 2″
add area-id=0.0.0.3 name=”Area 3″
add area-id=0.0.0.4 name=”Area 4″

/routing ospf network
add area=”Area 1″ network=192.168.0.0/30
add area=”Area 1″ network=192.168.1.0/24
add area=”Area 2″ network=192.168.0.4/30
add area=”Area 3″ network=192.168.0.8/30
add area=”Area 4″ network=192.168.0.12/30

IP Addresses

/ip address
add address=192.168.0.1/30 comment=Branch interface=”To Branch”

NAT Bypass for IPSEC ( MUST BE DRAGGED TO THE TOP OF NAT RULES! )

/ip firewall nat
add chain=srcnat dst-address=192.168.0.2 src-address=192.168.0.1
add chain=srcnat dst-address=192.168.0.6 src-address=192.168.0.5
add chain=srcnat dst-address=192.168.0.10 src-address=192.168.0.9
add chain=srcnat dst-address=192.168.0.14 src-address=192.168.0.13

IPSEC to Branches

/ip ipsec peer
add address=1.1.1.1 comment=”To Branch” enc-algorithm=aes-128 nat-traversal=no secret=
/ip ipsec policy
add comment=”To Branch” dst-address=192.168.0.2/32 sa-dst-address=1.1.1.1 sa-src-address=2.2.2.2 src-address=192.168.0.1/32 tunnel=yes
/ip ipsec peer

Set hostname

/system identity
set name=HeadOffice

Branch Office Configuration

GRE Tunnel

/interface gre
add comment=”To Headoffice” !keepalive name=”To Headoffice” remote-address=192.168.0.9

OSPF Routing

/routing ospf area
add area-id=0.0.0.3 name=”Area 3″

/routing ospf network
add area=”Area 3″ network=192.168.0.8/30
add area=”Area 3″ network=192.168.4.0/24

static route for vpn

/ip route
add dst-address=192.168.1.0/24 gateway=192.168.0.9

NAT Bypass for IPSEC ( MUST BE DRAGGED TO THE TOP OF NAT RULES! )

/ip firewall nat
add chain=srcnat dst-address=192.168.0.9 src-address=192.168.0.10

IPSEC to Heritage

/ip ipsec peer
add address=2.2.2.2 comment=”To headoffice” enc-algorithm=aes-128 nat-traversal=no secret=

/ip ipsec policy
add comment=”To Headoffice” dst-address=192.168.0.9/32 sa-dst-address=2.2.2.2 > sa-src-address=1.1.1.1 src-address=192.168.0.10/32 tunnel=yes

ntp settings

/system
ntp client set enabled=yes > server-dns-names=0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org

Set hostname

/system identity
set name=BranchOffice

— PICKS —

Runs Linux

British Maritime Museum RUNS LINUX

https://bit.ly/2kBOgDc

Desktop App Pick

Invite friends to SSH into your laptop using their Github handle

Wouldn’t it be great to allow a fellow developer to quickly and securely SSH into
your laptop when you’re in the middle of a debugging session even if you are on two
separate networks behind NAT?

A few months ago we released a free tool, Teleconsole, we built so we
could do exactly that. We are a distributed team, with bare metal servers sitting in our San Francisco office, several AWS and Azure regions and a bunch of customer environments we are sometimes asked to jump into.

Distro of the Week

GeckoLinux – Linux for Detail Oriented Geckos

GeckoLinux is a Linux spin based on the openSUSE distribution, with a focus on polish and out-of-the-box usability on the desktop. It is available in Static (based on openSUSE Leap) and Rolling (based on openSUSE Tumbleweed) editions.

— NEWS —

Five States Are Considering Bills to Legalize the ‘Right to Repair’ Electronics

_The legislation is modeled on the _Motor Vehicle Owners’ Right to Repair Act a law passed in Massachusetts in 2012. T_hat law effectively became national legislation, because auto manufacturers feared having to deal with the intricacies of 50 different state laws on the issue. The hope is that at least one electronics right to repair law will pass this year, similarly opening the floodgates for consumers and repair companies around the country.

_

Kicking Off Budgie 11

At this moment in time, the core remaining reason for Budgie even “working” on the GNOME stack, is that it expends
an awful lot of effort pretending to be GNOME Shell

Wine 2.0 is out, ready to disappoint you once again

Wine 2.0 is out, which is a huge milestone for the project. It has more support for more software, includes a lot of graphics speedups, and even supports retina displays on Mac. The list of compatible software is indeed impressive — the latest and greatest apps are rarely supported, but many relatively recent “classics” like Left 4 Dead, Fallout 3, and Office 2013 are supposedly operational.

Simplehelp Delivers on Commitment to Linux

The real test of any software is not in its function but in how well the company stands behind the product. Well, this week that test happened. Simplehelp made an update that made the client totally unusable under Linux. Any key you pressed would repeat constantly and right mouse clicks would not work at all. I tweeted them. They responded again almost immediately and asked for specific distributions they could test. I gave them the distributions and the next tweet I received was them telling me the problem was fixed.

Feedback:

Chris Asks

• Very high capacity storage, that’s protected from vibration and movement?

Mail Bag

• Name: Chris B

• Subject: Arch v LTS

• Message:

Hey guys! Love the show, and had a question that I was wondering if I could get an opinion on from the two foremost Linux experts. I’m currently an Arch user, but I’m troubled by your recent stories of Arch breaking at a crucial time. I am considering a switch back to Xubuntu 16.04 when my new x260 (thanks Noah!) arrives, because I’ve noticed that the Arch system I have created now is very similar to a base install of Xubuntu. I enjoy the rolling release/bleeding edge nature of Arch (especially Pragha in the default repos and the newest version of Firejail), but wonder if Xubuntu would be more “bulletproof” (In keeping with your newest of discussions) and if Arch is worth the trouble if it will essentially be used to create Xubuntu. Thank you, love the show, and keep up the great work!

• Name: Rick F

• Subject: Bullet Proof Linux

• Message:

Arch Linux proper with the linux-lts kernel, nvidia-lts driver if using Nvidia, and a Desktop Environment that is NOT Gnome or Plasma.

The only issues I have had with Arch Linux have been tied to the graphics driver, display manager, and desktop environment.

I love Gnome and Plasma, however both are being updated too often to be considered bullet proof. Use something boring like XFCE or MATE if you want bulletproof. By default XFCE and MATE look pretty boring, but they can be tweaked to look amazing. Check out reddit.com/r/unixporn

Catch the show LIVE SUNDAY:

• Noon Pacific
• https://jblive.tv
• Network Calendar

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux
• Altispeed Technologies
• System76 – system76

The post Noah's IPSEC Adventure | LAS 454 first appeared on Jupiter Broadcasting.

