News - via Help Net Security's Zeljka Zorz, of serious flaws in Wireshark's bits leading to potential crashes apparently caused by stored malicous packet trace files. HelpNet notes that Wireshark has fixed versions: 2.6.3, 2.4.9, or 2.2.17 - all of which can be downloaded on the Wireshark Download page: https://www.wireshark.org/download.html
"The vulnerabilities – CVE-2018-16056, CVE-2018-16057 and CVE-2018-16058 – affect three components of Wireshark: the Bluetooth Attribute Protocol (ATT) dissector, the Radiotap dissector, and the Audio/Video Distribution Transport Protocol (AVDTP) dissector, respectively." - via Help Net Security's Zeljka Zorz
via Ronald F. Guilmette (writing on the NANOG Mailinmg List), in which, his evident disgust (shared I'm sure by the majority of network engineers reading the NANOG List), at BGP route hijacks executed allegedly by BitCanal - a Portuguese firm, at this point, held in the lowest regards. Read more on the Oracle+Dyn blog post well crafted by Doug Madory, or Ronald F. Guilmette's email on the NANOG List (a short snippet also follows).
"Sometimes I see stuff that just makes me shake my head in disbelief. Here is a good example:https://bgp.he.net/AS3266#_prefixes I mean seriously, WTF? As should be blatantly self-evident to pretty much everyone who has ever looked at any of the Internet's innumeriable prior incidents of very deliberately engineered IP space hijackings, all of the routes currently being announced by AS3266 (Bitcanal, Portugal) except for the ones in 213/8 are bloody obvious hijacks. (And to their credit, even Spamhaus has a couple of the U.S. legacy /16 blocks explicitly listed as such.)" - Ronald F. Guilmette at NANOG Mailing List Archive
Whilst the flaws in Signaling System 7 (SS7) are the gift that keeps on giving, in this case, that gift has been inherited by the DIAMETER protocol, to the delight of miscreants unknown... With internal system, billing and bridging protocols like these, deeply embedded in cellular network infrastructure (all carriers) - who needs enemies; which brings to mind: 'We have met the enemy, and he is us! - Walt Kelly's Pogo, h/t
via CircleID, comes a particularly relevant discussion regarding the most abused TLDs (as researched by the Spamhaus Project) on our interwebs. Additionally, read the eponymous Brian Krebs' latest take on the subject, you'll be glad you did.
The beginning of May 2018 saw problematic internetworking operational issues revolving around the notion of robust router security (in reality, the lack thereof...). Today's Must Read comes from ISOC personnel Megan Kruse and Aftab Siddiqui, and lightly details the initiative entitled Mutually Aagreed Norms for Routing Security (MANRS). No resolution of this issue has been unequivocally accepted, but hope does spring eternal, as such, you can learn much more about MANRS here. Enjoy the Norms, and have a go with the MANRS for Network Operators document.
via Zack Whittaker timely reportage for ZDNet's Zero Day group, his work provides insight to the tangled-web-we-weave in the ICS/SCADA world. This time - the ramifications of a particularly-pesky security flaw in a Schneider product (amongst thousands of other known bugs in hundreds of other software packages coupled with poor software management practices in the industrial control systems sector combine to make a very poor nap at the control boards, indeed. Just ask Homer! Today's Critical Must Read Choice.
"It's the latest vulnerability that risks an attack to the core of any major plant's operations at a time when these systems have become a greater target in recent years. The report follows a recent warning, issued by the FBI and Homeland Security, from Russian hackers. The affected Schneider software, InduSoft Web Studio and InTouch Machine Edition, acts as middleware between industrial devices and their human operators. It's used to automate the various moving parts of a power plant or manufacturing unit, by keeping tabs on data collection sensors and control systems. " - via Zack Whittaker writing for ZDNet's Zero Day
BGP Related Issues, Along With Malicious Redirection Predicated On Fraudulent Routes To Blame
via Dan Goodin's typically superlative prose, at Ars Technica, in which, Dan details the issues, titled 'Suspicious Event Hijacks Amazon Traffic For 2 Hours, Steals Cryptocurrency' comes the root cause of the Amazon Route53 debacle. Additionally, a great tell-all piece entitled 'Another BGP Hijacking Event Highlights the Importance of MANRS and Routing Security' (discussing the same issues as Mr. Goodin), via The Internet Society's Megan Kruse and Aftab Siddiqui is also worthy of note. Fundamentally, the IETF should step up it's efforts to deal with these issues (and perhaps take MANRS into consideration ASAP. It is important to note that the Internet Engineering Task Force (IETF) is an organized activity of The Internet Society's, and has been for more that a decade. Both posts are Today's Must Read.
Following up on our Tuesday post entitled '4G Gone Wild (and the trigger for that post - Zero Day author Zack Whittaker's) superlative piece), another author - Sean Gallagher of Ars Technica - has posted a highly detailed article presenting his take on the same LTE security flaws and the ramifications of those pernicious issues. Certainly Today's Must Read!
via Zack Whittaker, writing at the Zero Day blog at ZDNet, tells the story of recently discovered 4G LTE attacks, and the academicians studying the specifics of these pernicious exploits (the group's recently published paper is currently available). Today's MustRead. H/T
Ten attacks detailed in a new paper by researchers at Purdue University and the University of Iowa expose weaknesses in three critical protocol operations of the cellular network, such as securely attaching a device to the network and maintaining a connection to receive calls and messages. - Zack Whittaker, writing at the Zero Day blog at ZDNet
Meanwhile in DDoS news... Reportage of IPv6 DDoSing via El Reg, (and well-written by Kieren McCarthy) detailing an IPv6-transported DDoS attack - a 1.35Tbps attack on GitHub - that should be baking a lot of noodles out there in the network protection racket...
"Network guru Wesley George noticed the strange traffic earlier this week as part of a larger attack on a DNS server in an effort to overwhelm it. He was taking packet captures of the malicious traffic as part of his job at Neustar's SiteProtect DDoS protection service when he realized there were "packets coming from IPv6 addresses to an IPv6 host." The attack wasn't huge – unlike this week's record-breaking 1.35Tbps attack on GitHub – and it wasn't using a method that is exclusive to IPv6, but it was sufficiently unusual and worrying to flag to the rest of his team." - via Kieren McCarthy writing at El Reg
Seemingly yearly, we see new printer vectored network attacks due to slovely written code in the printer or the offending machine's drives. Here's the latest debacle courtesy of Hacker Noon on their Medium blog.
'Hacking unsecured printers is easy. Unfortunately, according to a Spiceworks survey only 16% of IT industry respondents think printers are at high risk of a security breach! 43% of surveyed companies ignore printers in their endpoint security approach. Well, what adminstrators don’t know will hurt them. Corporations invest in securing their computing devices. Why not printers?' - via Hacker Noon on Medium
News, of the release of OpenSnitch - the GNU/ Linux port of Object Development's much beloved LittleSnitch - a native macOS Application Firewall is the big news around our locale today. As of the date of this post, OpenSnitch is in Alpha release state, with the caveat: 'Warning: This is still alpha quality software, don't rely on it (yet) for your computer security.' Additional information is available via the OpenSnitch GitHub Readme. H/T