Show Notes:

Get TechSNAP on your Android:

• Callisto – Android App
• Jupiter Broadcasting – Android App by ShaneQful

Browser Affiliate Extension:

• Jupiter Broadcasting Affiliate Extensions for Chrome and Firefox





TechSNAP 100 Limited Edition Shirt:

Limited time left on our limited run TechSNAP 100 T-shirt!

Zendesk servers compromised, affects Twitter, Tumblr and Pinterest users

• Zendesk is a SaaS (Software as a Service) that provides a ticket system, knowledge base and help desk for a monthly fee
• It is quite popular, and used by large online services such as Twitter, Tumblr, Pinterest, Vodafone, 20th Century Fox, Denver Broncos, eLance, Fiverr, Gawker, Groupon, New Zealand Post, Rackspace Cloud, Scribd, Sears Canada, Sony Music, Xerox, and Yousendit
• Zendesk’s blog post says they believe only 3 of their customers were affected (not named, but other sources and the end users who received emails about the issue suggest it was Twitter, Tumblr and Pinterest)
• Apparently the attackers got access to a database with all of the email addresses of users who contacted those Zendesk customers for support, in addition to the email subject lines, apparently the body of the emails was not disclosed
• A help desk is likely to contain sensitive information, especially when used for billing inquiries and password resets, but could also contain API keys, vulnerability disclosures, internal comments, and other information that should not get out
• Self-hosting vulnerable software could leave you just as exposed, so the question comes down to, do you trust a 3rd party to do a better job of protection your customers than you will?
• Additional Coverage

---

sshd rootkit in the wild

• The sshd rootkit actually targets libkeyutils rather than the sshd binary itself, because previous sshd binary rootkits, have been defeated by updates to the sshd binary
• It is not yet clear what the original attack vector is, that allows the attackers to compromise the libkeyutils in the first place
• Seems to targets Red Hat and other RPM Based Distros, not clear if other distros are vulnerable
• The rootkit does a number of things, including allowing an attacker with a specific password to gain root access, open a listener, and steal all of the credentials that have been used to login to the infected sshd
• cPanel support server compromised, seemingly via sshd rootkit
• the cPanel support system often requests users enter the root credentials for their servers, so support staff can login and assess/fix problems. These credentials must be stored in a format that can be returned to plain text (rather than being hashed), because the support staff need the original password to login. Encrypting the password (normally not what you want) might work here, but the keys to decrypt would need to be accessible to either all support staff (a key management nightmare) or to the system itself (so it can decrypt the passwords for the users)
• Many cPanel customers report that their servers were compromised after they provided their credentials to cPanel support staff, this correlation may be how cPanel determined that they had been compromised, and spawned the investigation

---

Adi Shamir (the S in the RSA algorithm) says we need to prepare for a post-cryptography world

• Speaking at the RSA Conference in San Francisco this week as part of a panel Adi Shamir (of the Weizmann Institute of Science in Israel) spoke about the failure of traditional security mechanisms, including restricting access, virus scanners and IDS (Intrusion Detection Systems) to thwart APT (Advanced Persistent Threat) attacks.
• “It’s very hard to use cryptography effectively if you assume an APT is watching everything on a system, We need to think about security in a post-cryptography world.”
• The panel also included:
• Ron Rivest of MIT (the R in the RSA algorithm)
• Whitfield Diffie of ICANN (of the Diffie-Hellman-Merkle key exchange algorithm)
• Dan Boneh of Stanford University
• Ari Juels of RSA Labs
• Rivest also talked about the problems with the current PKI systems, especially Certificate Authorities (the Comodo and DigiNotar compromises), as well as the more recent problems with TurkTrust, the Turkish CA who gave out signing certificates to a government contractor that used them to create valid but fake google certificates
• Rivest suggests a new system with more tolerance for failures and where users have more control over whom they trust, especially in light of the growing trend where governments pressure CAs to fail, behave strangely or issue certificates they shouldn’t

---

Feedback:

• Resources for Learning More about FreeBSD?

• What’s so bad about a double NAT?

• What are intermediate SSL Certs?

• Fed Requirements Sometimes Force Equipment Online

• Internships, Learning, Training up while working 40+ Hours a week? CAN IT BE DONE?