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Akamai’s quarterly State of the Internet report: The Krebs Attack

• “Internet infrastructure giant Akamai last week released a special State of the Internet report. Normally, the quarterly accounting of noteworthy changes in distributed denial-of-service (DDoS) attacks doesn’t delve into attacks on specific customers. But this latest Akamai report makes an exception in describing in great detail the record-sized attack against KrebsOnSecurity.com in September, the largest such assault it has ever mitigated.”
• Akamai: “The same data we’ve shared here was made available to Krebs for his own reporting and we received permission to name him and his site in this report.”
• “Akamai said the attack on Sept. 20 was launched by just 24,000 systems infected with Mirai, mostly hacked Internet of Things (IoT) devices such as digital video recorders and security cameras.”
• “The first quarter of 2016 marked a high point in the number of attacks peaking at more than 100 Gbps,” Akamai stated in its report. “This trend was matched in Q3 2016, with another 19 mega attacks. It’s interesting that while the overall number of attacks fell by 8% quarter over quarter, the number of large attacks, as well as the size of the biggest attacks, grew significantly.”
• “The magnitude of the attacks seen during the final week were significantly larger than the majority of attacks Akamai sees on a regular basis,” Akamai reports. “In fact, while the attack on September 20 was the largest attack ever mitigated by Akamai, the attack on September 22 would have qualified for the record at any other time, peaking at 555 Gbps.”
• Krebs has also made a .csv of the data available: “An observant reader can probably correlate clumps of attacks to specific stories covered by Krebs. Reporting on the dark side of cybersecurity draws attention from people and organizations who are not afraid of using DDoS attacks to silence their detractors.” In case any trenchant observant readers wish to attempt that, I’ve published a spreadsheet here (in .CSV format) which lists the date, duration, size and type of attack used in DDoS campaigns against KrebsOnSecurity.com over the past four years.”
• Some comments about the “mega” attacks on Kreb’s site:
• “We haven’t seen GRE really play a major role in attacks until now. It’s basically a UDP flood with a layer-7 component targeting GRE infrastructure. While it’s not new, it’s certainly rare.”
• “Overall, Columbia was the top source of attack traffic. This is surprising, because Columbia has not been a major source of attack traffic in the past. While Columbia only accounted for approximately 5% of the traffic in the Mirai-based attacks, it accounted for nearly 15% of all source IPs in the last four attacks. A country that was suspiciously missing from both top 10 lists was the u.s. With regards to Mirai, this may be due to a comparative lack of vulnerable and compromised systems, rather than a conscious decision not to use systems in the u.s.”
• “There are a few distinctive programming characteristics we initially discovered in our lab, and later confirmed when the source code was published, which have helped identify Mirai-based traffic. At the end of the day what Mirai really brings to the table is a reasonably well written and extensible code base. It’s unknown as to what Mirai may bring in the foreseeable future but it is clear that it has paved the way for other malicious actors to create variants that improve on its foundation.”
• The full report can be downloaded here
• Some other data from the report:
• “Last quarter we reported a 276% increase in NTP attacks compared with Q2 of 2015. This quarter, we analyzed NTP trends over two years and have noticed shrinking capabilities for NTP reflection.” — It is good to finally see NTP falling off the attack charts as it gets patched up
• “Web application attack metrics around the European Football Cup Championship Game and the Summer Games, as analyzed in the Web Application Attack Spotlight, show us that while malicious actors take advantage of high-profile events, there’s also a lull that indicates they might like to watch them.” (see page 26)
• Application Layer DDoS attacks (GET/HEAD/POST/PUT etc) account for only 1.66% of DDoS attacks. Most attacks are aimed at the infrastructure layer (IP and TCP/UDP)
• “Repeat DDoS Attacks by Target / After a slight downturn in Q2 2016, the average number of DDoS attacks increased to an average of 30 attacks per target, as shown in Figure 2-13. This statistic reflects that once an organization has been attacked, there is a high probability of additional attacks.”
• SQL Injection (49%) and Local File Inclusion (40%) make up the greatest share of attacks against web applications

Is your server (N)jinxed ?

• A flaw in the way Debian (and Ubuntu) package nginx, can allow your server to be compromised.
• The flaw allows an attacker who has managed to gain control of a web application, like wordpress, to escalate privileges from the www-data user to root.
• “Nginx web server packaging on Debian-based distributions such as Debian or Ubuntu was found to create log directories with insecure permissions which can be exploited by malicious local attackers to escalate their privileges from nginx/web user (www-data) to root.”
• “The vulnerability could be easily exploited by attackers who have managed to compromise a web application hosted on Nginx server and gained access to www-data account as it would allow them to escalate their privileges further to root access and fully compromise the system.”
• The attack flow works as follows:
  • Compromise a web application
  • Run the exploit as the www-data user
  • Compile your privilege escalation shared library /tmp/privesclib.c
  • Install your own low-priv shell (maybe /bin/bash, or an exploit) as /tmp/nginxrootsh
  • Take advantage of the permissions mistake where /var/log/nginx is writable by the www-data user, and replace error.log with a symlink to /etc/ld.so.preload
  • Wait for nginx to be restarted or rehashed by logrotate
  • When nginx is restarted or rehashed, it creates the /etc/ld.so.preload file
  • Add the /tmp/privesclib.so created earlier to /etc/ld.so.preload
  • Run sudo, which will now load /tmp/privesclib.so before other libraries, running the code
  • sudo will not allow the www-data user to do any commands, but before sudo read its config file, it ran privesclib.so, which made /tmp/nginxrootsh setuid root for us
  • Run /tmp/nginxrootsh as any user, and you now have a shell as the root user
  • The now own the server
• Video Proof of Concept
• Fixes:
• Debian: Fixed in Nginx 1.6.2-5+deb8u3
  • Ubuntu 14.04 LTS: 1.4.6-1ubuntu3.6
  • Ubuntu 16.04 LTS: 1.10.0-0ubuntu0.16.04.3
  • Ubuntu 16.10: 1.10.1-0ubuntu1.1
• Make sure your log directory is not writable by the www-data user

Hacking 27% of the web via WordPress Auto-update

• “At Wordfence, we continually look for security vulnerabilities in the third party plugins and themes that are widely used by the WordPress community. In addition to this research, we regularly examine WordPress core and the related wordpress.org systems. Recently we discovered a major vulnerability that could have caused a mass compromise of the majority of WordPress sites.”
• “The vulnerability we describe below may have allowed an attacker to use the WordPress auto-update function, which is turned on by default, to deploy malware to up to 27% of the Web at once.”
• “The server api.wordpress.org has an important role in the WordPress ecosystem: it releases automatic updates for WordPress websites. Every WordPress installation makes a request to this server about once an hour to check for plugin, theme, or WordPress core updates. The response from this server contains information about any newer versions that may be available, including if the plugin, theme or core needs to be updated automatically. It also includes a URL to download and install the updated software.”
• “Compromising this server could allow an attacker to supply their own URL to download and install software to WordPress websites, automatically. This provides a way for an attacker to mass-compromise WordPress websites through the auto-update mechanism supplied by api.wordpress.org. This is all possible because WordPress itself provides no signature verification of the software being installed. It will trust any URL and any package that is supplied by api.wordpress.org.”
• “We describe the technical details of a serious security vulnerability that we uncovered earlier this year that could compromise api.wordpress.org. We reported this vulnerability to the WordPress team via HackerOne. They fixed the vulnerability within a few hours of acknowledging the report. They have also awarded Wordfence lead developer Matt Barry a bounty for discovering and reporting it.”
• “api.wordpress.org has a GitHub webhook that allows WordPress core developers to sync their code to the wordpress.org SVN repository. This allows them to use GitHub as their source code repository. Then, when they commit a change to GitHub it will reach out and hit a URL on api.wordpress.org which then triggers a process on api.wordpress.org that brings down the latest code that was just added to GitHub.”
• “The URL that GitHub contacts on api.wordpress.org is called a ‘webhook’ and is written in PHP. The PHP for this webhook is open source and can be found in this repository. We analyzed this code and found a vulnerability that could allow an attacker to execute their own code on api.wordpress.org and gain access to api.wordpress.org. This is called a remote code execution vulnerability or RCE.”
• “If we can bypass the webhook authentication mechanism, there is a POST parameter for the GitHub project URL that is passed unescaped to shell_exec which allows us to execute shell commands on api.wordpress.org. This allows us to compromise the server.”
• There is security built into the system. Github hashes the JSON data with a shared secret, and submits the hash with the data. The receiving side then hashes the JSON with its copy of the shared secret. If the two hashes match, the JSON must have been sent by someone who knows the shared secret (ideally only api.wordpress.com and github)
• There is a small catch
• “GitHub uses SHA1 to generate the hash and supplies the signature in a header: X-Hub-Signature: sha1={hash}. The webhook extracts both the algorithm, in this case ‘sha1’, and the hash to verify the signature. The vulnerability here lies in the fact the code will use the hash function supplied by the client, normally github. That means that, whether it’s GitHub or an attacker hitting the webhook, they get to specify which hashing algorithm is used to verify the message authenticity”
• “The challenge here is to somehow fool the webhook into thinking that we know the shared secret that GitHub knows. That means that we need to send a hash with our message that ‘checks out’. In other words it appears to be a hash of the message we’re sending and the secret value that only api.wordpress.org and GitHub know – the shared secret.”
• “As we pointed out above, the webhook lets us choose our own hashing algorithm. PHP provides a number of non-cryptographically secure hashing functions like crc32, fnv32 and adler32, which generate a 32bit hash vs the expected 160 bit hash generated by SHA1. These hashing functions are checksums which are designed to catch data transmission errors and be highly performant with large inputs. They are not designed to provide security.”
• So instead of having to brute force a 160 bit hash (1.46 with 48 zeros after it) you only have to brute force 32 bits (4 billion possibilities). But it gets even easier
• “Of these weak algorithms, the one that stood out the most was adler32, which is actually two 16 bit hashing functions with their outputs concatenated together. Not only are the total number of hashes limited, but there’s also significant non-uniformity in the hash space. This results in many hashes being the same even though they were supplied with different inputs. The distribution of possible checksum values are similar to rolling dice where 7 is the most likely outcome (the median value), and the probability of rolling any value in that range would work its way out from the median value (6 and 8 would have the next highest probability, and on it goes to 2 and 12).”
• “The proof of concept supplied in the report utilizes the non-uniformity by creating a profile of most common significant bytes in each 16 bit hash generated. Using this, we were able to reduce the amount of requests from 2^32 to approximately 100,000 to 400,000 based on our tests with randomly generated keys.”
• “This is a far more manageable number of guesses that we would need to send to the webhook on api.wordpress.org which could be made over the course of a few hours. Once the webhook allows the request, the attack executes a shell command on api.wordpress.org which gives us access to the underlying operating system and api.wordpress.org is compromised.”
• “From there an attacker could conceivably create their own update for all WordPress websites and distribute a backdoor and other malicious code to more than one quarter of the Web. They would also be able to disable subsequent auto-updates so that the WordPress team would lose the ability to deploy a fix to affected websites.”
• “We confidentially reported this vulnerability on September 2nd to Automattic and they pushed a fix to the code repository on September 7th. Presumably the same fix had been deployed to production before then.”
• “We still consider api.wordpress.org a single point of failure when distributing WordPress core, plugins and theme updates. We have made attempts to start a conversation with members of Automattic’s security team about improving the security posture of the automatic update system, but we have not yet received a response.”

