1 2 Jump to
Linux Class » Starting as a Linux SysAdmin » 5/08/2019 11:07 am |
An overview of technologies used in real life enterprise Linux environments
Security Class » Security Class Article #5 - Due 11/19/18 » 11/16/2018 11:29 am |
Due to what was "almost certainly an error", BGP mishap routes google's traffic through Chinese and Russian networks, brings down google temporarily.
What happened:
A small ISP in Nigeria, MainOne Cable Company improperly updated tables in the internet's global routing system advertising one of it's routes as the correct route to reach IP addresses owned by Google
A Chinese carrier, China Telecom, improperly accepted the route that was advertised by MainOne and advertised it world wide
This caused a major Russian carrier, Transtelecom, as well as other ISPs to begin using this route.
This redirected some of google's most sensitive traffic through networks they were not intended for. The event lasted 74 minutes.
While it has been claimed by all parties to be an accident, this event is being heavily scrutinized.
-Skyler
Security Class » Security Discussion Article #4 - Due November 12th » 11/13/2018 10:52 am |
Several vulnerabilities found in hardware encryption implementations. This affects Crucial MX devices, Samsung EVO devices, and others. The vulnerable encryption implementations are ATA security and TCG Opal. Multiple vulnerabilities are discussed in the article, but to summarize:
Researchers with phyiscal access could modify the password validation process in RAM through the JTAG debugging interface, causing it to accept any password and decrypt the device
Crucial MX300 has a master password for decryption, which by default is an empty string
The Samsung 840 EVO has a "wear leveling" feature for preserving the longevity of the SSD that involves moving data to different locations on the SSD, but old data is preserved until overwritten. This means that if you have unprotected data and add a password, the wear leveling feature will preserve the unprotected data until overwritten
Bitlocker defaults to hardware encryption if available before using it's own software encryption, so Bitlocker doesn't protect against these hardware vulnerabilities
Crucial has patched all their devices, Samsung has patched some of their devices.
-Skyler
Security Class » Security Discussion Topic #2 Due Monday the 15th » 10/15/2018 9:24 am |
GhostDNS tools create botnet of 100,000 routers, changes DNS settings to malicious DNS server. It has several modules that can target several manufacturers of routers, and works by via a script that scans the internet for accessible routers, and tries default credentials.
Defending against threats of this kind are as simple as:
1.) Change your router's default login credentials
2.) Keep your firmware updated
3.) Only allow WAN access to your router if it's absolutely necessary
-Skyler D
Security Class » Security Discussion Article #1 - Post reply to this article » 10/05/2018 9:24 am |
This Bloomberg article claims that the Chinese government compromised the supply chain of high end servers by forcing motherboard manufacturing subcontractors to install a chip that opens a tunnel to a remote server and listens for instructions, positioned in a place to where it can inject code while it's going from temporary memory to the CPU. Customers of the server company include the DoD, CIA, Amazon, Apple, and has servers on Navy warships, both houses of Congress. Story broke yesterday. Apple and Amazon are denying this claim. It's a long read, but incredibly interesting. The article is well-sourced, and is already being cited very widely by many other credible publications.
-Skyler D
Web Server IIS/Apache » Post Links to your Sharepoint Site in Reply Section » 6/11/2018 8:20 am |
Web Server IIS/Apache » Post links to your websites in the reply section.... » 5/04/2018 8:14 am |
Linux Class » Weekly Post #6 due the 26th » 2/26/2018 8:45 am |
Not sure what that terminal command you’re copying and pasting does? Explainshell.com provides a breakdown and explanation of each component of a command. Just paste it into the prompt on the webpage and you’re good to go.
Linux Class » Weekly Post #5 Due February 19th.... » 2/20/2018 9:13 am |
A few weeks ago I posted an article about Windows introducing bash as part of their developer tools. In an interesting development, Windows has included Ubuntu and a few other distros in the Windows Store. Tomsitpro.com elaborates:
,1-3623.html
Linux Class » Weekly Article Post #4 - Due by Monday Feb 12th » 2/12/2018 8:19 am |
As the Linux kernel is patched to mitigate damage from the recent "Meltdown" vulnerability, the cost is one of the most significant performance regressions observed on Linux systems.
1 2 Jump to