Slashdot Mirror
Search
Search the archive with full-text matching across story titles, bodies,
and comments. Phrases are quoted; or, -word,
and parentheses behave as in a web search. Queries must be at least
3 characters.
Stories · 31
-
Researchers Hack the Mitsubishi Outlander SUV, Shut Off Alarm Remotely (helpnetsecurity.com)
Reader Orome1 writes: Mitsubishi Outlander, a popular hybrid SUV sold around the world, can be easily broken into by attackers exploiting security weaknesses in the setup that allows the car to be remotely controlled via an app. After discovering the SSID and the pre-shared key, they connected to a static IP address within a network's subnet, and this allowed them to sniff the Wi-Fi connection and send messages to the car. Through these messages they were able to turn the car's lights, air conditioning and heating on and off, change the charging programme and, most importantly, to disable the car's anti-theft alarm.
-
Ask Slashdot: How To Deal With a Persistent and Incessant Port Scanner?
jetkins writes: What would you do if your firewall was being persistently targeted by port scans from a specific group of machines from one particular company? I run a Sophos UTM9 software firewall appliance on my home network. Works great, and the free Home Use license provides a bunch of really nice features normally only found on commercial-grade gear. One of those is the ability to detect, block, and report port scans, and under normal circumstances I only get the occasional alert when some script kiddie comes a-knocking at my door.
But in recent months I have been getting flooded with alerts of scans from one particular company. I initially reported it to my own ISP's (RoadRunner's) abuse desk, on the assumption that if they're scanning me then they're probably scanning a bunch of my neighbors as well, and any responsible ISP would probably want to block this BS, but all I ever got back was an automated acknowledgment and zero action. So I used DNS lookup and WHOIS to find their phone number, and spoke with someone there; it appears that they're a small outfit, and I was assured that they had a good idea where it was coming from and that they would make it stop. Indeed, it did stop a few days later but then it was back again, unabated, after another week or so. So last week I called them again, and was once again assured of a resolution. No dice, the scans continue to pour in.
I've already blocked their subnet at my firewall, but the UTM apparently does attack detection before filtering, so that didn't stop the alerts. And although I *could* disable port scan alerts, it's an all-or-nothing thing and I'm not prepared to turn them off completely. This afternoon I forwarded the twenty-something alerts that I've received so far today, to their abuse@ address with an appeal for a Christmas Miracle, but frankly I'm not holding out much hope that it will have any effect. So, Slashdotters, what should I do if this continues into the new year? Start automatically bouncing every report to their abuse address? Sic Anonymous on them? Start calling them every time? I'm open to suggestions. -
It's Easy To Hack Traffic Lights
An anonymous reader notes coverage of research from the University of Michigan into the ease with which attackers can hack traffic lights. From the article: As is typical in large urban areas, the traffic lights in the subject city are networked in a tree-type topology, allowing them to pass information to and receive instruction from a central management point. The network is IP-based, with all the nodes (intersections and management computers) on a single subnet. In order to save on installation costs and increase flexibility, the traffic light system uses wireless radios rather than dedicated physical networking links for its communication infrastructure—and that’s the hole the research team exploited. ... The 5.8GHz network has no password and uses no encryption; with a proper radio in hand, joining is trivial. ... The research team quickly discovered that the debug port was open on the live controllers and could directly "read and write arbitrary memory locations, kill tasks, and even reboot the device (PDF)." Debug access to the system also let the researchers look at how the controller communicates to its attached devices—the traffic lights and intersection cameras. They quickly discovered that the control system’s communication was totally non-obfuscated and easy to understand—and easy to subvert.