Feedback:

• Network Test

• SLOW FreeNAS FIXED

• Obligatory ZFS question / feature request

• ZFS replication for backup

Round Up:

• cURL Author: People email me asking for support with their Car’s infotainment system
• Another malicious link that can cause any iOS device to freeze & require a hard reset
• Walmart testing using the blockchain to track food recalls
• Attacking the Washington, D.C. Internet Voting System
• Uber Portal Leaked Names, Phone Numbers, Email Addresses, Unique Identifiers
• Mapping Malware Attack Methodology to Controls
• CocaCola moves most of their data to the cloud, but won’t store its secret formula in the cloud.
• Kaspersky OS: Antivirus Firm Launches Its Own “Hackproof” OS, Based On Microkernel
• Oracle acquires DNS provider Dyn
• Exploit Code Released for NTP Vulnerability
• Vulnerability in InPage publishing software used in attacks against banks

The post Turkey.deb | TechSNAP 294 first appeared on Jupiter Broadcasting.

Windows exploits for sale at a great price, how the Internet works, yes, seriously & it’s awesome!

Plus we solve some of your problems, a great roundup & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Windows 0-day exploit for sale, only $90,000

• “A hacker going by the handle BuggiCorp is selling a zero-day vulnerability affecting all Windows OS versions that can allow an attacker to elevate privileges for software processes to the highest level available in Windows, known as SYSTEM”
• That actually seems like a low price, the vulnerability must not be quite the ‘game over’ scenario you might expect
• The claim is that the exploit will be sold to only one person, and will include the source code and a working demo
• Two videos of the exploit in action have been posted
• The first show the exploit working against a fully patched (May) Windows 10
• The second show the exploit bypassing all EMET mitigations
• “How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time”
• The reason for the lower price is likely this:
• “This type of flaw is always going to be used in tandem with another vulnerability to successfully deliver and run the attacker’s malicious code”
• To exploit this flaw, you need to have access to the victim’s machine. It cannot be exploited against a remote unsuspecting victim
• Of course, there are lots of malware droppers and exploit kits that provide this functionality
• “The seller claims his exploit works on every version of Windows from Windows 2000 on up to Microsoft’s flagship Windows 10 operating system.”
• “Jeff Jones, a cybersecurity strategist with Microsoft, said the company was aware of the exploit sales thread, but stressed that the claims were still unverified. Asked whether Microsoft would ever consider paying for information about the zero-day vulnerability, Jones pointed to the company’s bug bounty program that rewards security researchers for reporting vulnerabilities. According to Microsoft, the program to date has paid out more than $500,000 in bounties.”
• Microsoft does pay for bugs, but maybe not as much as the black market does
• “Microsoft heavily restricts the types of vulnerabilities that qualify for bounty rewards, but a bug like the one on sale for $90,000 would in fact qualify for a substantial bounty reward. Last summer, Microsoft raised its reward for information about a vulnerability that can fully bypass EMET from $50,000 to $100,000. Incidentally, Microsoft said any researcher with a vulnerability or who has questions can reach out to the Microsoft Security Response Center to learn more about the program and process.”
• Zerodium’s pay scale for Microsoft LPE bugs is “up to $30,000”
• The biggest factor in the actual value of an exploit to the buyer, is its longevity. How long before Microsoft figures out what the issue is and patches it
• This can be directly proportional to how widely the exploit is used. The more people it is used against, the more likely researchers will be able to get their hands on it and figure out what the problem is
• Additional Coverage

