TechSNAP

And start using configuration management. Embrace reproducibility of systems, and streamlined management with TechSNAP’s introduction to Configuration Management. Plus the news of the week that could impact your systems, feedback, and more.Sponsored By: Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com Links: SamSam Ransomware Hits Hospitals, City Councils, ICS Firms — The SamSam crew usually scans the Internet for computers with open RDP connections and they break into networks by brute-forcing these RDP endpoints to spread to more computers. RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an… — How you can very easily use Remote Desktop Services to gain lateral movement through a network, using no external software. EFF and Lookout Uncover New Malware Espionage Campaign Infecting Thousands Around the World — The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more. Lenovo Discovers and Removes Backdoor in Networking Switches — Lenovo engineers have discovered a backdoor in the firmware of RackSwitch and BladeCenter networking switches. The company released firmware updates earlier this week. Intel says Meltdown / Spectre patch causes reboots in computers with newer processors too — Data center performance can degrade by up to 25 percent for certain workloads. VMware pulled Spectre patches on Friday. — Affected updates are the ones for ESXi under VMSA-2018-0004 that contained CPU microcode. Despite these being the affected patches, all of the patches under VMSA-2018-004 have been pulled. Spectre Mitigation Added To GCC 8, Seeking Backport To GCC 7 — The set of Spectre mitigation patches for the GNU Compiler Collection (GCC) were accepted to mainline and will be part of GCC 8 with the GCC 8.1 stable release that will likely be due out around March. This is on top of many other changes/features of GCC 8. New Linux Method to Check your System — grep . /sys/devices/system/cpu/vulnerabilities/* AMD Processor Security — AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. Skyfall and Solace An Introduction to Configuration Management | DigitalOcean — As a broader subject, configuration management (CM) refers to the process of systematically handling changes to a system in a way that it maintains integrity over time. Even though this process was not originated in the IT industry, the term is broadly used to refer to server configuration management Configuration Management on the Desktop — It installs GNOME, sets up my wallpaper, applies my GTK/icon themes, sets up my keyboard shortcuts, etc. It also sets up my SSH keys, user dotfiles, OpenSSH config, and much more.

The types of workloads that will see the largest performance impacts from Meltdown, tools to test yourself, and the outlook for 2018. Plus a concise breakdown of Meltdown, Spectre, and side-channel attacks like only TechSNAP can. Then we run through the timeline of events, and the scuttlebutt of so called coordinated disclosure. We also discuss yet another security issue in macOS High Sierra, a backdoor in popular storage appliances, your questions, and more!Sponsored By: Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean Links: Meltdown and Spectre — Meltdown and Spectre exploit critical vulnerabilities in modern processors. The Meltdown and Spectre CPU Bugs, Explained How we got to Spectre and Meltdown A Timeline My version of the timeline... — My version of the timeline on Spectre Meltdown. This post will be updated! If you want to add/correct something, please comment. How Tier 2 cloud vendors banded together to cope with Spectre and Meltdown | TechCrunch — Eventually six cloud providers — Scaleway, DigitalOcean, Packet, Vultr, Linode and OVH — formed a consortium of sorts to help one another and share information. In order to make the process more efficient, they started a Slack channel with CEOs, CTOs and engineers from the various companies sharing information and fixes as they became available. FreeBSD was made aware of Meltdown and Spectre in late December. There's currently no ETA for mitigation. — It looks like Dragonfly BSD has a patch, so hopefully that will be useful for FreeBSD. heads up: Fix for intel hardware bug will lead to performance regressions — Upcoming versions of the linux kernel (and apparently also windows and others), will include new feature that apparently has been implemented with haste to work around an intel hardware bug. AWS Developer Forums: Degraded performance — Immediately following the reboot my server running on this instance started to suffer from cpu stress. Google is pushing Retpoline — With Retpoline, we could protect our infrastructure at compile-time, with no source-code modifications. Furthermore, testing this feature, particularly when combined with optimizations such as software branch prediction hints, demonstrated that this protection came with almost no performance loss. PCID is now a critical performance/security feature on x86 — On any system that does not currently show "pcid" in the flags line of /proc/cpuinfo, Meltdown is a bigger issue than "install latest updates". Spectre & Meltdown vulnerability/mitigation checker for Linux — A simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018. Microsoft PowerShell Script to check for Meltdown — To help customers verify that protections are enabled, Microsoft has published a PowerShell script that customers can run on their systems. Install and run the script by running the following commands. Why Raspberry Pi isn't vulnerable to Spectre or Meltdown — To help us understand why, here’s a little primer on some concepts in modern processor design. macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password — A bug report submitted on Open Radar this week has revealed a security flaw in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password. Major macOS High Sierra Bug Allows Full Admin Access Without Password WD My Cloud NAS devices have hard-wired backdoor — Lets anyone log in as user mydlinkBRionyg with the password abc12345cba. Question: How could I measure all of these overhead performance hits? — My question: how could I measure all of these overhead performance hits, so I can put in a well educated request to adjust all of these components, so I have a computer that performs near its capacity? Perfmon Troubleshooting with the Windows Sysinternals Tools ProcDump Process Monitor - Replaces filemon Question: MySQL Replication Woes — The problem is that during some larger deletes on the master, the tables on the slave get locked and the slave lag goes through the roof.. During this time all of my selects that have been sent to the slave are just sitting there and waiting for the table to unlock while the master is just fine. Ask Noah 44: Red Hat with Brandon Johnson BSD Now 228: The Spectre of Meltdown

