LinuxPlanet Casts

Media from the Linux Moguls

Archive for the ‘iOS’ Category

Pimp My Network | TechSNAP 27

without comments

post thumbnail

Facebook is fooled again, remote controlled voting machines, and Sony has another 93,000 accounts hacked, we’ll load you up on the details!

Then – We cover your best options for pimping your home network for speed!


Direct Download Links:

HD Video | Large Video | Mobile Video | WebM | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:

Show Notes:

Facebook URL scanner easily fooled

  • Facebook has a malicious URL scanner that checks urls linked to in posts to make sure they do not contain content that could be harmful to users
  • The most simple content cloaking technique, displaying different content to different users (ie, look for the facebook bots user-agent string) and fool this system
  • In the example proof of concept attack, the url looks like a .jpg file, and will get a thumbnail in the facebook preview, but if you follow the link, you will be rickrolled
  • Proof of Concept

*

Sony Locks 93,000 Accounts After Hacking Attempt

  • Sony has suspended 93,000 accounts that were successfully accessed during a massive wave of failed login attempts.
  • This suggests that Sony does not have any automated systems for slowing, or blocking such brute force attacks.
  • The attack effected large numbers of users on both the PSN/SEN, and SOE
  • While Sony claims the the attackers must have had a list of username/password combinations from some other site that was attacked, the fact that 100s of thousands of accounts had attempts against them, and 93,000 succeeded, suggests one of a few hypothesises:
  • The attack used user data from the original sony hack (and/or users reset their passwords back to the same stolen passwords)
  • The flaw in the PSN password reset system that allowed attackers to reset other users’ passwords was more widespread that first though
  • Users were the victims of the multiple phishing attempts we saw around the the PSN compromise
  • Sony was compromised again
  • Additional Article
  • Sony CISO Statement

*

Diebold Voting machines susceptible to untraceable man in the middle attack

*

Feedback:

  • Dominic emails in:
    YOU’RE DOING IT WRONG

  • How to connect multiple switches

  • Q: When building physical network topology, say you have 5x 8 port switches, are you best to connect the router to port 1 of switch#1 then connect various other computers to the rest of the ports on switch#1 with the last port connecting to switch#2 which has one port to switch#3 and so on (essentially daisy chaining) or have one ‘master’ switch where each port of the switch connects to each of the other switches (2, 3, 4 and 5) then have the router and PCs plugged into those (I know its a bit overkill for a home network but its just in theory as I’ve had to deal with stuff like network loops and such before and wondering if there is any real advantage between the two methods).

  • A: The second setup you described is a proper ‘hierarchical networking model’, which usually consists of three layers. The first layer is the Access Layer, this is where individual computers are connected to the network, this is typically just a (relatively) low-end switch. The next layer, is the Distribution Layer, this is where a lot of routers and firewalls do their work, they usually also acts as the separation between departments, locations and regions. Typically computers in the same Access Layer can reach each other directly without going through a router. The top layer of the network is the Core Layer, this is the fastest part of the network, where data is exchanged between the different Distribution Layers. In your more limited setup, the ‘master’ switch would be the Core Layer, and exchange traffic between each of the different Access Layer switches. However, for your home this may not be the best setup. If all of the switches are 100mbit, then the links between the Core Layer switch, and the Access Layer switch can be a bottleneck. For example, if you had 2 pairs of clients communicating with each other on the same switch (so 4 machines, A<->B and C<->D), they could each communicate at 100mbit/second. However, if A and C are on Access Layer switch#2, and B and D are on Access Layer switch#3, then the bandwidth between #2 and #3 is limited to 100mbit total, and so each stream would only be able to use 50mbit/sec. However, if A and B are on one switch, and C and D are on another, then no data is exchange through the Core Layer at all. So a number of factors, especially your traffic patterns, must be considered when setting up your network topology. You do not have to worry about creating ‘loops’ or anything as long as each switch only has a single path to each other switch. Higher end switches (managed ones) will have ‘STP’ (Spanning Tree Protocol), which allows them to avoid loops even when they have multiple paths, while still adapts and using one of the extra paths if the preferred path is disconnected.

  • At my house, I have a 5 port gigabit switch, and 3 100mbit switches. My PC, Router/File Server, and Media center connect to the gigabit switch, the 4th port goes to the wireless AP, and the 5th to the switch in my bedroom. The remaining 100mbit switch (used for the machines in the rack in my living room) is fed off the wired ports for the wireless AP.

