Hackers infect MySQL servers with malware for DDoS attacks

Hackers are exploiting SQL injection flaws to infect MySQL database servers with a malware program that's used to launch distributed denial-of-service (DDoS) attacks.Security researchers from Symantec found MySQL servers in different countries infected with a malware program dubbed Chikdos that has variants for both Windows and Linux.This Trojan is not new and was first documented in 2013 by incident responders from the Polish Computer Emergency Response Team (CERT.PL). At that time the malware was being installed on servers after using brute-force dictionary attacks to guess SSH (Secure Shell) login credentials.However, the new attacks observed by Symantec abuse the user-defined function (UDF) capability of the MySQL database engine. UDF allows developers to extend the functionality of MySQL with compiled code.To read this article in full or to leave a comment, please click here

Stop CISA!

I've been following cybersecurity legislation for a number of years, including all the proceedings with the Cybersecurity Information Sharing Act (CISA). After much deliberation, I believe that CISA remains fundamentally flawed and needs a lot more work before it becomes the law of the land. To be clear, I understand and support the basic objective CISA seeks to promote. Real-time threat intelligence sharing and analysis could help public and private sector organizations proactively react to emerging cyber-threats, mitigating risk and/or minimizing the potential damages associated with devastating data breaches (i.e. Anthem, OMB, Sony Pictures, Target, etc.).To read this article in full or to leave a comment, please click here

How CISA encourages both cybersecurity information sharing and warrantless surveillance

Sharing cybersecurity data involving threats, probes, breaches, and information on attackers between companies and government agencies is a great idea. However, although shared data will strengthen the cybersecurity defenses, the Computer and Communications Industry Association (CCIA), backed by Amazon, Facebook, and Google, among others, and the Business Software Alliance (BSA), which is backed by Apple, Microsoft, and Oracle, are both against it.Smart companies are already doing something similar. At the RSA Security Conference three years ago (a century ago in cybersecurity time) Zion Bankcorp's data scientists explained how the bank went from reacting to law enforcement warnings of cyberthreats to becoming proactive, frequently reporting threats to law enforcement, who subsequently relayed official warnings to other organizations.To read this article in full or to leave a comment, please click here

The best new features in Windows Server 2016 (so far)

Microsoft continues to put out Technical Previews of Windows Server 2016 with as-yet-unseen features. The latest Technical Preview, TP3, introduced a number of new features, such as Docker integration and Windows Server Containers, along with improvements to features introduced in previous previews. It also brings new security capabilities such as Shielded VMs, which protect virtual machine contents in a multitenant environment.The TP2 release debuted Nano Server and a number of Hyper-V, networking, and storage features. It introduced a new Windows Server role named Host Guardian Service, which flags trusted Hyper-V hosts, and included a Windows Server Antimalware feature not found in previous previews. Forthcoming Technical Previews will bring more new features, notably Hyper-V Containers.To read this article in full or to leave a comment, please click here

Google threatens action against Symantec-issued certificates following botched investigation

Google wants Symantec to disclose all certificates issued by its SSL business going forward, after what Google considers a botched investigation into how Symantec employees issued SSL certificates for domain names that the company did not own. The browser maker also wants the security firm to publish a detailed analysis of how the incident was investigated. Through its acquisition of Verisign's authentication business unit in 2010, Symantec became one of the largest certificate authorities (CAs) in the world. Such organizations are trusted by browsers and operating systems to issue digital certificates to domain owners which are then used to encrypt online communications.To read this article in full or to leave a comment, please click here

Risky Business #387 — Hack people to death!

In this week's feature interview we're chatting with Chris Rock from Kustodian. Chris did a great presentation at Ruxcon last week about how easy it is to hack people to death!

He's found out just how easy it is to register births and deaths in the united states and Australia via online systems. He says it's a problem that could result in a virtual baby harvest for fraudsters who plan ahead. It's really fun stuff, that's this week's feature.

read more

An introduction to network namespaces

Network namespaces allow you to provide unique views of the network to different processes running on a Linux host.  If you’re coming from a traditional networking background, the closest relative to network namespaces would be VRF (Virtual Routing and Forwarding) instances.  In both cases the constructs allow us to provide a different network experience to different processes or interfaces.  For the sake of starting the conversation, let’s quickly look at an example of both VRFs and network namespaces so you get an idea of how they work.

The easiest scenario to illustrate either of these technologies is out of band management.  Take for instance this very simple network diagram…

image     
Note: I’m being purposefully vague here about the network layout and addressing.  Bear with me for a moment while I get to the point. 

