Ultimate Home Router | TechSNAP 23

Ultimate Home Router | TechSNAP 23

Exploits are in the wild that can take down critical infrastructure equipment, and some highly trusted sites were attacked this week and used against their own visitors.

Plus – We’ll tell you how to build the ultimate home router, that can do more than many Enterprise grade systems, with the press of a few buttons – and for FREE!

All that and more, on this week’s TechSNAP!

Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:

[ad#shownotes]

Show Notes:

Italian hacker publishes 10+ 0 day SCADA exploits with proof of concept code

  • SCADA (Supervisory Control and Data Acquisition) are Industrial control systems
  • The Stuxnet worm targeted the specific SCADA system used by the Iranian centrifuges
  • These exploits could cause serious disruption if the systems are not properly protected from external access
  • SCADA systems are used to control numerous important industrial systems including water and sewage treatment, dams and power plants, as well as manufacturing automation systems.
  • In January 2000, the remote compromised of a SCADA system was responsible for pumping sewage into a nearby park and contaminated an open surface-water drainage ditch.
  • News Article

Official uTorrent website compromised, users download spyware

  • On or before Tuesday September 13th, the Official uTorrent.com website was compromised, and on the 13th, the attackers replaced the download files with spyware.
  • Users who downloaded uTorrent on the 13th instead received a scareware fake anti-virus package called ‘Security Shield’
  • The scareware told them they were infected with malware and demanded payment to remove it
  • Any users who downloaded uTorrent between 12.20 and 14.10 BST likely received the malware instead of uTorrent.
  • In this case, the attack was fairly obvious, but a similar hack against popular software distribution points could have resulted in the stealth infection of 1000s of systems via the auto-update feature built in to most modern applications.
  • This is always the nightmare security situation, when legitimate trusted sites are compromised and start to distribute harmful content.

Funny Virus Pic – Google+


BIOS rootkit found in the wild

  • The virus can infect most any computer with an Award BIOS (very popular, used in most all Motherboards that I own).
  • The virus dumps a copy of the BIOS, and then adds an ISA ROM that will rewrite the MBR (Master Boot Record) on the hard drive at each bootup.
  • The MBR virus then rootkits winlogon.exe to take over control of the system
  • The rootkit then prevents modification of the MBR, making it harder to remove the virus
  • Even if the MBR is repaired, it is reinfected at the next boot by the BIOS portion of the virus
  • The rootkit also downloads a trojan and allows the system to be remotely controlled.
  • This attack is related to the attack we discussed in a previous episode of TechSNAP where a researcher was able to infect the battery in a MacBook with a virus. If the virus was similar to this one, it would add an additional layer of complexity, if the BIOS could be reinfected from the battery.
  • Details from Symantec

TWiT.tv compromised, malicious iframe injected, loads Java malware

  • The popular TWiT.tv page was compromised and a snippet of malicious code was added, an iframe that directed users’ browsers to a page that attempted to use Java and PDF exploits.
  • Google’s safe browsing started blocking the site. Firefox and Google Chrome users will be presented with a warning before visiting the site.

War Story:

  • At approximately 4:00 PM facility local time on Sunday, September 11, 2011, the Seattle 1 data center experienced an unexpected service interruption. It was determined that the cause of the issue was a malfunction in one of the edge routers servicing the facility.
  • The device was rebooted to correct the issue and we proceeded to work with the device manufacturers TAC (Technical Assistance Center) to determine the cause of the issue and proper resolution to avert any future problems.
  • At 6:20 PM facility local time, the same issue occurred again, and the device was again rebooted.
  • To prevent any future unexpected service interruptions, it was decided that the best course of action would be to replace the device with the standby device available at the facility.
  • At approximately 7:00 PM facility local time, we began the process of replacing the faulting device with a new one. The old device was removed and the new device was put in its place.
  • Once powered on the replacement device alerted us to a number of errors within the switch fabric modules that were causing inter-line card communication to not work properly.
  • We again contacted the device manufactures TAC, and at approximately 8:30 PM, we decided with the TAC that the best option was to replace the switch fabrics in the replacement device with the switch fabrics from the old device.
  • Once this was completed the device was restarted but produced the same errors.
  • The issue was then escalated to tier 2 support at the device manufactures TAC.
  • We concluded that the issue was likely a problem somewhere within the replacement device’s chassis, and proceeded to replace the chassis with the one from the old device.
  • Upon doing so, we began getting a different set of errors, this time with the management modules communication to the line cards.
  • At approximately 4:30 AM facility local time, the matter was escalated to tier 3 support at the device manufactures TAC. At this time, we also dispatched our head network technician to the facility from Phoenix with a spare device which is stored at our office in the event of issues such as this one.
  • At approximately 6:30 AM facility local time, the TAC tier 3 technician concluded that the likely cause of the issue was an electrical problem either within the switch fabric modules or the replacement device chassis which resulted in improper current being sent to various parts of the device and damaging several of the sensitive electronic components in the line card, forwarding engines and switch fabrics. Because the electrical subsystem within the device had potentially caused damage to all of the switch fabric modules that we had available at the facility, we were advised that we should power down both devices and not use either of them any further until a full diagnostic of the electrical sub-system could be completed by the manufacturer.
  • At approximately 12:00 PM our head network technician arrived at the Seattle airport, and by 1:00 PM was at the facility with the replacement device from our Phoenix office.
  • At approximately 2:00 PM our head network technician completed the installation of the replacement device from our Phoenix office and service was fully restored.
  • Total time offline: 19 hours 8 minutes.

