LinuxPlanet Casts

Media from the Linux Moguls

Archive for the ‘att’ Category

Stuffed War Stories | TechSNAP 33

without comments

post thumbnail

Microsoft’s flawed code signing infrastructure puts your machine at risk, find out how.

A batch of great audience submitted questions, and we share a few IT war stories!

All that and more, on this week’s TechSNAP!

Thanks to:

GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans

 


Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

   
Subscribe via RSS and iTunes:

   

Show Notes:

AT&T customer data targeted in attack

  • The attackers used automated scripts to attempt to determine if phone numbers were linked to AT&T online accounts
  • Attempts were made against approximately 1 million of AT&Ts 100 million customers
  • The attackers appeared to already have a database of usernames and passwords, and were attempting to use brute force to link those credentials to phone numbers, in order to gain access to the accounts
  • AT&T appears to lack any type of Intrusion Detection System, or automated defences that block an IP address after many failed login attempts. The millions of attempts were likely not launched from a single IP address, but it still should have been blocked well before 1 million accounts had attempts against them
  • AT&T does not believe attackers were able to gain access to any accounts, but they are still investigating

South Korea blocks young games after midnight

  • The so called Cinderella law blocks users under the age of 16 from accessing online games after midnight
  • The articles are unclear about exactly how this is accomplished, but it appears it is enforced by the online gaming sites themselves, and teens using accounts created with their parents identities are not blocked
  • In South Korea, most websites require you to enter your national ID card number. Comments on sites cannot be left anonymously (previously covered on TechSNAP 23 )
  • Is this a sign of the level of censorship we can look forward to in the future?

RSA 512bit SSL certificates abused in the wild

  • SSL Certificates signed by a few authorities (which have since had their trust revoked) have had their private keys factored
  • Once you poses the private key for an SSL certificate, you can use it to pretend to be that site, and use any other capabilities that the certificate has
  • It was originally thought that the private keys were merely stolen by malware, but it seems that factoring RSA 512 has become somewhat trivial, taking only a matter of days or weeks with a reasonable cluster of modern machines. With malware authors having access to large botnets, or cloud computing platforms like Amazon EC2, these certificates can no longer be considered safe
  • A number of other vulnerable certificates were identified, many coming from DigiNotar, the certificate authority that was compromised by attackers and has since has its trust revoked and gone out of business.
  • Most all SSL certificate authorities require at least a 2048bit RSA key for new certificates
  • A normal HTTPS SSL certificate only has the ability to sign outbound messages, encipher symmetric keys, and to verify its identity as a TLS Client or Server.
  • The problem with the certificates issued by the Digisign Server ID CA, is that they lacked the basic key usage definitions and constraints. This allowed the certificates to be used for any purpose, including signing software. The certificates also lacked a properly defined CRL (Certificate Revocation List), so they could not be revoked.
  • The factored certificates were used to code-sign malware to remove or lessen the warnings given by windows when the code is executed
  • The compromised certificates have been used as far back as March 2010, and Microsoft did not act until recently, revoking the trust in the CA. Microsoft will still accept 512bit certificates without proper use definition or constraints.

Feedback:

Q: Do you guys trust Internet aggregator services?
A: It depends on the level of security they employ. Most of these sites are not very forthcoming with details on how they secure your data, or even how they work. A better solution would be something like OAuth to allow you to grant only certain permissions to each specific site, and allow you to easily revoke a sites access to your accounts.

Q: SSH on Port 2222?
A: Using a different port does reduce the number of attacks from automated bots, but it will not stop anyone targeting you specifically. The solution is always to use a protection system such as DenyHosts, SSHGuard or Fail2Ban. Also, if it makes sense in your setup, disable password authentication entirely, and only use SSH keys. Note: you should still use DenyHosts to prevent an aggressive botnet from bogging down your SSH server so legitimate users cannot log in. This used to happen to one of my servers that had 250 ip addresses, the bots would attack each ip at the same time, creating 1000 ssh connections at once.

Q: Why not just one boot loader to rule them all?

Q: How do I get started in Tech Support?

