Masscanning for MS15-034

So Microsoft has an important web-server bug, so naturally I'd like to scan the Internet for it. I'm running the scan now, but I'm not sure it's going to give any useful results.

The bug comes from adding the following header to a web request like the following
Range: bytes=0-18446744073709551615
As you can see, it's just a standard (64-bit) integer overflow, where 18446744073709551615 equals -1.

That specific header is harmless, it appears that other variations are the ones that may cause a problem. However, it serves as a useful check to see if the server is patched. If the server is unpatched, it'll return the following error:
HTTP/1.1 416 Requested Range Not Satisfiable
From the PoC's say, a response that looks like the following means that it is patched:
The request has an invalid header name
However, when I run the scan across the Internet, I'm getting the following sorts of responses from servers claiming to be IIS:

HTTP/1.1 200 OK
HTTP/1.1 206 Partial Content
HTTP/1.1 301 Moved Permanently
HTTP/1.1 302 Object moved
HTTP/1.1 302 Found
HTTP/1.1 302 Redirect
HTTP/1.1 401 Unauthorized
HTTP/1.1 403 Forbidden
HTTP/1.1 404 Object Not Found
Continue reading

Running an etcd 2.0 Cluster on Ubuntu 14.04

In this post, I’m going to show you how to set up a cluster of three nodes running etcd 2.0 (specifically, etcd 2.0.9). While I’ve discussed etcd before, that was in the context of using etcd with CoreOS Linux. In this case, I’ll use Ubuntu 14.04 as the base OS, along with the latest released version of etcd.

To help you follow along, I’ve created a set of files that will allow you to use Vagrant to turn up an etcd 2.0 cluster on Ubuntu 14.04 (on your laptop, if so desired). You can find all these files in the “etcd-2.0” directory of my learning-tools GitHub repository.

Installing the Base OS

You don’t need anything special when setting up etcd; a straightforward Ubuntu Server 14.04 x64 installation will work just fine. If you’re using the files in my learning-tools repository, you’ll see that Vagrant simply turns up a VM based on a plain-jane Ubuntu 14.04 box. If you’re building this from scratch (why?!), simply create a VM and install Ubuntu 14.04 into it. As long as it has Internet connectivity, that’s all that’s needed.

Installing etcd

Installing etcd Continue reading

43% of Slashdotters call ISPs liars

I know what you’re thinking: Only 43%?But we’re talking here about a single question: “How do your actual ISP speeds compare to the advertised speed?”And as you can see from the screen capture of the poll results above, roughly four in 10 of some 5,000 Slashdotters who bothered to weigh in say their actual speeds are slightly lower or significantly lower than what their ISPs advertise.Yes it’s an online poll and hence a self-selected sample, but these are people who by and large care more and are better equipped to make this judgment than other ISP customers.To read this article in full or to leave a comment, please click here

Transition to IP network creates cybersecurity challenges for FAA

The Internet hasn’t totally invaded the nation’s air traffic control system, but as it does the Federal Aviation Administration faces a growing challenge to make sure the network is locked down secure.The security issues arise as the agency moves from a point-to-point legacy air traffic control structure to a new IP-based system commonly known as NextGen or Next Generation Air Transportation System. NextGen in a nutshell will move the current radar-based air traffic system to one that is based on satellite navigation and automation.+More on Network World: The most magnificent high-tech flying machines+To read this article in full or to leave a comment, please click here

Transition to IP network creates cybersecurity challenges for FAA

The Internet hasn’t totally invaded the nation’s air traffic control system, but as it does the Federal Aviation Administration faces a growing challenge to make sure the network is locked down secure.The security issues arise as the agency moves from a point-to-point legacy air traffic control structure to a new IP-based system commonly known as NextGen or Next Generation Air Transportation System. NextGen in a nutshell will move the current radar-based air traffic system to one that is based on satellite navigation and automation.+More on Network World: The most magnificent high-tech flying machines+To read this article in full or to leave a comment, please click here

Pure Storage CEO promises huge savings with flash

The term 'disruption' gets tossed about a lot -- too often -- in the technology industry. But it isn't always hype. Backed by nearly half a billion dollars in investment, CEO Scott Dietzen and Pure Storage are hard at work disrupting a big chunk of the enterprise storage market owned by the likes NetApp and EMC, which is no stranger to disruption itself, having turned the tables on a previous generation of storage leaders.I had the opportunity to talk to [EMC CEO] Joe Tucci a couple of months back and I asked him about flash. I'm paraphrasing him here, but he describes a world where there's a role for tape, disk, flash. Do customers still buy that?To read this article in full or to leave a comment, please click here(Insider Story)

Another Quad CCIE in downunder

Is it possible to study a PhD, CCIE Data Center with a full time job? Absolutely YES, I have been there and done that. I also went on 5 work related overseas trips  and 2-3 weeks on holiday, driven around the country town in Australia. If someone tells you that they saw a ghost and […]

Yahoo reportedly close to purchasing Foursquare

In an effort to boost its mobile offerings, Yahoo is reportedly finishing up a deal to buy Foursquare.Foursquare’s search app can be used to as a local city guide to find shops, restaurants and other points of interest. The startup also created the social networking app Swarm, which allows people to check-in at locations and see if friends are nearby.The deal, which would be worth around US$900 million, has been agreed to and the companies are now working through details, according to sources cited by TechCrunch. However, other sources said they had no knowledge of the deal.To read this article in full or to leave a comment, please click here

