Sunday, April 13, 2014

Security: Heartbleed, Apple, MacOSX, iOS, Linux, and Android

Nearly every computing device today is connected together via a network of some kind. These connections open up opportunities or vulnerabilities for exploitation by mafia, criminals, or government espionage via malware. While computers such as MacOSX are immune, along with their mobile devices based upon iOS iPhone and iPads... huge numbers of Linux and Android devices are at risk!


 This particular vulnerability can be leveraged by many sources in order to capture usernames and passwords, where those account credentials can be later used for nefarious purposes. Nefarious includes: command and control to attack commercial, financial, government, or even launch attacks against entire national electrical grids; stealing money; stealing compute resources. The defect is well documented.

Apple and Android/Linux Vulnerabilities:

There are many operating systems which are vulnerable to this defect, but for this article, we are only really concerned about the mobile market.
While most of the buzz surrounding OpenSSL's Heartbleed vulnerability has focussed on websites and other servers, the SANS Institute reminds us that software running on PCs, tablets and more is just as potentially vulnerable.
Williams said a dodgy server could easily send a message to vulnerable software on phones, laptops, PCs, home routers and other devices, and retrieve up to 64KB of highly sensitive data from the targeted system at a time. It's an attack that would probably yield handy amounts of data if deployed against users of public Wi-Fi hotspots, for example.
While Google said in a blog post on April 9 that all versions of Android are immune to the flaw, it added that the “limited exception” was one version dubbed 4.1.1, which was released in 2012.
Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co., HTC Corp. and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software.

The company said less than 10 percent of active devices are vulnerable. More than 900 million Android devices have been activated worldwide.
After taking a few days to check its security, the fruity firm joined other companies in publicly announcing how worried or secure its customers should feel.
“Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key Web-based services were not affected,” an Apple spokesperson said.

To give an adequate understanding regarding the number of mobile Android devices at risk, one could take the population of the United States, at roughly 317 Million people as a baseline. 90 million Android Linux based devices vulnerable, that is equivalent to nearly 28% of the population of the United States is at risk! This is no small number of mobile devices - there is a lot of patching that either needs to be done or mobile devices which should be destroyed. Ensure you check your android device!

Thursday, April 10, 2014

Window Manager Lineup

[TWM History, courtesy Wikipedia]
X Windows is a Client-Server based windowing system, where the client applications can run on foreign servers and the X-Windows Server provide resources to the client to run properly, such as Frame Buffer, Keyboard, and Mouse. The X Windows Client application may run on any Hardware or OS Platform, consuming the memory and CPU resources on the remote side, not bound by architecture or byte order to the X Server. This article discusses one such client, the Window Manager.

[X Windows Architecture, Courtesy Wikipedia]

An X Client may consume resources from a single X Server, such as a simple as a Clock Application as complicated as a Desktop Publishing Application. An X Client may consume resources from multiple X Servers for gaming, such as X Tank or X Battle. A special kind of X Client is called the Window Manager. The Window Manager acts as a client, may run as a local client, on the platform hosting the X Server, or it can run on a different platform hosting clients. The Window Manager provides controls to the desktop environment, which is ultimately virtualized through the X Protocol.

[Open Look Virtual Window Manager, courtesy Layer 3 Networking]
Window Manager Lineup
Window Managers come in many different flavors. A recent article on windows managers hit the Layer 3 Networking Blog and offers a view into what may be appropriate for a vendor's virtual desktop environment.

2013-03-17 --- A Memory Comparison of Light... Desktops – Part 1
Fortunately, ...we have plenty of other choices, and we do like change. We have no need to keep using desktops we don’t like.I will describe some of choices in this article, and I’ll attempt to measure the RAM memory requirements. 

2013-04-09 ---  A Memory Comparison of Light... Desktops – Part 2
...I’ve tried to investigate the RAM memory requirements for running some of the most common light window managers and desktop environments available... Prompted by several readers, I’ve decided to include also the big, well-known memory hogs that grab most of the... market, i.e. KDE, Unity and Gnome.

