Hackers exploit new zero-day in fully patched Adobe Flash

If you haven’t kicked Adobe Flash to the curb, and you should, then don’t feel secure even if you are running a fully patched version of Flash Player.Although Adobe released a mega-sized patch yesterday, including security fixes for 69 critical vulnerabilities in Flash, Reader and Acrobat, attackers are armed with a zero-day exploit that leaves fully patched versions of Flash Player vulnerable.To read this article in full or to leave a comment, please click here

Global Impacts of Recent Leaks

65.54.215.0_24_1444474800

Recent routing leaks remind us why monitoring Internet routing and performance is important and requires effective tools.  Routing leaks are the ‘benign cousin’ of the malicious BGP route hijack.  They happen accidentally, but the result is the same: traffic to affected prefixes is redirected, lost, or intercepted.  And if they happen to you, your online business and brand suffers.

In this blog, we look at examples of a full-table peer leak, an origination leak, and a small peer leak and what happens to traffic when these incidents occur.  As we will see, some events can go on for years, undetected and hence, unremediated, but extremely impactful never the less.  As you read this blog, keep the following  questions in mind.  Would  you know if the events described here were happening to you?  Would you know how to identify the culprit if you did?

 

iTel/Peer1 routing leak

Starting on 10 October at 10:54 UTC, iTel (AS16696) leaked a full routing table (555,010 routes) to Peer 1 (AS13768).  Normally, iTel exports 49 routes to Peer 1;  however, over the course of several minutes, it leaked 436,776 routes from Hurricane Electric (AS6939) and 229,537 Continue reading

Save some bandwidth by turning off TCP Timestamps

This is a guest post by Donatas Abraitis, System Engineer at Vinted, with an unusual approach for saving a little bandwidth.

Looking at https://tools.ietf.org/html/rfc1323 there is a nice title: 'TCP Extensions for High Performance'. It's worth to take a look at date May 1992. Timestamps option may appear in any data or ACK segment, adding 12 bytes to the 20-byte TCP header. 

Using TCP options, the sender places a timestamp in each data segment, and the receiver reflects these timestamps back in ACK segments. Then a single subtract gives the sender an accurate RTT measurement for every ACK segment.

To prove this let's dig into kernel source:

./include/net/tcp.h:#define TCPOLEN_TSTAMP_ALIGNED    12
./net/ipv4/tcp_output.c:static void tcp_connect_init(struct sock *sk)
  ...
  tp->tcp_header_len = sizeof(struct tcphdr) +
    (sysctl_tcp_timestamps ? TCPOLEN_TSTAMP_ALIGNED : 0);

Some visualizations:

9 ways to celebrate “Back to the Future” Day

Another made up geeky dayWednesday, Oct. 21, 2015 marks the day in which time-traveler Marty McFly arrives from the past (from the movie “Back to the Future Part II”. The Internet is freaking out about this upcoming “holiday”, and in the tradition of fake geeky holidays like “Star Wars Day” (May 4), Pi Day (March 14) and “Talk like a Pirate Day” (September 19), we now have a day to celebrate everything related to the time-travel movie, which is celebrating its 30th anniversary this year.To read this article in full or to leave a comment, please click here

Magento database tool Magmi has a zero-day vulnerability

An open-source tool for importing content into the Magento e-commerce platform, called Magmi, has a zero-day vulnerability, according to security vendor Trustwave. The directory traversal flaw is in some versions of Magmi, which is used to move large amounts of data into Magento's SQL database. Such a flaw can allow access to other files or directories in a file system. "Successful exploitation results in access to Magento site credentials and the encryption key for the database," wrote Assi Barak, lead security researcher with Trustwave's SpiderLabs.To read this article in full or to leave a comment, please click here