For Microsoft, hardware and OS consistency key in Surface 3

With the upcoming Surface 3, Microsoft is ending experimentation and bringing back hardware and OS consistency across its line of tablets, hoping that consumers and businesses will find a lot to like.The Surface 3 is radically different than its predecessor, Surface 2, which had an ARM processor and the tablet-specific Windows RT OS. The Surface 3 sports a full Windows 8.1 OS and an Intel x86 processor, which is the combination available in most PCs and laptop-tablet hybrids today.The Surface 3, which has a 10.8-inch screen, is a thinner and lighter version of Surface Pro 3 and can offer longer battery life, said Brian Eskridge, senior manager for Microsoft’s Surface products.To read this article in full or to leave a comment, please click here

Huawei’s P8 and P8max get all-metal designs, improved camera

Huawei Technologies is betting its all-metal P8 and the P8max will help the company make further inroads into the high end of the smartphone market.Following in the footsteps of the Galaxy S6 and S6 Edge from Samsung Electronics and the HTC One M9 is no easy feat, but Huawei is hoping it has developed a product that can compete with those devices.The P8 has a 5.2-inch, 1080-by-1920-pixel screen and is powered by a HiSilicon Kirin 64-bit processor with eight cores running at 1.5GHz or 2GHz. It has 16GB or 64GB of integrated storage and 3GB of RAM. The integrated storage can be expanded using a microSD card.Huawei has also worked to make the P8 look more premium. The device has an all-aluminum unibody that’s just 6.4 millimeters thick.To read this article in full or to leave a comment, please click here

Curious About ONUG? Wonder What It Is?

ONUG Logo

In case you’re interested in ONUG or wondering what the heck ONUG stands for, I write a short post called What Is An “ONUG” over at GestaltIT. I’m not going to duplicate it here, so please do the clicky over to GestaltIT and have a read. Bonus: there’s a registration discount code over there as well! Hope you enjoy it; ONUG looks like it’ll be very interesting.

 

Disclosure

My post at GestaltIT is a sponsored post as part of the ONUG Spring 2015 Tech Talk Series, part of the larger Tech Talks series.

If you liked this post, please do click through to the source at Curious About ONUG? Wonder What It Is? and give me a share/like. Thank you!

Clearing FUDDY Waters

Wave goodbye to slow Wi-Fi. Wave 2 of 802.11ac is here and now, adding new capabilities that improve overall Wi-Fi system performance and capacity. So don’t be put off by naysayers spewing FUD that Wave 2 APs won’t add immediate...

Six net neutrality lawsuits: What are the complaints about?

One of the main arguments for the trade groups and ISPs that have filed six—yes, six—lawsuits against the U.S. Federal Communications Commission’s net neutrality rules is that the agency violated a 69-year-old administrative procedure law in crafting the new regulations.The two ISPs and four trade groups filing lawsuits in recent days have challenged the FCC’s decision—as part of the new net neutrality rules—to reclassify broadband as a regulated, common-carrier service, instead of its long-standing classification of broadband as a lightly regulated information service. The plaintiffs, in addition to accusing the FCC of violating administrative procedure, will argue the agency violated ISPs’ constitutional rights.To read this article in full or to leave a comment, please click here

Don’t look now, but ATMs are about to get a cloud makeover

Automated teller machines have been around for decades, but surprisingly few changes have been made to the technologies that run them. That’s about to change.NCR on Wednesday rolled out new software that will transform ATMs to use the cloud with Android and a thin-client model of computing. The result, it says, will be a big boost in security as well as dramatically lower costs.Most of the world’s 2.2 million or so ATMs today are essentially thick-client PCs, and the vast majority of them—as much as 75 percent—run Windows XP, NCR says. It’s perhaps no wonder that security is an issue, yet banks typically must still administer updates manually to each ATM in their network.To read this article in full or to leave a comment, please click here

Don’t look now, but ATMs are about to get a cloud makeover

Automated teller machines have been around for decades, but surprisingly few changes have been made to the technologies that run them. That’s about to change.NCR on Wednesday rolled out new software that will transform ATMs to use the cloud with Android and a thin-client model of computing. The result, it says, will be a big boost in security as well as dramatically lower costs.Most of the world’s 2.2 million or so ATMs today are essentially thick-client PCs, and the vast majority of them—as much as 75 percent—run Windows XP, NCR says. It’s perhaps no wonder that security is an issue, yet banks typically must still administer updates manually to each ATM in their network.To read this article in full or to leave a comment, please click here

Don’t look now, but ATMs are about to get a cloud makeover

Automated teller machines have been around for decades, but surprisingly few changes have been made to the technologies that run them. That’s about to change.NCR on Wednesday rolled out new software that will transform ATMs to use the cloud with Android and a thin-client model of computing. The result, it says, will be a big boost in security as well as dramatically lower costs.Most of the world’s 2.2 million or so ATMs today are essentially thick-client PCs, and the vast majority of them—as much as 75 percent—run Windows XP, NCR says. It’s perhaps no wonder that security is an issue, yet banks typically must still administer updates manually to each ATM in their network.To read this article in full or to leave a comment, please click here

1 3,532 3,533 3,534 3,535 3,536 3,836