The switching module sent these malformed packets “as network management instructions to a line module,” and the packets “were delivered to all connected nodes,” the FCC said. Each node that received the packet then “retransmitted the packet to all its connected nodes.”
Source: How malformed packets caused CenturyLink’s 37-hour, nationwide outage | Ars Technica
But the outage continued because “the malformed packets continued to replicate and transit the network, generating more packets as they echoed from node to node,” the FCC wrote. Just after midnight, at least 20 hours after the problem began, CenturyLink engineers “began instructing nodes to no longer acknowledge the malformed packets.” They also “disabled the proprietary management channel, preventing it from further transmitting the malformed packets.”
Initially, the mesh network was powered by a single “Supernode” antenna and hardware array located at 375 Pearl Street in Manhattan. This gigabit fiber-fed antenna connects 300 buildings, where members have mounted routers on a rooftop or near a window. These local “nodes” in turn connect to an internet exchange point—without the need for a traditional ISP.
Source: A DIY Internet Network Has Drastically Expanded Its Coverage in NYC – VICE
This also means Silex will trash Linux servers if they have Telnet ports open and if they’re secured with poor or widely-used credentials.
Source: New Silex malware is bricking IoT devices, has scary plans | ZDNet
With CVE-2019-11477, a string of TCP SACK responses will cause the Linux kernel to unexpectedly hit an internal data structure limit, triggering a fatal panic. The others affecting Linux will force the system to consume resources, thus slowing it down, as Red Hat explained in its technical summary today.
Source: Sad SACK: Linux PCs, servers, gadgets can be crashed by ‘Ping of Death’ network packets • The Register
A Twitter bot named BGP4-Table, which has also been tracking the size of the global BGP routing table in anticipation of 768K Day, puts the actual size of the file at 767,392, just a hair away from overflowing.
Source: Some internet outages predicted for the coming month as ‘768k Day’ approaches | ZDNet
That’s why this bug is so cool and provides an opportunity to exploit devices literally with zero-click interaction at any state of wireless connection (even when a device isn’t connected to any network). For example, one can do RCE in just powered-on Samsung Chromebook. So just to summarize:
- It doesn’t require any user interaction.
- It can be triggered every 5 minutes in case of GNU/Linux operating system.
- It doesn’t require the knowledge of a Wi-Fi network name or passphrase/key.
- It can be triggered even when a device isn’t connected to any Wi-Fi network, just powered on.
Source: Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE – Embedi
In this research, I used ALFA networks wireless adapter in the monitor mode, which is based on Realtek 8187 wireless chipset. The exploit can be implemented with python Scapy framework. For some reason, Ubuntu GNU/Linux distrubution isn’t good enough to inject Wi-Fi frames fast, so it is better to use Kali.
In researchers’ own words “every system on which HeadSetup […] was installed at any time in the past […] remains vulnerable” until users manually review the Trusted Root Certificate Store and remove the two certificates, or until the certificates expire –which could be January 13, 2027, or July 27, 2037, respectively.
Source: Microsoft warns about two apps that installed root certificates then leaked the private keys | ZDNet
Every F-35 squadron, no matter the country, has a 13-server ALIS package that is connected to the worldwide ALIS network. Individual jets send logistical data back to their nation’s Central Point of Entry, which then passes it on to Lockheed’s central server hub in Fort Worth, Texas. In fact, ALIS sends back so much data that some countries are worried it could give away too much information about their F-35 operations.
Source: F-35’s Hacking Vulnerability | Could the F-35 Be Hacked?
Hackers could conceivably introduce bad data in the JRE that could compromise the safety of a mission, shortening the range of a weapon system so that a pilot thinks she is safely outside the engagement zone when she is most certainly not.
It’s highly likely these vulnerabilities are a known detectable exploit vector. Any military aircraft should be able to perform its mission disconnected from a network — except for perhaps drones.
QUIC stands for “Quick UDP Internet Connections” and is, itself, Google’s attempt at rewriting the TCP protocol as an improved technology that combines HTTP/2, TCP, UDP, and TLS (for encryption), among many other things.
Source: HTTP-over-QUIC to be renamed HTTP/3 | ZDNet
Since then, HTTP-over-QUIC support was added inside Chrome 29 and Opera 16, but also in LiteSpeed web servers. While initially, only Google’s servers supported HTTP-over-QUIC connections, this year, Facebook also started adopting the technology.
Court says an attacker was only required to send malformed UDP packets to a target’s Steam client, which would have triggered the bug and allowed him to run malicious code on the target’s PC.
Source: Valve Patches Security Bug That Existed in Steam Client for the Past Ten Years