• Last week we had a question of uPNP and pfSense – The pfSense blog has the official answer – pfSense uses an updated version of miniupnp, and has always done so, the vulnerable ones are more than 2 years old. Additionally, even if a new vulnerability in upnp is found, In order for your system to be vulnerable, you’d have had to manually add a firewall rule allowing access to upnp from the Internet.

Round Up:

• Sergey Brin says using a smart phone makes him feel like a girl
• HTML5 Bug in all major browsers except Firefox allows a remote site to fill your hard drive
• Microsoft suffers from same hacking attack as Apple, Facebook, small number of computers infected
• Time Warner CFO says no one wants gigabit internet a home
• How paid apps will work on Firefox OS phones – The start of a ‘buy it once, use it everywhere’ store?
• Symantec Finds Older Version of Stuxnet Dating Back to 2005
• Chrome 25 fixes 9 criticial vulnerabilities
• Comcast Punishes BitTorrent Pirates With Browser Hijack
• Security Explorations finds 2 more vulnerabilities in Java, even after u15
• Court orders UK ISPs to block more piracy sites
• Adobe pushes yet another Flash update, fixes 2 critical vulnerabilities being used in the wild
• Bitcoin reaches an all-time trading high of over $33
  • Current trading a CAVirtEx is $34.30/BTC

The post How I Met Your SSH | TechSNAP 99 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/16331/answers-for-everyone-techsnap-42/ Thu, 26 Jan 2012 20:40:12 +0000 https://original.jupiterbroadcasting.net/?p=16331 We’ve got the answer to life the universe and everything, plus why you need to get upset about ACTA, and patch your Linux Kernel. In this Q&A PACKED edition!

The post Answers for Everyone | TechSNAP 42 first appeared on Jupiter Broadcasting.

]]>



We’ve got the answer to life the universe and everything, plus why you need to get upset about ACTA, and patch your Linux Kernel!

All that and more, in this Q&A PACKED edition of TechSNAP!

Thanks to:
GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Pick your code and save:
DOTCO9: .co domain for $17.99
techsnap7: $7.99 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans

   

Direct Download Links:

   

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

 

Subscribe via RSS and iTunes:
    Subscribe...           --RSS-- TechSNAP HD TechSNAP Large     TechSNAP Mobile      TechSNAP MP3     TechSNAP OGG     --iTunes--     TechSNAP iTunes HD     TechSNAP iTunes Mobile     TechSNAP iTunes Large     TechSNAP iTunes MP3  

Show Notes:

Dreamhost gets hacked, resets all customers’ passwords, has scale issues

• On January 19th, Dreamhost.com detected unauthorized activity in one of their databases
• It is unclear which databases were compromised, if they were dreamhost databases of customer data, or customer site databases
• Dreamhost uses separate passwords for their main web control panel, and individual user SSH and FTP accounts
• Dreamhost ran in to scale issues, where their centralized web control panel could not handle the volume of users logging in and attempting to change their shell passwords
• The fast forced password reset by DreamHost appears to have promptly ended the malicious activity
• Based on the urgency of the reset, there seem to be indications that DreamHost stores users’ passwords in plain text in one or more databases
• This assertion is further supported by the fact that they print passwords to confirmation screens and in emails
• Dreamhost also reset the passwords for all of their VPS customers

---

Linux root exploit – when the fix makes it worse

• Linux kernel versions newer than 2.6.39 are susceptible to a root exploit that allowed writing to protected memory
• Prior to version 2.6.39 write access was prevent by an #ifdef, however this was deemed to be to weak, and was replaced by newer code
• The new security code that was to ensure that writes were only possible with the correct permissions, turned out to be inadequate and easily fooled
• Ubuntu has confirmed that an update for 11.10 has been released, users are advised to upgrade
• This issue does not effect Redhat Enterprise Linux 4 or 5, because this change was not backported. A new kernel package for RHEL 6 is now available
• Analysis
• Proof of Concept
• Proof of Concept for Android

---

Feedback

Q: Tzvi asks how to best Monitor employee Internet usage?

