Linux Kernel Vulnerability

Rob Seastrom rs at seastrom.com
Sat Oct 22 11:33:26 CDT 2016 



Sent from my iPad
> On Oct 21, 2016, at 18:55, Alex Fraser <beatnic at comcast.net> wrote:
> 
> That sounds like a cover story.  Could this exploit be used to gain access to Linus servers running Apache

Friends don't let friends run apache. (Personally I run nginx). But the problem is almost never with the web server itself, rather with plugins and stuff like php. The short answer to your question is "reasonably safe if serving static pages from a web server, completely hosed if Mallory has shell access, and everything else is shades of gray"

> BTW a DDOS attack made the news at noon on WUSA (old channel 9).  They said it was large and affected the East Coast of the United Snakes.

This is our new normal. Brian Krebs got hammered some weeks back, this latest attack was against dyndns (DNS hoster) with what has been said in the tech press to be an in-protocol DNS based flooding attack (different from a ping flood or gre flood since those are protocols Krebs could do without and filter way upstream while in this case DNS is the product; dyn can't just block everything to port 53 or they kill their service). There is speculation that it was paybacks for a paper presented at NANOG on Tuesday:  http://nanog.org/meetings/abstract?id=2985 .  It has also been reported that it was a variant of the same software used against Krebs, but with a different payload. Nobody knows for sure though, obviously.  Collateral damage included everyone who was single armed off dyn - such as github and some AWS stuff (don't ask me why it wasn't route53 instead of dyn; I got nuthin). 

The take away is that the bad guys have the upper hand here with compromised IP video cameras and the like, and at the moment no matter how big you are if they want you offline they'll have you offline.

More as it becomes available, if folks are interested. 

-r

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amrad.org/pipermail/tacos/attachments/20161022/320bf71e/attachment.html>

More information about the Tacos mailing list