War Story

Administering a Windows Server with your eyes closed

When ScaleEngine first started, we were in a much smaller local data center. One of the disadvantages to this data center was that they did not provide KVM Carts, in order to work on a server, you had to remove it from the rack, and take it over to a little desk in the corner with a monitor and keyboard, but no network connection. At our new data center, we have KVM carts we can take over to our rack to work on servers without disconnecting them. If we need to disassemble the server, they provide a nice large quiet work area with ample power, ethernet drops and free coffee.

I had just built two new Windows 2008 R2 servers for one of our clients, and had installed them in the rack. Got them up and running, and they were serving their websites fine. However, I was not able to connect via Remote Desktop. How had I forgotten to enable remote desktop…

I really did not feel like waiting for the server to shutdown (windows servers take an extremely long time to shut down, partly because they overwrite the entire swap file for security reasons), then removing the server from the rack again, waiting for it to boot up, change the settings, shutdown etc.

So, I grabbed our spare USB keyboard and connected it to the server in the rack. Balancing the keyboard on my left hand, while typing with only my right, with no monitor. I waited 30 seconds for windows to detect the keyboard, and then entered control+alt+delete to open the login prompt. I heard the drive start ticking as it loaded the desktop, so I gave it a few minutes. Once I was logged in, windows+r to open the run prompt, and started cmd.exe. Then I issued the following commands which I had arduously looked up on my old cell phones very limited browser.

netsh firewall set service remoteadmin enable
netsh firewall set service remotedesktop enable
netsh firewall add portopening TCP 3389 RDesktop enable any

I issued each command twice, in case I might have made a typo, even though I was typing as carefully as I could, and slowly as I was doing it with one hand on an unsteady keyboard. Then to test it, I used pocketPutty on my cell phone, to SSH into one of my servers, and use netcat to see if port 3389 was open. It was. So I repeated the same procedure on the second windows server and again verified it via my cell phone before packing up and leaving the data center.

And that, is how I administered a pair of windows servers, with my eyes closed.

Round Up:

Ultimate Backups | TechSNAP 26

without comments

post thumbnail

We’ll tell you about AT&T leaving Android open to a hack so easy, my two year old son could pull it off. Plus FireFox goes to battle with McAfee and is Bank of America Under attack?

Then – We delve into backups, from the fundamentals to the very best tools!

All that and more, in this week’s TechSNAP!


Direct Download Links:

HD Video | Large Video | Mobile Video | WebM | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:

Show Notes:

Security hole in AT&T Samsung Galaxy S II

  • Bug allows someone to bypass the security lockout screen, accessing the phone without the password
  • The flaw does not exist on the Sprint version of the Samsung Galaxy S , or the Epic Touch 4G
  • By pressing the lock button to wake the phone, and you will be prompted with the unlock screen. Allow the phone to go back to sleep, and immediately tap the lock button again, and you will have access to the phone
  • This feature is likely designed for the situation where you are waiting for some interaction on the phone and it falls asleep, if you press a button to wake it within a few seconds, it doesn’t prompt you to reunlock the phone. This is a useful feature, however, it should be predicated on the fact that you just recently unlocked the phone (don’t make me unlock the phone twice within 90 seconds, or something similar)
  • The flaw only effects phones that have been unlocked once since boot
  • Since the flaw only effects the AT&T version of the phone, it would seem it is based on software added to the phone by AT&T, which appears to cache your response to the unlock screen, and use it to bypass the screen when you re-wake the phone immediately after it goes to sleep.
  • Another example of the vendors messing with the core google product.
  • Users with Microsoft Exchange security policies don’t seem to be affected
  • Users can adjust the settings on their phone by accessing: Settings ->Location and Security->Screen unlock settings->Timeout and setting the value to Immediately, disabling the ‘feature’ that presents the vulnerablity.

Firefox advises users to disable McAfee Plugin

  • Firefox says the McAfee ScanScript plugin causes Stability and Security problems
  • The problem only seems to effect the new Firefox 7, it is likely caused by a compatibility problem with versions of ScanScript designed for older versions of Firefox
  • Firefox has started generating popup warnings to users using versions of McAfee older than 14.4.0 due to an incredibly high volume of crash reports
  • McAfee says it is working with Firefox to solve the issue for the next version of the software
  • McAfee is very popular in corporate environments and is often enforced with a Active Directory Group Policy that makes it nearly impossible for the end user to disable the virus scanner

Bank of America – Unexplained Outages – Is it an attack?