A: There are a number of ways to monitor and restrict Internet access through a connection you control. A common suggestion is the use of a proxy server. The issue with this is that it requires configuration on each client machine and sometimes even each client application. This is a lot of work, and is not 100% successful. However, there is an option know as a ‘transparent proxy’. This is where the router/firewall, or some other machine that all traffic to the internet must pass through analyzes the traffic, and routes connections outbound for port 80 or 443 (HTTP and HTTPS respectively, and optional additional ports) through the proxy server, without any configuration required on the individual clients. Then, you can use the firewall to deny all traffic outbound that is not via the proxy.

This is relatively easy to setup, so much so that as part of the final exam in my Unix Security class, students had 2 hours to setup their machine as follows:

• Configure TCP/IP stack
• Download GPG and Class GPG Key
• Decrypt Exam Instructions
• Install Lynx w/ SSL support
• Install a class self-signed SSL certificate and the root certificate bundle to be trusted
• Install and configure Squid to block facebook with a custom error page
• Configure Lynx to use Squid
• Create a default deny firewall that only allows HTTP via squid and FTP to the class FTP server
• Access the college website and facebook (or rather the custom error page when attempting to access facebook)

While they had a little practice, and didn’t have to configure a transparent proxy, it is still are fairly straight forward procedure.

Instead of rolling your own, you can just drop in pfSense and follow these directions

---

Q: Brett asks, what do you do after a compromise?

A: The very first thing you do after a compromise, is take a forensic image of the drive. A bit by bit copy, without ever writing or changing the disk in any way. You then pull that disk out and put it away for safe keeping. Do all of your analysis and forensics on copies of that first image (but no not modify it either, you don’t want to have to do another copy from the original). This way as you work on it, and things get modified or trashed, you do not disturb the original copy. You may need the original unmodified copy for legal proceedings, as the evidentiary value is lost if it is modified or tampered with in any way.

So your best bet, is to boot off of a live cd (not just any live cd, many try to be helpful and auto-mount every partition they find, use a forensics live cd that will not take any auction without you requesting it). Then use a tool like dd to image the drive to a file or another drive. You can then work off copies of that. This can also work for damaged disks, using command switches for dd such as conv=noerror,sync . Also using a blocksize of 1mb or so will speed up the process greatly.

You asked about tripwire and the like, the problem with TripWire is that you need to have been running it since before the incident, so it has a fingerprint database of what the files should look like, so it can detect what has changed. If you did not have tripwire setup and running before, while it may be possible to create a fingerprint database from a backup, it is not that useful.
The freebsd-update command includes an ‘IDS’ command, that compares all of the system files against the central fingerprint database used to update the OS, and provides quick and powerful protection against the modification of the system files, but it does not check any files installed my users or packages. The advantage to the freebsd-update IDS over tripwire is that it uses the FreeBSD Security Officers fingerprint database, rather than a locally maintained one that may have been modified as part of the system compromise. In college I wrote a paper on using Bacula as a network IDS, I’ll see if I can find it and post it on my blog at appfail.com.

• Ddrescue – GNU Project – Free Software Foundation (FSF)
• DEFT Linux – Computer Forensics live cd

---

Q: Jono asks, VirtualBox vs. Bare to the metal VMs?

• Xen, KVM and VirtualBox are not bare metal, they requires a full linux host
• XenServer is similar to VMWare ESXi, in that it is bare metal. It uses a very stripped down version of CentOS and therefore far fewer resources than a full host. However XenServer is a commercial product (though there is a free version)
  +The advantage to XenServer over VMWare ESXi (both are commercial but free), is XenServer is supported by more open source management tools, such as OpenStack

---

Q:Gene asks, IT Control is out of control, what can we users do?

