Computer news recap

So everyone has been foaming at the mouth about the Dyn DNS attack / mirai botnet theory on how some large sites had been down over last Friday (10/21/2016) into the weekend for some folks. There were heat maps of areas in the USA hit, and laughably common, Russia was the 1st to blame. That of course turned into more competent speculation that the attack came from a botnet of devices, such as cameras and other Internet of Things (trash) with default passwords, or worse yet hard-coded passwords.

Pardon the cynicism, but I am waiting for this coffee to cool down and it’s the morning. I would also make a list of major websites that had their user databases taken, but that would be a huge and no where near complete list. When that happens, the obfuscated passwords are run against some cracking methods to get the raw ASCII value.  Hashcat is something I do not yet have experience with, but would like to setup a test windows domain to reverse the AD password obfuscation, for sake of seeing it run and deliver personally.  I enjoy projects.

Notable sites where the user data got popped are (with some speculation on my part, perhaps):

  • Yahoo
  • Hotmail
  • LinkedIn
  • AshleyMadison
  • MySpace
  • Twitter (~2014)
  • Facebook (~2013)

 

Please note that Twitter and Facebook are speculation on my part and that is why I put the projected date next to it.  At this point honestly, I give consideration that every site has potentially been popped for their user databases.  Salting and Hashing your user passwords will get you so far, but like encryption, if you leave the keys with the protected data… you are not really gaining any benefit because you gave away the key to the puzzle.  We can call this security nihilism, but seriously this is worth restating.  Do not store private keys with your data, if you salt and hash method are in that production database, you are going to have a bad time.

*Sips Coffee* There is no such thing as perfection, so do not worry about chasing that dragon.  The moral of the story above however, is to not re-use passwords.  Do you have the same password for your email, bank, work, and social network sites? Please don’t do that.  It makes being a victim way easier, especially after a data breach / password dump from a major site.  Let me assure you I’m not spouting this out from my ivory tower, because I had some shared passwords between services too.  Fortunately I seem to have changed those before the accounts could get popped.

Granted, depending on how bad a network gets run, authentication could be irrelevant because an attacker had full access to the site by side-stepping authentication completely.  Another one of those theories, but yeah you have to do what you can.  I spend a formidable amount of time reading about security news and researching myself.  A few years ago I dorked around pretty heavy on facebook, laughed at the perceived privacy controls, and got put in ‘Facebook Jail’ a few times for abusing features.  That taught me the humor of what privacy means, to a site that really wants to sell me t-shirts and crawl the search history on my mobile phone to schlep advertisements, if I use their mobile application.

Wrapping this up with some dystopian nightmare, I see more and more corporations are merging on up into massive conglomerates.  It feels like only yesterday Time Warner and Comcast merged, yet AT&T is preparing to buy Time Warner.  By Time Warner I mean more than just the cable services as well.  So much for reasonable internet prices.  I mean it’s pretty clear that balanced media reporting is a relic of the past, short of some slivers of the internet and print sources.  Complaining about the media, I reference the fault that comes from major networks only reporting from one perspective, so conservative hones in on their pitch, while moderate or whatever you call Fox and not CNN, also ignored highly relevant details, so they can pitch their sponsors agenda.  Worst of all, leading people to argue about disinformation they get from controlled outlets, instead of combining multiple resources and trying to come to their own conclusion.

For what it is worth, hopefully instead of trying to support broken infrastructures, global society rolls up it’s sleeves and looks to put in new solutions, instead of band-aids for flawed infrastructure.  In this case I mean things like replacing DNS and core network topology with a new back end, at least designed with some concepts of preventing major issues from being so detrimental.  Granted, Global Society applying similar methods to non-technical processes would be great too.  I hope you enjoyed the rant :bunny:

Source: FTB Threads

Firewall Log Fun

This thread is ongoing, but let me start with the results I have from a year worth of dropped firewall connections.

  • 228376
    January 2016
  • 253698
    February 2016
  • 244374
    March 2016
  • 494842
    April 2016
  • 611021
    May 2016
  • 259013
    June 2016
  • 529243
    July 2016
  • 406937
    August 2016
  • 2096766
    September
  • 264421
    October

Let’s jump back a minute. I am importing firewall logs for dropped connections into a MS SQL Database. September as you can see is a fun month with 2,096,766 records.
Since my firewall is a Zyxel device, I gave a look at the .csv delimited log output. Easily enough you can use a Data Import Wizard to spin the logs into some tables. Rough table to log structure is as such:

CREATE TABLE zy_2016-09 (
  time VARCHAR(50) NULL,
  source VARCHAR(50) NULL,
  destination VARCHAR(50) NULL,
  priority VARCHAR(50) NULL,
  category VARCHAR(50) NULL,
  note VARCHAR(50) NULL,
  sour_interface VARCHAR(50) NULL,
  dest_interface VARCHAR(50) NULL,
  protocol VARCHAR(50) NULL,
  message VARCHAR(250) NULL,
  col00 VARCHAR(250) NULL,

I am having fun crawling some output. Typically it’s some sort of fancy OpSec to not say your type of network gear, but this is meant to be informative and hopefully helpful.
So let’s crawl some queries and output in the next post.
Source: FTB Threads

ARK: Survival Evolved

I have tried this a few times and am giving it a go again.  Think of a DayZ type of game, but in the wilderness with dinosaurs instead.

A bunch of old school heads are playing this on The FunHouse.  This link ( steam://connect/144.48.104.162:27072 ) will load your steam game, then connect to the server.  (FYI on the steam:// link).  Server Details can be found on this webpage.

To play on this server, you will want the 2 free DLC maps.  You can also buy the DLC content but it is not required.  If you enjoy crafting, survival and exploration, give this game a look.  Be careful when you die, to not make a new character, or you will be starting from level 01.  Otherwise when you die, you will lose your inventory but not you levels.  Either you can try to recover gear from your corpse, or just rebuild that inventory.

I think of it as a 3D DayZ / Minecraft hybrid, but anyone else is welcome to add a better description.  Have fun and happy explorations ;)
Source: FTB Threads