2014-02-15 --- A Memory Comparison of Light Linux Desktops – Part 3
Unused memory goes into a special buffering pool, where the kernel caches all recently used data. If a process attempts to read a file and the kernel already has the file cached, reading it is as fast as reading RAM. Filesystem-heavy task, such as compiling source code, processing video files, etc. benefit from as much free memory as possible in buffering pool. It is not uncommon today to see users with powerful systems running tiling window managers in only a few megabytes of memory.
[Lineup of Window Managers by Resource Utilization, courtesy Layer 3 Networking]

The author of these articles had placed a disproportionate weight upon Linux, which did not even exist when X Windows was released, so it should be noted that any OS can leverage these Window Managers. The layer of control the Window Manager offers to the virtual desktop user is what is most important for the environment where virtualization is occurring. What really matters is the application being virtualized, not the window manager, so the desktop features required to deliver the virtualized application to the end user is an economics question which this article series provides excellent data points for an architect to leverage in order to make the appropriate business decision.

Wednesday, April 2, 2014

Security: Android Phone App Steals CPU

android marketplace shopping bag
[Courtesy: AndroidAuthority ]
Malware was seen traditionally only a Microsoft Windows problem. Now that highly secured,  multi-platform, standards-based UNIX environments lose influence, malware continues to spread to poorly secured Linux environments. More importantly, Google Android's mobile phone and tablet platforms have fallen victim. Attacks continue mercilessly.

old analog time clock
Recent History
Some recent Linux and Android validated attacks: January through November 2013, December 2013, January through February 2014, March 2014, and more malware is hitting the Linux and Android platforms. The most recent attacks are using your Linux based Android phones to create money for others.

virus eating desktop computer
Latest Attack
At the end of March 2014, a new attack was discovered... not only on the third-party Google Android application internet sources, but also multiple infected applications were found on Google Play.

2014-03-26 - Apps with millions of Google Play downloads covertly mine cryptocurrency
Yes, smartphones can generate digital coins, but at a painfully glacial pace.

According to a blog post published Tuesday by a researcher from antivirus provider Trend Micro, the apps are Songs, installed from one million to five million times, and Prized, which was installed from 10,000 to 50,000 times. Neither the app descriptions nor their terms of service make clear that the apps subject Android devices to the compute-intensive process of mining, Trend Micro Mobile Threats Analyst Veo Zhang wrote. As of Wednesday afternoon, the apps were still available.
If you download applications from Google Play or other non-Google sites - you may be noticing terrible battery life, increased battery temperature, and increased network usage.
global network image
What This Means To You
While Google has managed to remove some trojan applications which were designed to steal CPU time from your smart phone in order to electronically harvest bit coins for application developers, there are others sitting in Google Play and in non-regulated application markets.

Wednesday, March 26, 2014

Security: Software Piracy, Android Phones, and SMS Spam

[Courtesy: Android Authority]
 Security: Software Piracy, Android Phones, and SMS Spam
Ever since the creation of computers, people have been distributing software to avoid paying money or paying to distribute something that people don't want. Pirated Applications and Spam are two primary means to distribute viruses, malware, and worms. Baby steps against these on-line monsters are occasionally made.

In Review: 2013

From January to November last year, nearly 2 viruses, trojans, or generic malware was discovered each month in the Android mobile application market. December had a couple more discovered. For the malware discovered, there are countless numbers of mobile applications which have not yet been discovered... to steal credit card information, identities, or even "command and control" applications to turn your mobile device into a robot against unsuspecting targets (while you pay for the data traffic that is produced!)

Starting: 2014

While consolidating a list of mobile malware in the Android market was not completed, it is clear that there is some progress in this space... no matter how small.

2014-03-25 U.S. Government First Convictions Over Pirated Mobile Android Applications
The US has enforced its first convictions for illegally distributing counterfeit mobile apps, after two Florida men pleaded guilty for their part in a scheme that sold pirated apps with a total retail value of more than $700,000. Thomas Allen Dye, 21, and 26-year-old Nicholas Anthony Narbone both pleaded guilty to the same charge - conspiracy to commit criminal copyright infringement - earlier this month and are due to be sentenced in June and July respectively. Both men were in the Appbucket group, of which Narbone was the leader, which made and sold more than a million copyrighted Android mobile apps through the group's alternative online market.

2014-03-26 Chinese Arrest 1,500 in Fake Cellular Tower Text Message Spam Raid
China’s police have arrested over 1,500 people on suspicion of using fake base stations to send out mobile SMS spam. The current crackdown, began in February, according to Reuters. Citing a Ministry of Public Security missive, the newswire says a group operating in north-east Liaoning province, bordering North Korea, is suspected of pinging out more than 200 million spam texts.