The trials and tribulations of the long journey to TLS 1.3, and the “middleware” that’s keeping us from having nice things. Plus a pack of Leaky S3 bucket stories and the data that was exposed. Then we do a deep dive into some SMB fundamentals and practical tips to stay on top of suspicious network traffic.Sponsored By: iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com Links: Why TLS 1.3 isn't in browsers yet — It has been over a year since Cloudflare’s TLS 1.3 launch and still, none of the major browsers have enabled TLS 1.3 by default. TLS 1.3 middleboxes test — This page performs some tests to check for middlebox interference with TLS 1.3. For that it requires Adobe Flash and TCP port 843 to be open. If this is not the case, all tests will fail with N/A. Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS — AWS account credentials and firmware AES encryption keys were also exposed on GitHub, Data on 123 million US households exposed — Leaky bucket might be a better description because when opened the database revealed the personal financial data of 123m American households – in effect everyone with an address in the US around the time of the file’s creation in 2013. Massive US military social media spying archive left wide open in AWS S3 buckets — Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest. Security Monkey — Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. Support is available for OpenStack public and private clouds. It provides a single UI to browse and search through all of your accounts, regions, and cloud services. The monkey remembers previous states and can show you exactly what changed, and when. An Introduction to SMB for Network Security Analysts — At its most basic, SMB is a protocol to allow devices to perform a number of functions on each other over a (usually local) network. StorageCrypter Ransomware: Security Threat or Clickbait? — Hats off to the most buzzword-loaded headline of the year: “StorageCrypt Ransomware Infecting NAS Devices Using SambaCry”. DHCPDECLINE Follow Up — I think I have a hypothesis. When dhclient is offered an IP, it attempts to look it up in dhcpd.leases (under /var), and if /var has errors, the lookup fails and says "not found" (which is what the DHCPDECLINE line says in the log). Please keep some BSD — Please don't get too Linux single-minded. Some FreeBSD plugs here and there are welcome. Repairing a 1960s mainframe: Fixing the IBM 1401's core memory and power supply — Core memory was a popular form of storage in this era as it was relatively fast and inexpensive. Each bit is stored in a tiny magnetized ferrite ring called a core.