-
Tesla Model S Has Hidden Ethernet Port, User Runs Firefox On the 17" Screen
New submitter FikseGTS (3604833) writes "A Tesla Model S owner located a 4 pin connector on the left side of the Tesla Model S dashboard that turns out to be a disguised ethernet networking port. After crafting his owns patch cable to connect with the Tesla's port, a networking connection was established between the Tesla Model S and a laptop computer. The Model S is running a 100 Mbps, full duplex ethernet network and 3 devices were found with assigned IP addresses in the 192.168.90.0 subnet. Some ports and services that were open on the devices were 22 (SSH), 23 (telnet),53 (open domain), 80 (HTTP), 111 (rpcbind), 2049 (NFS), 6000 (X11). Port 80 was serving up a web page with the image or media of the current song being played. The operating system is modified version of Ubuntu using an ext3 filesystem. Using X11 it also appears that someone was able to somewhat run Firefox on both of the Model S screens. Is a jailbroken Tesla Model S on the way?" Some more details on this front would be appreciated, for anyone who has a Tesla they'd like to explore.
-
Linux Kernel Running In JavaScript Emulator With Graphics and Network Support
New submitter warmflatsprite writes "It seems that there have been a rash of JavaScript virtual machines running Linux lately (or maybe I just travel in really weird circles). However until now none of them had network support, so they weren't too terribly useful. Sebastian Macke's jor1k project uses asm.js to produce a very fast emulation of the OpenCores OpenRISC processor (or1k) along with a HTML5 canvas framebuffer for graphics support. Recently Ben Burns contributed an emulated OpenCores ethmac ethernet adapter to the project. This sends ethernet frames to a gateway server via websocket where they are switched and/or piped into TAP virtual ethernet adapter. With this you can build whatever kind of network appliance you'd like for the myriad of fast, sandboxed VMs running in your users' browsers. For the live demo all VMs connect to a single private LAN (subnet 10.5.0.0/16). The websocket gateway also NATs traffic from that LAN out to the open Internet."
-
Snowden and the Fate of the Internet As a Global Network
Hugh Pickens DOT Com writes "John Naughton writes in the Guardian that the insight that seems to have escaped most of the world's mainstream media regarding the revelations from Edward Snowden is how the US has been able to bend nine US internet companies to its demands for access to their users' data proving that no US-based internet company can be trusted to protect our privacy or data. 'The fact is that Google, Facebook, Yahoo, Amazon, Apple and Microsoft are all integral components of the US cyber-surveillance system,' writes Naughton. 'Nothing, but nothing, that is stored in their "cloud" services can be guaranteed to be safe from surveillance or from illicit downloading by employees of the consultancies employed by the NSA.' This spells the end of the internet as a truly global network. 'It was always a possibility that the system would eventually be Balkanised, ie divided into a number of geographical or jurisdiction-determined subnets as societies such as China, Russia, Iran and other Islamic states decided that they needed to control how their citizens communicated. Now, Balkanisation is a certainty.' Naughton adds that given what we now know about how the US has been abusing its privileged position in the global infrastructure, the idea that the western powers can be allowed to continue to control it has become untenable. 'Why would you pay someone else to hold your commercial or other secrets, if you suspect or know they are being shared against your wishes?' writes Neelie Kroes, vice-president of the European Commission. 'Front or back door – it doesn't matter – any smart person doesn't want the information shared at all. Customers will act rationally, and providers will miss out on a great opportunity.'"
-
Terry Childs's Slow Road To Justice
snydeq writes "Deep End's Paul Venezia provides an update on the City of San Francisco's trial against IT admin Terry Childs, which — at eight weeks and counting — hasn't even seen the defense begin to present its case. The main spotlight thus far has been on the testimony of San Francisco Mayor Gavin Newsom. 'Many articles about this case have pounced on the fact that after Childs gave the passwords to the mayor, they couldn't immediately be used. Most of these pieces chalk this up to some kind of secondary infraction on Childs's part,' Venezia writes. 'Just because you give someone a password doesn't mean that person knows how to use it. Childs's security measures would have included access lists that blocked attempted logins from non-specified IP addresses or subnets. In short, it was nothing out of the ordinary if you know anything about network security.' But while the lack of technical expertise in the case is troubling, encouraging is the fact that the San Francisco Chronicle's 'breathless piece reporting on the mayor's testimony' drew comments 10-to-1 in Childs's favor, which may indicate that 'public opinion of this case has tilted in favor of the defense,' Venezia writes. Of course, 'if [the trial] drags into summer, Childs will have the dubious honor of being held in jail for two full years.' This for a man who 'ultimately protected the [City's] network until the bitter end.'"