  • The Bank of America website has been degraded, slow, returning errors or down for more than 6 days
  • Bank of America (BofA) said its Web and mobile services have not been hit by hacking or denial-of-service attacks, however they would not disclose what has been causing the online problems.
  • Quote: “I just want to be really clear. Every indication [is that] recent performance issues have not been the result of hacking, malware or denial of service,” said BofA spokeswoman Tara Burke. “We’ve had some intermittent or sporadic slowness. We don’t break out the root cause.”
  • The problems began Friday morning, a day after BofA announced it would charge a $5 monthly fee for account holders using their debit cards
  • Additional Coverage

Feedback:

Continuing our Home Server Segment – This week we are covering backups.
Before we cover some of the solutions, we should look at some of the concepts and obstacles to creating proper backups. There are a number of different ways to back things up, but the most popular involves using multiple ‘levels’ of backup.

  • Full backup

  • This is a backup of every file (or a specific subset, or without specific exclusions) on a system.

  • This is the base of higher level backups, and is also known as a level 0 backup

  • Full backups are the biggest and take the slowest

  • Differential Backup

  • A differential backup is one that includes every file that has changed since the last full backup was started (this is important).

  • >It is very important the higher level backups always be based on the START time of the lower level backup, rather than the last modified, or finish time. During the last backup, if the file changed after it was backed up, but before that backup completed, we want to be sure to include it in the next backup

  • Differential backups require only the most recent full backup to restore

  • Incremental Backup

  • An incremental backup consists of every file that has changed since the start of the last backup of any level

  • Incremental backups are the smallest and fastest

  • Incremental backups can take the longest to restore, and can require access to each of the previous differential backups since last full backup, and that most recent full backup

  • Incremental backups offer the trade off, they take less time and less storage, however they slow the recovery process.

  • Incremental backups, due to their smaller size, make it easier to have ‘point of time’ backups of files, rather than just the most recent.

  • Some backup systems do away with the name designations, and allow even more granularity

  • A level 0 backup is a full backup

  • A level 1 is everything that has changed since the level 0

  • A level n is everything that has changed since the last level n–1 or higher

  • Systems such as the unix ‘dump’ utility, allow up level 9 backups

  • Some backup systems, such as Bacula, support ‘synthetic full backups’

  • A synthetic backup is when you use a full backup, plus more recent differential and incremental backups to create a new, more recent full backup.

  • This can be especially advantageous in remote and off site backup systems, where transferring the full data set over the network can be very slow and costly.

  • rsync

  • Not actually a backup tool, it just creates and synchronizes a copy of the files

  • Copies only the changes to the files, so is faster

  • snapshots

  • A point in time copy of the files in a filesystem (supported by LVM, UFS, ZFS, etc)

  • A good place to take a backup from, resolves issues with open files

  • bacula

  • Designed to backup a large number of machines

  • Quite a bit of setup (Directory, Storage Daemon, SQL Database, File Daemons (Clients))

  • Cross platform

  • Powerful deduplication system, and ‘base backups’

  • Support for Windows Volume Shadow Copy (snapshots of open files)

  • flexbackup

  • simple perl script that creates archives (tar, cpio, etc) with optional compression (gzip, bzip2, etc).

  • Uses the ‘find’ command to create multi-level backups based on modified date

  • backupmypc

  • rsync based

  • Supports FTP, SCP, RCP, & SMB for Windows

  • s very smart about how it handles portable devices that miss backups.

  • It’s magic is it’s de-dupe hard-link mojo that saves tons of space

  • Bit of a nerd project to get going, but is bullet proof once its in

  • TarSnap – BSD Encrypted Cloud Backup

  • Mondo Rescue – GPL disaster recovery solution

  • CrashPlan – Online Backup Software, Disaster Recovery

  • Allan’s AppFail.com article about backups

Round Up:

Jupiter Broadcasting stats


  1. Firefox 42.66%
  2. Chrome 29.73%
  3. Internet Explorer 14.43%