Network Namespaces have been around for a while, but there may be be some very practical ways to use them that you’ve never considered. Wes does a deep dive into a very flexible tool. Plus what might be the world’s most important killswitch, the real dollar values for stolen credentials and the 19 year old attack that’s back.Sponsored By: iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean Links: The Market for Stolen Account Credentials — But oh, how times have changed! With dozens of sites in the underground now competing to purchase and resell credentials for a variety of online locations, it has never been easier for a botmaster to earn a handsome living based solely on the sale of stolen usernames and passwords alone. Hackers shut down plant by targeting its safety system — FireEye reported that a plant of an unmentioned nature and location (other firms believe it's in the Middle East) was forced to shut down after a hack targeted its industrial safety system -- it's the first known instance of a breach like this taking place. FireEye Report on TRITON — We assess with moderate confidence that the attacker was developing the capability to cause physical damage and inadvertently shutdown operations. This malware, which we call TRITON, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. ROBOT Attack: 19-Year-Old Bleichenbacher Attack — Dubbed ROBOT (Return of Bleichenbacher's Oracle Attack), the attack allows an attacker to perform RSA decryption and cryptographic operations using the private key configured on the vulnerable TLS servers. The ROBOT Attack - Offical Site Robot-detect: Detection script for the ROBOT vulnerability — Tool to detect the ROBOT attack (Return of Bleichenbacher's Oracle Threat). WannaCry: End of Year Retrospective — Since our Vantage team sinkholed and subsequently nullified the WannaCry attack on May 12th, 2017, we have been monitoring and maintaining the domain known as the WannaCry killswitch. Why NSA spied on inexplicably unencrypted Windows crash reports — And, according to slides published this weekend by Der Spiegel, this information also includes crash reports from Microsoft's Windows Error Reporting facility built in to Windows. Network namespaces — As the name would imply, network namespaces partition the use of the network—devices, addresses, ports, routes, firewall rules, etc.—into separate boxes, essentially virtualizing the network within a single running kernel instance. namespaces - Linux manual page — A namespace wraps a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. Changes to the global resource are visible to other processes that are members of the namespace, but are invisible to other processes. One use of namespaces is to implement containers. Network Namespaces » ADMIN Magazine — With network namespaces, you can virtualize network devices, IPv4 and IPv6 protocol stacks, routing tables, ARP tables, and firewalls separately, as well as /proc/net, /sys/class/net/, QoS policies, port numbers, and sockets in such a way that individual applications can find a particular network setup without the use of containers. How to Get the Network Namespace Associated With a Socket Network devices as virtual Ethernet devices — Virtualize network devices as virtual Ethernet devices by configuring direct MacVTap connections or virtual switches. Testing network software with pytest and Linux namespaces Implementation of IEEE 802.1ab (LLDP) — LLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as EDP or CDP. The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver Link-Layer notifications to adjacent network devices. WireGuard Routing & Network Namespaces — This allows for some very cool properties. Namely, you can create the WireGuard interface in one namespace (A), move it to another (B), and have cleartext packets sent from namespace B get sent encrypted through a UDP socket in namespace A. VRF for Linux — The concept of VRF was first introduced around 1999 for L3 VPNs, but it has become a fundamental feature for a networking OS. VRF provides traffic isolation at layer 3 for routing, similar to how you use a VLAN to isolate traffic at layer 2. Think multiple routing tables. linux/vrf.txt at master · torvalds/linux · GitHub Using VRFs with linux Feedback - DHCPDECLINE over and over again DHCP Snooping - Cisco Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites — In a blog post published on Tuesday, WordFence security firm revealed why WordPress recently kicked a popular Captcha plugin with more than 300,000 active installations out of its official plugin store.

Authors of one of the most infamous botnets of all time get busted, researchers discover keyloggers built into HP Laptops, the major HomeKit flaw no one is talking about, and the new version of FreeNAS packs a lot of features for a point release. Plus an update on the show and what to expect, and we attempt something TechSNAP could never do as a video production, a live double FreeNAS upgrade!Sponsored By: Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Links: Our New Contact Page Mirai IoT Botnet Co-Authors Plead Guilty — Krebs on Security — The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site). Pre-Installed Keylogger Found On Over 460 HP Laptop Models — The Keylogger was found embedded in the SynTP.sys file, a part of Synaptics touchpad driver that ships with HP notebook computers, leaving more than 460 HP Notebook models vulnerable to hackers. HP keylogger - ZwClose Blog Post — TL;DR: HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required) Apple Releases iOS 11.2.1 Update With HomeKit Fix — According to Apple's release notes, the update re-enables remote access for shared users of the Home app. Apple broke remote access for shared users when implementing a fix for a major HomeKit vulnerability last week. FreeNAS 11.1 Released — The FreeNAS Development Team is excited and proud to present FreeNAS 11.1! FreeNAS 11.1 adds cloud integration, OpenZFS performance improvements, including the ability to prioritize resilvering operations, and preliminary Docker support to the world’s most popular software-defined storage operating system. This release includes an updated preview of the beta version of the new administrator graphical user interface, including the ability to select display themes. This post provides a brief overview of the new features. Process Doppelgänging Attack — Dubbed ‘Process Doppelgänging‘ by Tal Liberman and Eugene Kogan of EnSilo, the attack was demonstrated during Black Hat Europe 2017 security conference in London earlier today. Doppelgänging, a fileless code injection technique, works in such a manner that an attacker can manipulate the way Windows handles its file transaction process and pass malicious files even if the code is known to be malicious. Process Doppelgänging - Black Hat Europe 2017 — By using NTFS transactions, we make changes to an executable file that will never actually be committed to disk. We will then use undocumented implementation details of the process loading mechanism to load our modified executable, but not before rolling back the changes we made to the executable. The result of this procedure is creating a process from the modified executable, while deployed security mechanisms in the dark.