---

Q: Crshbndct asks, Remote SSH for Mum

• Managed DNS DynDNS
• Labs & Betas | LogMeIn

---

Roundup

• The EU Signs Controversial ACTA Treaty
• Why are we not seeing nearly as much protest against ACTA like we did with SOPA/PIPA?
• Thousands march in Poland over Acta internet treaty
• ACTA
• Rogers found to be in violation of Canadian Net Neutrality rules, has until Feb 3rd to correct
• Nokia Subsidizing the Lumia 900 With MSFT Cash?
• reddit: January 2012 – State of the Servers
• Symantec: Anonymous stole source code, users should disable pcAnywhere

The post Answers for Everyone | TechSNAP 42 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/16006/cyber-bank-heist-techsnap-41/ Thu, 19 Jan 2012 19:34:30 +0000 https://original.jupiterbroadcasting.net/?p=16006 Hackers rob nearly $6 million dollars over the Internet, the Zappos security breach, the fall of the koobface botnet, and what happened to Megaupload.

The post Cyber Bank Heist | TechSNAP 41 first appeared on Jupiter Broadcasting.

]]>



Find out how hackers robbed a bank for nearly $6 million dollars over the Internet, the Zappos security breach, the fall of the koobface botnet, and what happened to Megaupload.

Plus we look back at the web’s SOPA protest this week, and see where things stand.

All that, and much more, on this week’s episode of TechSNAP!

Thanks to:
GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Pick your code and save:
DOTCO9: .co domain for $17.99
techsnap7: $7.99 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans

   

Direct Download Links:

   

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

 

Subscribe via RSS and iTunes:
    Subscribe...           --RSS-- TechSNAP HD TechSNAP Large     TechSNAP Mobile      TechSNAP MP3     TechSNAP OGG     --iTunes--     TechSNAP iTunes HD     TechSNAP iTunes Mobile     TechSNAP iTunes Large     TechSNAP iTunes MP3  

Show Notes:

Cyber Bank Heist Nets 5.3 Million Dollars

• During the first three days of the new year, while the bank was closed for the holiday, thieves accessed a compromised computer at the South African Postbank and used it to transfer large sums of money in to accounts they had opened over the past few months
• They then used the compromised computer, and the credentials of a teller and a call center employee, to raise the withdrawal limits on their accounts
• By 9am January first, numerous money mules started making trips to ATMs in Gauteng, KwaZulu-Natal and the Free State, unhindered by withdrawal limits
• Withdrawals stopped around 6am January 3rd before the bank reopened and the compromise was detected
• In total, approximately 42 Million South African Rand were stolen (approximately 5.3 million USD, although some news stories reported the figure as 6.7 million USD). This appears to be around 1% of the entire holdings of the government operated bank
• The National Intelligence Agency (NIA) is investigating as Postbank is a government institution
• Sources report that the bank’s fraud detection system failed to detect the extremely large withdrawals, and the fraud was not discovered until employees returned to the bank from the new years holiday
• Observers question way such low level employees (Teller, Call Center Agent) had the required access to raise the withdrawal limits
• Investigators have not yet determined if the computers and passwords were compromised by the employees unwittingly, or if they were involved in the heist
• Local Coverage

---

Koobface operators go underground as researchers disclose their identities

• The koobface malware mostly targetted facebook users, prompting users to download a newer version of flash in order to watch a non-existent video. Rather than the expected flash update, the users would be infected with malware
• The malware operators made large sums of money by using the botnet of infected computers to perpetrate click fraud against pay-per-click advertising networks. “Through the use of pay-per-click and pay-per-install affiliate programs, Koobface was able to earn over US$2 million between June 2009 and June 2010 by forcing compromised computers to install malicious software and engage in click fraud”
• Facebook and some researchers they had been working with released their findings, including the identities, social media accounts and other information that had gathered on those behind the malware
• Within days of that disclosure, the attackers had shut down their C&C servers and rapidly began destroying the evidence against them. They also appear to have gone in to hiding (likely to avoid prosecution or extradition)
• With the shutdown of the C&C servers, and the disappearance of the operators, new infections of Koobface have dropped to near zero
• Researchers question if exposing the operators was the right thing to do
• Canadian Researchers released paper on Koobface in 2010 . Rather than releasing the identities of the attackers, Infowar Monitor handed the information over to Canadian Law Enforcement
• Additional Coverage

