Wenatchee Valley College - CTS Discussion Board

You are not logged in. Would you like to login or register?

Security Class » Security Class Article #5 - Due 11/19/18 » 11/16/2018 11:29 am

Skyler
Replies: 12

Go to post

Due to what was "almost certainly an error", BGP mishap routes google's traffic through Chinese and Russian networks, brings down google temporarily.

What happened:
A small ISP in Nigeria, MainOne Cable Company improperly updated tables in the internet's global routing system advertising one of it's routes as the correct route to reach IP addresses owned by Google

A Chinese carrier, China Telecom, improperly accepted the route that was advertised by MainOne and advertised it world wide

This caused a major Russian carrier, Transtelecom, as well as other ISPs to begin using this route.

This redirected some of google's most sensitive traffic through networks they were not intended for. The event lasted 74 minutes.

While it has been claimed by all parties to be an accident, this event is being heavily scrutinized. 

https://arstechnica.com/information-technology/2018/11/major-bgp-mishap-takes-down-google-as-traffic-improperly-travels-to-china/

-Skyler

Security Class » Security Discussion Article #4 - Due November 12th » 11/13/2018 10:52 am

Skyler
Replies: 7

Go to post

Several vulnerabilities found in hardware encryption implementations. This affects Crucial MX devices, Samsung EVO devices, and others. The vulnerable encryption implementations are ATA security and TCG Opal. Multiple vulnerabilities are discussed in the article, but to summarize:

Researchers with phyiscal access could modify the password validation process  in RAM through the JTAG debugging interface, causing it to accept any password and decrypt the device

Crucial MX300 has a master password for decryption, which by default is an empty string

The Samsung 840 EVO has a "wear leveling" feature for preserving the longevity of the SSD that involves moving data to different locations on the SSD, but old data is preserved until overwritten. This means that if you have unprotected data and add a password, the wear leveling feature will preserve the unprotected data until overwritten

Bitlocker defaults to hardware encryption if available before using it's own software encryption, so Bitlocker doesn't protect against these hardware vulnerabilities

Crucial has patched all their devices, Samsung has patched some of their devices.

https://thehackernews.com/2018/11/self-encrypting-ssd-hacking.html

-Skyler

Security Class » Security Discussion Topic #2 Due Monday the 15th » 10/15/2018 9:24 am

Skyler
Replies: 15

Go to post

GhostDNS tools create botnet of 100,000 routers, changes DNS settings to malicious DNS server. It has several modules that can target several manufacturers of routers, and works by via a script that scans the internet for accessible routers, and tries default credentials.

https://thehackernews.com/2018/10/ghostdns-botnet-router-hacking.html

Defending against threats of this kind are as simple as:
1.) Change your router's default login credentials
2.) Keep your firmware updated
3.) Only allow WAN access to your router if it's absolutely necessary

-Skyler D

 

Security Class » Security Discussion Article #1 - Post reply to this article » 10/05/2018 9:24 am

Skyler
Replies: 17

Go to post

This Bloomberg article claims that the Chinese government compromised the supply chain of high end servers by forcing motherboard manufacturing subcontractors to install a chip that opens a tunnel to a remote server and listens for instructions, positioned in a place to where it can inject code while it's going from temporary memory to the CPU. Customers of the server company include the DoD, CIA, Amazon, Apple, and has servers on Navy warships, both houses of Congress. Story broke yesterday. Apple and Amazon are denying this claim. It's a long read, but incredibly interesting. The article is well-sourced, and is already being cited very widely by many other credible publications.

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

-Skyler D

Linux Class » Weekly Post #6 due the 26th » 2/26/2018 8:45 am

Skyler
Replies: 22

Go to post

Not sure what that terminal command you’re copying and pasting does? Explainshell.com provides a breakdown and explanation of each component of a command. Just paste it into the prompt on the webpage and you’re good to go.
https://explainshell.com/

Linux Class » Weekly Post #5 Due February 19th.... » 2/20/2018 9:13 am

Skyler
Replies: 23

Go to post

A few weeks ago I posted an article about Windows introducing bash as part of their developer tools. In an interesting development, Windows has included Ubuntu and a few other distros in the Windows Store. Tomsitpro.com elaborates:

http://www.tomsitpro.com/articles/ubuntu-in-windows-store,1-3623.html

Linux Class » Weekly Article Post #4 - Due by Monday Feb 12th » 2/12/2018 8:19 am

Skyler
Replies: 24

Go to post

As the Linux kernel is patched to mitigate damage from the recent "Meltdown" vulnerability, the cost is one of the most significant performance regressions observed on Linux systems.

http://www.zdnet.com/article/linux-meltdown-patch-up-to-800-percent-cpu-overhead-netflix-tests-show/

Board footera

 

Powered by Boardhost. Create a Free Forum