Hijacking the News | TechSNAP 8

Hijacking the News | TechSNAP 8

Google has confirmed that 100s of Gmail accounts were being snooped on, and the targets of this attack are not happy!

The cookie catastrophe in the UK continues, we’ll share the brutal details!

And Find out about the hack that leaked the truth about Tupac.

Plus some great audience submitted questions, and our answers!

Please send in more questions so we can continue doing the Q&A section every week! techsnap@jupiterbroadcasting.com


Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:

[ad#shownotes]

Show Notes:

Topic: 100s of GMail accounts hacked from China

  • Users were all victims of a phishing scam
  • Attackers used stolen passwords and setup forwarding and delegation to be able to spy on all current and future mail for that account, even if the password was changed
  • Google stresses “It’s important to stress that our internal systems have not been affected—these account hijackings were not the result of a security problem with Gmail itself.”
  • Targets seemed to be politically motivated, going after government officials and journalists

Topic: PBS website hacked

  • LulzSec, one of the hacker groups from the Sony attacks we discussed last night, managed to gain access to several areas of the PBS website.
  • They published the user login information they were able to siphon from the database
  • They were able to posted fake news stories and could have causes serious harm (however their story was that rapped Tupac Shakur was still alive and living in New Zealand)
  • If they had published specially crafted news stories, they could have infected the computers of visitors to the site, or have caused havoc on the stock market by falsely reporting news about various companies.
  • LulzSec says the attack was in protest about a PBS Frontline episode that was critical of WikiLeaks

Topic: I told you so

http://yro.slashdot.org/story/11/05/27/2249210/BBC-Site-Uses-Cookies-To-Inform-Visitors-of-Anti-Cookie-Law

  • In order to comply with a new UK law governing website cookies, when you visit some BBC websites such as radiotimes.com you will be presented with a message telling you about the new law. This message uses a cookie to remember that it has been displayed to you, and will not appear next time you visit the site, to avoid annoying you.
  • This means they are using a cookie, to tell you about how they are not going to use cookies without your consent.
  • In the future, without the use of something like the google/mozilla ‘do not track’ system, users who decline to accept a cookie will be prompted with such warnings every time, because there will be no way to store their acceptance of the agreement to accept cookies, without using a cookie.
  • This is why this issue should have been left to the users and the browsers manufactures, who already have the issue well in hand with security settings, private browsing modes, and the do-not-track system.
  • This law will become effectively unenforceable

Topic: Defense Contractor Lockheed Martin compromised by duplicate RSA SecureID Tokens

  • Attacks broke in to the secure networks of Lockheed Martin and other government contractors by creating duplicates of RSA SecureID Tokens
  • It is not clear what data may have been taken. It is unlikely that this information will ever be released by Lockheed Martin because it is likely highly sensitive.
  • RSA SecureID is a two-factor authentication system. It is designed to thwart key-loggers and similar attacks by combining the usual username/password combination with a dynamic token they changes every few seconds.
  • Senior defense officials claim that while contractors networks contain sensitive data, all classified data is on a separate, closed networks managed by the U.S. government
  • The pentagon also uses RSA SecureID tokens, but declined to say how many
  • Apparently the hackers learned how to duplicate the SecureID tokens using formation stolen during the Advanced Persistant Threat attacks of RSA that we discussed in episode 002 of TechSNAP
  • The RSA attack was followed by targeted malware and phishing attacks on customers who used the RSA SecureID system in an effort to collection the information necessary to duplicate the SecureID Tokens
  • This raises questions about the RSA SecureID system, can it be fixed or does the entire system need to be redesigned. It seems that it is far too easy to duplicate the SecureID tokens.