ArsTechnica: How the internet works

• “But how does it work? Have you ever thought about how that cat picture actually gets from a server in Oregon to your PC in London? We’re not simply talking about the wonders of TCP/IP or pervasive Wi-Fi hotspots, though those are vitally important as well. No, we’re talking about the big infrastructure: the huge submarine cables, the vast landing sites and data centres with their massively redundant power systems, and the elephantine, labyrinthine last-mile networks that actually hook billions of us to the Internet.”
• The article starts out by looking at submarine cables between the US and the UK
• The amount of shielding on a cable actually depends on how deep it will be deployed. The deeper it is, the less shielding is required. The biggest threat is international shipping.
• “At a 3 mile depth, cable diameter is just 17mm, akin to a marker pen encased by a thick polyethylene insulating sheath. A copper conductor surrounds multiple strands of steel wire that protect the optical fibres at the core, which are inside a steel tube less than 3mm in diameter and cushioned in thixotropic jelly. Armoured cables have the same arrangement internally but are clad with one or more layers of galvanised steel wire, which is wrapped around the entire cable.”
• “Without the copper conductor, you wouldn’t have a subsea cable. Fibre-optic technology is fast and seemingly capable of unlimited bandwidth, but it can’t cover long distances without a little help. Repeaters—effectively signal amplifiers—are required to boost the light transmission over the length of the fibre optic cable. This is easily achieved on land with local power, but on the ocean bed the amplifiers receive a DC voltage from the cable’s copper conductor. And where does that power come from? The cable landing sites at either end of the cable.”
• “Although the customers wouldn’t know it, TGN-A is actually two cables that take diverse paths to straddle the Atlantic. If one cable goes down, the other is there to ensure continuity. The alternative TGN-A lands at a different site some 70 miles (and three terrestrial amplifiers) away and receives its power from there, too. One of these transatlantic subsea cables has 148 amplifiers, while the other slightly longer route requires 149.”
• “To power the cable from this end, we’ve a positive voltage and in New Jersey there’s a negative voltage on the cable. We try and maintain the current—the voltage is free to find the resistance of the cable. It’s about 9,000V, and we share the voltage between the two ends. It’s called a dual-end feed, so we’re on about 4,500V each end. In normal conditions we could power the cable from here to New Jersey without any support from the US.”
• So what happens when a cable is damaged?
• “Once the cable has been found and returned to the cable-repair ship, a new piece of undamaged cable is attached. The ROV [remotely operated vehicle] then returns to the seabed, finds the other end of the cable and makes the second join. It then uses a high-pressure water jet to bury the cable up to 1.5 metres under the seabed”
• “Repairs normally take around 10 days from the moment the cable repair ship is launched, with four to five days spent at the location of the break. Fortunately, such incidents are rare: Virgin Media has only had to deal with two in the past seven years.”
• So once these cables are installed, they are expected to last 25+ years. Of course, if you installed a cable 5 years ago, you are likely to be disappointed with its speed. This is where new technology comes into play, by just replacing the optics at either end of the cable, you can get more data through the same fibres
• “DWDM (Dense Wavelength Division Multiplexing) technology is used to combine the various data channels, and by transmitting these signals at different wavelengths—different coloured light within a specific spectrum—down the fibre optic cable, it effectively creates multiple virtual-fibre channels. In doing so the carrying capacity of the fibre is dramatically increased.”
• DWDM allows between 40 and 160 channels to be combined down a single fibre. So suddenly those 4 strands that could only carry 10 gigabits per second each a few years ago, can carry 400, or 6.4 terabits per second
• The Tata cable featured in the article has a capacity of up to 10 terabits per pair, for a total of 40 terabits.
• “Enter one of the two battery rooms and instead of racks of Yuasa UPS support batteries—with a form factor not too far removed from what you’ll find in your car—the sight is more like a medical experiment. Huge lead-acid batteries in transparent tanks, looking like alien brains in jars, line the room. Maintenance-free with a life of 50 years, this array of 2V batteries amounts to 1600Ah, delivering a guaranteed four hours of autonomy.”
• “There are six generators—three per data centre hall. Each generator is rated to take the full load of the data centre, which is 1.6MVA. They produce 1,280kW each. The total coming into the site is 6MVA, which is probably enough power to run half the town. There is also a seventh generator that handles landlord services. The site stores about 8,000 litres of fuel, enough to last well over 24 hours at full load. At full fuel burn, 220 litres of diesel an hour is consumed, which, if it were a car travelling at 60mph, would notch up a meagre 1.24mpg—figures that make a Humvee seem like a Prius.”
• The article goes on to talk about SLAs and how the fibre network manages quality of service:
• “Latency commitments have to be monitored proactively, too, for customers like Citrix, whose portfolio of virtualisation services and cloud applications will be sensitive to excessive networking delays. Another client that appreciates the need for speed is Formula One. Tata Communications handles the event networking infrastructure for all the teams and the various broadcasters.”
• The article then goes on to talk about getting that connectivity to your house, the “last mile”
• Each of the various technologies is discussed, ADSL, VDSL (78mbps), DOCSIS3 (200mbps, but could go up to 600mbps, with DOCSIS 3.1 offering 10gbps), FTTC, and FTTH
• Of course, they also discuss Wireless and Mobile connectivity
• “Ars will have another in-depth feature on the complexities of managing and rolling out cellular networks soon”, we’ll look forward to that
• “First it was a few plucky cafes and pubs, and then BT turned its customers’ routers into open Wi-Fi hotspots with its “BT with Fon” service. Now we’re moving into major infrastructure plays, such as Wi-Fi across the London Underground and Virgin’s curious “smart pavement” in Chesham, Buckinghamshire. For this project, Virgin Media basically put a bunch of Wi-Fi access points beneath manhole covers made of specially made radio-transparent resin. Virgin maintains a large network of ducts and cabinets across the UK that are connected to the Internet—so why not add a few Wi-Fi access points to share that connectivity with the public?”
• So what is next for the last mile?
• “The next thing on the horizon for Openreach’s POTS network is G.fast, which is best described as an FTTdp (fibre to distribution point) configuration. Again, this is a fibre-to-copper arrangement, but the DSLAM will be placed even closer to the premises, up telegraph poles and under pavements, with a conventional copper twisted pair for the last few tens of metres.”
• “The idea is to get the fibre as close to the customer as possible, while at the same time minimising the length of copper, theoretically enabling connection speeds of anywhere from 500Mbps to 800Mbps. G.fast operates over a much broader frequency spectrum than VDSL2, so longer cable lengths have more impact on its efficiency. However, there has been some doubt whether BT Openreach will be optimising speeds in this way as, for reasons of cost, it could well retreat to the green cabinet to deliver these services and take a hit on speed, which would slide down to 300Mbps.”
• “So, there we have it: the next time you click on a YouTube video, you’ll know exactly how it gets from a server in the cloud to your computer. It might seem absolutely effortless—and it usually is on your part—but now you know the truth: there are deadly 4,000V DC submarine cables, 96 tonnes of batteries, thousands of litres of diesel fuel, millions of miles of last-mile cabling, and redundancy up the wazoo.”
• “The whole setup is only going to get bigger and crazier, too. Smart homes, wearable devices, and on-demand TV and movies are all going to necessitate more bandwidth, more reliability, and more brains in jars. What a time to be alive.”

Feedback:

• Building Your Own Wireless Router

• ICAP Trap

• Proper Backups

• FreeNAS File Transfer Slowdown.

  • dd if=/dev/zero of=zerofile bs=1m count=10k
  • Press control+t for progress output

Round Up:

• Lenovo Yoga Laptops Are Among PCs That Need To Lose This Application
• 93% of phishing emails sent in March contained ransomware
• TeamViewer denies hack after PCs hijacked, PayPal accounts drained Developing: Reddit thread on Teamspeak
• The government can keep your files forever, and use them against you later. This may have impact if eventually the government gains the ability to break the encryption used on your drive
• Jackpot! NASA Just Released 56 Patented Technologies Into the Public Domain
• Hackers extort ransom after finding bugs, call it a public service
• Cluster of “megabreaches” compromises a whopping 642 million passwords
• Microsoft issues headsup about new self propogating ransomware
• More vulnerability in ImageMagick and GraphicsMagick
• Ars Technica provides guide to picking a VPN server
• Google Is Teaching Its Driverless Cars How to Be Bigger Assholes on the Road

The post 10,000 Cables Under the Sea | TechSNAP 269 first appeared on Jupiter Broadcasting.

We finally share our getting started with Linux stories. And it turns out, it was nearly a freak happenstance for both of us & some great stories from our community.

Plus the Safe Wifi campaign you need to know about, we discuss the new elementaryOS, an update on the Munich situation & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: System76

We share how we got started with Linux

— PICKS —

Runs Linux

KIller Robot Runs Linux

Desktop App Pick

Bash Scanner – A fast way to scan your server for outdated software and potential exploits.

After an initial scan, you will be asked to create an account on the PatrolServer dashboard (which is totally optional, you are free to use the tool without an account). The benefit of creating a sustainable account is detailed reporting, together with documentation on how to secure your server.

• Submitted by SameerJubeh

Weekly Spotlight

Road Trip Playlist

Watch the adventures, productions, road trips, trails, mistakes, and fun of the Jupiter Broadcasting mobile studio.