---

Shoe Retailer Zappos Hacked, 24 million customers compromised

• Zappos, and online shoe retailer owned by Amazon, was compromised last week
• Attackers gained access to the customer database after compromising a Zappos server in Kentucky, and using it to Island Hop into the internal network
• The Zappos customer database contained the names, email addresses, scrambled passwords, billing and shipping addresses, phone numbers and the last four digits of credit cards numbers
• It is unclear what is meant by ‘scrambled’ password, hopefully secure hashing
• Zappos states rather clearly, and repeatedly, that their secure payment processing servers were not compromised, and that credit card and transaction data remains secure
• Hopefully this means that Zappos takes their PCI-DSS compliance seriously, and the payment servers are isolated from the internet network that was invaded via the compromised server
• Even without the full credit card data the information from this compromised could be used quite successfully in spear phishing attacks
• Zappos has reset and expired all customers passwords, forcing customers to choose new passwords
• Zappos has disabled its phone systems in anticipation of an extremely high volume of support inquiries
• Zappos Announcement

---

Researcher reveals that stuxnet did not use a vulnerability in SCADA

• Researcher Ralph Langner presented his findings at the S4 Conference on SCADA Systems
• In his presentation, he revealed that the stuxnet worm, while possessing many 0-day exploits to gain access to the protected computer systems, used a design flaw in the SCADA system, rather than an exploit to perform the attack
• Langner postulates that the design of the Stuxnet worm was not to destroy the centrifuges, but to undetectably disrupt the process, making production impossible
• The Stuxnet worm takes advantage of the fact that the input process image of the PLC is read/write rather than read only, so the Stuxnet work simply plays back the results of a known good test to the controller, while actually feeding the centrifuge bad instructions, resulting in unexplained undesired results
• Langner used his analysis to criticize both Siemens and the U.S. Department of Homeland Security for failing to take the security issues more seriously

---

Round Up:

• Vinton Cerf: Internet Access is not a Human Right
• BitShare – Sec. of State Hillary Clinton: Internet Freedom is a human right
• Data stolen from Japanese space agency
• Hackers Disrupt Israel Airline, Stock Market Sites
• Crucial Releasing Firmware for 5200 hour SSD Bug
• Research shows teens share passwords as a form of intimacy
• PIPA support collapses, with 19 new Senators opposed
• Fight brewing over thick .com Whois
• Google says 4.5 million people signed anti-SOPA petition today
• US Senate websites hit with technical difficulties following SOPA blackout
• APNewsBreak: Feds Shut Down File-Sharing Website 
• Followup: Symantec statement on leaked source code

The post Cyber Bank Heist | TechSNAP 41 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/13468/great-disk-famine-techsnap-30/ Thu, 03 Nov 2011 17:15:36 +0000 https://original.jupiterbroadcasting.net/?p=13468 Hard Drives are in very short supply, find out why. Plus Anonymous says it’s going after a Mexican Drug Cartel, we’ll share you the amazing details

The post Great Disk Famine | TechSNAP 30 first appeared on Jupiter Broadcasting.

]]>



Anonymous says it’s going after a Mexican Drug Cartel, we’ll share you the amazing details!

Plus: Our tips for controlling remote downloads, and why all I’m going to want for Christmas is hard drives!

All that and more, on this week’s TechSNAP!

Thanks to:


GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!


Pick your code and save:

techsnap7: $7.49 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans

 

Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:
Subscribe... --RSS-- TechSNAP HD TechSNAP Large TechSNAP Mobile TechSNAP MP3 TechSNAP OGG --iTunes-- TechSNAP iTunes HD TechSNAP iTunes Mobile TechSNAP iTunes Large TechSNAP iTunes MP3
[ad#shownotes]

Show Notes:

Anonymous says it will go after Mexican Drug Cartel

• Anonymous claims one of its members was kidnapped at a street protest
• Anonymous claims it will start releasing details about journalists, taxi drivers, police officers and government officials who are on the Cartel’s payroll, if the kidnap victim is not released by November 5th (Guy Fawkes Day)
• No information about the person who was allegedly kidnapped has been released
• Anonymous hopes that releasing this information, the government will be able to pursue the allegedly corrupt officials. However, depending on the type of information, it is unlikely that the evidence provided would be enough to convict someone.
• There are serious concerns that the release or even the threat of the release of such information could result in a violent backlash from the Cartel.
• It would seem that anyone who’s name appears on the lists released by anonymous would be in serious danger. A case of mistaken identity or speculation could result in the death of an innocent person.
• Anonymous has claimed it would attack a number of entities, including the NYSE and Facebook, a large number of these attacks have never taken place, or were unsuccessful and never mentioned again.

