Expoits, Brutal Kangaroo, Namecheap, DNS, DEF CON, Flash latency
Post date: Sep 2, 2018 5:55:31 AM
- External source code review as way to find exploits? That's a good question. If national agency responsible for cyber security (and attacks). Finds interesting exploit vectors when reviewing product. They know that organizations are vulnerable, will they report the attack vector or not? The problem is that they might not report the problem to the software manufacturer, but keep it under wraps and use it or sell it for attacking other users of the software. Many things get pretty complex as soon as trust is completely lost.
- Brutal Kangaroo is the oldest way to access air-gapped networks, via USB drives. That's just one nifty tool to do it. The concept is ages old. That's why low speed serial ink is much better idea with LEDs, and disconnect switch than USB drive. Because it's pretty impossible to transport extra data over that link. But even this method naturally doesn't prevent the RF leaking methods. Almost any digital device can be utilized as RF transmitter, even if it doesn't have RF transmitter or isn't intended originally for that. Of course this is something which requires some other device to be able to receive that transmission.
- Namecheap DNS has been unreliable lately (for several days). I've verified from several countries using different AS networks and different DNS servers that in case it's their servers which return SERVFAIL. When I contacted their support, they told me that it could be a good idea to flush local DNS cache. I often really love answers which do not have any correlation with the original issue. Ok, so the issues now resolved and it should work. Fine? But what was the problem. Shhh. Let's not talk about that. Actually when administering systems and when receiving complaints, that's the perfect cover story. When someone whines something not working. Just quickly fix it and then tell them that they're whining about nothing and invoice them contacting support for non-issues. - Sounds like a BOFH plan. But all good, let's hope the issue won't come back. It's quite easy to see where the problem is with dig +trace ...
- When talking about DNS severs / resolving issues. Also netikka.fi (Anvia / Elisa) has been having some issues lately. I've also checked that using multiple servers in different networks, and DNS resolution has been slow or failing.
- Namecheap DNS issues are continuing, here's my post with some technical details. These things are really hard to debug, without proper logs. If i would see logs from both servers involved it would be easy. But now both are masked behind bit companies which really doesn't give ... You can choose whatever you want there, but you got the point. Everything's working, there's nothing wrong. Well, there must be something wrong with your system. Btw. I've used multiple parties and severs to confirm that the 8.8.8.8 DNS server really fails. So it's not "just me". Of course these issues also always pop up when you're on summer vacation. Limiting resources to be used for debugging. - After they rechecked the situation, they asked me to disable DNSSEC. But why? It has been working for several months without any problems. Also my friends are using different DNS resolvers, not Google DNS, it was just one of the affected parties. So what Namecheap did causing it to fail right now? I've asked for that. But just like other major companies, it's highly unlikely that they can provide any reasonable answer.
- Why I got so negative attitude about issues getting resolved? Well, I've been dealing earlier with issues like this, way too many times. And usually it's nearly impossible to get any kind of sane or detailed information.
- As bonus some extremely incompetent programmers seem to think that SERVFAIL is same as NXDOMAIN yet it isn't. I don't even begin listing all the programs which miserably fail with this. But there are just so many. SERVFAIL should cause soft fail as NXDOMAIN should cause hard fail. But it seems that many programs and programmers only understand two options NOERROR or something else. I've written about exception handling so many times, this is extremely good sample case.
- Someone asked if I wanted to come to DEF CON. No my answer is same to most of different meetings. "I personally don't believe in conferences. These meetings do provide awesome information. But that's nowadays also remotely accessible. Just the time wasted traveling alone is way too big turnoff and cost. Also doing it remotely allows you to attend many more talks and content, than you would be able to do at the site. So, remote & Internet all the way that is." If the travel time is less than hour, then I can consider it. But I often decline meetings even in the same town I'm living. If it requires a flight or something, no thank you. Even if it would be free for me, still no thank you. Only if it's a paying customer, I might consider it. But still prefer doing it remotely.
- Flash write latency is extremely random due to the wear leveling and garbage collection routines hidden beneath the block layer. Same write can take milliseconds or several seconds, depending on some hidden factors, yet naturally this is nothing new nor news.