Monthly Archives: August 2016

Waves of Internet Outages

Hundreds of websites — including those of biggies such as Netflix, Twitter and Spotify — on Friday fell prey to massive DDoS attacks that cut off access to Internet users on the East Coast and elsewhere across the United States.

Three attacks were launched over a period of hours against Internet performance management company Dyn, which provides support to eight of the top 10 Internet service and retail companies and six of the top 10 entertainment companies listed in the Fortune 500.

The first attack against the Dyn Managed DNS infrastructure started at 11:10 a.m. UTC, or 7:10 a.m. EDT, the company said. Services were restored at about 9:00 a.m. Eastern time.

The second attack began around 11:52 a.m. EDT and was resolved by 2:52 p.m. The third attack, which started around 5:30 p.m., was resolved by about 6:17 p.m., according to Dyn’s incident report.

“This is a new spin on an old attack, as the bad guys are finding new and innovative ways to cause further discontent,” said Chase Cunningham, director of cyberoperations for A10 Networks.

“The bad guys are moving upstream for DDoS attacks on the DNS providers instead of just on sites or applications.”

Dyn “got the DNS stuff back up pretty quick. They were very effective,” he told TechNewsWorld.

The Severity of the Attacks

While the attacks were “pretty large,” they “didn’t bring anything down for very long,” Cunningham noted.

Still, without confirmation from Dyn or ISPs, “it’s only possible to speculate on the severity of this attack,” said Craig Young, a computer security researcher at Tripwire.

“It is, however, reasonable to assume that the attackers controlled a considerable bandwidth in order to take out a service known for its resiliency against this type of attack,” he told TechNewsWorld.

Getting the bandwidth to launch the attack has become easier with the proliferation of the Internet of Things. Cybercriminals and hackers increasingly have roped IoT devices into service as botnets to launch successive waves of very large DDoS attacks.

“Threat actors are leveraging insecure IoT devices to launch some of history’s largest DDoS attacks,” A10’s Cunningham noted.

Manufacturers should eliminate the use of default or easy passwords to access and manage smart or connected devices, he said, to “hinder many of the global botnets that are created and deployed for malicious use.”

Who’s Pulling the Strings?

A nation state or states might be preparing to take down the Internet, cybersecurity expert Bruce Schneier recently warned, and “if there’s a threat actor out there with this goal, DNS infrastructure would be a very natural target to expect,” Tripwire’s Young pointed out.

Another possibility is that the attacks could be a publicity stunt for a new threat actor launching a DDoS as a Service business, he suggested, in which case someone will claim responsibility for the attacks “in coming days or weeks.”

Whats Come for Windows

Microsoft’s Windows 10 event, scheduled for Wednesday, actually could focus more on hardware than on the operating system, given that the next Windows 10 refresh is expected in March.

A new Surface device — possibly an all-in-one computer with a 21-inch or larger screen — could be in the offing.

Whether Microsoft will unveil updates to its Surface Pro 4 and Surface Book devices or showcase products from its OEMs has generated some debate.

Windows Insiders have been testing new Windows 10 features, including trackpad innovations, noted The Verge. It might announce a F.lux-like feature to reduce blue light in Windows 10, as well as a new HomeHub smart device control feature. Further, Microsoft might bring its Holographic shell to Windows 10 PCs.

What Makes Sense

“It’ll be a hardware event,” predicted Rob Enderle, principal analyst at the Enderle Group.

“This is the expected refresh of the Surface product line,” he told TechNewsWorld, because “all that Surface stuff belongs to the Windows 10 group.”

Although some of the speculation may be groundless, “the all-in-one device makes a certain amount of sense because Microsoft hasn’t had a desktop Surface product yet,” Enderle pointed out.

“The smart money’s on the fact that they’ll probably have a Surface all-in-one, and the Surface Book and Surface Pro will probably be upgraded,” he said. “It’s about time.”

Improvements in battery life, higher-resolution screens, better touch technology, and “a better overall stylus experience” probably will be unveiled, Enderle suggested. “Everybody has improved their stylus resolution and screens have been getting better.”

However, don’t expect the Surface Book or Surface Pro to get any thinner, because “they’re already pretty thin and will run into thermal limits,” he noted.