In Conclusion:
Be diligent! Remember to purchase your applications from reputable places, don't be seduced into stealing applications on-line or purchasing them under list price. Being a thief could make you a victim!

Tuesday, March 4, 2014

Security: Linux, Viruses, Malware, and Worms

Not long after the advent of The Internet, the creation of worms, viruses, and other malware had become prevalent. Microsoft based platforms were the original serious target, because of poor security measures. Over time, malware had started to attack Linux based Android mobile phones. Now, the latest attacks appear to be hitting Linux based consumer grade internet routers, which were originally used to help protect Microsoft Windows based platforms in the home. These attacks have spiked in the first two months of 2014.

[Huawei TP-Link image, courtesy rootatnasro]
2013-01-11 - How I saved your a** from the ZynOS (rom-0) attack!! (Full disclosure)
Hello everyone, I just wanted to discuss some vulnerability I found and exploited for GOODNESS .. just so that SCRIPT KIDIES won’t attack your home/business network .
Well, in Algeria the main ISP ( Algerie Telecom ) provide you with a router when you pay for an internet plan. So you can conclude that every subscriber is using that router . TD-W8951ND is one of them, I did some ip scanning and I found that every router is using ZYXEL embedded firmware.

[Linksys Router, courtesy ARS Technica]
2014-02-14 - Bizarre attack infects Linksys routers with self-replicating malware
Linksys is aware of the malware called “The Moon” that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers. The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled. Linksys ships these products with the Remote Management Access feature turned off by default. Customers who have not enabled the Remote Management Access feature are not susceptible to this specific malware. Customers who have enabled the Remote Management Access feature can prevent further vulnerability to their network, by disabling the Remote Management Access feature and rebooting their router to remove the installed malware. Linksys will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks.

[ASUS Warning, courtesy ARS Technica]
2014-02-17 - Dear Asus router user: You’ve been pwned, thanks to easily exploited flaw
"This is an automated message being sent out to everyone effected [sic]," the message, uploaded to his device without any login credentials, read. "Your Asus router (and your documents) can be accessed by anyone in the world with an Internet connection. You need to protect yourself and learn more by reading the following news article:"
Two weeks ago, a group posted almost 13,000 IP addresses its members said hosted similarly vulnerable Asus routers.

If you are doing any serious internet based work, one might suggest that care is taken to watch the firmware of your consumer grade internet router, and upgrade the firmware as they become available. If you are running a business, a commercial grade router with a managed service may be of special interest. A short PDF on "SOHO Pharming" helps clarify risks. The avoidance of Linux based Android phones or consumer grade Linux routers may be the next best step.

Friday, January 17, 2014

Security: Android, Viruses, Malware, and Worms

[Courtesy AndroidAuthority]

Android: Malware Infestations for 2013

2013 Ending
Rounding out the 2013 Year with More Android Virus and Malware issues.

Somehow, this is no surprise.

2013 Investigation
A previous Network Management article discussing Android Malware from 2013 - not a pleasant place to be. Nearly a new Android exploit was uncovered every 2 weeks.

2013 Conclusions
A recent article in The Register mentions the dangers of Java and Android (which is based upon a Java port) on network clients:
Meanwhile, fully 99 per cent of all mobile malware discovered during the year targeted Android, as did 71 per cent of all web-based attacks on mobile devices.
Android mobile devices are less expensive than the alternative - but there is clearly a price to be paid.

EMC Smarts: Watch4Net APG Data Purging

A short note about default behavior within EMC Smarts Watch4Net APG
How to delete a device in Watch4Net. 
With default settings, APG will delete a device (or one of its component) and its history if it’s not updated for 1 full year. However, for some reason, you may want to manually override this behavior without changing the automated configuration. APG provides a tool that allows you to delete data from the database. It’s only available to administrative users, in the “Administration” pane and it’s called “Management of APG Metrics”. To use this tool, you have to:
• Set a filter to select the data to delete
• Type in the maximum number of results
• Check whether or not the last timestamp is displayed
• Select the properties to show
• Then, click the “Query” button
• Results will appear in the box below
• Last, just click the “Delete” button to delete all these data from APG 

There is no out-of-the-box way to de-provision from the command line.
If a site runs out of licenses, the GUI may crash and refuse to remain running... a very poorly written application result - but hey, EMC is not supporting high-end platforms like Solaris any longer, so what can you expect? Make sure you have spare licenses within Watch4Net to handle customer on boarding and off boarding - otherwise you may have some unexpected results!