A quick review of the BIND9 code

BIND9 is the oldest and most popular DNS server. Today, they announced a DoS vulnerability was announced that would crash the server with a simply crafted query.  I could use my "masscan" tool to blanket the Internet with those packets and crash all publicly facing BIND9 DNS servers in about an hour. A single vuln doesn't mean much, but if you look at the recent BIND9 vulns, you see a pattern forming. BIND9 has lots of problems -- problems that critical infrastructure software should not have.


Its biggest problem is that it has too many feature. It attempts to implement every possible DNS feature known to man, few of which are needed on publicly facing servers. Today's bug was in the rarely used "TKEY" feature, for example. DNS servers exposed to the public should have the minimum number of features -- the server priding itself on having the maximum number of features is automatically disqualified.

Another problem is that DNS itself has some outdated design issues. The control-plane and data-plane need to be separate. This bug is in the control-plane code, but it's exploited from the data-plane. (Data-plane is queries from the Internet looking up names, control-plane is zones updates, Continue reading

OPM, Anthem hackers reportedly also breached United Airlines

The cyberespionage group that stole the personal records of millions of Americans from U.S. health insurer Anthem and the U.S. Office of Personnel Management (OPM) has also reportedly breached United Airlines.The data stolen from United includes flight manifests, which contain information on passengers, their travel origins and destinations, Bloomberg reported Wednesday citing unnamed people familiar with the investigation.The breach may have been discovered with the help of investigators in the OPM case who built a list of other potential victims after analyzing the domain names, phishing emails and attack infrastructure used by the group, the media organization reported.To read this article in full or to leave a comment, please click here

Risky Business #376 — Sniper rifles, bank safes and Android all pwned

This week we're checking in with Josh Drake of Zimperium. With exploitation of Stagefright via Josh's sweet, sweet exploit you'd think the mother of all worms is coming. Well, probably not. Later versions of Android are tricky to exploit, and the diversity of hardware in earlier versions means coming up with one exploit to rule them all isn't really feasible. We'll drill down into that with Josh in a little while.

read more

Obama rolls out initiative to boost US supercomputer capability

US President Barack Obama has signed an executive order setting up the National Strategic Computing Initiative that will adopt a coordinated strategy involving multiple government agencies, academia and the private sector for the development of high-performance computing systems.Adopting a “whole-of-government” approach, involving all departments and agencies with expertise and interests in HPC, one of the objectives of the NSCI will be to speed up the delivery of “a capable exascale computing system that integrates hardware and software capability to deliver approximately 100 times the performance of current 10 petaflop systems across a range of applications representing government needs.”To read this article in full or to leave a comment, please click here

The StageFright Vulnerability: Maybe the greatest Android vulnerability (so far)

Here’s a nightmare scenario: A simple smartphone exploit that doesn’t require the user to do anything other than receive a text message. If such a thing worries you (and, if you’re an IT manager, in a shop that allows BYOD, it should) then there’s bad news for you: Such an exploit exists for, it estimated, roughly 95% of Android smartphones which runs roughly 82% of the world’s estimated 1.91 billion smartphones.To read this article in full or to leave a comment, please click here

Samsung plots Galaxy S6 price cut, new phones to help business

Lackluster demand for its flagship Galaxy S6 smartphone and higher marketing costs led Samsung Electronics to another quarter of falling sales and profits in the April to June period.Net profit at the company was 5.75 trillion won (US$49 billion), down 8 percent on the same period a year earlier, while sales fell 7 percent to 48.5 trillion won, it said Wednesday. Both figures are in line with expectations published by Samsung earlier this month.In the key smartphone market, an area led by Samsung until recently, the popularity of Apple’s iPhone 6 and 6 Plus handsets and the rise of lower-cost phones from Chinese vendors squeezed Samsung at both the high and low end of the market.To read this article in full or to leave a comment, please click here

Facebook revenue surges 39 percent but costs also soar

Facebook has posted strong sales results for the second quarter, showing continued success in its advertising business, though its costs also rose sharply.Total revenue for the quarter ended June 30 was US$4.04 billion, Facebook reported Wednesday, up 39 percent from the same period last year and just over analysts’ estimates of $3.99 billion, as polled by Thomson Reuters.But the company made less money than it did a year earlier, with net income falling by nearly 10 percent to $719 million. Earnings per share declined from $0.30 to $0.25.To read this article in full or to leave a comment, please click here

Computer fires requiring a 911 call rare

Computer fires severe enough to prompt a 911 call are so unusual that when it does happen, local media sometimes makes note of it. That was the case in Arlington, Va., recently, when firefighters found a computer burning on the balcony of an apartment complex.According to the Arlington County Fire Dept., the resident of the apartment had built his own desktop computer. The computer wasn't in use, but was plugged in -- and the resident was in another room when it caught fire."He was alerted to the fire by the sound of the smoke alarm and then found smoke coming from his hard drive," said department Lt. Sarah-Maria Marchegiani.The resident carried the computer out to the balcony after it caught on fire, according to a local media report on Arlington Now.To read this article in full or to leave a comment, please click here

Americas are just 2 weeks away from running out of IPv4 addresses

John Curran, CEO of the American Registry for Internet Numbers (ARIN), told attendees at the Campus Technology conference in Boston on Wednesday that the IP address authority's pool of IPv4 addresses has dwindled to 90,000 and will be exhausted in about two weeks. "This is a pretty dramatic issue," says Curran, who founded ARIN in 1997 and was once CTO of Internet pioneer BBN. Curran’s revelation came during a talk during which he urged IT pros from educational institutions to upgrade their public facing websites to IPv6 as soon as possible. Not that the IPv4 address pool drying up will result in such websites being cut off from the Internet, but Curran did say moving to IPv6 will provide much more direct access to end users whose mobile and other devices increasingly have IPv6 rather than IPv4 addresses.To read this article in full or to leave a comment, please click here

Using BFD to Track WAN Status and Change HSRP Priority

It’s been five years since I started this blog! Time flies and a lot has happened since. Thanks for being along for the ride. What better way to celebrate than a blog post?

This post is going to be short and to the point.

Many of us run HSRP or VRRP. It is quite common to run it in a topology where you have dual routers and dual exits to the WAN and you don’t want to black hole your traffic.

HSRP-BFD1

One traditional way of achieving this is by tracking the interface that goes towards the WAN. There are a couple of drawbacks to this approach though:

  • You may not get link down on failure (connecting to switch)
  • You may experience an error that does not produce link down event

The next option is to use IP SLA that sends ICMP Echo towards the next-hop of the WAN or some destination further into the network. Ehanced Object Tracking (EOT) can then be used to create a track object that decrements the priority of the HSRP active router when the ICMP Echo probe fails. This works better but there are still some drawbacks to this approach:

Maliciously crafted MKV video files can be used to crash Android phones

A malicious application or Web page could be used to crash Android devices, in some cases persistently, due to a vulnerability in a multimedia processing component.The announcement, by security researchers from Trend Micro, comes days after other Android media processing flaws were revealed. Those flaws could allow attackers to compromise devices with a simple MMS message.The latest vulnerability is located in Android’s mediaserver component, more specifically in how this service handles files that use the Matroska video container (MKV), the Trend Micro researchers said in a blog post Wednesday.To read this article in full or to leave a comment, please click here

1 3,296 3,297 3,298 3,299 3,300 3,759