Software Development jobs in SF Bay area

Monday, November 7, 2016

How to fix the millions of vulnerable IoT devices used it the Miari DDoS attacks.

How to fix millions of vulnerable IoT devices used it the Miari DDoS attacks.

15 years ago I received the call from my friend Don Jensen. He was the head IT guy for Granite Construction, Heavy Construction division. He had four remote sites infected with the Nimda worm. 

Wikipedia sums it up here:

"Nimda is a file infecting computer worm. It quickly spread, surpassing the economic damage caused by previous outbreaks such as Code Red. Nimda utilized several types of propagation techniques and this caused it to become the Internet’s most widespread virus/worm within 22 minutes.
The worm was released on September 18, 2001. Nimda affected both user workstations (clients) running Windows 95, 98, NT, 2000 or XP and servers running Windows NT and 2000. 
The worm exploited various Microsoft IIS 4.0 / 5.0 directory traversal vulnerabilities. Nimda were hugely successful exploiting well known and long solved vulnerabilities in the Microsoft IIS server."

It was affecting all of the telephone service at the remote sites (Las Vegas, Minneapolis, Dallas, and Tampa). The phone systems were running Cisco Communication Center on top of Windows 2000 server. Microsoft Internet Information Server administration GUI was the admin control console.

What a mess. I was at my home in California, and traveling to each remote site was not possible.
This HAD to repair remotely, so I started to investigate what made Nimda tick, and found a solution. (This advisory from CERT was really helpful.)

I used it against itself. I "hacked" each of the Windows servers using the exact same security hole that made Nimda possible: I opened a browser window, plugged in the IP address of the infected server, and began typing commands, starting with "CMD.EXE".

After the massive DDoS atack in October 2016, I started to think about how to remotely patch the millions of video cameras, DVR's, and doorbells that were being compromised by Mirai and downloaded the source code. I think this just might work, but it may not be legal to remotely patch and upgrade all the IoT devices in the world. 

Installing Tails in VirtualBox:

I am very fond of VirtualBox as a way to experiment with new operating systems, mostly based on Linux in one form or another. I installed VirtualBox of a old HP laptop and wanted to try out Tails, a Linux operating system that can provide some protection against government spying (like the NSA).

Here is how the folks at Tails describe it (from their web site):

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly.

It is a complete operating system designed to be used from a DVD, USB stick, or SD card independently of the computer's original operating system. It is Free Software and based on Debian GNU/Linux.

It aims at preserving your privacy and anonymity, and helps you to:
use the Internet anonymously and circumvent censorship;
all connections to the Internet are forced to go through the Tor network;
leave no trace on the computer you are using unless you ask it explicitly;
use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.

Tails comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc.

amnesia, noun: forgetfulness; loss of long-term memory.

incognito, adjective & adverb: (of a person) having one's true identity concealed.

Online anonymity and censorship circumvention

Tails relies on the Tor anonymity network to protect your privacy online:

All software is configured to connect to the Internet through Tor, if an application tries to connect to the Internet directly, the connection is automatically blocked for security.

Tor is an open and distributed network that helps defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.

Tor protects you by bouncing your communications around a network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

Using Tor you can:

be anonymous online by hiding your location,
connect to services that would be censored otherwise;
resist attacks that block the usage of Tor using circumvention tools such as bridges.
To learn more about Tor, see the official Tor website. You can also read more here:

To learn more about how Tails ensures all its network connections use Tor, see our design document.

Wednesday, February 25, 2015

Installing KaOSx Linux in VirtualBox

Here is what I did to install KaOSx Linux in VirtualBox. KaOS is a an rolling distribution, fully focused on KDE/Qt. It uses pacman as package-manager and is based on Arch Linux. Arch Linux is bleeding edge rolling, whereas KaOS is a bit more conservative.

To quote the website: "The idea behind KaOS is to create a tightly integrated rolling and transparent distribution for the modern desktop, build from scratch with a very specific focus. Focus on one DE (KDE), one toolkit (Qt), one architecture (x86_64) plus a focus on evaluating and selecting the most suitable tools and applications. Moving away from proprietary Operating Systems to open source options (Linux-based, BSD based, Solaris based) is about wanting freedom and choice in almost all cases. KaOS has made the choice to use the Linux kernel as a base (though the Illumos kernel is under constant evaluation, and a future switch is a wish). After that choice, the best available package manager, most flexible way of package building, repository maintenance is pacman/makepkg for a rolling distro like KaOS. As for the Desktop Environment, there will never be a change, whether it is Linux or Illumos based, KDE will be the choice, Qt the Toolkit. With those choices in place, April 2013 package building for this independent distribution was started. KaOS is a build from scratch distribution, every package in every repository is build by and for KaOS. By July 2013 the initial goal of about 1500 packages was reached."

Hardware requirements?
KDE is a modern Desktop Environment which can make use of most of any graphics or sound card capabilities. This does not mean KDE can’t be made to run on very low-end hardware, but in general there are better options available for such systems (OpenBox for example). The very minimal needed for hard-drive space is 8 Gb, but 25 Gb is recommended as minimal. KaOS will install with 1 Gb of RAM available, though a much better experience will start with 2 Gb of RAM. Since only x86_64 packages are available, a 64 bit capable cpu is needed.

I added 2 Gigs to the VM, and enabled 3D acceleration and PAE/NX.

 Boot up menu.Start KaOS Live with or without nVidia Drivers, Boot from first hard disk, preform and hardware detection or memory test. F1 is Help, F2 sets the default laungage, F3 sets the video mode, and F4 allows you to adjust the kernel paramiters at boot. 

Booting the kernel, no errors.

First Installation screen. Welcome!

Select your time zone.

Tuesday, August 26, 2014

KALI Linux releases version 1.09

The Kali Linux developers have released version 1.09 to the public. Kali Linux is a Linux distribution specifically intended for the network security and forensics professional, but makes a damn good all around Operating System for those who are concerned with computer security in general. Kali Linux describes itself  as a "penetration testing platform" and "the most advanced and versatile penetration testing distribution ever created."

Kali Linux contains a includes a vast collection of tools from information gathering to final reporting, that enable security and IT professionals to assess the security of their systems.

They provide several ISO files for download, in 32, 64 bit and ARM, as well as several VMWare images.

They also host the training and pen testing consultants Offensive Security. They offer:

Training  and certifications in Network Security and Penetration Testing Training:
Experience the industry’s most realistic penetration testing training and certifications. Taught by the core developers of Kali Linux, our information security traiining will immerse you into the deep-end of real world penetration testing.

Penetration Testing services:
We know penetration testing. Between Offensive Security TrainingKali Linux and the Exploit-Database, you can trust that we have the expertise, knowledge and experience to provide you with high end penetration testing services

Kali Linux contains a vast array of tools and utilities from different niches of the security and forensics fields.