• JB Road Trip Wishlist

• New name for the LAS mobile show…

• New Machine Tip

— NEWS —

Save WiFi/Individual Comments

Right now, the FCC is considering a proposal to require manufacturers to lock down computing devices (routers, PCs, phones) to prevent modification if they have a “modular wireless radio”[1][2]
or a device with an “electronic label”[3]. The rules would likely:

• Restrict installation of alternative operating systems on your PC, like GNU/Linux, OpenBSD, FreeBSD, etc.
• Prevent research into advanced wireless technologies, like mesh networking and bufferbloat fixes
• Ban installation of custom firmware on your Android phone
• Discourage the development of alternative free and open source WiFi firmware, like OpenWrt
• Infringe upon the ability of amateur radio operators to create high powered mesh networks to assist emergency personnel in a disaster.

• Prevent resellers from installing firmware on routers, such as for retail WiFi hotspots or VPNs, without agreeing to any condition a manufacturer so chooses.

• Save WiFi: Act Now To Save WiFi From The FCC | Hackaday

The folks at ThinkPenguin, the EFF, FSF, Software Freedom Law Center, Software Freedom Conservancy, OpenWRT, LibreCMC, Qualcomm, and other have put together the SaveWiFi campaign.

• Federal Register | Equipment Authorization and Electronic Labeling for Wireless Devices

Online comments end 09/08/2015.

Freya 0.3.1 is Here!

At the heart of this upgrade is the latest Hardware Enablement stack from Ubuntu 14.04.3. It includes version 3.19 of the Linux kernel and an updated Mesa that fixes the dreaded “double cursor” glitch. Workspaces in the Multitasking view also now work properly on Nvidia Optimus. The new hardware stack also brings better support for backlights and touchpads on certain laptops, a host of performance and power-related improvements, and support for 5th generation Intel processors. This release should also improve support for (U)EFI systems, especially when installing without an internet connection.

Munich Linux councillor: ‘We didn’t propose a switch back to Windows’

“There are several points of criticism concerning the notebooks of the councillors with very different reasons (not Linux in general). There are 80 councillors in the city. Their work and needs can’t be compared with the whole administration.”

Pfeiler denied that there was any kind of consensus towards a complete reverse migration, but rather suggests a retroactive fitting of Windows for certain specific purposes, adding that there was nothing to suggest that the Limux system was working anything other than well.

Feedback:

Mycroft Adds Linux Desktop Voice Controlled AI as Stretch Goal

• #VoiceOfMycroft

• New Machine Tip

• https://slexy.org/view/s2DJHp2hXG

Interoperable and Open
Optimized for the web
Scalable to any modern device at any bandwidth
Designed with a low computational footprint and optimized for hardware
Capable of consistent, highest quality, real-time video delivery; and
Flexible for both commercial and non-commercial content.

• https://slexy.org/view/s28zaxg5vu

• Support Jupiter Broadcasting on Patreon

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

Catch the show LIVE Friday:

• https://jblive.tv
• Network Calendar

The post How We Got Started With Linux | LAS 381 first appeared on Jupiter Broadcasting.

We take a deep dive into the basics of getting a home network up and running. It you’ve lived with whatever the ISP has given you have no fear, not only are we going to show you how to do it, it’s going to be all done from Linux!

Plus Firefox has a major flaw that impacts Linux users, an update on the Jolla tablet, we discuss our big format experiment & more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | WebM Torrent | MP3 Audio | OGG Audio | YouTube | HD Torrent

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: System76

Overview

• Default configurations are less secure and limited
• Ability to setup VPN
• Ability to setup DNS
• Most consumer equipment is a modem/router/switch/access point all in one (Spork Syndrome)

Default Settings on Mikrotik

• IP 192.168.88.1
• username: admin
• no password

Default Settings on (most) Linksys

• IP 192.168.0.1
• username: admin
• password: admin

DHCP – Dynamic Host Configuration Protocol

• Useful to push information to the clients about the network.
• Can be setup on most routers
• Comes setup by default
• Linksys limits you to /24 meaning a maximum of 254 clients.

DNS – Domain Name Service

• Phonebook of the internet
• Useful to point non-registered hostnames to IP addresses
• Can be used (somewhat) to block access to websites.

Firewall

• Used to block traffic
• Can be used on enterprise routers to separate switchports

Static IP (If your ISP allows it)

• What is and Setting static IP
• What is and Setting net mask
• What is and Setting Default Gateway

Setting up an Access Point

• Enable wireless on Mikrotik or Linksys
• Purchase separate access point and use WebUI
• Proper Channeling
• Proper Power
• POE

Easy Linux Networking

IPFire

From a technical point of view, IPFire is a minimalistic, hardened firewall system which comes with an integrated package manager called Pakfire. The primary task of Pakfire is to update the system with only a single click.

It is very easy to install security patches, bugfixes and feature enhancements, which make IPFire safer and faster – or simply, better.

Another task of Pakfire is to install additional software that adds new functionality to the IPFire system.
Some useful of them are:

• File sharing services such as Samba and vsftpd
• Communications server using Asterisk
• Various command-line tools as tcpdump, nmap, traceroute & many more.

Smoothwall.org

The goals of the project can be summed up as:

• Be simple enough to be installed by home users with no knowledge of Linux
• Support a wide variety of network cards, modems and other hardware
• Work with many different connection methods and ISPs from across the world
• Manage and configure the software using a web browser
• Run efficiently on older, cheaper hardware
• Develop a supportive user community
• Use sponsorship from Smoothwall Limited to further these goals

The Smoothwall Open Source Project is funded and supported by Smoothwall Limited.

• Smoothwall Express Download

— PICKS —

Runs Linux

• School Bell in the UK – Runs Linux!

Fantastic show, keep up the good work.
I wanted to share my own small runs Linux with you. I’m an IT Tech working in a secondary school in the UK. I got fed-up of our old outdated lesson change bell system from the 70’s so i made a pi powered one. It uses cron to run a python script that turns the relay on for a set amount of time. The cron file is edited via the UI that runs on php, MySQL on top of Apache. Photos of the UI and the project build attached.
its been in production since feb and still going strong.

Hope you like it

Thanks

Sent in by Robin T.

Desktop App Pick

• Zoiper

Our VoIP softphone will look everywhere for your contacts and will display them in a combined list for easy access. Outlook, windows/mac, LDAP, XMPP, XCAP, android, iOs. You name it, we got it and we will lookup incoming calls as well so you know who calls before you answer.

Weekly Spotlight

• SeaFile

Organize files into libraries. A library can be selectively synced into any device. Reliable and efficient file syncing improves your productivity.

A library can be encrypted by a password chosen by you. Files are encrypted before syncing to the server. Even the system admin can’t view the files.

Sharing into groups and collaboration around files. Permission control, versioning and activity notification make collaboration easy and reliable.

The core of Seafile server is written in C programming language. It is small and has a fantastic performance.

Upgrade can be done via running a simple script within a few seconds. Seafile records very few items in database. No huge database upgrade is needed.

AD/LDAP integration, group syncing, fine-grained permission control make the tool easily applied to your enterprise environment.

Celebrate BSD Now’s 2 year Anniversary!

BONUS SPOTLIGHT

• Privacy Badger, an Addon That Algorithmically Blocks Online Trackers

Online tracking has become a pervasive invisible reality of the modern web. Most sites you load are likely to be full of ads, tracking pixels, social media share buttons, and other invisible trackers all harvesting data about your web browsing. These trackers use cookies and other methods to read unique IDs associated with your browser, the result being that they record all the sites you visit as you browse around the internet. This sort of tracking is invisible to most web users, meaning they never get the option to agree to or opt-out of it. Today the EFF has launched the 1.0 version of Privacy Badger, an extension designed to prevent these trackers from accessing unique info about you and your browsing.

— NEWS —

Firefox exploit found in the wild | Mozilla Security Blog

Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1.

LibreOffice 5.0 Released!

It is also the first version to come in 64 bits for Windows. As such LibreOffice 5 serves as the foundation of our current developments and is a great platform to extend, innovate and collaborate with!

