Self Healing Internet | TechSNAP 76

Self Healing Internet | TechSNAP 76

The story about an antivirus that detects itself, IE’s awful zero day exploits, and the Internets amazing ability to route around problems.

Plus: A huge batch of your feedback, and so much more in this week’s episode of TechSNAP!

Thanks to:

Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

SPECIAL OFFER! Save 20% off your order!
Code: go20off5

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains


Direct Download:

HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed


Support the Show:


Show Notes:

Sophos anti-virus detects it self

  • Earlier this week Sophos released a scheduled update to their anti-virus definition files
  • The new definitions detected the Sophos updating process, and a number of other auto-updating applications, as variants of the malware Shh/Updater-B
  • In addition to setting of a huge volume of false positives, the detection also resulted in the quarantine, blocking or deletion of parts of the Sophos updater
  • The updated definitions that solve the problem were released on Wed, 19 Sep 2012 21:32 BST
  • However, the updated definitions could not be downloaded by Sophos, because the updater had been broken
  • This is an especially large issue for enterprise deployments of Sophos
  • The Sophos support number was down, the call volume was so great that most people could not even get into the hold queue

0-day Flaw in Internet Explorer active in the wild

  • Internet Explorer versions 6 through 9 are vulnerable to a new series of attacks
  • Exploits for a previously unknown use-after-free memory corruption vulnerability, in addition to three more exploits that were found and tied to a hacker group in China known as Nitro (the same group responsible for exploits of two zero-day Java flaws disclosed three weeks ago)
  • Security researcher Eric Romang discovered the first of the exploits last weekend while monitoring an infected server
  • When a user lands on an infected page, the exploit installs the PoisonIvy remote access Trojan
  • Jaime Blasco of AlienVault Labs then discovered three additional exploits, one of which drops the PlugX trojan
  • The new exploits appear to be targeted at defense contractors in the U.S. and India
  • An unknown exploit was found in a Defense News Portal site in India, it had been served for at least four days
  • Microsoft is slated to release a patch on Friday , until then, a ‘fixit’ patch is available
  • A new metasploit module to test for and exploit the vulnerability has been released
  • Additional Coverage

The “top secret” room where 260 Internet Service Providers connect

  • Nearly every carrier neutral data center in the world contains a MeetMe room
  • MeetMe rooms more often used for private peering, rather than internet transit
  • Transit is when you buy ‘Internet’ service from another provider, they provide you with a ‘default route’ that you can send traffic to, and it will be delivered to anywhere on the internet
  • Peering is where providers swap traffic that is specifically destin to each others networks, so if Provider A peers with Provider B, Provider A must use their transit connection to reach provider C, only traffic between A and B (and their customers) are allowed across the ‘peering’ link
  • If 1 Wilshire (the building in question) were to go entirely offline, all connections in and out severed, the Internet would continue to operate, traffic would be routed around the missing nodes
  • Performance would be degraded, and it is possible that some of the ‘backup’ routes could not handle all of the traffic, but the network would not cease to work
  • The Internet is based on the principle of being able to get data from Point A to any Point B, reliably
  • To do this, the Internet’s backbone providers use BGP4 routing protocol (Border Gateway Protocol)
  • Most Internet Transit providers have maps that look like this:
  • nLayer
  • Hurricane Electric
  • Abovenet (Zayo)
  • Level3
  • NTT
  • Vocus (Australian)
  • As you can see on most all of these maps, there are almost always multiple paths that a packet can take to get from point A to point B


Special Community Events

  • Lynx Music:

He goes by Illusionist Lynx and he’s used MATH to make music (and a bunch of ther cool methods) check out his pay-what-you-want music on his bandcamp site: Illusionist Lynx

  • Nicholas is getting married, and he needs your HELP!

Nicholas is live streaming his marriage proposal, and hopes to have the JB audience tune in, and maybe help get his girl friend to the right location!

The site people can visit is

  • Visit his site an hour before the event (countdown on his website)
  • When the call to action comes, help him spam his girlfriend into arriving at the correct location.
  • To help organize, show up early and watch the show’s subreddit!

Have some fun:

What I wish the new hires “knew”


Question? Comments? Contact us here!