Thursday, December 14, 2017
Home Tags Linux

Tag: linux

Attack code for integer underflow bug is already circulating in the wild.
A basic tenet of open-source software security has long been the idea that since the code is open, anyone can look inside to see if there is something that shouldn't be there. It's a truth that does work and many of us who use open-source software da...
Multi-platform threat exploits old Java flaw, gains persistence.    
Seagate's enterprise cloud storage arm launches a cross-platform backup and recovery platform anchored by Microsoft's business-friendly cloud. EVault, a subsidiary of hard-drive maker Seagate, has announced a new offering that allows businesses to back up their data to Microsoft's Windows Azure cloud platform. Following up on the company's free EVault Endpoint Protection offer for new Azure enterprise customers, the company has launched Backup Services for Windows Azure. Despite the Windows-heavy branding, the product's platform-agnostic approach has benefits for mixed environments, claims the company. It provides heterogeneous, off-site storage for enterprise applications, server data and operating systems. "Because it can protect virtually any workload on a single cloud platform, EVault Backup Services for Windows Azure enables businesses to consolidate vendor contract issues and costs while also reducing risk," boasted EVault in a statement. Apart from the requisite support for Windows, the service also accommodates Linux, UNIX and IBM i. On the virtualization front, it protects data under VMware ESXi and Windows Server with Hyper-V. Finally, it also offers "granular restore capabilities" for Oracle databases and major Microsoft applications, including Microsoft SharePoint, Exchange and SQL Server. EVault's disk-based backup technology features built-in deduplication, block-level change tracking and compression to minimize network congestion.

Its encryption and IT security protections make it "a perfect complement to the Windows Azure network of data centers," asserts the company. As Azure gains traction in business IT circles, the platform helps the company extend the market reach of its backup portfolio. "More than half of the Fortune 500 is already using Windows Azure," Terry Cunningham, president and general manager of EVault, said in a statement. "Microsoft continues to build out the Windows Azure footprint, giving customers more options, and extending the global reach of EVault and that of our channel partners." "Integrating our flagship product into this extremely successful platform is an opportunity for us to bring the power of our cloud-connected technology to more organizations around the world," he added. Currently, more than 43,000 companies use Evault's cloud-based backup and recovery services. For Microsoft, Evault helps the software giant flesh out its growing Azure ecosystem. "By adding EVault Backup Services for Windows Azure to the existing portfolio of Windows Azure solutions, we're able to offer our joint customers a reliable and security-enhanced data protection solution," said Kim Akers, general manager of Microsoft's Developer and Platform Evangelism unit. The offering enables IT organizations to "take advantage of the open, flexible Windows Azure cloud platform to help ensure their critical data is protected and recoverable," added Akers. Last June, Microsoft revealed that its Windows Azure customer base had ballooned to 250,000 and that new customers are signing up at a rate of 1,000 per day.

