A Different Kind of POP: The Joomla Unserialize Vulnerability

At CloudFlare, we spend a lot of time talking about the PoPs (Points of Presence) we have around the globe, however, on December 14th, another kind of POP came to the world: a vulnerability being exploited in the wild against Joomla’s Content Management System. This is known as a zero day attack, where it has been zero days since a patch has been released for that bug. A CVE ID has been issued for this particular vulnerability as CVE-2015-8562. Jaime Cochran and I decided to take a closer look.

The Joomla unserialize vulnerability

In this blog post we’ll explain what the vulnerability is, give examples of actual attack payloads we’ve seen, and show how CloudFlare automatically protects Joomla users. If you are using Joomla with CloudFlare today and have our WAF enabled, you are already protected.

The Joomla Web Application Firewall rule set is enabled by default for CloudFlare customers with a Pro or higher plan, which blocks this attack. You can find it in the Joomla section of the CloudFlare Rule Set in the WAF Dashboard.

The WAF rule for protecting against the Joomla Unserialize Vulnerability

What is Joomla?

Joomla is an open source Content Management System which allows you to build web applications and control every aspect of the content of your Continue reading

The weirdest, wackiest and coolest sci/tech stories of 2015

WackyImage by Reuters/ Toby MelvilleIt’s that time of year again when we take a look at some of the most interesting and sometimes silly sci/tech stories of the year. This year we have flame-throwing drones, wicked cool pictures of Pluto and quantum computing advancements to name just a few topics. Take a look.To read this article in full or to leave a comment, please click here

Microsoft extends SmartScreen browsing protection to foil malvertising and exploit kits

Microsoft SmartScreen, the phishing and malware filtering technology built into Internet Explorer, Edge and Windows, has now been updated to block Web-based attacks that silently exploit software vulnerabilities to infect computers.Such attacks are known as drive-by downloads, because they don't require user interaction aside from browsing to a malicious website or a legitimate one that has been compromised.To launch such attacks, hackers use tools known as exploit kits that take advantage of vulnerabilities in the OS, the browser, or popular software like Flash Player, Silverlight and Java.While exploit kits typically target vulnerabilities after they have been patched by software vendors, there have been cases when they've exploited previously unknown flaws that are known in the security industry as zero-days. In addition, the time window between when patches are released and when attackers start targeting the fixed flaws has significantly shrunk in recent years, giving users less time to update.To read this article in full or to leave a comment, please click here

Worth Reading: Troubleshooting video applications

Maybe it’s another sign of experience, aging, cynicism, and/or ego. Lately, I seem to be doing a lot of troubleshooting of application performance problems. “What on earth was the developer thinking?” is becoming a recurrent refrain, at least in my head. This is (I hope) not ego, just a real question about what appears to be a sub-optimal approach. via network computing

The post Worth Reading: Troubleshooting video applications appeared first on 'net work.

IDG Enterprise editors predict IT trends for 2016

As 2015 winds down and we start to focus on 2016, one thing can be predicted quite easily. Analysts, editors and others will start making their own predictions about what we can expect in the upcoming year. We’re no different here at IDG Enterprise – we asked some of the top editors from the IDG enterprise brands (Computerworld, Network World, CIO.com, CSO) to take a few minutes out of their busy day to predict a few trends for enterprise IT in 2016. The video above shows their final predictions, which includes trends in cloud computing, security, the Internet of Things, wireless, big data/analytics, and mobile devices. We even have one prediction about the 2016 presidential election (a campaign issue, not a prediction of who will win).To read this article in full or to leave a comment, please click here

Creating a Cybersecurity Center of Excellence

I’ve been writing about the cybersecurity skills shortage for many years and, unfortunately, things seem to be getting worse. Here are a few data points: According to ESG research, 28% of organizations claim that they have a “problematic shortage” of IT security skills (disclosure: I am an ESG employee).  Job market analytics vendor Burning Glass states that cybersecurity job postings grew 74% from 2007 to 2013, more than twice the growth rate of all IT jobs. Prospective employers posted more than 50,000 jobs requesting Certified Information Systems Security Professional (CISSP) certification. Unfortunately, there are only about 65,000 CISSPs in the world, and many are gainfully employed.  ISC2, the organization that certifies CISSPs believes that there will be a deficit of 1.5 million cybersecurity professionals by 2020. The UK House of Lords is even more bearish, predicting a shortage of 2 million cybersecurity professionals by 2017.  A 2015 report from the Information Systems Audit and Control Association (ISACA) states that 86% of business and IT professionals globally believe there is a shortage of cyber security professionals. In this case, perception is reality.  A Raytheon/National Cyber Security Alliance report indicates that 64% of high school Continue reading

Partial kernel bypass merged into netmap master

In a previous post we described our work on a new netmap mode called single-rx-queue.

After submitting the pull request, the netmap maintainers told us that the patch was interesting, but they would prefer something more configurable instead of a tailored custom mode.

After an exchange of ideas and some more work, our patch just got merged to mainline netmap.

Meet the new netmap

Before our patch netmap used to be an all-or-nothing deal. That is: there was no way to put a network adapter partially in netmap mode. All of the queues would have to be detached from the host network stack. Even a netmap mode called “single ring pair” didn't help.

Our final patch is extended and more generic, while still supporting the simple functionality of our original single-rx-queue mode.

First we modified netmap to leave queues that are not explicitly requested to be in netmap mode attached to the host stack. In this way, if a user requests a pair of rings (for example using nm_open(“netmap:eth0-4”)) it will actually get a reference to both the number 4 RX and TX rings, while keeping the other rings attached to the kernel stack.