The Surface all-in-one PC “is what’s most likely to be announced,” R “Ray” Wang, principal analyst at Constellation Research, also said.

Expect deeper integration with Cortana services, Microsoft’s Power BI and more, he told TechNewsWorld..

Moving into AR, VR and Games

Microsoft also might push virtual or augmented reality, Wang suggested. “Look for the battle for VR and AR to continue. With the rumors of the iPhone 8 integrating VR and AR, this is a chance to pre-empt Apple.”

Microsoft might make “some type of announcement to counter Nintendo’s Switch with their devices,” he noted, “but we’re not sure if this will happen.”

The Nintendo Switch is a new home gaming system unveiled last week. It can be used in single player and multiplayer modes, and it lets gamers play the same title wherever, whenever and with whomever they choose.

Marketing Works

Redstone 2, the Windows 10 update scheduled for March, will have several new features, according to Wang, including an Office hub, better Bluetooth GATT support, onDemand sync with Microsoft OneDrive, interoperability among devices, and gaming services to the devices.

Windows 10 had a 22 percent share of the global operating systems market in September, according to Netmarketshare. Windows 7 continued to dominate with 48 percent.

Microsoft reported that revenue from Surface products grew 9 percent year over year in constant currency in fiscal Q4 2016, driven by sales of the Surface Pro 4 and Surface Book.

Sales totaled US$965 million, but Microsoft didn’t state how many units were sold.

Opens Door to New Dirty

A Linux security vulnerability first discovered more than a decade ago once again poses a threat, Red Hat warned last week, as an exploit that could allow attackers to gain enhanced privileges on affected computers has turned up in the wild.

Users need to take steps to patch their systems to prevent the exploit, known as “Dirty Cow,” from granting access to unprivileged attackers.

“This flaw has actually been in the kernel for a better part of a decade — what’s changed isn’t the vulnerability itself, but rather the manner in which it’s being exploited,” said Josh Bressers, a security strategist at Red Hat.

“As attack methods have become more sophisticated, hardware has become faster, and the kernel [has become] more predictable, a bug that was once thought to be impossible to exploit is now possible to exploit,” he told LinuxInsider.

Out of the Shadows

Linux security researcher Phil Oester rediscovered the flaw while examining a server that appeared to have been under attack, he told V3.

A “race condition” was found in the way the Linux kernel’s memory subsystem handled copy-on-write breakage of private read-only memory mappings, Red Hat explained in last week’s security update.

Unprivileged local users could use the flaw to access otherwise read-only memory mappings and increase their privileges on the system, the update states. The issue affects Linux kernel packages as shipped with Red Hat Enterprise Linux 5,6,7 and MRG 2.x.

Shipping versions of Fedora are also affected, and Fedora is aware of the flaw, the warning notes.

Red Hat advised users running affected versions of the kernel to update as soon as patches become available, adding that a system reboot will be required to make sure the kernel update is applied.

A patch for customers running Red Hat Enterprise Linux 7.2 or greater will be available, according to the company. For several other versions of Red Hat Enterprise Linux, an active Extended Update Support subscription will be required to access the patch.

Users who don’t have an active EUS subscription will have to contact Red Hat sales representatives, the company said. For those using Red Hat Enterprise Linux 6.2, 6.4 and 6.5, an active Advanced Update Support subscription will be required for access to the patch.

Possible Consequences

“The major risks are that an attacker exploiting this — and there has been an identified attack in the wild via HTTP — would be able to replace known binaries, including the replacement of core system applications, compilers and various publicly exposed systems — SSH daemons, Web servers, and so on,” said Kevin O’Brien, CEO of GreatHorn.

“From a risk perspective, the age, ease of exploit, and reliability of this particular vulnerability is particularly concerning,” he told LinuxInsider.

Seeing a CVE of this magnitude, when combined with an in-the-wild implementation, makes this a critical issue for any systems administrator, O’Brien said.

That said, since the code must be executed on a local system and not a network, it’s a two-step process for the attacker, noted Red Hat’s Bressers.

“Given that most modern IT environments do not allow local untrusted users, it’s a serious vulnerability, but one that requires effort on the part of the attacker to exploit,” he explained.