Organizations are also gobbling up Azure storage. "The growth doesn't stop with customer volume—we continue to double compute and storage capacity every six to nine months and are simultaneously expanding into Japan, Australia and China (operated by 21Vianet)," wrote Windows Azure General Manager Steven Martin in a blog post.
Ars unravels the report that hackers have commandeered 100,000 smart devices.    
Original release date: January 13, 2014 | Last revised: February 05, 2014Systems Affected NTP servers Overview A Network Time Protocol (NTP) Amplification attack is an emerging form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible NTP servers to overwhelm a victim system with UDP traffic. Description The NTP service supports a monitoring service that allows administrators to query the server for traffic counts of connected clients. This information is provided via the “monlist” command. The basic attack technique consists of an attacker sending a "get monlist" request to a vulnerable NTP server, with the source address spoofed to be the victim’s address. Impact The attack relies on the exploitation of the 'monlist' feature of NTP, as described in CVE-2013-5211, which is enabled by default on older NTP-capable devices. This command causes a list of the last 600 IP addresses which connected to the NTP server to be sent to the victim. Due to the spoofed source address, when the NTP server sends the response it is sent instead to the victim. Because the size of the response is typically considerably larger than the request, the attacker is able to amplify the volume of traffic directed at the victim. Additionally, because the responses are legitimate data coming from valid servers, it is especially difficult to block these types of attacks. The solution is to disable “monlist” within the NTP server or to upgrade to the latest version of NTP (4.2.7) which disables the “monlist” functionality. Solution DetectionOn a UNIX-platform, the command “ntpdc” will query existing NTP servers for monitoring data. If the system is vulnerable to exploitation, it will respond to the “monlist” command in interactive mode. By default, most modern UNIX and Linux distributions allow this command to be used from localhost, but not from a remote host. To test for monlist support, execute the following command at the command line:/usr/sbin/ntpdc <remote server>monlistAdditionally, the “ntp-monlist” script is available for NMap, which will automatically display the results of the monlist command. If the system does not support the monitor query, and is therefore not vulnerable to this attack type, NMap will return an error type 4 (No Data Available) or no reply at all. Recommended Course of ActionAs all versions of ntpd prior to 4.2.7 are vulnerable by default, the simplest recommended course of action is to upgrade all versions of ntpd that are publically accessible to at least 4.2.7. However, in cases where it is not possible to upgrade the version of the service, it is possible to disable the monitor functionality in earlier versions of the software.To disable “monlist” functionality on a public-facing NTP server that cannot be updated to 4.2.7, add the “noquery” directive to the “restrict default” line in the system’s ntp.conf, as shown below:restrict default kod nomodify notrap nopeer noqueryrestrict -6 default kod nomodify notrap nopeer noquery References Vulnerability Summary for CVE-2013-5211 NTP Software Downloads ntp-monlist NSE Script Revision History January 13, 2014 - Initial Release This product is provided subject to this Notification and this Privacy & Use policy.
A number of IT security experts expect that attackers will increasingly focus on compromising embedded devices and consumer devices that make up the Internet of things. Cyber-attackers and security researchers focused on finding and attacking vulnerable devices on the broader Internet of things in 2013, a trend that will only accelerate in the coming year, according to security experts. The rapid adoption of network-connected devices by consumers and businesses will make the so-called Internet of things more attractive to vulnerability finders and cyber-criminals bent on mischief. From TVs to thermostats and from medical devices to home security, a range of devices are being connected to the Internet and exposed to risks for which they might not be ready, vulnerability management firm Rapid7 said in an email statement to eWEEK. "This is only set to continue—we’re already seeing network-enabled toasters, kettles, fridges and much more emerging," the company stated. "Unfortunately, researchers have found time and again that security issues abound on embedded devices, and they are typically very poorly patched." Attacks against embedded devices have been rare so far, but security researchers have noted that recently the pace of attacks has accelerated. In November, for example, Symantec posted a brief analysis of a worm, dubbed "Linux.Darlloz," that targeted a variety of Linux distributions with evidence of variants created for chipsets that are normally found in home routers, set-top boxes and security cameras. A major problem is that security is usually an afterthought during the creation of embedded devices. Companies are more concerned with getting the product out the door and not whether the design of the product can be exploited to compromise the user's data, according to Rapid7. In most cases, engineering teams do not collaborate well enough with other teams in the same company nor with users among their customers, Phil Packman, general manager for security enablement at telecom giant BT, said in a blog post. That lack of communications leads to bad designs and missed opportunities to secure their products, he said. "It is often hard for the engineer to ‘connect’ in the course of his day job, and an external attack can seem quite unlikely," Packman said. "On the other hand, clients who rely extensively on automated control systems with remote monitoring can easily see how this risk is very real for them, carrying with it consequences that don’t bear thinking about." Considering how pervasive Internet-connected devices are in our lives, one company claims that 2014 will see the first murder carried out using such a device that was compromised by a cyber-attack. In its predictions for 2014, Internet Identity, a brand-security company, posited that companies and consumers will see the dark side of the Internet of things by 2015, with hackers learning how to cause chaos in people's home in the next two years.
How one box was converted into a Bitcoin-mining, DoS-spewing, bug-exploiting bot.
The office at DoES Liverpool has a DoorBot, which works as a kiosk device, showing webcam views of the office and a list of upcoming events. Doorbot originally consisted of a networked PC with a flat-screen monitor facing out towards the corridor through a conveniently located window.