But since the NIC is Continue reading

Open source unleashes blockchain’s enterprise potential

Blockchain technology makes cryptocurrency like bitcoin possible, but it has a lot of potential beyond tracking currency transactions. The Linux Foundation wants to tap into that potential and is spearheading a collaborative effort to develop an enterprise-grade open source distributed ledger called Hyperledger.At its core, blockchain is a record-keeping system running across a global network of independent computers. The distributed ledger, which records and verifies transactions, is write-only -- that is, transactions cannot be tampered with or modified after the fact, so virtually anything of value can be tracked and traded using this system.To read this article in full or to leave a comment, please click here

Experience matters

The end of the year always brings about thoughts of what changes should occur in the coming year. If a change of job is in your thoughts, security executives say they look  at prospective employees’ experience before they even take a step through the door. “Certifications are a good shorthand for acquired knowledge, but experience is critical,” said Geoff Webb, vice president of solution strategy for NetIQ, the security portfolio of Micro Focus.  According to Dice’s latest hiring survey, finding highly-skilled tech talent will be a top hiring priority for companies in 2016. A record 78 percent of hiring managers anticipate more hiring in the first half of 2016 compared to the second half of 2015, Dice notes.To read this article in full or to leave a comment, please click here(Insider Story)

All the Best in 2016!

The number of visits to my web site is slowly going down – you’re giving me a very clear signal that it’s time to stop blogging.

I hope you’ll manage to catch at least a few quiet days with your loved ones and I wish you all the best in 2016!

More in 3 weeks or so ;)

All app developers should learn from WhatsApp-v-Brazil incident and defend against it

So Brazil forced the ISPs to shutdown WhatsApp (a chat app) for 48 hours, causing more than a million of their customers to move to Telegram (another chat app). Apparently, this was to punish WhatsApp for not helping in a criminal investigation.




Well, this is similar to how ISPs block botnets. Botnets, the most common form of malware these days, have a command-channel back to the hacker that controls all the bots in the network. ISPs try to block the IP address and/or DNS name in order to block access to the botnet.

Botnets use two ways around this. One way is "fast-flux DNS", where something like "www.whatsapp.com" changes its IP address every few minutes. This produces too many IP addresses for ISPs to block. WhatsApp can keep spinning up new cloud instances at places like Amazon Web Services or Rackspace faster than ISPs can play whack-a-mole.

But ISPs can also block the domain name itself, instead of the IP address. Therefore, an app can also choose to Continue reading

Environmental metrics with Cumulus Linux

Custom metrics with Cumulus Linux describes how to extend the set of metrics exported by the sFlow agent and used the export of BGP metrics as an example. This article demonstrates how environmental metrics (power supplies, temperatures, fan speeds etc.) can be exported.

The smonctl command can be used to dump sensor data as JSON formatted text:
cumulus@cumulus$ smonctl -j
[
    {
        "pwm_path": "/sys/devices/soc.0/ffe03100.i2c/i2c-1/1-004d", 
        "all_ok": "1", 
        "driver_hwmon": [
            "fan1"
        ], 
        "min": 2500, 
        "cpld_path": "/sys/devices/ffe05000.localbus/ffb00000.CPLD", 
        "state": "OK", 
        "prev_state": "OK", 
        "msg": null, 
        "input": 8998, 
        "type": "fan", 
        "pwm1": 121, 
        "description": "Fan1", 
        "max": 29000, 
        "start_time": 1450228330, 
        "var": 15, 
        "pwm1_enable": 0, 
        "prev_msg": null, 
        "log_time": 1450228330, 
        "present": "1", 
        "target": 0, 
        "name": "Fan1", 
        "fault": "0", 
        "pwm_hwmon": [
            "pwm1"
        ], 
        "driver_path": "/sys/devices/soc.0/ffe03100.i2c/i2c-1/1-004d", 
        "div": "4", 
        "cpld_hwmon": [
            "fan1"
        ]
    },
    ...
The following Python script, smon_sflow.py, invokes the command, parses the output, and posts a set of custom sFlow metrics: 
#!/usr/bin/env python
import json
import socket
from subprocess import check_output

res = check_output(["/usr/sbin/smonctl","-j"])
smon = json.loads(res)
fan_maxpc = 0
fan_down = 0
fan_up = 0
psu_down = 0
psu_up = 0
temp_maxpc = 0
temp_up = 0
temp_down = 0
for s in smon:
  type = s["type"]
  if(type ==  Continue reading

Using Cloud-Init to Register an Instance into Consul

This post describes a method for using cloud-init to register a cloud instance into Consul on provisioning. I tested this on OpenStack, but it should work on any cloud platform that supports metadata services that can be leveraged by cloud-init.

I worked out the details for this method because I was interested in using Consul as a means to provide a form of “dynamic DNS” for OpenStack instances. (You can think of it as service registration and discovery for OpenStack instances.) As I’ll point out later in this post, there are a number of problems with this approach, but—if for no other reason—it was helpful as a learning exercise.

The idea was to automatically register OpenStack instances into Consul as they were provisioned. Since Consul offers a DNS interface, other instances and/or workloads could use DNS to look up these nodes’ registration. Consul offers an HTTP API (see here for details), so I started there. I used Paw (a tool I described here) to explore Consul’s HTTP API, building the necessary curl commands along the way. Once I had the right curl commands, the next step was to build a shell script that would pull the current Continue reading

1 3,226 3,227 3,228 3,229 3,230 3,858