-
Managing Lots of IP Addresses?
haggisbrain asks: "I'm a Systems Administrator and I've recently started work with a new company where I'm now helping to support a much larger number of nodes than I've previously supported. We have just over 1000 nodes to support, but no efficient method to manage the IP addresses and subnets used. Previously, an Excel Spreadsheet has been sufficient enough for my needs, but now I need to find a new way. Can someone recommend a piece of software which can help me? Is there a simple way to list and view the IP addresses used on my network?"
-
Vista's 'Next Gen' TCP/IP Stack
boyko.at.netqos writes "Microsoft's new Vista TCP/IP stack might be beneficial to businesses looking to increase use of their IT infrastructure... if they did it right. Ted Romer at Network Performance Daily writes: '[Vista] now allows us to throttle outbound traffic at a client or server. For example, you can throttle the bandwidth of a particular subnet to a particular server, giving some departments more access to the servers that they need. You can even restrict outgoing bandwidth for certain peer-to-peer applications like bit torrent. This shaping can also be handy when applied to servers, allowing less bandwidth for certain users/departments, and more for others. While consumers may debate whether Vista is a worthwhile upgrade, I believe it to be important for enterprise customers who will best be able to put Vista's capabilities to their fullest potential. Of course, I'm getting it for DirectX 10 games, but that's just me.'"
-
Creepy Windows XP Halloween mask
An anonymous reader proclaims that "A "Jason"-like hockey mask adorned with a Windows XP sticker and subnet addresses wins IT-related Halloween costume contest. Look out for the scary Data Center Man as well."
-
Network-Monitoring Data Put to Music
StrongGlad writes "Building on the idea that people are naturally attuned to sound, the Sheridan College Institute of Technology and Advanced Learning has created software that translates network and server activity into music. And, their IT department operators can interpret the music to detect problems in the system." Talk about finding the beauty in Spam. From the article: "Last Friday, IT department operators began listening to what sounds like classical music but is actually a precise audio model of system metrics. They are trained to recognize instruments, chords, tempo and other musical elements of music as a translation of e-mail activity from 15 servers over three subnets. Every aspect of the music correlates to information. Probes detect server activity and send about 20 summaries a second to the iSIC sound engine. The data is aggregated and transformed into an audio format."
-
MS05-039 Worm in the Wild
An anonymous reader noted that SANS is reporting that the MS05-039 worm is in the wild. It has been named Zotob.A. Not a lot of information on this one yet except that it's trying to FTP files from a subnet.
-
Integrating Microsoft's AD into Apple's OD?
grag asks: "My workplace has started a migration to a unified authentication system using Microsoft's Active Directory, and Apple's Open Directory. We need to know if it is possible to place a Microsoft Active Directory server underneath a master Open Directory server in the hierarchy. The Microsoft server provides services only to our Accounting Department, and it seems to us that it should integrate to the Mac Server since all of our other departments use the Mac Server. Our network consists of fifty Macs connected to an Xserve running Mac OS X Server 10.3.6 Unlimited Client License. In addition, we have on a separate subnet five Windows boxes connected to a Microsoft Windows 2003 Server with a five-client license. Should I pursue this question or give up and place the Microsoft Server at the top of the hierarchy?"
-
Cross-platform, Easy-to-Use Local LAN Chat?