The DoorBot works as a kiosk device, showing webcam views of the office, a list of upcoming events (from Google Calendar), and a welcome message to any expected guests. Currently, its only input device is an RFID reader. Our members can register their RFID cards (Oyster, Walrus, DoES membership card, and so on). Finally, this device is also connected to speakers, so it can play a personalised tune or message when members check in or out. Developing this device was as simple as running software on a computer ever is: the trickiest cases are things such as turning the screen off and on after office hours and coping with losing or regaining power and network. Given how close the functionality is to that of a PC, it might seem crazy to think of any other solution. However, if we had to scale up – to cover more doors or to sell the idea to other companies – we suddenly have new trade-offs. Just sticking a tower PC somewhere near the door may not be ideal for every office.

A computer that fits neatly with an integrated screen might work, such as an iMac, a laptop, or a tablet. But these devices are much more expensive than the original commodity PC (effectively “free” when it was a one-off because it was lying around with nothing else to do).

A small embedded computer, such as a Raspberry Pi, might be ideal because it costs relatively little, runs Linux and has HDMI output. Read more about the internet of things >> This is an edited extract from Designing the Internet of Things by Adrian McEwen and Hakim Cassimally, published by Wiley, RRP £19.99. Email Alerts Register now to receive IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from This was first published in December 2013
NEWS ANALYSIS: A noted security researcher says it's easy to hijack a widely-used, but poorly-secured, airborne drone using an autonomous skyjacking drone of his own. Security and privacy researcher Samy Kamkar ...
A security vulnerability first identified and patched two-and-a-half years ago remains a threat today. An old flaw is being actively exploited and is now threatening the new Internet of things (IoT) world. Security researchers at Symantec reported on a Linux worm on Nov. 27, and this week security researchers at Cisco have found their own evidence on the flaw that is now placing the IoT at risk. The flaw that is being exploited is a PHP-based flaw identified as CVE-2012-1823, Cisco Security Threat Research Analysis & Communications (TRAC) technical leader Craig Williams, explained to eWEEK. PHP is a popular open-source programming language that is widely deployed on all types of server infrastructure, including Windows as well as Linux machines. The flaw is a code-injection risk that was first identified and patched in May 2012 and affects PHP versions 5.4.1 and prior. Currently, the most up-to-date version of PHP 5.4 is the 5.4.22 release. PHP 5.4.2 which provides a fix for CVE-2012-1823, was released May 3, 2012. Cisco has been able to track infection rates for the PHP-driven malware across its own customers as well from its new Sourcefire customers. Cisco completed its $2.7 billion acquisition of network security vendor Sourcefire in October.

The combined Cisco/Sourcefire data shows a high-point for attacks for the flaw coming on Nov. 30. Attackers will continue to exploit this vulnerability as long as there are systems that are susceptible to attack, Williams said. "One contributing factor is the ease with which this flaw can be exploited," Williams explained. "Vulnerable versions of this software are fairly widespread, so this could continue to be problematic for quite some time." The PHP vulnerability is being leveraged by attackers to deploy the Linux.Trojan.Zollard malware that is designed to infect Linux-based devices.

While PHP runs on multiple types of servers, the current round of attacks are aimed at servers that are being run on embedded devices, which typically run Linux. Embedded devices are what make up the Internet of things, Williams said. "The PHP issue allows an attacker to run commands forcing the server to download and run the Zollard malware," Williams said. Linux systems are typically configured with specific access-control restrictions for different programs and users. With the Zollard malware, if a device is infected, it would run with the same access rights as the Web server (httpd). Organizations can protect themselves from the PHP-driven flaw in a number of ways.

The first and most obvious recommendation is to simply patch PHP—although, according to Williams, patching PHP isn't always a simple proposition. "The problem is that many embedded devices are not maintained properly or cannot be updated due to some dependency," Williams said. "If these devices are exposed to the Internet or even an intranet, they need to be protected by a security device like an intrusion-prevention system (IPS)." Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist. ${QSComments.incrementNestedCommentsCounter()} {{if QSComments.checkCommentsDepth()}} {{if _childComments}}
Ever wanted your own botnet of flying drones? SkyJack can help.