Round Up:

Written by chris

October 13th, 2011 at 9:11 pm

Ultimate Home Router | TechSNAP 23

without comments

post thumbnail

Exploits are in the wild that can take down critical infrastructure equipment, and some highly trusted sites were attacked this week and used against their own visitors.

Plus – We’ll tell you how to build the ultimate home router, that can do more than many Enterprise grade systems, with the press of a few buttons – and for FREE!

All that and more, on this week’s TechSNAP!

Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:

Show Notes:

Italian hacker publishes 10+ 0 day SCADA exploits with proof of concept code

  • SCADA (Supervisory Control and Data Acquisition) are Industrial control systems
  • The Stuxnet worm targeted the specific SCADA system used by the Iranian centrifuges
  • These exploits could cause serious disruption if the systems are not properly protected from external access
  • SCADA systems are used to control numerous important industrial systems including water and sewage treatment, dams and power plants, as well as manufacturing automation systems.
  • In January 2000, the remote compromised of a SCADA system was responsible for pumping sewage into a nearby park and contaminated an open surface-water drainage ditch.
  • News Article

Official uTorrent website compromised, users download spyware

  • On or before Tuesday September 13th, the Official uTorrent.com website was compromised, and on the 13th, the attackers replaced the download files with spyware.
  • Users who downloaded uTorrent on the 13th instead received a scareware fake anti-virus package called ‘Security Shield’
  • The scareware told them they were infected with malware and demanded payment to remove it
  • Any users who downloaded uTorrent between 12.20 and 14.10 BST likely received the malware instead of uTorrent.
  • In this case, the attack was fairly obvious, but a similar hack against popular software distribution points could have resulted in the stealth infection of 1000s of systems via the auto-update feature built in to most modern applications.
  • This is always the nightmare security situation, when legitimate trusted sites are compromised and start to distribute harmful content.

Funny Virus Pic – Google+


BIOS rootkit found in the wild

  • The virus can infect most any computer with an Award BIOS (very popular, used in most all Motherboards that I own).
  • The virus dumps a copy of the BIOS, and then adds an ISA ROM that will rewrite the MBR (Master Boot Record) on the hard drive at each bootup.
  • The MBR virus then rootkits winlogon.exe to take over control of the system
  • The rootkit then prevents modification of the MBR, making it harder to remove the virus
  • Even if the MBR is repaired, it is reinfected at the next boot by the BIOS portion of the virus
  • The rootkit also downloads a trojan and allows the system to be remotely controlled.
  • This attack is related to the attack we discussed in a previous episode of TechSNAP where a researcher was able to infect the battery in a MacBook with a virus. If the virus was similar to this one, it would add an additional layer of complexity, if the BIOS could be reinfected from the battery.
  • Details from Symantec

TWiT.tv compromised, malicious iframe injected, loads Java malware

  • The popular TWiT.tv page was compromised and a snippet of malicious code was added, an iframe that directed users’ browsers to a page that attempted to use Java and PDF exploits.
  • Google’s safe browsing started blocking the site. Firefox and Google Chrome users will be presented with a warning before visiting the site.

War Story:

  • At approximately 4:00 PM facility local time on Sunday, September 11, 2011, the Seattle 1 data center experienced an unexpected service interruption. It was determined that the cause of the issue was a malfunction in one of the edge routers servicing the facility.
  • The device was rebooted to correct the issue and we proceeded to work with the device manufacturers TAC (Technical Assistance Center) to determine the cause of the issue and proper resolution to avert any future problems.
  • At 6:20 PM facility local time, the same issue occurred again, and the device was again rebooted.
  • To prevent any future unexpected service interruptions, it was decided that the best course of action would be to replace the device with the standby device available at the facility.
  • At approximately 7:00 PM facility local time, we began the process of replacing the faulting device with a new one. The old device was removed and the new device was put in its place.
  • Once powered on the replacement device alerted us to a number of errors within the switch fabric modules that were causing inter-line card communication to not work properly.
  • We again contacted the device manufactures TAC, and at approximately 8:30 PM, we decided with the TAC that the best option was to replace the switch fabrics in the replacement device with the switch fabrics from the old device.
  • Once this was completed the device was restarted but produced the same errors.
  • The issue was then escalated to tier 2 support at the device manufactures TAC.
  • We concluded that the issue was likely a problem somewhere within the replacement device’s chassis, and proceeded to replace the chassis with the one from the old device.
  • Upon doing so, we began getting a different set of errors, this time with the management modules communication to the line cards.
  • At approximately 4:30 AM facility local time, the matter was escalated to tier 3 support at the device manufactures TAC. At this time, we also dispatched our head network technician to the facility from Phoenix with a spare device which is stored at our office in the event of issues such as this one.
  • At approximately 6:30 AM facility local time, the TAC tier 3 technician concluded that the likely cause of the issue was an electrical problem either within the switch fabric modules or the replacement device chassis which resulted in improper current being sent to various parts of the device and damaging several of the sensitive electronic components in the line card, forwarding engines and switch fabrics. Because the electrical subsystem within the device had potentially caused damage to all of the switch fabric modules that we had available at the facility, we were advised that we should power down both devices and not use either of them any further until a full diagnostic of the electrical sub-system could be completed by the manufacturer.
  • At approximately 12:00 PM our head network technician arrived at the Seattle airport, and by 1:00 PM was at the facility with the replacement device from our Phoenix office.
  • At approximately 2:00 PM our head network technician completed the installation of the replacement device from our Phoenix office and service was fully restored.
  • Total time offline: 19 hours 8 minutes.

Feedback:

  • A few questions about home servers
    Q: crshbndct I’ve built a spare computer out of some spare parts and I want to use it as a home server. I’d like to use it as a router, a DNS server, a caching server, and maybe also throttle the usage of my servers. What should I use?
    A: Chris and I both love pfSense, it is a FreeBSD based router appliance. You can basically turn any computer with 2 network cards into a Router/Firewall, with DHCP, DNS/DDNS, VPN (IPSec, PPTP, OpenVNP), VLANs, Captive Portal, Traffic Shaping and Graphing. It has a web interface similar but more expansive than what most people are already used to from a normal off the shelf home router.

Next Week: RAID types, what they are and some use cases for each.

Round-Up:

Bitcoin-Blaster:


Bitcoin Value: 34,196,260 USD

Written by chris

September 15th, 2011 at 9:16 pm

007: Linux Kernel Gets Hosted at Github

without comments

Linux News Podcast LinuxNewsPodcast 1802 007: Linux Kernel Gets Hosted at GithubComing up on episode 7 of the Linux News Podcast… Linux Kernel Gets Hosted at Github, Dutch Government Takes Over DigiNotar, and Appsfire Announces Open Source UDID Replacement for iOS.

TRANSCRIPT
Linux Kernel Gets Hosted at Github
http://www.h-online.com
On our last newscast we told you about the Linux Project’s main site getting hacked. Well this week we learned that Linus Torvalds has temporarily moved the entire Linux kernel to Github. It appears that the main sever for kernel.org is not yet fully functional after being hacked. This announcement comes as the 5th release candidate of Linux 3.1 is published. Torvalds made it clear he plans to return to kernel.org once it is fully functional again.

Dutch Government Takes Over DigiNotar
http://www.h-online.com
The Dutch government took over operational control of DigiNotar, the digital certificate company that appears to have been hacked by someone in Iran apparently wanting to spy on activists in their country. We are now learning that 530 fake SSL digital certificates were issued for such sites as Facebook, Yahoo, Microsoft, Skype, Twitter, Tor, and WordPress, and even included intelligent agencies such as the CIA and MI6. This incident has highlighted the fragility of the SSL/TLS certificate trust model in use on the net today.

Appsfire Announces Open Source UDID Replacement for iOS
http://techcrunch.com
Appsfire is attempting to create an open source solution to the problem Apple created by phasing out developer access to the Unique Device Identifier on iOS devices. It is called OpenUDID. It is designed to replace all that was lost, and in which everyone can participate. It also said it will provide a system that will enable users to opt-out if they wish. All mobile app developers are invited to join in the testing process now.

Reflecting on Chrome as Browser Hits Third Birthday
http://arstechnica.com
Three years ago Google launched its Chrome browser. Since that time Google’s Web Browser has attracted a large number of users and has made an impact on other browsers in the process. Chrome’s speed and distinctive minimalist design has won over a number of Linux users. There is even talk that Chrome may become Ubuntu’s browser. We’ll see what the next three years hold.

OpenSSH 5.9 Arrives
http://www.h-online.com
The development team for the Secure Shell known as OpenSSH has released version 5.9. The newest update include a number of updates including the addition of a Hash-based Message Authentication Code to verify both the data integrity and the authenticity of a message. They also are experimenting with sandboxing the privilege separation child process. OpenSSH is developed by the OpenBSD project and is released under the BSD licence.

Python 3.2.2 Fixes Regression
http://www.h-online.com
The Python developers have released version 3.2.2 of their open source programming language. This maintenance update mainly fixes a regression in the urllib.request module that prevented opening many HTTP resources correctly. In addition there are about 60 minor changes and fixes. Python 3.2.2 is available to download from the Python Website.

Swiss Federal Court Sharing its DMS as Open Source
http://www.osor.eu
The Swiss Parliament is permitting the Federal Court to publish its document management system under the General Public Licence, version 3. The software is called Open Justitia and was developed in-house by the court. Weblaw, a proprietary software firm, tried to block its release claiming that the federal court was essentially becoming a commercial competitor. The court explained that it believes it has sufficient legal grounds to develop its own DMS and that making available the source code does not mean it is entering in competition.

Leaks Show US Swayed Canada on Copyright Bill
http://www.osnews.com
New Wikileaks documents describe Canadian officials as encouraging American lobbying efforts. The cables, from the U.S. Embassy in Ottawa, even have a policy director for then industry minister Tony Clement suggesting it might help U.S. demands for a tough copyright law if Canada were placed among the worst offenders on an international piracy watch list. Days later, the U.S. placed Canada alongside China and Russia on the list.

Governments Use Western Technology to Spy on Citizens
https://www.eff.org
The Electronic Frontier Foundation has long warned about the use of American and European made surveillance technologies by authoritarian governments to spy on their citizens. Last week we saw another example of that when the government of Bahrain used surveillance software from Nokia Siemens to intercept messages and gather information on human rights activists, resulting in their arrest and torture. This is just one of many such cases. The real concern is that Western surveillance tools are likely undermining the “Internet freedom” agenda.

Gluster Founder Details Data Management Strategy
http://www.infostor.com
Gluster is an open source distributed filesystem that is positioning itself for the current evolution of cloud computing and big data requirements. Gluster is aiming to solve storage problems that people have been grappling with for years. Companies are asking for a Google-style storage approach where a scale-out filesystem is needed that can run on commodity hardware. That is why one of the new features in GlusterFS 3.3 is support for Hadoop which is an attempt to expand Gluster usage for Big Data.

SPONSOR
Roku – Instantly Play Movies & TV Episodes from the Internet! Starting at $59.99
Click here!

THEME MUSIC
Theme Music was “Legends of the North” by Mattias Westlund

RESOURCES
Bookstore – Get Linux software and books about Linux.
T-Shirts – Show your support with cool t-shirts, mugs, and more.
About Us – Introduces you to the podcast and the podcaster.
Privacy – Concerned about privacy, read our privacy policy.
Contact – Complaments, Problem, concerns, and suggestions welcomed.

CONNECT
Twitter Updates – Get the latest news updates and sneak peaks.
Facebook Page – Like the podcast and get the latest episodes in your friend stream.

SUBSCRIBE
RSS Feed
Add to iTunes
Add to Zune
Add to Google
Miro Player

Written by linuxpod

September 6th, 2011 at 2:52 pm

Battery Malware | TechSNAP 16

without comments

post thumbnail

Attackers take aim at Apple with an exploit that could brick your Macbook, or perhaps worse. Plus you need to patch against a 9 year old SSL flaw.

Plus find out about a Google bug that could wipe a site from their Index, and a excellent batch of your feedback!

All that and more, on this week’s TechSNAP!

Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:

Show Notes:

iPhones vulnerable to 9 year old SSL sniffing attack

  • A nine year old bug discovered and disclosed by Moxie Marlinspike in 2002 allows attackers to decrypt intercepted SSL sessions. Moxie Marlinspike released a newer, easier to use version of the tool on monday, to coincide with Apple finally patching the flaw on iPhone and other iOS devices.
  • Any unpatched iOS device can have all of it’s SSL traffic trivially intercepted and decrypted
  • This means anyone with this new easy to use tool sitting near a wifi hotspot, can intercept encrypted login information (gmail, facebook), banking credentials, e-commerce transactions, or anything else people do from their phone.
  • The bug was in the way iOS interpreted the certificate chain. Apple failed to respect the ‘basicConstraint’ parameter, allowing an attacker to sign a certificate for any domain with an existing valid certificate, a condition normally prevented by the constraint.
  • There are no known flaws in SSL it self, in this case, the attacker could perform a man-in-the-middle attack, by feeding the improperly signed certificate to the iPhone which would have accepted it, and used the attackers key to encrypt the data.
  • Patch is out with a support doc and direct download links

Apple Notebook batteries vulnerable to firmware hack

  • After analyzing a battery firmware update that Apple pushed in 2009, researchers found that all patched batteries, and all batteries manufactured since, use the same password
  • With this password, it is possible to control the firmware on the battery
  • This means that an attacker can remotely brick your Macbook, or cause the battery to overheat and possibly even explode
  • The attacker can also falsify the data returned to the OS from the battery, causing odd system behaviour
  • The attacker could also completely replace the Apple firmware, with one designed to silently infect the machine with malware. Even if the malware is removed, the battery would be able to reinfect the machine, even after a complete OS wipe and reinstall.
  • Further research will be presented at this years Black Hat Security Conference
  • In the meantime, researchers have notified Apple of the vulnerability, and have created a utility that generates a completely random password for your Mac’s battery.
    Additional Link

Facebook fixes glitch that let you see private video information

  • A glitch in facebook allowed you to see the thumbnail preview and description of private videos posted by other users, even when they were not shared with you.
  • It was not possible to view the actual videos

Google was quick to shutdown Webmaster Tools after vulnerability found

  • Using the google webmaster tools, users were able to remove websites that did not belong to them from the Google Index
  • By simply modifying the query string of a valid request to remove your own site from the google index, and changing one of the two references to the target url, you were able to remove an arbitrary site from the google index
  • The issue was resolved within 7 hours of being reported to Google
  • Google restored sites that were improperly removed from its index.

Researchers find vulnerablity in Skype

  • Inproper input validation and output sanitation allowed attackers to inject code into their skype profile
  • By entering html and java script in to the ‘mobile phone’ section of your profile, anyone who had you on their friends list would execute the injected code.
  • This vulnerability could have allowed attackers to high your session, steal your account, capture your payment data, and change your password

Feedback


Q: (Sargoreth) I downloaded eclipse, and I didn’t bother to verify the md5 hash they publish on the download page, how big a security risk is this?
A: Downloadable software often has an MD5 hash published along with the downloadable file, as a measure to allow you to ensure that the file you downloaded is valid. Checking the downloaded file against this hash can ensure that the file was not corrupted during transfer. However it is not a strong enough indicator that the file has not been tampered with. If the file was modified, the MD5 hash could just as easily have been updated along with it. In order to be sure that the file has not been tampered with, you need a hash that is provided out of band, from a trusted source (The FreeBSD Ports tree comes with the SHA256 hashs of all files, which are then verified once they are downloaded). SHA256 is much more secure, as MD5 has been defeated a number of times, with attackers able to craft two files with matching hashes. SHA-1 is no longer considered secure enough for cryptographic purposes. It should also be noted that SHA-512 is actually faster to calculate than SHA256 on 64bit hardware, however it is not as widely supported yet. The ultimate solution for ensuring the integrity of downloadable files is a GPG signature, verified against a trusted public key. Many package managers (such as yum) take this approach, and some websites offer a .asc file for verification. A number of projects have stopped publishing the GPG signatures because the proportion of users who checked the signature was too low to justify the additional effort. Some open source projects have had backdoors injected in to their downloadable archives on official mirrors, such as the UnrealIRCd project.


Q: (Christoper) I have a windows 7 laptop, and a Ubuntu desktop, what would be a cheap and easy way to share files between them?
A: The easiest and most secure way, is to enable SSH on the ubuntu machine, and then use an SFTP client like FileZilla (For Windows, Mac and Linux), and then just login to your ubuntu machine using your ubuntu username/password. Alternatively, If you have shared a folder on your windows machine, you should be be able to browse to it from the Nautilus file browser in Ubuntu. Optionally, you can also install Samba, to allow your Ubuntu machine to share files with windows, it will appear as if it were another windows machine in your windows ‘network neighbourhood’.


Q: (Chad) I have a network of CentOS servers, and a central NFS/NIS server, however we are considering adding a FreeNAS box to provide ZFS. I need to be able to provide consistent centralized permissions control on this new file system. I don’t want to have to manually recreate the users on the FreeNAS box. Should I switch to LDAP?
A: FreeNAS is based on FreeBSD, so it has a native NIS client you can use (ypbind) to connect to your existing NIS system. This would allow the same users/groups to exist across your heterogeneous network. You may need to modify the /etc/nsswitch.conf file to configure the order local files and NIS are checked in, and set your NIS domain in /etc/rc.conf. Optionally, you could use LDAP, again, adding some additional parameters to nsswitch.conf and configuring LDAP. If you decide to use LDAP, I would recommend switching your CentOS machines to using LDAP as well, allowing you to again maintain a single system for both Linux and BSD, instead of maintaining separate account databases. If you are worried about performance, you might consider setting the BSD machine up as an NIS slave, so that it maintains a local copy of the NIS database. The FreeBSD NIS server is called ypserv. You can find out more about configuring NIS on FreeBSD here


Bitcoin Blaster

Roundup