Computer News & Safety – Harry Waldron Rotating Header Image

October 25th, 2016:

Internet Cyber Security – Dyn attack harnessed IOT security exploits

A brand new way for hackers shutdown INTERNET emerged earlier in the week when a DYN a key internet hosting company suffered a massive DDoS attack.  They recovered quickly, as a new approach of manipulating a new evolving technology called IOT (Internet of things) was discovered

http://dyn.com/blog/dyn-statement-on-10212016-ddos-attack/

I also don’t want to get too far into this post without:

1.Acknowledging the tremendous efforts of Dyn’s operations and support teams in doing battle with what’s likely to be seen as an historic attack.

2.Acknowledging the tremendous support of Dyn’s customers, many of whom reached out to support our mitigation efforts even as they were impacted. Service to our customers is always our number one priority, and we appreciate their understanding as that commitment means Dyn is often the first responder of the internet.

3.Thanking our partners in the technology community, from the operations teams of the world’s top internet companies, to law enforcement and the standards community, to our competition and vendors, we’re humbled and grateful for the outpouring of support.

Attack Timeline — Starting at approximately 7:00 am ET, Dyn began experiencing a DDoS attack. While it’s not uncommon for Dyn’s Network Operations Center (NOC) team to mitigate DDoS attacks, it quickly became clear that this attack was different (more on that later). Approximately two hours later, the NOC team was able to mitigate the attack and restore service to customers. Unfortunately, during that time, internet users directed to Dyn servers on the East Coast of the US were unable to reach some of our customers’ sites, including some of the marquee brands of the internet. We should note that Dyn did not experience a system-wide outage at any time – for example, users accessing these sites on the West Coast would have been successful.

What we know — At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.

Leadership – Integrity means being true on consistent basis

To achieve long-range objectives over time, there must be a pattern of consistency or the day-to-day distractions will impact the overall success of the team.

http://www.johnmaxwell.com/blog/consistency-a-wise-investment-of-time

We live in a culture that rewards image – often over integrity. We promote people who appear to have their act together, and encourage others to do the same. Never mind any warning signs about their character. As long as they look good while they produce, our culture is satisfied.   Why do we reward image over integrity?  The answer is simple: Image is easy. Integrity is hard.

Am I Being True to Myself?Living with integrity begins within. The only person in the world you can’t hide from is you. To be a genuine person, you have to be able to live with yourself and the decisions you make. If your actions would cause you shame or embarrassment if they were ever found out, then you’re not being true to yourself and your values.

Am I Being True to My Mentor? — Mentors are the people who have chosen to invest in you. They believe in you and your potential, and have shared their time and wisdom to help you maximize it. If your actions would disappoint them, then you’re not putting enough value on your mentor’s investment.

Am I Being True to My People? — You are surrounded by people who are affected by your actions. Be they family, friends, colleagues, or neighbors, your choices impact them on a daily basis. If you are not living a genuine life with them, it will ultimately damage the relationships that you need to thrive.

It’s easy to believe that integrity doesn’t really pay off. In fact, that seems to be the message our culture thrives on! Why do things the hard way when you can just “fake it ‘til you make it” – especially when so many people seem to succeed overnight through shortcuts and shams? It’s tempting to believe that you can or should do the same. After all, everyone wants to get to the top, so why not take the fastest route?

Microsoft Security Updates – New Patch Tuesday cumulative update process

Microsoft’s new “Patch Tuesday” model improves installation process, but if issues surface with the updated system or devices the capability to fine tune and eliminate a small subset of the total release is no longer present.

http://www.darkreading.com/endpoint/microsofts-new-patch-tuesday-model-comes-with-benefits-and-risks/d/d-id/1327251

Microsoft as of this month officially transitioned its Patch Tuesday model to a cumulative patching process for Windows 7 and Windows 8.1 that security experts say is a more flexible and streamlined way to update vulnerable systems. But it also comes with some risks.  October 11 marked the first time Microsoft released updates via its new system, which combines security and non-security fixes into large bundles. Three distinct update bundles will roll out each month; two available to enterprise customers, and one for consumers.

One of these, for businesses and consumers, is released via Windows Update, Windows Server Update Services (WSUS), and the Windows Update Catalog. This is a monthly rollup of security and non-security fixes, which contains all updates for the month as well as fixes for the previous months. If a user skips a month, they will receive the patches for that month in the following month’s bundle.  The second bundle contains all security patches for the specific month and excludes fixes from previous months. These security-only rollouts, intended for enterprise users, are distributed through WSUS and Windows Update Catalog.

