If not, you'd be well advised to get with the Program as it is time to Get Squared Away. You can test your domain here at DNS Flag Day, or educate those always hungry neurons here. All of this fal-de-rol is slated to be accomplished worldwide on or about 2019/02/01.
"The current DNS is unnecessarily slow and inefficient because of efforts to accommodate a few DNS systems that are not in compliance with DNS standards established two decades ago. To ensure further sustainability of the system it is time to end these accommodations and remediate the non-compliant systems. This change will make most DNS operations slightly more efficient, and also allow operators to deploy new functionality, including new mechanisms to protect against DDoS attacks." - via DNS Flag Day
via Muks Hirani, Sarah Jones and Ben Read writing at FireEye's threat research blog, comes notification of world-wide-dns-at-scale hijacks. Pre-election first-pass, stakes-in-the-ground reconnaisance foundation building? Or simple larcency? You be the judge. H/T
"FireEye Intelligence identified access from Iranian IPs to machines used to intercept, record and forward network traffic. While geolocation of an IP address is a weak indicator, these IP addresses were previously observed during the response to an intrusion attributed to Iranian cyber espionage actors." - via Muks Hirani, Sarah Jones and Ben Read writing at FireEye's threat research blog
via Jeff Stone writing at Cyberscoop, comes this fascinating reportage, detailing an open-source based effort targeting BGP hijack exploits monikered ARTEMIS (Automatic and Real-Time Detection and Mitigation System, ARTEMIS - a research effort of the INSPIRE group, FORTH Greece (www.inspire.edu.gr) and the Center for Applied Internet Data Analysis (CAIDA), University of California San Diego, USA). Examine, if you will - the ARTEMIS ReadMe on the ARTEMIS group's GitHub site.
And, while your at it, read the projects' paper authored by Pavlos Sermpezis, Vasileios Kotronis, Petros Gigis, Xenofontas Dimitropoulos, Danilo Cicalese, Alistair King, and Alberto Dainotti. Entitled "ARTEMIS: Neutralizing BGP Hijacking within a Minute", it will astound you with the technical chops this team possesses. H/T
News - via Help Net Security's Zeljka Zorz, of serious flaws in Wireshark's bits leading to potential crashes apparently caused by stored malicous packet trace files. HelpNet notes that Wireshark has fixed versions: 2.6.3, 2.4.9, or 2.2.17 - all of which can be downloaded on the Wireshark Download page: https://www.wireshark.org/download.html
"The vulnerabilities – CVE-2018-16056, CVE-2018-16057 and CVE-2018-16058 – affect three components of Wireshark: the Bluetooth Attribute Protocol (ATT) dissector, the Radiotap dissector, and the Audio/Video Distribution Transport Protocol (AVDTP) dissector, respectively." - via Help Net Security's Zeljka Zorz
via Ronald F. Guilmette (writing on the NANOG Mailinmg List), in which, his evident disgust (shared I'm sure by the majority of network engineers reading the NANOG List), at BGP route hijacks executed allegedly by BitCanal - a Portuguese firm, at this point, held in the lowest regards. Read more on the Oracle+Dyn blog post well crafted by Doug Madory, or Ronald F. Guilmette's email on the NANOG List (a short snippet also follows).
"Sometimes I see stuff that just makes me shake my head in disbelief. Here is a good example:https://bgp.he.net/AS3266#_prefixes I mean seriously, WTF? As should be blatantly self-evident to pretty much everyone who has ever looked at any of the Internet's innumeriable prior incidents of very deliberately engineered IP space hijackings, all of the routes currently being announced by AS3266 (Bitcanal, Portugal) except for the ones in 213/8 are bloody obvious hijacks. (And to their credit, even Spamhaus has a couple of the U.S. legacy /16 blocks explicitly listed as such.)" - Ronald F. Guilmette at NANOG Mailing List Archive
Whilst the flaws in Signaling System 7 (SS7) are the gift that keeps on giving, in this case, that gift has been inherited by the DIAMETER protocol, to the delight of miscreants unknown... With internal system, billing and bridging protocols like these, deeply embedded in cellular network infrastructure (all carriers) - who needs enemies; which brings to mind: 'We have met the enemy, and he is us! - Walt Kelly's Pogo, h/t
via CircleID, comes a particularly relevant discussion regarding the most abused TLDs (as researched by the Spamhaus Project) on our interwebs. Additionally, read the eponymous Brian Krebs' latest take on the subject, you'll be glad you did.
The beginning of May 2018 saw problematic internetworking operational issues revolving around the notion of robust router security (in reality, the lack thereof...). Today's Must Read comes from ISOC personnel Megan Kruse and Aftab Siddiqui, and lightly details the initiative entitled Mutually Aagreed Norms for Routing Security (MANRS). No resolution of this issue has been unequivocally accepted, but hope does spring eternal, as such, you can learn much more about MANRS here. Enjoy the Norms, and have a go with the MANRS for Network Operators document.
via Zack Whittaker timely reportage for ZDNet's Zero Day group, his work provides insight to the tangled-web-we-weave in the ICS/SCADA world. This time - the ramifications of a particularly-pesky security flaw in a Schneider product (amongst thousands of other known bugs in hundreds of other software packages coupled with poor software management practices in the industrial control systems sector combine to make a very poor nap at the control boards, indeed. Just ask Homer! Today's Critical Must Read Choice.
"It's the latest vulnerability that risks an attack to the core of any major plant's operations at a time when these systems have become a greater target in recent years. The report follows a recent warning, issued by the FBI and Homeland Security, from Russian hackers. The affected Schneider software, InduSoft Web Studio and InTouch Machine Edition, acts as middleware between industrial devices and their human operators. It's used to automate the various moving parts of a power plant or manufacturing unit, by keeping tabs on data collection sensors and control systems. " - via Zack Whittaker writing for ZDNet's Zero Day
BGP Related Issues, Along With Malicious Redirection Predicated On Fraudulent Routes To Blame
via Dan Goodin's typically superlative prose, at Ars Technica, in which, Dan details the issues, titled 'Suspicious Event Hijacks Amazon Traffic For 2 Hours, Steals Cryptocurrency' comes the root cause of the Amazon Route53 debacle. Additionally, a great tell-all piece entitled 'Another BGP Hijacking Event Highlights the Importance of MANRS and Routing Security' (discussing the same issues as Mr. Goodin), via The Internet Society's Megan Kruse and Aftab Siddiqui is also worthy of note. Fundamentally, the IETF should step up it's efforts to deal with these issues (and perhaps take MANRS into consideration ASAP. It is important to note that the Internet Engineering Task Force (IETF) is an organized activity of The Internet Society's, and has been for more that a decade. Both posts are Today's Must Read.
Following up on our Tuesday post entitled '4G Gone Wild (and the trigger for that post - Zero Day author Zack Whittaker's) superlative piece), another author - Sean Gallagher of Ars Technica - has posted a highly detailed article presenting his take on the same LTE security flaws and the ramifications of those pernicious issues. Certainly Today's Must Read!
via Zack Whittaker, writing at the Zero Day blog at ZDNet, tells the story of recently discovered 4G LTE attacks, and the academicians studying the specifics of these pernicious exploits (the group's recently published paper is currently available). Today's MustRead. H/T
Ten attacks detailed in a new paper by researchers at Purdue University and the University of Iowa expose weaknesses in three critical protocol operations of the cellular network, such as securely attaching a device to the network and maintaining a connection to receive calls and messages. - Zack Whittaker, writing at the Zero Day blog at ZDNet