As you can see, we have two users that live on the same segment (forgive me for not drawing an Ethernet segment connecting the two).  Let’s assume that the user on the left has to traverse northbound to get to resources that hang off the top network cloud.  Let’s also assume the user on the right has to Continue reading

Active Route Manager

SDN Active Route Manager has been released on GitHub, https://github.com/sflow-rt/active-routes. The software is based on the article White box Internet router PoC. Active Route Manager peers with a BGP route reflector to track prefixes and combines routing data with sFlow measurements to identify the most active prefixes. Active prefixes can be advertised via BGP to a commodity switch, which acts as a hardware route cache, accelerating the performance of a software router.
There is an interesting parallel with the Open vSwitch architecture, see Open vSwitch performance monitoring, which maintains a cache of active flows in the Linux kernel to accelerate forwarding. In the SDN routing case, active prefixes are pushed to the switch ASIC in order to bypass the slower software router.
In this example, the software is being used in passive mode, estimating the cache hit / miss rates without offloading routes. The software has been configured to manage a cache of 10,000 prefixes. The first screen shot shows the cache warming up.

The first panel shows routes being learned from the route reflector: the upper chart shows the approximately 600,000 routes being learned from the BGP route reflector, and the lower chart shows the rate at which Continue reading

The Benefits of a Proper Development Environment

I’ve had a number of folks approach me about the topic of development environments, so I figured it was worth a blog post.

Maybe you’re curious what a development environment is, or perhaps you’re working through the challenge of developing code on one platform, and deploying on another. Maybe you already have a development environment - like a virtual machine - but you aren’t happy with your workflow, and feel it could use some upgrades.

If any of the above apply to you, this post should be useful to you.

A Continuous Integration Story

Imagine yourself as a member of a software development team. You’re all working on the MegaAwesome project, which aims to solve global warming, world hunger, and basically anything wrong on this earth. With such high aspirations, it is important to put a process in place that ensures maximum developer efficiency, while maintaining an uncompromisingly high level of quality.

Any mature software development team will leverage version control like Git to ensure changes to the codebase are properly tracked and managed. They will also likely leverage some kind of continuous integration, or build server like Jenkins to run automated static code analysis (i.e. PEP8) or unit Continue reading

The Benefits of a Proper Development Environment

I’ve had a number of folks approach me about the topic of development environments, so I figured it was worth a blog post. Maybe you’re curious what a development environment is, or perhaps you’re working through the challenge of developing code on one platform, and deploying on another. Maybe you already have a development environment - like a virtual machine - but you aren’t happy with your workflow, and feel it could use some upgrades.

The Benefits of a Proper Development Environment

I’ve had a number of folks approach me about the topic of development environments, so I figured it was worth a blog post. Maybe you’re curious what a development environment is, or perhaps you’re working through the challenge of developing code on one platform, and deploying on another. Maybe you already have a development environment - like a virtual machine - but you aren’t happy with your workflow, and feel it could use some upgrades.

Verizon focuses on lowering costs for IoT apps, network

On Wednesday Verizon launched ThingSpace, a development platform for companies of all sizes to create Internet of Things applications more efficiently and then later manage those apps.The carrier also announced it is creating a new dedicated network core for IoT connections that can scale far beyond the ability of its existing networks with the intent to reach billions of sensors and devices."Continued innovation in smart cities, connected cars and wearables demonstrates that IoT is the future for how we will live and work," said Mike Lanman, senior vice president of enterprise products at Verizon during an event held at Verizon's San Francisco Innovation Center. He said Verizon is taking a "holistic approach" to help expand the IoT market from millions of connections to billions. The event was webcast.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Employees snoop on corporate systems if they can, researchers find

A recent study examined how one financial institution's employees behaved on the corporate network over a six-month period."Some of that behavior included occasions when employees were able to access information that should have been off-limits," a National Science Foundation press release says of the study.The researchers found that the workers snooped where they shouldn't have.Insider threats The insider threat is "one of the most serious risks in the cybersecurity world," the researchers think."Most countermeasures were developed for external attacks," says Jingguo Wang, an information systems and operations management professor at the University of Texas at Arlington, who was involved in the study.To read this article in full or to leave a comment, please click here

OMG, the machines are breeding! Mankind is doomed! DOOMED!!!

My Tesla has the same MAC address vendor code as an AR Drone. These are two otherwise unrelated companies, yet they share the same DNA. Flying drones are mating with land-based autonomous vehicles. We are merely months away from Skynet gaining self-awareness and wiping out mankind.

You can see this in the screenshot below, were we see the output of a hacking program that monitors the raw WiFi traffic. The AR Drone acts as an access-point so that your iPhone can connect to it in order to fly the drone's controls. The Tesla, on the other hand, is looking for an access-point named "Tesla Service", so that when you drive it in for service, it'll automatically connect to their office and exchange data. As you can see, both devices have the same vendor code of "90:03:B7" for Parrot SA.


Here is a picture of the AR Drone cavorting with the car. The top arrow points to the drone, the bottom arrow points to the car.


So why the relationship? Why does the Tesla look like a drone on WiFi?

The company Parrot SA started out creating kits for cars that contain WiFi, Bluetooth, and voice control. Since they were already Continue reading
1 3,182 3,183 3,184 3,185 3,186 3,756