“What Microsoft is trying to do is make things simpler for users by delivering all updates together,” explains Amol Sarwate, director of vulnerability labs at Qualys. “When administrators install patches, they can just deploy one patch.” This model also makes it easier to learn which fixes are included and which aren’t, he adds.  Ullrich acknowledges the new model will make patch application easier, but there is also risk related to availability.  “If a particular patch interferes with a particular function of the PC, either a hardware component or customer software, then the entire patch has to be delayed and it will not be advisable to just apply a partial patch,” he explains.

Microsoft Security Updates – OCTOBER 2016

Below are key resources documenting this recent monthly Microsoft Patch Tuesday release:

https://technet.microsoft.com/en-us/library/security/ms16-oct.aspx

https://isc.sans.edu/mspatchdays.html

http://blog.talosintel.com/2016/10/ms-tuesday.html

Patch Tuesday has once again arrived! Microsoft’s monthly release of security bulletins to address vulnerabilities provides fixes for 37 newly disclosed security flaws. Today’s release sees a total of 10 bulletins with five of the bulletins rated critical and address vulnerabilities in Edge, Graphics Component, Internet Explorer, Video Control, and Adobe Flash Player. Four bulletins are rated important and address flaws in Office, Windows Diagnostic Hub, Windows Kernel-Mode Drivers, and Windows Registry. One bulletin is rated moderate and addresses a flaw in Microsoft Internet Messaging API.  The following bulletins are rated critical: MS16-118, MS16-119, MS16-120, MS16-122, MS16-127

Linux – Dirty Cow exploits nine year old vulnerability

Linux vendors are scrambling to patch a nine year old vulnerability that is being used in the “Dirty Cow” exploit

http://www.pcmag.com/news/348973/researcher-discovers-exploit-of-9-year-old-linux-bug

http://www.v3.co.uk/v3-uk/news/2474845/linux-users-urged-to-protect-against-dirty-cow-security-flaw

An easy-to-exploit flaw in the Linux operating system has been present for nearly a decade, and security researchers warned last week that hackers are now starting to use it.  Linux developer Phil Oester discovered the so-called Dirty Cow bug, which lets attackers gain read and write access to a Linux system’s memory that would normally be read-only for all but the local user. Oester wrote in an email to Ars Technica that after exploiting it, “any user can become root in 5 seconds in my testing, very reliably.”

To take advangate of the Dirty Cow bug and gain access to the memory, a hacker just needs to upload a file to the system they’re targeting and execute it. That’s hacking 101, and can be accomplished numerous ways—from sending a malicious email to cracking a password.  “As Linus [Torvalds] notes in his commit, this is an ancient bug and impacts kernels going back many years. All Linux users need to take this bug very seriously, and patch their systems ASAP.”

NMAP 7.31 – Stability release of popular PENTEST tool

A minor stability release was made for NMAP 7.31, the popular free PENTEST tool to fix minor issues after last month’s major version release

https://nmap.org/download.html

The big Nmap 7.30 release last month was a great success.  We didn’t even see as many bugs as expected for such a large release, but we have collected and fixed the ones which did arise in the last few weeks into a new 7.31 point release.  It includes the latest updates to our new Npcap driver, a fix for Nping on Windows, and more.  Nmap 7.31 source code and binary packages for Linux, Windows, and Mac are available for free download.  Here are the changes we put in since 7.30:

**  [Windows] Updated the bundled Npcap from 0.10r2 to 0.10r9, bringing increased stability, bug fixes, and raw 802.11 WiFi capture (unused by Nmap).

**  Fixed the way Nmap handles scanning names that resolve to the same IP. Due to changes in 7.30, the IP was only being scanned once, with bogus results displayed for the other names.

**  [Nping][GH#559] Fix Nping’s ability to use Npcap on Windows.   A privilege check was performed too late, so the Npcap loading code assumed the user had no rights.

**  [GH#350] Fix an assertion failure due to floating point error in equality comparison, which triggered mainly on OpenBSD

**  [Zenmap] Fix a crash in the About page in the Spanish translation due to a missing format specifier

**  [Zenmap][GH#556] Better visual indication that display of hostname is tied to address in the Topology page. You can show numeric addresses with hostnames or without, but you can’t show hostnames without numeric addresses when they are not available.

**  To increase the number of IPv6 fingerprint submissions, a prompt for submission will be shown with some random chance for successful matches of OS classes that are based on only a few submissions.