---

Series of spear phishing attacks against chemical and defense companies

• At least 50 different companies were targeted by attackers attempting to steal research and development documents and other sensitive information.
• The attacks started in July, and continued through September, it is also believed that the same attackers were targeting NGOs and the auto industry earlier this year.
• The attacks where spear phishing attacks, a specialized form of the common email attack. Unlike a typical phishing scam, where an attacker poses as your bank and attempts to get you to enter your login credentials and other personal information in to a fake site designed to mimic the look of your banks site, a spear phishing attack specifically targets individuals, using information that is known about them and where they work. Spear Phishing attacks also commonly involve impersonating someone you might expect to receive such an email from.
• The emails sent in this case often took the form of meeting invitations with infected attachments. In other cases when the messages were broadcast to many victims, they took the form of security bulletins, usually riding on actual vulnerability announcements for common software such as Adobe Reader and Flash Player. It also seems the attackers attached the infected files in 7Zip format, to evade many spam filters and virus scanners that block or scan .zip files. The attackers also took to encrypting the zip files with a password, and providing that password in the email, again to avoid virus scanners on the inbound mail servers.
• This attackers used PoisonIvy, a common backdoor trojan written by one or more persons who speak Mandarin. The Trojan also contained the address of a Command and Control (C&C) server used to feed it additional instructions.
• Once the attackers made their way in to the network through one or more infected machines, they leveraged that access to eventually gain permissions to copy sensitive documents and upload them to an external server where they could then be recovered.
• One of the command and control servers was a VPS operated in the United States, owned by a Chinese individual from Hebei province. Investigators have not been able to determine if this individual was part of the attacks, if anyone else had access to the VPS, or if he was acting on behalf of another group. It is possible the server was compromised, or that it could have been made to look like that was the case.
• Symantec says that there were a number of different groups attacking these companies during this time span, some using a custom developed backdoor called ‘Sogu’ and using specially crafted .doc and .pdf files. There is no word on if these additional attacks were also successful.
• Full Report

---

Feedback:

• Remote Downloads?
• Q: I have a question regarding downloads, in particular, remote downloads.
• A: There are a number of options, ranging in capability and ease of use.
• rTorrent – A command line torrent client, works great over SSH (especially when combined with Screen). This is what Allan uses to seed the Linux Action Show torrents.
• uTorrent – uTorrent (microTorrent) is available for windows, mac and linux. It offers an optional web UI (the web UI is the only option for linux) for remotely controlling the torrents, and can also automatically start downloading torrents when they are placed in a specified directory. uTorrent also incorporates an RSS reader.
• wget – is a standard command line downloading tool included in most GNU Linux distros. Also available for windows
• curl – A library and utility for dealing with http, it is a common feature of most web hosting servers, and easily integrates with PHP. You could write a short PHP script that would download files to the report server when prompted (possibly by an email or access from your mobile phone)

Round UP:

• Windows Kernel Zero Day Vulnerability Found in Duqu Installer
• Stop Online Piracy Act Introduced in the House
• Data points to China as source of March RSA breach, wider attacks
• Authorities Seize Duqu’s C&C Servers in India
• AWS Load Balancer Sends 2 Million Netflix API Reqs To Wrong Customer
• Mac OS X Trojan steals processing power to produce Bitcoins

The post Great Disk Famine | TechSNAP 30 first appeared on Jupiter Broadcasting.

]]> https://original.jupiterbroadcasting.net/13052/ultimate-zfs-overview-techsnap-28/ Thu, 20 Oct 2011 18:57:12 +0000 https://original.jupiterbroadcasting.net/?p=13052 Buckle up and prepare for the our Ultimate ZFS overview! Plus, the next generation of Stuxnet is in the wild, but this time is laying low, collecting data.

The post Ultimate ZFS Overview | TechSNAP 28 first appeared on Jupiter Broadcasting.

]]>



Coming up on this week’s TechSNAP…

Buckle up and prepare for our Ultimate ZFS overview!