We say farewell to Dan, but don't despair, we've still got a ton of great topics to cover as we say goodbye. We compare the handling of recent data breaches at imgur & DJI, share some in-depth guides on beefing up your security posture & see Dan off with some of your finest feedback and the world's tastiest roundup.

We get depressed over some new stats confirming our worst fears about the huge number of outdated and unpatched android systems. But, in some good news, Github wants to help you, and your open source projects, stay secure with their new Security Alerts feature. We discuss the details and what it needs to be relevant. Plus some handy tips for getting out of a sticky situation in git, a net neutrality PSA, and some big news from Dan.

We can't contain our excitement as we dive deep into the world of jails, zones & so-called linux containers. Dan shares his years of experience using the time-tested original bad boy of containers, FreeBSD jails. Wes breaks down cgroups, namespaces & explains how they come together to create a container. Plus we discuss similarities, differences, workflows & more! And of course your fantastic feedback, a record setting round-up & so much more!

You may think that’s a secure password field, but don’t be fooled! We’ve got the disturbing tale of some negligent websites & their fraudulent fonts. Then, some top tips to evaluate the security of your banking institutions & best practices for verbal passwords. Plus, a controversial discussion of opsec, obfuscation, security & you!

We've got some top tips to turn you from ssh-novice to port-forwarding master. Plus the latest on the confusing story of Kaspersky, the NSA & a bone-headed contractor. Then, our backup sense is tingling, with the story of $30,000 lost to a forgotten pin. And of course your fantastic feedback, a record setting round-up & so much more on this week's episode of TechSNAP!

We air Microsoft's dirty laundry as news leaks about their less than stellar handling of a security database breach, plus a fascinating story of deceit, white lies, and tacos; all par for the course in the world of social engineering, and we find out that so-called-smart cards might not be so smart, after it is revealed that millions are vulnerable to a crippling cryptographic attack & more!

We've got bad news for Wifi-lovers as the KRACK hack takes the world by storm; We have the details & some places to watch to make sure you stay patched. Plus, some distressing revelations about third party access to your personal information through some US mobile carriers. Then we cover the ongoing debate over HAMR, MAMR, and the future of hard drive technology & take a mini deep dive into the world of elliptic curve cryptography.

We try our hand at spycraft with a set of espionage themed stories covering everything from the latest troubles at Kaspersky to the strategic implications of responsible disclosure at the NSA. Plus, a few more reasons to be careful with what you post on social media & a fascinating discussion of the ethics of running a data breach search service.

We cover the problematic implications of SESTA, the latest internet regulations proposed in the US, plus some PR troubles for CBS's Showtime after cryptocoin mining software was found embedded in their webpage & Dan gets excited as we discuss why tape-powered backups are still important for many large organizations. And of course your feedback, a fantastic round-up & so much more on this week's episode of TechSNAP!

Distrustful US allies further delay the NSA’s new crypto, Viacom’s leaky buckets almost expose its entire IT infrastructure, plus a few more Equifax mishaps & a government spyware tool that might just be masquerading as your favorite app. And of course your feedback, a fantastic round-up & so much more on this week's episode of techsnap!