Archive for the ‘RAID’ Category
Coming up on this week’s TechSNAP…
Buckle up and prepare for our Ultimate ZFS overview!
Plus, the next generation of Stuxnet is in the wild, but this time is laying low, collecting data.
All that and more, on this week’s TechSNAP!
Direct Download Links:
Subscribe via RSS and iTunes:
Jupiter Broadcasting Gear
- Coupon Code: SuperDuperShip – Free Shipping on Super Saver, International, and Canadian Airmail orders. No minimums
- Coupon Code: SuperSave$10 – $10 off orders with a subtotal of $50+
- Coupon Code: Scary35% – 35% off orders with a subtotal of $100+
- Called Duqu, the malware appears to be based on the same concepts as Stuxnet, and likely was written by some of the same people, or someone with access to the Stuxnet source code.
- The malware is designed to be stealthy and silent, rather than exploiting the system to some gain, like most malware
- The rootkit loads it self as a validly signed driver. It appears to have been signed by the certificate of a company in Taiwan identified as C-Media Electronics Incorporation. It is possible that their systems were compromised and their private key is being used without their knowledge. The certificate was set to expire on August 2, 2012, but authorities revoked it on Oct. 14
- The malware is not a worm, as it does it spread, and has no destructive payload
- It appears to only gather intelligence and act as a espionage agent, collecting data to be used a future attack.
- Analysts claim it appears to be seeking information on an unidentified industrial control system
- Duqu appears to have been in operation, undetected for more than a year
- Symantec has declined to name the countries where the malware was found, or to identify the specific industries infected, other than to say they are in the manufacturing and critical infrastructure sectors
- Duqu analysis paper
- Users who do a search while logged in, will do the search over SSL, meaning their search query and the results will be protected from snooping by their ISP, Government, Law Enforcement and WiFi hackers.
- This is an important step as google works to personalize your search results more and more.
- An interesting side effect of this is that browsers do not pass referrer headers when you transition from an SSL site. So the sites you visit from the search results page will no longer see what your search query was. Clicks on Adwords and other sponsored links will still pass your search query.
- The primary impediment to SSL for everything is performance, encrypting all traffic on the web would require a great deal more hardware. This is why Google defaults to a weaker encryption for things like search results, than what online merchants typically use.
- Another impediment to SSL is the certificate system, typical setups require a unique IP for each SSL certificate (because the name based virtual hosting typically done by web servers relies on an HTTP header, that is not sent until after the encryption session is started). However modern browsers and web servers support ‘SNI’ (Server Name Indication) to allow that information to be passed as part of the initial encryption setup. There are also solutions such as wildcard certificates (ie, *.google.com) and Unified Communications Certificates (UCC, typically used for MS Exchange servers and the like).
- Google will also provide website owners with the top 1000 search queries that lead visitors to their site via Google Webmaster Tools.
- HTTPS Everywhere | Electronic Frontier Foundation
- TechSnap Question – YouTube
- Typically a solution like this relies on a hard line connection between the two wireless APs so that they do not have to communicate via wireless as well.
- www.dd-wrt.com | Unleash Your Router
- DD-WRT Router Database
- Turn Your $60 Router into a User-Friendly Super-Router with Tomato
- Tomato (firmware)
- This week we will be taking a look at ZFS as a storage solution
- ZFS was originally developed by Sun Microsystems to be able to store a zetta byte of data (A zetta byte is equal to 1 billion tera bytes)
- ZFS is both the Volume Manager and the File System. This gives it some unique benefits, including the ability to increase the size of the file system on the fly and improves performance for the ‘scrub’ (integrity check all data) and resilver (recover from a failed disk) operations, as only data blocks that are actually in use need to be rewritten, whereas a hardware RAID controller must resilver the entire disk because it is unaware of the file system.
- ZFS is a ‘Copy-On-Write’ file system, this means that data is not immediately overwritten when it is changed
- Multiple mount points – You can create various mount points from the same storage pool, allowing you to have different settings for different types of files.
- Passive Integrity Checking (Fletcher Checksum or SHA–2) – As data is read, it is compared against the checksum (or hash, depending on settings). If the data is found to be corrupted, ZFS attempts to recover it (from a mirrored device, RAID Z, or copies). This feature allows ZFS to detect silent corruption that normally goes unnoticed.
- RAID Z – RAID Z works very similar to RAID 5, except without the requirement for a hardware RAID controller. RAID Z2 provides two parity drives, like RAID 6. Recently, RAID Z3 was also introduced, using 3 drives for parity, providing exceptional fault tolerance.
- Compression – Allow you to compress the data stored in this mount point (defaults to lzjb for speed, or you can choose a specific level of gzip). This can be great for storing highly compressible information such as log files
- Deduplication – Since ZFS already knows the hash of your files as it writes them, it can detect that a file with the identical content already exists in your storage pool, and it will simply link the new file to the old one, and because ZFS is copy-on-write, if either file changes, it does not effect the other. ZFS also supports an optional ‘verify’ setting, where even if the checksum/hash matches, it will do a byte-by-byte verification to ensure the files are the same, to avoid a cache collision resulting in data corruption, even though the chances of this happening are around 10^–77. Deduplication uses a lot of ram, so it is recommended that you only use it on datasets where there is a high probability of duplication (It requires 320 bytes per block, meaning 1TB of data in 8kb blocks requires 32GB of ram. ZFS allows blocks up to 128kb). Deduplication will only use up to 25% of ARC memory, after that performance is degraded.
- Purposeful Duplication (Copies) – Allows you to ask ZFS to maintain more than 1 copy of each file in a mount point. This is in addition to any redundancy provided by mirrors/RAID Z etc. Where possible the additional copies are stored on different physical devices. This allows you to get the benefit of a system like RAID Z but only for a specific set of data, while using regular striping for the rest, to maximize your storage capacity. (The ‘Copies’ system was not designed to protect against entire drives failing, just the loss of specific sectors, also this setting only effects newly created files, so you should set it when you create the mount point)
- Snapshots – A read only copy of the file system from a specific point in time, great for backups etc.
- Clones – A writable snapshot. Allows you to create a second copy of the file system that shares all of the same disk space, and any changes to either the original or the clone get saved separately.
- Dynamic Striping – As you add more disks to your ZFS pool, the strips are automatically adjusted to take advantage of the write performance of all available disks.
- Space Reservation – Since all mount points share the same pool of free space, you can set reservations to make sure specific mount points always have access to free space, even if another mount point is trying to use all of the space.
- In summary, ZFS can be a great solution for your home file server, as it allows you the flexibility to add additional storage at any time, deduplicate files, provided limited redundancy without needing RAID and can even provide some Drobo like functionality.
- If you keep at least one SATA port available in your file server, you can replace smaller devices by attaching the newer drive, and using the ‘zpool replace’ command, to copy all of the data to the new device, then remove the smaller one. You can eventually replace every device in the system this way, and the storage pool sizes up automatically.
- RAID Z pools cannot currently have devices added to them, although this feature is in the works. If you create a RAID Z (or Z2/Z3) pool, you can still increase it’s storage capacity by replacing each disk one at a time, and waiting for it to resilver (unlike in non-redundant setups, you do not have to connect the new device before removing the old one). Again, because ZFS is both the Volume Manager and the File System, the resilvering process is faster, because only data that is actually in use needs to be written to the new device.
- Jobs offered ‘nine-digit price’ to buy Dropbox
- NCI, Australia’s largest Supercomputer, confirmed hacked.
- Sesame Street’s YouTube channel hacked, replaced with porn
- Analysis of 250,000 hacker conversations PDF
- Google Music to support peer-to-peer file sharing, says record exec
- MIT researches develop system to record real time video through walls
In lieu of the AoC review originally scheduled for this week, Jeremy’s decided to throw together some of the hottest stories that’ve surfaced over the past week in the MMO industry. Included in this grab bag of editorial goodness is the DCUO-F2P announcement, GamersFirst’s new “offer” venture, WoW’s unique features coming in patch 4.3, and Trion World’s charitable efforts.
Direct Download Links:
|MMOrgue iTunes Feeds:||MMOrgue RSS Feeds:|
iPad & Apple TV Video
|HD Video RSS
Large Video RSS
Mobile Video RSS
MP3 Audio RSS
- I just said last week that this needed to happen, since CO and COH are both free now, and Marvel U will be F2P as well (if it ever launches).
- This just sounds like an excuse to charge people for future expansions, like they intended to do with Fight for the Light.
- Previously cropped up in DDO, but Turbine decided to shut it down based on responses ( alternative link )
- Will work slightly better in the APB and FE settings just due to the world lore.
- Will still annoy players, and raise security concerns and spambot concerns.
- A new LFG queue that will automagically put you into lower-difficulty versions of the existing raids, with lesser loot. But 25-man versions ONLY.
- These raids also don’t include lockout timers, which will be a HUGE boon to folks that regularly do PUG raids.
- This will work GREAT in WoW due to the nature of the community, but I’m worried about this becoming a trend that other games may pick up on. Any developer interested in this trend needs to take a close look at their specific type of community before deciding whether to use this same methodology.
- For example, WoW has a healthy PUG community, and a lot of smaller guilds that can only raid 10-man zones. So making a 25-man option more accessible actually allows MORE players to experience this side of the raiding game (which has a huge content focus in WoW).
- Meanwhile, if a game thrives more on small groups and tight communities, implementing something that reinforces a PUG atmosphere would offer very little benefit while encouraging community fragmentation.
Partnering with “Extra Life” to benefit Children’s Miracle Network
Devs will be creating a guild and inviting new characters to join them, and play for 24 hours straight.
They will also offer titles to anyone that participates (“the Charitable”) and for anyone that lasts the entire 24 hours (“the Insomniac”).
Also a whole mess of achievements/contests:
Highest Level Achieved
Most Favor Earned
Most Planarite Earned
Highest Crafting Skill (combined)
Most Achievements Earned
Most Dungeons Completed
Most Money Earned
Most Critters Killed
Most Artifacts Collected
Money from MMO subscriptions officially on the decline
- Money from F2P microtransactions is up!
When your data is important, understanding RAID can make the difference between a major loss, or saving the day. We’ll break down the different types of RAID, and the setups we’ve found to work best!
All that and more, in this week’s TechSNAP.
Direct Download Links:
Subscribe via RSS and iTunes:
- The system would have browsers anonymously submit copies of all certificates that they encounter to the EFFs SSL Observatory
- Rouge certificates would be detected and the users could be warned about the danger
- The system would work in a similar way to Google’s SafeSearch
- We discussed the EFFs SSL Observatory and some of it’s very troubling findings in the very first episode of TechSNAP
- Adobe reported that the vulnerability is actively being exploited by attempting to trick user into clicking on a malicious link delivered in an email message.
- A similar attack was used against RSA as we discussed in episode 2 of TechSNAP
- Additional Article
- SSL 3.0 and TLS 1.0 are vulnerable to an attack that can disclose private data
- The researchers proof of concept can be used against popular sites such as PayPal
- The exploit requires the attacker to be in a ‘man-in-the-middle’ position, and uses a ‘chosen plain-text attack’ against the AES encryption algorithm often used by SSL/TLS.
- Not all SSL implementations default to AES, OpenSSL prefers the Camellia cipher first, however, a man-in-the-middle attack could influence the list of allowable ciphers, causing AES to be chosen as the cipher suite.
- The researchers have been working with browser vendors since May to develop a solution, however every proposed patch has been found to break compatibility with some major SSL appliance resulting in a number of major sites not being reachable over SSL. Thus far browser vendors have not resolved the issue.
- The attack is relatively slow, and requires a MiTM position, so it not likely to result in the breakdown of all e-commerce, however, it could be used quite effectively against public wifi spots.
- Interesting notes from my own research, Cipher Suite Preference Order:
- Google (Docs, Gmail)
- ScaleEngine.com (OpenSSL HIGH:!MD5)
- DHE-RSA-CAMELLIA256-SHA, CAMELLIA256-SHA
- DHE-RSA-CAMELLIA128-SHA, CAMELLIA128-SHA
- DHE-RSA-AES256-SHA, AES256-SHA
- DHE-RSA-AES128-SHA, AES128-SHA
- EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA
- None of these sites support SSLv2
- Additional Article
- Statistics shows that as many as 35% of SSL enabled sites are still vulnerable to a 2009 attack. Some sites purposely delay deploying SSL updates due to concerts about compatibility with outdated browsers, especially since SSL is used primary for e-commerce.
Intel integrates RealVNC at the BIOS level, allowing full remote access via the existing Intel vPro management engine
- Intel has worked with RealVNC to embed a VNC Remote Frame Buffer server directly into the BIOS and vPro management chipset
- Featuring include allowing you to remotely change BIOS settings, mount virtual images for reinstalling or repairing the OS, full remote-kvm features and remote reboot capability
- The VNC access is secured using the existing on board encryption and certificate system built into the Intel vPro Management Engine Chipset.
- vPro must be enabled, assigned an IP address and certificate (or strong password) in order to be used, so this will not expose unconfigured computers to the risk of being unintentionally remotely controlled.
Home Server Segment – Storage. There are many different types of RAID, a set of technologies that allow multiple independent physical disks to act as a single logical disk. The different types of RAID provide different advantages and disadvantages and have various uses.
- RAID 0 – Striping
- RAID 0 uses any number of disks and spreads the data between the disks, usually in blocks of 64 or 128kb. The total size of the logical disk will be N * smallest disk
- This means that while reading and writing data, you have more physical heads doing the work, meaning that when read or writing a large amount of data, all of the disks can work in tandem, resulting in higher throughput
- The disadvantage to RAID 0 is that there is no redundancy, if any one disk in the set fails to work, all data in the entire RAID array is no longer usable.
- Common use cases for RAID 0 are things such as Video Editing that requires extremely high throughput rates
- RAID 1 – Mirroring
- RAID 1 is the most basic type of RAID, it requires an even number of disks. Each pair of disks contains identical information. The total size of the logical disk is N/2 * smallest disk.
- When one of the two disks fails, the other contains exactly the same data, and the system can continue to operate. The failed disk can then be replaced, and the remaining disk has it’s data cloned to the new disk (this process is called Resilvering), restoring the system to full operational status.
- RAID 1 can improve read performance because two heads can be seeking at the same time, however it cannot improve write performance, as both disks must write all changes made to the data
- The disadvantage to RAID 1 is that you lose half of the storage capacity of the drives you put in to the array
- RAID 1 is typically used for systems that require high fault tolerance, and the ability to continue to operate even during a disk failure
- RAID 2 is not currently used, the original specification called for disks that would rotate and seek in unison and offer the possibility of higher transfer rates.
- RAID 3 is similar to RAID 0, however instead of using large blocks, data is split between the drives at the byte level. This is very rare in practise because of the limited number of IOPS that most disks can handle, and the fact that RAID 3 suffers from a great loss of speed if more than 1 operation is run concurrently
- RAID 4 works similar to RAID 5 below, except that it uses a dedicated parity disk
- RAID 5
- RAID 5 combines striping (RAID 0) with parity. This means that as each group of blocks is written, a parity block is calculated and written to one of the disks. This way, if any one of the disks were to fail, using the remaining blocks and the parity block, it would be possible to calculate what the missing block should be. The total size of the logical disk is N – 1 * smallest disk.
- During operations, if a disk fails, the RAID array will be in what is know as ‘degraded’ mode, where the controller must do the calculations to determine what the missing data would be. This results in significantly lower performance. However the array can be restored to healthy status by replacing the failed disk, and allowing it to ‘resilver’ (the process of calculating each block of data that should exist on that drive, and writing it to the disk).
- RAID 5 provides a the advantages of RAID 0 (speed, use of most of your disk capacity), while still providing some fault tolerance.
- The parity data is storage spread across all of the disks, rather than always one one specific disk, for more even performance, because the parity calculation is
- RAID 5 is typically used in servers where a large amount of storage and performance is required, but some degree of fault tolerance is also warranted. RAID 5 is rarely available on built-in RAID controllers due to the complexity of the parity calculations.
- RAID 6
- RAID 6 works like RAID 5 except with two copies of the parity information. The size of the logical disk is N–2 * the smallest disk
- RAID 6 provides additional fault tolerance, specifically it allows the array to continue to operate if more than 1 disks fails at once, or if a second disk fails before the first can be resilvered. In a RAID 5 array, if a second disk dies before the first failed disk is completely restored, the entire array is lost.
- RAID 6 is typically used in servers that require more storage and more fault tolerance than RAID 1 can provide, and where RAID 5 is just not enough fault tolerance. RAID 6 usually requires a rather expensive hardware controller.
- Some complex controllers can allow you to do ‘nested raid levels’.
- RAID 0+1
- A mirrored array of two striped arrays, allowing both speed and fault tolerance
- RAID 50
- RAID 60
- A stripped array of two RAID 6 arrays, providing additional performance on top of the fault tolerance and larger capacity of RAID 6. This setup is also common in setups where the RAID 6 arrays are on separate controllers.
- Smart meters might reveal what TV shows or movies you are watching
- DigiNotar declares bankruptcy
- Siemens to exit the Nuclear Power Business
- One fifth of telecommuters work less than 1 hour per day
- Alcatel Lucent’s new VDSL2 Vectoring product offers to increase DSL speeds by 25% to 100% on existing lines
- Whitman Expected to Be Named at H.P.
- Massachusetts Attorney General victim of iTunes fraud, promises to investigate if Apple is failing to report security breeches
- Peer1 Data Center Tech leaves his comfort zone, repelling off sky scraper for charity
We’ve got the details of an FBI raid that knocked several popular sites off-line.
The WordPress plugin repository was compromised, and backdoors were added to a few popular plugins, and we’ll share the details.
Plus Dropbox’s shockingly bad security issue this week, and we’ll cover why you always want a little salt with your passwords!
All that and more, on this week’s TechSNAP!
Direct Download Links:
Subscribe via RSS and iTunes:
- At 1am on Tuesday the FBI raided the Virginia, USA data center of Swiss web hosting company DigitalOne.
- DigitalOne’s website was still offline late Wednesday
- DigitalOne does not have any staff on-site, and relies on remote hands from the data center operator, CoreSite. DigitalOne was not aware of what the problem was until hours later when the data center contracted them and passed along the name of the agent in charge and a phone number for DigitalOne to contact the FBI.
- When requested DigitalOne had given the FBI information on the IP address they inquired about and told them the exact location of the server. However the FBI seized 3 entire racks of servers rather than only the server they were after.
- There are rumours that this raid was related to an investigation in to LulzSec
- A number of services like Pinboard and Instapaper were effected.
- WordPress.org is not sure exactly what happened
- Plug-in repository compromised
- Malacious code was found in commits to popular plugins like W3 Total Cache, AddThis and WPTouch
- WordPress took the prophylactic step of forcing all users to reset their passwords to prevent any further compromised code from being pushed out.
- Adobe issued a second ‘out of band’ security update for Flash player in only 9 days due to another exploit
- Reportedly, one of the 0-day exploits was being used to steal users’ gmail passwords
- The vulnerability was listed as critical, as it might allow an attack to take complete control of a system
- Nightmare scenario is a trusted page is compromised and flash malware is inserted
- Make sure you update to the latest version of Adobe Flash
- A flaw at dropbox allowed users to login with any password, and access the account
- This means anyone who knew your email address could have accessed your account and files. They could have authorized additional devices so they can continue to access your files even once this flaw was fixed.
- Dropbox claims less than 1% of users logged in during that time (seems low)
- Official Notice from Dropbox
- If dropbox used proper encryption with one key per user, files could not be accessed without the correct password. However this security measure would take away a lot of the ‘easiness’ of dropbox that people are so fond of.
- The major bitcoin currency exchange MtGox had it’s database compromised and was taken offline when a large number of fraudulent trades were made, swinging the market.
- The compromised account sold all of it’s coins, forcing the market price down, then bought them all back, and tried to cash out
- Accounts that had not been used recently, had not had their passwords upgraded from the original unsalted md5 hash to the standard FreeBSD crypt() md5 salted hash.
- MtGox managed to get a hold of someone at google and google forced all users with gmail accounts at MtGox were forced to reset their passwords
- Once MtGox is back up, they plan to switch to SHA-512 salted hashes.
- MtGox claims that the computer of a 3rd party auditor who had read-only access to the database was compromised, and then insecurely hashed passwords were cracked and those accounts were then used by the attackers.
Q: (Keith) Can you explain salted hashing and two factor authentication in more detail?
A: Some websites, especially older forums and bespoke software, will store your password as a plain md5 or sha1 hash. These can easily be broken by a rainbow table, and can also be brute forced rather quickly using GPUs. To protect passwords against rainbow tables, modern password hashing algorithms use a ‘salt’. A salt is just some random characters added to the password to make it better. In the FreeBSD crypt() MD5, the default is 8 base64 characters. This means that the rainbow table would have to include those extra 8 possible characters to be able to crack the password. Also, the salt is different for each account, so that means a separate rainbow table would be required for each user, and that two users with the same password won’t have the same hash. What many people don’t realize when they try to implement their own password hashing using regular md5, is that the FreeBSD crypt() md5 does 100 rounds of hashing, not just one. This was sufficiently slow when ti was design, but is much less so now. That is why other algorithms, like SHA-512 and Blowfish have become more popular. On top of having larger salts (16 and 22 characters respectively), they use an adjustable number of rounds of the hashing algorithm. This allows the administrator to decide on a performance/security trade off that best fits their needs.
Lecture notes by Allan on how Password Hashing Works
To answer the other part of your question, multi-factor authentication means using more than one way to confirm the user is who they claim to be. Two-factor authentication just means using 2 of the 3 factors to confirm the users identity, rather than just one. The three types are:
- Something you know (username/password, secret question, pin #)
- Something you have (ID card, security token, RFID, Cell phone)
- Something you are (Fingerprint, Retina Scan, Signature, Voice sample)
So, the typical ATM card system, is who factor authentication, something you have (bank card) and something you know (pin number), however, the pin number is not a very strong authenticator. As we’ve seen in recent weeks, even a security token can be compromised, and some forms of attack like the ZeuS trojan, just wait until you authenticate to perform their attack.
LulzSec’s Primary tool? Havij v1.14 Advanced SQL Injection
FAKE: LulzSec supposedly claims its biggest coup yet: The entire UK 2011 Census
LulzSec Ring Leader Arrested
LulzSec-Exposed (counter hacking group) claims authorities are closing in
LulzSec teams up with Anonymous for Operation AntiSec