Plus, the next generation of Stuxnet is in the wild, but this time is laying low, collecting data.

All that and more, on this week’s TechSNAP!

Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:
Subscribe... --RSS-- TechSNAP HD TechSNAP Large TechSNAP Mobile TechSNAP MP3 TechSNAP OGG --iTunes-- TechSNAP iTunes HD TechSNAP iTunes Mobile TechSNAP iTunes Large TechSNAP iTunes MP3

[ad#shownotes]

Show Notes:

Jupiter Broadcasting Gear

https://www.printfection.com/jbgear

• Coupon Code: SuperDuperShip – Free Shipping on Super Saver, International, and Canadian Airmail orders. No minimums
• Coupon Code: SuperSave$10 – $10 off orders with a subtotal of $50+
• Coupon Code: Scary35% – 35% off orders with a subtotal of $100+

Next generation of Stuxnet seen in the wild?

• Called Duqu, the malware appears to be based on the same concepts as Stuxnet, and likely was written by some of the same people, or someone with access to the Stuxnet source code.
• The malware is designed to be stealthy and silent, rather than exploiting the system to some gain, like most malware
• The rootkit loads it self as a validly signed driver. It appears to have been signed by the certificate of a company in Taiwan identified as C-Media Electronics Incorporation. It is possible that their systems were compromised and their private key is being used without their knowledge. The certificate was set to expire on August 2, 2012, but authorities revoked it on Oct. 14
• The malware is not a worm, as it does it spread, and has no destructive payload
• It appears to only gather intelligence and act as a espionage agent, collecting data to be used a future attack.
• Analysts claim it appears to be seeking information on an unidentified industrial control system
• Duqu appears to have been in operation, undetected for more than a year
• Symantec has declined to name the countries where the malware was found, or to identify the specific industries infected, other than to say they are in the manufacturing and critical infrastructure sectors
• Duqu analysis paper

---

Google switching to SSL for logged in users’ searches

• Users who do a search while logged in, will do the search over SSL, meaning their search query and the results will be protected from snooping by their ISP, Government, Law Enforcement and WiFi hackers.
• This is an important step as google works to personalize your search results more and more.
• An interesting side effect of this is that browsers do not pass referrer headers when you transition from an SSL site. So the sites you visit from the search results page will no longer see what your search query was. Clicks on Adwords and other sponsored links will still pass your search query.
• The primary impediment to SSL for everything is performance, encrypting all traffic on the web would require a great deal more hardware. This is why Google defaults to a weaker encryption for things like search results, than what online merchants typically use.
• Another impediment to SSL is the certificate system, typical setups require a unique IP for each SSL certificate (because the name based virtual hosting typically done by web servers relies on an HTTP header, that is not sent until after the encryption session is started). However modern browsers and web servers support ‘SNI’ (Server Name Indication) to allow that information to be passed as part of the initial encryption setup. There are also solutions such as wildcard certificates (ie, *.google.com) and Unified Communications Certificates (UCC, typically used for MS Exchange servers and the like).
• Google will also provide website owners with the top 1000 search queries that lead visitors to their site via Google Webmaster Tools.
• HTTPS Everywhere | Electronic Frontier Foundation

---

Feedback:

• TechSnap Question – YouTube
• Typically a solution like this relies on a hard line connection between the two wireless APs so that they do not have to communicate via wireless as well.
• www.dd-wrt.com | Unleash Your Router
• DD-WRT Router Database
• Turn Your $60 Router into a User-Friendly Super-Router with Tomato
• Tomato (firmware)

