The switching module sent these malformed packets “as network management instructions to a line module,” and the packets “were delivered to all connected nodes,” the FCC said. Each node that received the packet then “retransmitted the packet to all its connected nodes.”
Source: How malformed packets caused CenturyLink’s 37-hour, nationwide outage | Ars Technica
But the outage continued because “the malformed packets continued to replicate and transit the network, generating more packets as they echoed from node to node,” the FCC wrote. Just after midnight, at least 20 hours after the problem began, CenturyLink engineers “began instructing nodes to no longer acknowledge the malformed packets.” They also “disabled the proprietary management channel, preventing it from further transmitting the malformed packets.”
Glantz explained that the first step in the assembly of his IT infrastructure is to have a well-defined Standard Operating Environment (SOE). The SOE includes a definition of the hardware platforms used as well as the Linux and application software that is installed. There is also an installation and configuration management layer that helps enforce the SOE across the distributed Ikea IT footprint. Additionally, Glantz has defined a lifecycle-management plan that describes the lifecycle of how Linux will be used at Ikea for the next seven years.”
It’s not enough just to have documents, you have to have systems driving how technology works,” Glantz said.
Source: Ikea Patched for Shellshock by Methodically Upgrading All Servers
The vulnerability that Drake outlines rises from a poorly coded service, infosvr, which is used by ASUS to facilitate router configuration by automatically monitoring the local area network (LAN) and identifying other connected routers. Infosvr, Drake explains, runs with root privileges and contains an unauthenticated command execution vulnerability. In turn this permits anyone connected to the LAN to gain control by sending a user datagram protocol (UDP) package to the router.
via Root command execution bug found across wireless router range.
This seems more like a designed in feature not implemented correctly. Transferring config information on an unsecure network is difficult to implement without some kind of flaw.
This kind of hack is well above the capability of your average hacker. Very unlikely they could do much more than Man In the Middle which they could do anyway without hacking the router. I do not chase updates on SOHO routers because it’s pointless, a waste of time that possibly introduces different bugs.
To fix this issue, the GSMA has developed a non-removable SIM that can be embedded in a device for the duration of its life, and remotely assigned to a network. This information can be subsequently modified over-the-air, as many times as necessary.
The GSMA says its new SIM can reduce ongoing operational and logistical costs. Replacing one SIM is not going to break the bank, but replacing a few million could make a dent in any budget, it reckons.
via GSMA Creates Remotely Managed SIM For M2M Applications.
Puppet Labs’ IT automation software enables system administrators to deliver the operational agility and efficiency of cloud computing at enterprise-class service levels, scaling from handfuls of nodes on-premise to tens of thousands in the cloud. Puppet powers thousands of companies, including Twitter, Yelp, eBay, Zynga, JP Morgan Chase, Bank of America, Google, Disney, Citrix, Oracle, and Viacom.
via Puppet Labs: The Leading Open Source Data Center Automation and Configuration Management Tool | Puppet Labs.
According to Apple’s description of the application, IT staff can create and restore from a backup of preconfigured settings and app data, as well as create and install configuration profiles, among a number of other setup options. Admins can also supervise devices and organize those into custom groups, restrict which computers they can sync with, and add common configurations automatically. Admins can even apply custom text, wallpaper, or pictures to the iOS devices’ lock screens (keep an eye on your snarky IT staff if your work-issued iPhone’s lock screen image mysteriously changes to Nyancat).
via IT staff can now manage iPads, iPhones, iPod touches with Configurator tool.
I have intended for a long, long time now to write a blog post about one of my favorite soapbox topics of configuration management – tagging.
via CollabNet Subversion Blog – powered by FeedBurner.
This is the newsgroup comp.software.config-mgmt “Frequently Asked Questions” (FAQ) posting of a Software Configuration Management tools summary. This is part 2 of the 3 part FAQ. Please review all parts before submitting suggestions or questions to the FAQ editor.
via Configuration Management Tools Summary.
This Linux tutorial covers TCP/IP networking, network administration and system configuration basics. Linux can support multiple network devices. The device names are numbered and begin at zero and count upwards. For example, a computer running two ethernet cards will have two devices labeled /dev/eth0 and /dev/eth1. Linux network configuration, management, monitoring and system tools are covered in this tutorial.
via Linux Network Configuration.