Feedback:

  • A few questions about home servers
    Q: crshbndct I’ve built a spare computer out of some spare parts and I want to use it as a home server. I’d like to use it as a router, a DNS server, a caching server, and maybe also throttle the usage of my servers. What should I use?
    A: Chris and I both love pfSense, it is a FreeBSD based router appliance. You can basically turn any computer with 2 network cards into a Router/Firewall, with DHCP, DNS/DDNS, VPN (IPSec, PPTP, OpenVNP), VLANs, Captive Portal, Traffic Shaping and Graphing. It has a web interface similar but more expansive than what most people are already used to from a normal off the shelf home router.

Next Week: RAID types, what they are and some use cases for each.

Round-Up:

Bitcoin-Blaster:


Bitcoin Value: 34,196,260 USD

16 Responses to “Ultimate Home Router | TechSNAP 23”

  1. Sean Says:

    ron paul is a congressman, not a senator.

  2. Jimbo99 Says:

    In using the VM of pfsense I had difficulty getting some things configured.  I’ll keep trying but this isn’t anywhere near as simple as you guys made it out to be on the show.

  3. Jimbo99 Says:

    In using the VM of pfsense I had difficulty getting some things configured.  I’ll keep trying but this isn’t anywhere near as simple as you guys made it out to be on the show.

  4. Jimbo99 Says:

    In using the VM of pfsense I had difficulty getting some things configured.  I’ll keep trying but this isn’t anywhere near as simple as you guys made it out to be on the show.

  5. Jeremy Says:

    You guys make me better at my job.  Thank you!

  6. John Says:

    The round-up story about Google disabling comments from South Korean users is two years old (at least the article you linked to is).

  7. Allan Jude Says:

    We’re going to be doing a hands on example of configuring some of the features of pfSense on this weeks Linux Action Show. You should tune in and maybe we’ll be able to help you get started.

  8. ryan Says:

    For the home server segment, I would love it if you touched on some good energy efficient hardware. I know using a virtual server helps cut out some of the cost, but does virtualizing pfsense have any effect on things like online gaming?

    In my specific case I want a very low power NAS (I know about openfiler and freenas), but anything you can mention overall would be great

  9. BDMAN Says:

    How about for the home server segment a touch on some home automation, simple things like controlling lights.

  10. James Mason Says:

    Where did the virus chart from g+ go ?

  11. xielin Says:

    http://www.monster-beatsbydresale.org/

    Beats By Dr Dre
    Dr Dre Headphones
    Dr Dre Beats

    评论
    Beats By Dr Dre
    Dr Dre Headphones
    Dr Dre Beats
    Beats By Dr Dre Diddy
    Beats By Dr Dre Just Beats
    Beats By Dr Dre Pro
    Beats By Dr Dre Solo
    Beats By Dr Dre Studio
    Beats By Dr Dre Tour
    HeartBeats By Lady Gaga
    Monster Butterfly
    Monster iBeats
    Monster Miles Davis
    Monster PowerBeats
    Monster Turbine Pro
    New Arrival

  12. xielin Says:

    http://www.salebeatsbydreheadphone.com/

    Beats By Dre
    Beats Dr Dre
    Beats By Dre Headphones

    评论

    Beats By Dre
    Beats Dr Dre
    Beats By Dre Headphones
    ARTIST SERIES
    Graffiti Headphones
    Justin Bieber
    Kobe Bryant
    Lady Gaga
    Lamborghini
    LeBron James
    Limited Edition
    Michael Jackson
    Nate Robinson
    NBA Yankees
    Spider Man
    Superman
    Vivienne Tam
    In-Ear Speakers
    Beats Tour
    Diddy Beats
    Heart Beats
    Just Beats
    Monster Butterfly
    Monster iBeats
    Monster Miles Davis Tribute
    Power Beats
    Over-Ear Headphones
    Beats Pro
    Beats Solo
    Beats Studio
    Just Beats
    New Arrival

  13. yuye Says:

    その中のMBT ブーツサッカースパイクの綿入れの靴は大麻の糸、アディダス スパイク サッカーあや絹、薄い絹織物、錦などの織物の布の合成を縫う靴でです。漢は多く分けて形をつくことが現れるかに代わって、底は麻糸で編んで、またユニフォーム 通販2の先が方履を上げると語っています;魏晋の時期に、流行ってい靴の先端で両けネイティブ フィッツシモンズものの刺青
    トリーバーチ シューズを刺繍します。破棄する時、ニューバランス下駄が1種になるのは流行して、それはぼうっとする歯の靴があるので、扁、学部、歯の3から一部は構成します。 皮革、綿のフェルトなどの製造する革靴、革靴はまた“乗馬靴”あるいは“高統の長靴”を語って、もとは北方の遊牧民族のために着て、長靴、革靴、フェルト製靴、単靴、綿の長靴、雲の長靴、トリーバーチ 店舗ガチョウを使って長靴のなどの分けることを突く日照りのナイキ バスケシューズ 長靴があります。ネイティブ フィッツシモンズ孫ヒンが長靴の始祖だと伝えられて、南北朝の時期は北方で広範に流行っていて、そして江南まで(へ)伝わって、唐代已官(至って明清やっと朝廷に命令を下された庶民が長靴を着ることを禁止する、官の官吏だけ長靴を着ることができる)に着いたどうにか全て。

  14. cc123456 Says:

    The Barbour
    jackets
    is a top 
    brand from UK.  But now the high quality barbour quilted jacket
    was more popular in the worldwide .  You can use the barbour
    jacket
    keep warm, 
    windproof so on.Charming barbour
    coat
    make your life easy.Welcome to
    http://www.barbourjacketshop.com
     , there are many style of barbour ladies
    jacket
    ,  barbour
    mens jacket and barbour
    kids jacket
    you can 
    choose.The charming style and better price barbour
    jacket
    must be can help  you.
     

  15. wxc721 Says:

    The Barbour
    jackets
    is a top 
    brand from UK.  But now the high quality barbour quilted jacket
    was more popular in the worldwide .  You can use the barbour
    jacket
    keep warm, 
    windproof so on.Charming barbour
    coat
    make your life easy.Welcome to
    http://www.barbourjacketshop.com
     , there are many style of barbour ladies
    jacket
    ,  barbour
    mens jacket and barbour
    kids jacket
    you can 
    choose.The charming style and better price barbour
    jacket
    must be can help  you.
     

  16. 745845845 Says:

    ナイキMBT ブーツ2012夏としてサッカースパイク一番印象スニーカーに念願の協力のシリーズの一つで、それに対するナイキランニング製品は40年イノベーション過程の中にの伝統と発展に敬意を表すとお祝い。ますます多くの都市の女性が好き、スニーカーを着復古ナイキ バスケシューズ 、簡潔にハンサムな装い。この風潮は今季巻き返し、ネイティブ フィッツシモンズジョギング経典製品はサッカースパイクLibertyプリントと再び融合。Nike Cortez登場は1972年、ナイキランニングシューズとして第二のも、当時の競技場で最も軽量のランニングシューズ。トリーバーチ 靴今年はNike Cortez誕生40週年、サッカーシューズそれと他の2項の経典のランニンAdidas サッカースパイクグシューズ一緒に改良に溶け込み、LibertyのLagos Laurelプリント。Lagos Laurelプリントは今季一番流行し話題となった模様で、ジョーダンシューズーこのデザインの源に20世紀の伝統的な幻覚うず柄は、ユニフォーム 販売多くの経典の一つLiberty図案。早く上世紀の40年代、Lagos Laurelプリントすなわち初登場。スパイク今、Lagos Laurelプリントこのデザインの基礎の上に追加したトリーバーチ シューズ月桂レイの柄。

Leave a Reply