ZFS Segment

• This week we will be taking a look at ZFS as a storage solution
• ZFS was originally developed by Sun Microsystems to be able to store a zetta byte of data (A zetta byte is equal to 1 billion tera bytes)
• ZFS is both the Volume Manager and the File System. This gives it some unique benefits, including the ability to increase the size of the file system on the fly and improves performance for the ‘scrub’ (integrity check all data) and resilver (recover from a failed disk) operations, as only data blocks that are actually in use need to be rewritten, whereas a hardware RAID controller must resilver the entire disk because it is unaware of the file system.
• ZFS is a ‘Copy-On-Write’ file system, this means that data is not immediately overwritten when it is changed
• Features
  • Multiple mount points – You can create various mount points from the same storage pool, allowing you to have different settings for different types of files.
  • Passive Integrity Checking (Fletcher Checksum or SHA–2) – As data is read, it is compared against the checksum (or hash, depending on settings). If the data is found to be corrupted, ZFS attempts to recover it (from a mirrored device, RAID Z, or copies). This feature allows ZFS to detect silent corruption that normally goes unnoticed.
  • RAID Z – RAID Z works very similar to RAID 5, except without the requirement for a hardware RAID controller. RAID Z2 provides two parity drives, like RAID 6. Recently, RAID Z3 was also introduced, using 3 drives for parity, providing exceptional fault tolerance.
  • Compression – Allow you to compress the data stored in this mount point (defaults to lzjb for speed, or you can choose a specific level of gzip). This can be great for storing highly compressible information such as log files
  • Deduplication – Since ZFS already knows the hash of your files as it writes them, it can detect that a file with the identical content already exists in your storage pool, and it will simply link the new file to the old one, and because ZFS is copy-on-write, if either file changes, it does not effect the other. ZFS also supports an optional ‘verify’ setting, where even if the checksum/hash matches, it will do a byte-by-byte verification to ensure the files are the same, to avoid a cache collision resulting in data corruption, even though the chances of this happening are around 10^–77. Deduplication uses a lot of ram, so it is recommended that you only use it on datasets where there is a high probability of duplication (It requires 320 bytes per block, meaning 1TB of data in 8kb blocks requires 32GB of ram. ZFS allows blocks up to 128kb). Deduplication will only use up to 25% of ARC memory, after that performance is degraded.
  • Purposeful Duplication (Copies) – Allows you to ask ZFS to maintain more than 1 copy of each file in a mount point. This is in addition to any redundancy provided by mirrors/RAID Z etc. Where possible the additional copies are stored on different physical devices. This allows you to get the benefit of a system like RAID Z but only for a specific set of data, while using regular striping for the rest, to maximize your storage capacity. (The ‘Copies’ system was not designed to protect against entire drives failing, just the loss of specific sectors, also this setting only effects newly created files, so you should set it when you create the mount point)
  • Snapshots – A read only copy of the file system from a specific point in time, great for backups etc.
  • Clones – A writable snapshot. Allows you to create a second copy of the file system that shares all of the same disk space, and any changes to either the original or the clone get saved separately.
  • Dynamic Striping – As you add more disks to your ZFS pool, the strips are automatically adjusted to take advantage of the write performance of all available disks.
  • Space Reservation – Since all mount points share the same pool of free space, you can set reservations to make sure specific mount points always have access to free space, even if another mount point is trying to use all of the space.
• In summary, ZFS can be a great solution for your home file server, as it allows you the flexibility to add additional storage at any time, deduplicate files, provided limited redundancy without needing RAID and can even provide some Drobo like functionality.
• If you keep at least one SATA port available in your file server, you can replace smaller devices by attaching the newer drive, and using the ‘zpool replace’ command, to copy all of the data to the new device, then remove the smaller one. You can eventually replace every device in the system this way, and the storage pool sizes up automatically.
• RAID Z pools cannot currently have devices added to them, although this feature is in the works. If you create a RAID Z (or Z2/Z3) pool, you can still increase it’s storage capacity by replacing each disk one at a time, and waiting for it to resilver (unlike in non-redundant setups, you do not have to connect the new device before removing the old one). Again, because ZFS is both the Volume Manager and the File System, the resilvering process is faster, because only data that is actually in use needs to be written to the new device.

Round Up:

• Jobs offered ‘nine-digit price’ to buy Dropbox
• NCI, Australia’s largest Supercomputer, confirmed hacked.
• Sesame Street’s YouTube channel hacked, replaced with porn
• Analysis of 250,000 hacker conversations PDF
• Google Music to support peer-to-peer file sharing, says record exec
• MIT researches develop system to record real time video through walls

The post Ultimate ZFS Overview | TechSNAP 28 first appeared on Jupiter Broadcasting.

]]>