LibreOffice 5.0 ships an impressive number of new features for its spreadsheet module, Calc: complex formulae image cropping, new functions, more powerful conditional formatting, table addressing and much more. Calc’s blend of performance and features makes it an enterprise-ready, heavy duty spreadsheet application capable of handling all kinds of workload for an impressive range of use cases.

New icons, major improvements to menus and sidebar : no other LibreOffice version has looked that good and helped you be creative and get things done the right way. In addition, style management is now more intuitive thanks to the visualization of styles right in the interface.

LibreOffice 5 ships with numerous improvements to document import and export filters for MS Office, PDF, RTF, and more. You can now timestamp PDF documents generated with LibreOffice and enjoy enhanced document conversion fidelity all around.

LibreOffice 5 combines innovative features and long term efforts towards enhanced stability. As a result, expect both improvements in performance and in stability over the lifetime of the 5.0.x series.

LibreOffice under the hood: progress to 5.0

Gtk3 backend: Wayland

An very rough, initial gtk3 port was hacked together long ago by yours truly to prototype LibreOffice online via gdk-broadway.
However thanks to Caolán McNamara (RedHat) who has done the 80% of the hard work to finish this, giving us a polished and complete VCL backend for gtk3.
His blog entry focuses on the importance of this for running LibreOffice natively under wayland – the previous gtk2 backend was heavily tied to raw X11 rendering, while the new gtk3 backend uses CPU rendering via the VCL headless backend, of which more below.

OpenGL rendering improvements

The OpenGL rendering backend also significantly matured in this version, allowing us to talk directly to the hardware to accelerate
much of our rendering, with large numbers of bug fixes and improvements.
Many thanks to Louis-Francis Ratté-Boulianne (Collabora), Markus Mohrhard, Luboš Luňák (Collabora), Tomaž Vajngerl (Collabora), Jan Holesovsky (Collabora), Tor Lillqvist (Collabora), Chris Sherlock & others.
It is hoped that with the ongoing bug-fixing here, that this can be enabled by default as a late feature, after suitable review, for LibreOffice 5.0.1 or at the outside 5.0.2.

LibreOffice 5.0 Is a Milestone Release for Ubuntu Touch

LibreOffice will land on Ubuntu Touch

The developers from The Document Foundation haven’t gone into much detail about their plans, but they have said that the office suite is coming to Android. Coupled with the things we already know about Ubuntu Touch, we can safely say that LibreOffice 5.0 will bring some very interesting changes to the mobile platform from Canonical.

“A new version for new endeavours: LibreOffice 5.0 is the cornerstone of the mobile clients on Android and Ubuntu Touch, as well as the upcoming cloud version. As such, LibreOffice 5.0 serves as the foundation of current developments and is a great platform to extend, innovate and collaborate!” reads the announcement from The Document Foundation.

Jolla Tablet – First Batch out of Factory

Last week was very busy for Jolla, but few issues delaying the process by couple of days were catch up during the weekend by hard working Sailors. The first batch of Jolla Tablets is now complete and is told to look great! This batch is pre-production batch delivered to selected developers and internal test personnel

July 27th all the components were ready to be mounted on the circuit boards in China. All that was missing was the circuit boards themselves, as the flight delivering them was delayed by couple of hours. This delay was short, and assembling the boards was started as planned without major issues.

Earlier delays with material preparation and board delivery forced Jolla to agree on a new schedule with the assembly factory. July 30th, circuit boards were tested and the batch was sent to factory to be assembled on the next day. Surprise came with a glue machine, display assembly wasn’t possible

• Jolla Tablet

White House Petition to use FOSS whenever possible

We believe that the federal government, for the security of the information it manages and the efficient allocation of the public’s funds, should divest itself of costly proprietary software contracts wherever possible.

Healthcare.gov’s initial failings had much to do with the old, proprietary infrastructure that government contracting details required the application be built on. The US Navy recently spent considerable amounts of taxpayer money to extend support for Windows XP and Office 2003, both inherently obsolete and insecure.

Use of proprietary software costs our taxpayers needless money. It’s become clear that governments such as those of the UK and much of the European Union can adopt open source software and be better off for it. We should join them.

Feedback:

• https://slexy.org/view/s21WAMBD7L

• https://slexy.org/view/s2FgS2pShD

• https://slexy.org/view/s25ZrXOyoO

• Some crazy LAS idea

• Support Jupiter Broadcasting on Patreon

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

• Chris
• Noah J. Chelliah
• Jupiter Broadcasting’s Page

Find us on Twitter

• Chris – ChrisLAS
• Noah – Kernellinux

Follow us on Facebook

• Jupiter Broadcasting on Facebook
• Noah – Kernellinux

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

• https://jblive.tv
• Network Calendar

The post Level Up Your LAN | LAS 377 first appeared on Jupiter Broadcasting.

The Hacking Team fallout continues with more zero day patches you need to install, a new attack against RC4 might finally kill it & how to save yourself from a DDoS attack.

Plus a great batch of your questions, our answers & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Hacking Team fallout includes more Flash patches

• After a number of flash 0-days were found in the data stolen from “Hacking Team”, there has been a mad dash to fix the vulnerabilities before they are actively exploited further
• This resulted in nearly back-to-back Adobe Flash updates, confusing some users who thought they had already patched for the vulnerabilities
• Additional Coverage: Krebs
• Adobe Bulletin – July 8th, released 18.0.0.203
• Adobe Advisory – July 10th, Upcoming patch
• Adobe Bulletin – July 14th, released 18.0.0.209
• This has started quite a few conversations about Flash
• Facebook CSO wants Adobe to announce an EOL date for flash ~18-24 months from now
• Mozilla has taken the unusual step of disabling flash by default requiring click to activate
• Additional Coverage: BBC

New attack against RC4 cipher might finally kill it

• RC4 is one of the oldest ciphers still used as part of HTTPS
• It was often selected for its lower CPU overhead, but as processors got faster and ssl terminators offloaded the work, this became less of a reason to use RC4
• It looked like RC4 would finally die, but then attacks against SSL/TLS that only affected block ciphers emerged: BEAST, Lucky 13, and POODLE
• This propelled RC4 back up the priority list
• RC4 is also the most compatible cipher, older systems that do not support stronger crypto, all have RC4
• RFC 7465 proposed by Microsoft and others, was approved by the IETF and requires that RC4 not be used
• Researchers have presented a new paper at the USENIX Security conference that details a new attack against RC4
• RC4 is still widely used for HTTPS and also for some types of WiFi
• The flaw allows the attacker to steal cookies and other encrypted information in your HTTPS session
• This might allow the attack to impersonate / login as you on the site. Posting to your Twitter account, or initiating a transfer from your PayPal account.
• “The research behind the attack will be presented at USENIX Security. Summarized, an attacker can decrypt a cookie within 75 hours. In contrast to previous attacks, this short execution time allows us to perform the attack in practice. When we tested the attack against real devices, it took merely 52 hours to successfully perform the attack”
• “When the victim visits an unencrypted website, the attacker inserts malicious JavaScript code inside the website. This code will induce the victim to transmit encrypted requests which contain the victim’s web cookie. By monitoring numerous of these encrypted requests, a list of likely cookie values can be recovered. All cookies in this list are tested until the correct one is found.”
• Attack Method:
  • Step 1: Attacker injects code into victims HTTP stream, causing them to make known requests to a secure site with their cookie
  • Step 2: Attacker captures the encrypted requests going to the site secured with RC4
  • Step 3: Attacker computes likely cookies and tries each one until they successfully guess the correct cookie
  • Step 4: Profit, empty the bank account
• “To successfully decrypt a 16-character cookie with a success probability of 94%, roughly 9⋅2^27 encryptions of the cookie need to be captured. Since we can make the client transmit 4450 requests per seconds, this amount can be collected in merely 75 hours. If the attacker has some luck, less encryptions need to be captured. In our demonstration 52 hours was enough to execute the attack, at which point 6.2⋅2^27 requests were captured. Generating these requests can even be spread out over time: they do not have to be captured all at once. During the final step of the attack, the captured requests are transformed into a list of 2^23 likely cookie values. All cookies in this list can be tested in less than 7 minutes.”
• “In the paper we not only present attacks against TLS/HTTPS, but also against WPA-TKIP. Our attack against WPA-TKIP takes only an hour to execute, and allows an attacker to inject and decrypt arbitrary packets.”
• How does this compare to previous attacks? “The first attack against RC4 as used in TLS was estimated to take more than 2000 hours”
• Paper: All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS

Feedback:

• Anybody got recommendation for a DDoS protection service?
  • EuroBSDCon 2013 – Mitigating DDoS Attacks at Layer 7

• Wi-fi security

• Internet routing

• Linux Compatible KVM Crash Cart Adapter

Round Up:

• Pawn Storm APT group using first new Java 0-day exploit in 2 years
• Pawn Storm APT group adds TrendMicro IPs as C&C servers, no one is sure why. Could be DDoS, to get IPs blacklisted, etc
• Facebook security lead wants Adobe to say when it’s killing Flash
• HD Moore interview on the Social Engineering podcast
• FBI used Hacking Team services to unmask Tor user
• Netflix: Tracking Down Villains, finding servers that have more errors than their peers
• Shocking: Software Used To Monitor UK Students Against Radicalization Found To Be Exploitable
• Defender’s Dilemma vs Intruder’s Dilemma

The post A Bias to Insecurity | TechSNAP 223 first appeared on Jupiter Broadcasting.

Spyware creator mSpy hacked, find out why this breach is particularly egregious, what’s wrong with pcap & why RSA’s death has been greatly exaggerated.

Plus a great batch of questions, a rocking round up & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

What is wrong with pcap filters

• pcap filters are the language used to filter packet captures, and is used by tcpdump, wireshark and the like
• This post is an attempt to look at some classes of problems that the pcap filtering language fails on, why those deficiencies exist, and why I continue using it even despite the flaws.
• It also includes a link to a video about the history of pcap
• Just to be clear, libpcap is an amazing piece of software. It was originally written for one purpose, and it really is my fault that I end up too often using it for a different one.
• pcap is a usermode implementation of BPF, allowing
• BPF (Berkeley Packet Filter) is a UNIX interface that allows an application to read and write raw packets
• In addition to providing the interface to get raw packets into an application (like tcpdump) so you can read them, it also has the ability to filter the packets, so you only have to read the ones you care about
• This is especially important when there are gigabits per second of traffic flowing back and forth
• BPF Internals – Part 1
• Why We Need eBPF
• Towards Faster Trace Filters using eBPF and JIT

Mobile Spyware Maker mSpy Hacked, Customer Data Leaked

• mSpy, the makers of a dubious software-as-a-service product that claims to help more than two million people spy on the mobile devices of their kids and partners, appears to have been massively hacked.
• Last week, a huge trove of data apparently stolen from the company’s servers was posted on the Deep Web, exposing countless emails, text messages, payment and location data on an undetermined number of mSpy “users.”
• KrebsOnSecurity learned of the apparent breach from an anonymous source who shared a link to a Web page that is only reachable via Tor.
• The Tor-based site hosts several hundred gigabytes worth of data taken from mobile devices running mSpy’s products, including some four million events logged by the software.
• The message left by the unknown hackers who’ve claimed responsibility for this intrusion suggests that the data dump includes information on more than 400,000 users, including Apple IDs and passwords, tracking data, and payment details on some 145,000 successful transactions.
• There is a crazy amount of personal and sensitive data in this cache, including photos, calendar data, corporate email threads, and very private conversations. Also included in the data dump are thousands of support request emails from people around the world who paid between $8.33 to as much as $799 for a variety of subscriptions to mSpy’s surveillance software.
• U.S. regulators and law enforcers have taken a dim view of companies that offer mobile spyware services like mSpy. In September 2014, U.S. authorities arrested a 31-year-old Hammad Akbar, the CEO of a Lahore-based company that makes a spyware app called StealthGenie. The FBI noted that while the company advertised StealthGenie’s use for “monitoring employees and loved ones such as children,” the primary target audience was people who thought their partners were cheating. Akbar was charged with selling and advertising wiretapping equipment.
• mSpy Denies Breach, Even as Customers Confirm I
• Child spy firm hit by blackmailers – BBC News

About the supposed factoring of a 4096 bit RSA key

• Last week a blog was posted claiming to have published the factoring of a 4096-bit RSA key
• “The key in question was the PGP key of a well-known Linux kernel developer.”
• The other of the rebuttal post, thinks that the researchers are mistaken
• He thinks this because, he once thought that he had factored the same key, but then found out otherwise.
• A little background:
  • “RSA public keys consist of two values called N and e. The N value, called the modulus, is the interesting one here. It is the product of two very large prime numbers. The security of RSA relies on the fact that these two numbers are secret. If an attacker would be able to gain knowledge of these numbers he could use them to calculate the private key. That’s the reason why RSA depends on the hardness of the factoring problem. If someone can factor N he can break RSA. For all we know today factoring is hard enough to make RSA secure (at least as long as there are no large quantum computers).”
  • “Now imagine you have two RSA keys, but they have been generated with bad random numbers. They are different, but one of their primes is the same. That means we have N1=pq1 and N2=pq2. In this case RSA is no longer secure, because calculating the greatest common divisor (GCD) of two large numbers can be done very fast with the euclidean algorithm, therefore one can calculate the shared prime value.”
• “PGP keyservers have been around since quite some time and they have a property that makes them especially interesting for this kind of research: They usually never delete anything. You can add a key to a keyserver, but you cannot remove it, you can only mark it as invalid by revoking it. Therefore using the data from the keyservers gives you a large set of cryptographic keys.”
• He noticed that some keys appeared to contain subkeys that are near identical copies of a valid subkey, but with tiny errors
• “I don’t know how they appear on the key servers, I assume they are produced by network errors, harddisk failures or software bugs. It may also be that someone just created them in some experiment.”
• “The important thing is: Everyone can generate a subkey to any PGP key and upload it to a key server. That’s just the way the key servers work. They don’t check keys in any way. However these keys should pose no threat to anyone. The only case where this could matter would be a broken implementation of the OpenPGP key protocol that does not check if subkeys really belong to a master key.”
• “However you won’t be able to easily import such a key into your local GnuPG installation. If you try to fetch this faulty sub key from a key server GnuPG will just refuse to import it. The reason is that every sub key has a signature that proves that it belongs to a certain master key. For those faulty keys this signature is obviously wrong.”
• “Now here’s my personal tie in to this story: Last year I started a project to analyze the data on the PGP key servers. And at some point I thought I had found a large number of vulnerable PGP keys – including the key in question here. In a rush I wrote a mail to all people affected. Only later I found out that something was not right and I wrote to all affected people again apologizing. Most of the keys I thought I had found were just faulty keys on the key servers.”

Feedback:

• digital preservation

• Pfsense question

• ZFS … is Raidz2 fault tolerance offset by rebuild stress/time?

• FreeBSD Mastery: ZFS has been sent to the publisher

Round Up:

• U.S. Gov Insists It Doesn’t Stockpile Zero-Day Exploits to Hack Enemies
• (Beginners level) Analyzing unknown binary files using information entropy
• Philadelphia City Council website hacked
• Collecting intelligence about a website via its robots.txt
• Google declares that mobile search tops desktop t
• Penn State’s College of Engineering has disconnected its network from the Internet in response to two sophisticated cyberattacks
• Huawei launches 10KB LiteOS to power the internet of things
• HTML5 keylogger (doesn’t seem to catch repeated letters)
• Hackers are draining bank accounts via the Starbucks app
• St. Louis Federal Reserve Suffers Domain Hijack / DNS Breach

The post Spy vs MSpy | TechSNAP 216 first appeared on Jupiter Broadcasting.