Q: (Swadhin) What are the differences between the virtualization that we do on our home pc and the virtualization  that you people do on enterprise servers
A: Mostly the virtualization used in enterprises is the same as what you can do on your home PC. One of the main differences is that in an enterprise, they will have many different servers hosting the virtualized systems, but they will all use what is called ‘shared storage’. Usually something like iSCSI. This does not mean that all of the virtual disks reside on the same physical drive, just that they are accessible in a single place. The advantage to this system is that it becomes possible to ‘migrate’ a virtual machine from one physical host to another, without rebooting the virtual machine. The disk is not moved at all, so all that happens is the memory footprint is transferred between the first host and a second host. Then the virtual machine is paused, and any changes in the memory footprint are synchronized, and the virtual machine is unpaused on the new host. This allows for individual physical host machines to be shutdown for maintenance without taking down the virtual machines hosted there. It also allows for load balancing, if a few virtual machines on the same physical host are very busy, one or more of them can be moved to other less busy hosts to maintain the highest possible performance. Another feature of this system is to allow you to maximize the efficiency of your hardware. Some physical machines can be turned off when the load level is lower, and then if the currently running machines are approaching their maximum load levels, you can turn some more physical machines on, and have the load balanced to them. Then when the load levels fall again, you can turn some physical machines back off. This reduces your power usage, and makes sure you don’t have a bunch of servers just sitting around idle wasting electricity and running up your cooling bill.


Q: (Alexander) I am building a new home network for my roommates and I at college, we plan to build a virtualization server as described on the ‘build your own cloud’ episode of LAS. I have a few questions:

  1. Should I buy a managed or an unmanaged switch

A: Likely you do not need a managed switch. Managed switches provide features like ‘VLANs’, a way to basically break the switch up in to logical groups of ports, and simulate having multiple separate switches (that can even span between physical switches). This functionality is good for keeping different parts of the network separate (like having a DMZ to put your servers in, and then separate internal LANs), but is likely unnecessary in your setup. You can save your self 100s of dollars by just getting an unmanaged switch.

  1. Should I build a virtualization server and a storage server or one that functions as both?

A: The advantage to having the storage server setup, if you use something like iSCSI for the storage system, is the ability to move the virtual machines between physical hosts. This is really only helpful if you have more than 1 virtualization server, so again, you can probably save money by building only a single server.

  1. How much power would you think a system like this would draw?

A: That depends, you would be able to see that in the specs for the server when you go to buy it, but overall not that much. Hard drives draw fairly little power, and a quad core processor is usually between 94 and 135 watts, unless you get a lower power version. Servers also tend to have higher efficiency power supplies, at least 80% efficient, so less of the power draw is exhausted as waste heat.

  1. How would I run multiple web servers in my network and have them all accessible to the outside world with only one external IP address?

A: If you only have a single external IP, your options are fairly limited. Either you run each web server on a different port, which is cumbersome to the users, or you use a reverse proxy to do virtual hosting. All web servers are capable of doing Virtual Hosting, that is, serving a different page based on the ‘Host’ header that the user’s browser sends when they visit a website. The idea here would be to setup something like NGINX or LigHTTPd to listen on your single ip, and then route the connection to the right internal web server based on the hostname or path that is being requested. This solution also works for routing different parts of a website to different internal servers while maintaining a single ‘domain’, which can be important for cookies, javascript and flash ‘same domain’ policies.
Reverse Proxy: http://nginx.org/


User submitted War Story:
(StayFrosty) I was building a new Windows 2008R2 server for a small business client of mine. The machine was little more than a glorified desktop, but it had a support contract. After installing the OS I started installing the drivers, and noticed that there was a BIOS update. I figured since the machine was not in production yet, I might as well install that too. During the flashing process, one of the steps failed. I flipped the KVM over to use a different machine to research the problem, while doing so, I heard the fans in the server spin down and then back up. The machine had rebooted automatically to install some windows updates. When I flipped the KVM back, nothing but a black screen. Luckily, when I contacted the hardware provider, they told me about the BIOS recovery jumper and I was able to get the machine back online.

Download & Comment:

Question? Comments? Contact us here!