Category Archives: Servers

News and issues relating to server side technology.

Amazon.com website briefly offline, hackers claim credit

Posted on by

The group went on detail how it knocked the front door down (only Amazon.com’s front page was offline), with a large “botnet” or network of thousands of computers working together.

via Amazon.com website briefly offline, hackers claim credit | Fox News.

Interesting.  Looks like a distributed denial of service (DDOS) on the grand daddy of the data center and cloud computing industry.  Amazon was down for only 49 minutes.  It will be interesting to hear the inside baseball techie talk as to how this happened and how Amazon recovered.

DVR Insecurity

Posted on by

tl;dr; A whole slew of security dvr devices are vulnerable to an unauthenticated login disclosure and unauthenticated command injection.

via consolecowboys: Swann Song – DVR Insecurity.

Interesting read.  Obviously, a device like a DVR should be placed inside a NAT and possibly have its traffic monitored at the firewall.  Then if port 9000 is open for telnet you just have to worry about an attack from with access to the LAN — not the entire Internet.

New video codec to ease pressure on global networks

Posted on by

The new codec will considerably ease the burden on global networks where, by some estimates, video accounts for more than half of bandwidth use. The new standard, known informally as ‘High Efficiency Video Coding’ (HEVC) will need only half the bit rate of its predecessor, ITU-T H.264 / MPEG-4 Part 10 ‘Advanced Video Coding’ (AVC), which currently accounts for over 80 per cent of all web video. HEVC will unleash a new phase of innovation in video production spanning the whole ICT spectrum, from mobile devices through to Ultra-High Definition TV.

via New video codec to ease pressure on global networks.

New server can be parachuted into extreme environments

Posted on by

“This equipment, in a transit case, will likely be parachuted into service in tactical deployments,” said John Callahan, director of marketing at NCST. The Bunker XRV-5241 can withstand a free-fall drop of around 1 meter, but for parachute deployment it needs to be packaged into the case for additional protection.

via New server can be parachuted into extreme environments.

The server is priced starting at US$3,699. It will be sold directly into the vertical markets.

I found it interesting how servers have become as important as rations and ammunition nowadays.  Lots of hardware info in the article but nothing on OS or services.

Attack Code, Metasploit Module Released For Serious Ruby On Rails Bugs

Posted on by

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popular Web application programming platform Ruby on Rails (RoR), as well as a new Metasploit module for the most serious of the two flaws, raising concerns of potentially damaging attacks to come on Web servers and databases.

via Attack Code, Metasploit Module Released For Serious Ruby On Rails Bugs – Dark Reading.

Security experts recommend patching RoR apps now if you have not already done so. Said O’Donnell in a blog post yesterday:

NTLM Challenge Response is 100% Broken (Yes, this is still relevant)

Posted on by

According to the last data from the W3 Schools, 21% of computers are running XP, while NetMarketShare claims it is 39%. Unless someone has hardened these machines (no MS patches do this), these machines are sending LM and NTLM responses! While these lists leave out server OSs, 2003 Server still sends NTLM responses by default. Yes, every MS OS since NT 4.0 SP4 has supported NTLMv2, but NTLM and LM were not excluded by default until Vista.

via Mark Gamache’s Random Blog: NTLM Challenge Response is 100% Broken (Yes, this is still relevant).

Well, here it is: I’VE BROKEN NTLM.

From the wiki definition of NTLM:

Microsoft no longer recommends NTLM in applications:[6]

“Implementers should be aware that NTLM does not support any recent cryptographic methods, such as AES or SHA-256. It uses cyclic redundancy check (CRC) or message digest algorithms (RFC1321) for integrity, and it uses RC4 for encryption. Deriving a key from a password is as specified in RFC1320 and FIPS46-2. Therefore, applications are generally advised not to use NTLM.”

While Kerberos has replaced NTLM as the default authentication protocol in an Active Directory (AD) based single sign-on scheme, NTLM is still widely used in situations where a domain controller is not available or is unreachable. For example, NTLM would be used if a client is not Kerberos capable, the server is not joined to a domain, or the user is remotely authenticating over the web.[1][3]

Netflix Open-Sources ‘Janitor Monkey’ AWS Cleanup Tool

Posted on by

Janitor Monkey detects AWS instances, EBS volumes, EBS volume snapshots, and auto-scaling groups. Each of these resource types has distinctive rules for marking unused resources. For example, an EBS volume is marked as a cleanup candidate if it has not been attached to any instance for 30 days. Janitor Monkey determines whether a resource should be a cleanup candidate by applying a set of rules on it. If any of the rules determines that the resource is a cleanup candidate, Janitor Monkey marks the resource and schedules a time to clean it up.

via Netflix Open-Sources ‘Janitor Monkey’ AWS Cleanup Tool.

Turkish agency blamed by U.S. companies for intercepted Web pages

Posted on by

“The logical theory is that the transportation agency was using it to spy on its own employees,” said Chris Soghoian, a former Federal Trade Commission technology expert now working for the American Civil Liberties Union.

Validation authority alone isn’t enough to intercept traffic, the most likely goal of the project. The authenticator would also have to come in contact with the Web user.

via Turkish agency blamed by U.S. companies for intercepted Web pages | Reuters.

Germanys first Spam protection database

Posted on by

Here are 4 things that we recommend in order to stay off the UCEPROTECT-Blacklists and the Backscatterer List:

1. Do not use abusive techniques on your systems, and also tell your customers with their own servers not to do so.

The following techniques are considered abusive, even though some seem to have become very popular.
Sender callouts (also known as Sender Verify or SAV) or any other kind of Backscatter.

via UCEPROTECT®-Network – Germanys first Spam protection database.

2. Ensure that large amounts of garbage cannot be sent through your mailservers / smarthosts.

3. Ensure that your dynamic / dialups / homeusers cannot be abused as spam zombies.

4. Get clue about new customers, secure your servers and prevent open relays and open proxies at your dedicated line customers and at customers with static IP addresses.