The Mask, an advanced persistent threat is revealed, a slew of various home router models are actively being exploited, we’ll share the important details.

Plus some routing basics explained, and much much more.

On this week’s TechSNAP

Thanks to:

— Show Notes: —

Kaspersky discovered “The Mask” APT

• We got some hints about Careto (also know as “The Mask” or “The Masked APT”) a few weeks ago, and speculation suggested that the unusual native language of the attackers was Korean
• In an even bigger surprise, it turns out the attackers are Spanish speaking
• the Spanish-speaking attackers targeted government institutions, energy, oil & gas companies and other high-profile victims via a cross-platform malware toolkit
• Full Research PDF
• The APT has been going on since 2007 or earlier
• “More than 380 unique victims in 31 countries have been observed to date”
• “What makes “The Mask” special is the complexity of the toolset used by the
  attackers. This includes an extremely sophisticated malware, a rootkit, a bootkit, 32 and 64 bit Windows versions, Mac OS X and Linux versions and possibly versions for Android and iPad/iPhone (Apple iOS)”
• “The Mask also uses a customized attack against older versions of Kaspersky Lab products to hide in the system, putting them above Duqu in terms of sophistication and making it one of the most advanced threats at the moment. This and several other factors make us believe this could be a nation state sponsored campaign”
• “When active in a victim system, The Mask can intercept network traffic, keystrokes, Skype conversations, PGP keys, analyse WiFi traffic, fetch all information from Nokia devices, screen captures and monitor all file operations”
• “The malware collects a large list of documents from the infected system, including encryption keys, VPN configurations, SSH keys and RDP files. There are also several extensions being monitored that we have not been able to identify and could be related to custom military/government level encryption tools”
• “Overall, we have found exploits for Java, Flash SWF (CVE-2012-0773), as well as malicious plugins for Chrome and Firefox, on Windows, Linux and OS X. The names of the subdirectories give some information about the kind of attack they launch, for instance we can find /jupd where JavaUpdate.jar downloads and executes javaupdt.exe”
• “CVE-2012-0773 has an interesting history. It was originally discovered by French
  company VUPEN and used to win the “pwn2own” contest in 2012. This was the first
  known exploit to escape the Chrome sandbox. VUPEN refused to share the exploit
  with the contest organizers, claiming that it plans to sell it to its customers”
• “A Google engineer offered Bekrar (of VUPEN) $60,000 on top of the $60,000 he had already won for the Pwn2Own contest if he would hand over the sandbox exploit and the details so Google could fix the vulnerability. Bekrar declined and joked that he might consider the offer if Google bumped it up to $1 million, but he later told WIRED he wouldn’t hand it over for even $1 million.”
• This suggests that the threat actor may be a government
• However, Chaouki Bekrar denies the VUPEN exploit was used
• “Several attacks against browsers supporting Java have been observed.
  Unfortunately, we weren’t able to retrieve all the components from these attacks, as
  they were no longer available on the server at the time of checking”
• Also exploits CVE-2011-3544 against Java
• Additional Coverage

Linksys Router Malware

• Researchers say they have uncovered an ongoing attack that infects home and small-office wireless routers from Linksys with self-replicating malware, most likely by exploiting a code-execution vulnerability in the device firmware.
• Johannes B. Ullrich, CTO of the Sans Institute, told Ars he has been able to confirm that the malicious worm has infected around 1,000 Linksys E1000, E1200, and E2400 routers, although the actual number of hijacked devices worldwide could be much higher.
• A blog post Sans published shortly after this article was posted expanded the range of vulnerable models to virtually the entire Linksys E product line. Once a device is compromised, it scans the Internet for other vulnerable devices to infect.
• Compromised routers remain infected until they are rebooted. Once the devices are restarted, they appear to return to their normal state. People who are wondering if their device is infected should check for heavy outbound scanning on port 80 and 8080, and inbound connection attempts to miscellaneous ports below 1024.
• The attack begins with a remote call to the Home Network Administration Protocol (HNAP), an interface that allows ISPs and others to remotely manage home and office routers. The remote function is exposed by a built-in Web server that listens for commands sent over the Internet.
• Typically, it requires the remote user to enter a valid administrative password before executing commands, although previous bugs in HNAP implementations have left routers vulnerable to attack.
• After using HNAP to identify vulnerable routers, the worm exploits an authentication bypass vulnerability in a CGI script.
• Infected devices are highly selective about the IP ranges they will scan when searching for other vulnerable routers. The sample Ullrich obtained listed just 627 blocks of /21 and /24 subnets.
• The discovery comes a week after researchers in Poland reported an ongoing attack used to steal online banking credentials, in part by modifying home routers\’ DNS settings.
• The phony domain name resolvers listed in the router settings redirected victims\’ computers, tablets, and smartphones to fraudulent websites masquerading as an authentic bank service; the sites would then steal the victims\’ login credentials.
• The objective behind this ongoing attack remains unclear. Given that the only observable behavior is to temporarily infect a highly select range of devices, one possible motivation is to test how viable a self-replicating worm can be in targeting routers.
• Two days after this article was published, Linksys representatives issued the following statement:

Linksys is aware of the malware called “The Moon” that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers. The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled. Linksys ships these products with the Remote Management Access feature turned off by default. Customers who have not enabled the Remote Management Access feature are not susceptible to this specific malware.
+ Additional Coverage Internet Storm Center
+ These are not the only routers that have problems
+ Home Routers pose the biggest threat to consumer security
+ An old backdoor from 2005 was found in brand new Cisco home “Gigabit Security Routers”
+ As the covered last year, 40-50 million routers have uPnP flaw
+ Yesterday, researchers found a stack overflow bug in Linksys WRT120N routers
+ The new protocol that proposes to make “security” easier on the next generation of home routers may cause more harm than good
+ Asus Routers are also vulnerable including the RT-AC66R, RT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16, and RT-N16R

Feedback:

• Do you do disk or filesystem level encryption? If so, how do you manage the keys?

• confused about default routes

• Migrating ZFS

  • ZFS Replication

• Smart Wire Modems

• \”I just don\’t want to see the internet just walled off in different areas of the world\”

Round Up:

• Email attack on Vendor was source of Target breach
• Target\’s cybersecurity team raised concerns months before hack
• Schneier on Security: My Talk on the NSA
• Are 400gbps DDoS attacks the new normal?
• Verizon seeks payment for carrying Netflix traffic, WSJ reports
• RAID reliability calculator
• More than 2000 Tesco.com accounts leaked
• The History of Data Storage
• Important Kickstarter Security Notice
• FreeBSD PEFS file system security audit
• Tour of the Verizon Terremark Data Center
• Intel introduces new 15 core Xeon CPU, Xeon E7-8893 v2 (LGA2011), 3.4 GHz (3.7 GHz turbo), 37.5 MB cache, 1536 GB max ram, 8 way system would have 240 logical CPUs
• US Health care sector vulnerable to Hackers

The post 7 Year Malware | TechSNAP 150 first appeared on Jupiter Broadcasting.

How attackers can defeat an RSA token in as little as 15 minutes, FBI has taken down an online fraud ring, we’ve got the details. And a botched software update that shutdown a bank for days.

Plus some great audience questions and our answers.

All that and more on this week’s TechSNAP!

Thanks to:

Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Limited time offers:

$1.99/mo economy hosting for 3 months – special offer!
Code:  199tech
Expires:  June 30, 2012

$3.99 .US domain!
Code:  399us4

Support the Show:

Show Notes: