How malformed packets caused CenturyLink’s 37-hour, nationwide outage

The switching module sent these malformed packets “as network management instructions to a line module,” and the packets “were delivered to all connected nodes,” the FCC said. Each node that received the packet then “retransmitted the packet to all its connected nodes.”

Source: How malformed packets caused CenturyLink’s 37-hour, nationwide outage | Ars Technica

But the outage continued because “the malformed packets continued to replicate and transit the network, generating more packets as they echoed from node to node,” the FCC wrote. Just after midnight, at least 20 hours after the problem began, CenturyLink engineers “began instructing nodes to no longer acknowledge the malformed packets.” They also “disabled the proprietary management channel, preventing it from further transmitting the malformed packets.”

A DIY Internet Network Has Drastically Expanded Its Coverage in NYC

Initially, the mesh network was powered by a single “Supernode” antenna and hardware array located at 375 Pearl Street in Manhattan. This gigabit fiber-fed antenna connects 300 buildings, where members have mounted routers on a rooftop or near a window. These local “nodes” in turn connect to an internet exchange point—without the need for a traditional ISP.

Source: A DIY Internet Network Has Drastically Expanded Its Coverage in NYC – VICE

Linux PCs, servers, gadgets can be crashed by ‘Ping of Death’ network packets

With CVE-2019-11477, a string of TCP SACK responses will cause the Linux kernel to unexpectedly hit an internal data structure limit, triggering a fatal panic. The others affecting Linux will force the system to consume resources, thus slowing it down, as Red Hat explained in its technical summary today.

Source: Sad SACK: Linux PCs, servers, gadgets can be crashed by ‘Ping of Death’ network packets • The Register

Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi

That’s why this bug is so cool and provides an opportunity to exploit devices literally with zero-click interaction at any state of wireless connection (even when a device isn’t connected to any network). For example, one can do RCE in just powered-on Samsung Chromebook. So just to summarize:

  1. It doesn’t require any user interaction.
  2. It can be triggered every 5 minutes in case of GNU/Linux operating system.
  3. It doesn’t require the knowledge of a Wi-Fi network name or passphrase/key.
  4. It can be triggered even when a device isn’t connected to any Wi-Fi network, just powered on.

Source: Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE – Embedi

In this research, I used ALFA networks wireless adapter in the monitor mode, which is based on Realtek 8187 wireless chipset. The exploit can be implemented with python Scapy framework. For some reason, Ubuntu GNU/Linux distrubution isn’t good enough to inject Wi-Fi frames fast, so it is better to use Kali.

Microsoft warns about two apps that installed root certificates then leaked the private keys

In researchers’ own words “every system on which HeadSetup […] was installed at any time in the past […] remains vulnerable” until users manually review the Trusted Root Certificate Store and remove the two certificates, or until the certificates expire –which could be January 13, 2027, or July 27, 2037, respectively.

Source: Microsoft warns about two apps that installed root certificates then leaked the private keys | ZDNet

F-35’s Hacking Vulnerability | Could the F-35 Be Hacked?

Every F-35 squadron, no matter the country, has a 13-server ALIS package that is connected to the worldwide ALIS network. Individual jets send logistical data back to their nation’s Central Point of Entry, which then passes it on to Lockheed’s central server hub in Fort Worth, Texas. In fact, ALIS sends back so much data that some countries are worried it could give away too much information about their F-35 operations.

Source: F-35’s Hacking Vulnerability | Could the F-35 Be Hacked?

Hackers could conceivably introduce bad data in the JRE that could compromise the safety of a mission, shortening the range of a weapon system so that a pilot thinks she is safely outside the engagement zone when she is most certainly not.

It’s highly likely these vulnerabilities are a known detectable exploit vector.  Any military aircraft  should be able to perform its mission disconnected from a network — except for perhaps drones.

HTTP-over-QUIC to be renamed HTTP/3

QUIC stands for “Quick UDP Internet Connections” and is, itself, Google’s attempt at rewriting the TCP protocol as an improved technology that combines HTTP/2, TCP, UDP, and TLS (for encryption), among many other things.

Source: HTTP-over-QUIC to be renamed HTTP/3 | ZDNet

Since then, HTTP-over-QUIC support was added inside Chrome 29 and Opera 16, but also in LiteSpeed web servers. While initially, only Google’s servers supported HTTP-over-QUIC connections, this year, Facebook also started adopting the technology.