Ars-Gonzo asks: "I was at a conference last week, and had a surprising number of people connected to a peer-to-peer wireless LAN during the lectures. I saw several Mac users typing away during the lectures, and I found out later that they were using iChat's Rendezvous-based local chat to talk to each other. iChat's local subnet chatting functionality is supposedly based on Jabber, but I can't get a Jabber client (on Windows or Linux) to connect to iChat, locally. Has anyone seen any iChat compatible LAN-chat apps for a platform other than Mac?"
-
x86 Commodity-Hardware Router?
neomage86 asks: "I recently had to set up a router for a small company, only five users at any given time, and the needed VPN capabilities are built in. So, instead of using a Cisco or other embedded router, I decided to just install Linux and IPTables on an old 200 MHz PII I had lying around. It's been working fine, and I'm thinking about doing something like this for a much larger network (3000+ users). Does anyone have suggestions on how much I will have to beef up the hardware to provide IP Masquerading for about 1000 users on a T3; provide network-layer filtering of the transmission; and route between 4-5 internal subnets?"
-
Rogue Access Point Detection?
Yossarian2000 asks: "With all the media attention WLANs have been getting lately, more and more businesses seem to be looking to better understand their implications as relates to company intranets. Whether a business is running a WLAN or not, detecting rogue access points is essential to maintaining some degree of security. Currently, it seems there are few options for detecting APs: subnet scans (which add overhead to the network and can still miss some APs), handheld devices (which require regular site surveys), and systems that use existing access points to detect rogues (this assumes you have APs covering your entire site). Has anyone heard of better methods for the detection of rogue APs?"
-
Apple Updates, Cripples iTunes
squiggleslash writes "Apple has issued an update to iTunes 4, iTunes 4.0.1. It can be downloaded via Software Update. The big change seems to be that iTunes will now only stream music to other Macs on the same subnet. This is presumably a response to people publishing public lists of shared iTunes playlists, though it does mean that anyone wanting to stream music from home to work or vice versa is SOL. Oh well." You can't share between 4.0 and 4.0.1 iTunes, so be careful in updating. AppleScript access to shared playlist tracks is fixed, though. Woop woop.
-
Preventing the NT Messenger From Use as a Spam Portal?
zbowling (Zac Bowling) asks: "I currently use Comcast cable internet, and I consistently get hit with spam popups. These are not the ones you get from a webpages or media, these are dialog box popups from people scanning all possible IPs for the open messenger port on most NT or Win2k machines. The NT Messenger service (also the same as Novells Network Alert system) is reserved for admins, so they can send messages to the domain or a single workstation for any reason. This service has been taken advantage of by spammers looking for a cheap way to spam someone. One message I got was a spam to get me to buy a firewall product from them to prevent this from happening. I'm sure you can shut of that service or block that port except from people in your subnet. Does anyone know of any resources on the topic?"
-
Free IPv6 Subnets Are Going Away
ar32h writes "The 6bone is going to be phased out soon. This means all of us who have IP addresses or subnets beginning with 3ffe from tunnel brokers like Freenet6 are going to be sorry out of luck." According to the linked phaseout plan, "It is anticipated that under this phaseout plan the 6bone will cease to operate by July 1, 2006, with all 6bone prefixes fully reclaimed by the IANA," but there are a number of sub-deadlines along the way.
-
Adelphia's Cable Modems Compromised
texus writes "The Adelphia PowerLink Cable Modem Internet Service Provider, that serves 5.5 million customers nation wide, was found to be vulnerable of a major security flaw that allows cable modem subscribers to spy on each others traffic, as well as the ability to modify other users internet packets in realtime. The severity of a potential attack could allow a malicious subscriber to gain access to the customers private activity on the net, as well as the capabilities to hijack connections, intercept SSL/SSH/VPN encrypted sessions, hijack and poison dns servers, and perform a Denial of Service on the entire subnet. The advisory on BugTraq officially states that it didn't seem like Unix machines that logged onto the network were affected, but reports from other Adelphia subscribers indicate that this was inaccurate and Unix users are vulnerable as well."