FyhTech - Fun with Linux https://tech.feedyourhead.at/rss.xml en OpenElec: CVE-2017-6445 revisited https://tech.feedyourhead.at/content/openelec-cve-2017-6445-revisited <span class="field field--name-title field--type-string field--label-hidden">OpenElec: CVE-2017-6445 revisited</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>A few months ago I <a href="https://tech.feedyourhead.at/content/openelec-remote-code-execution-vulnerability-through-man-in-the-middle">published a vulnerability in OpenElecs updater</a>. I successfully hacked remotely OpenElec version 6.x.x and 7.x.x . OpenElec 8 is available for a while and <a href="http://openelec.tv/news/22-releases/188-stable-openelec-8-0-4-released">reached version 8.0.4</a>. So I tested the bug against this version and it's still open. An attacker who is Man-In-The-Middle can remotely compromise Openelec-Updates and plant a reverse-shell  on the target.</p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Jun 25 2017</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/security" hreflang="en">Security</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=241&amp;2=comment&amp;3=comment" token="e3CIFIFw65ZxCl2noDmTgMicHB44fVHQD-OJ5FgKwHM"></drupal-render-placeholder> </section> Sun, 25 Jun 2017 08:41:54 +0000 Hoti 241 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/openelec-cve-2017-6445-revisited#comments https://tech.feedyourhead.at/content/openelec-cve-2017-6445-revisited#comments Debian Stretch released https://tech.feedyourhead.at/content/debian-stretch-released <span class="field field--name-title field--type-string field--label-hidden">Debian Stretch released</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><a href="https://www.debian.org/News/2017/20170617.en.html">On Saturday the Debian Project announced the release of Debian 9 "Stretch".</a> This means that Jessie will be oldstable and Wheezy won't recieve any updates anymore. So it's time to dist-upgrade.</p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Jun 18 2017</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/debian" hreflang="en">Debian</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/news" hreflang="en">News</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=240&amp;2=comment&amp;3=comment" token="v6rrzvW9Gl_uyKw22p81VdwPN-EEK_WYSalGYJJYWes"></drupal-render-placeholder> </section> Sun, 18 Jun 2017 11:02:10 +0000 Hoti 240 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/debian-stretch-released#comments https://tech.feedyourhead.at/content/debian-stretch-released#comments Using the new statx() system-call https://tech.feedyourhead.at/content/using-the-new-statx-system-call <span class="field field--name-title field--type-string field--label-hidden">Using the new statx() system-call </span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>In the Linux Kernel 4.11 <a href="https://kernelnewbies.org/Linux_4.11#head-317feedf73dcc7b97e7b28e2d478c54e3bd0b412">a new system-call statx() was introduced.</a> The old stat() system-call is used to get meta-data(like size, permissions aso.) of files and directories. Stat() lacks functionallity for remote filesystems and collects all the information of a file at once which might lead to slow operations. <a href="https://lwn.net/Articles/707602/">Statx()</a> is a new implementation of stat. The caller can request specific information(like just the size of a file) to speed up the call. If the filesystem is a remote filesystem, it is possible to let statx() first sync with the remote-server before requesting the information(or just be fine with the cached infos). Another nice feature is that statx() can also be used to get extra fileattributes like: "is the file encrypted or compressed?".</p> <p>To get a feeling for statx() and to learn how to use it, I wrote a little <a href="https://github.com/whotwagner/statx-fun">statx()-application and published it on github</a>. At the moment the glibc doesn't support statx() so I had to use the generic syscall()-function and create my own statx()-header-file to make it work.</p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Jun 04 2017</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Programming" hreflang="en">Programming</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/downloads" hreflang="en">Downloads</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/c" hreflang="en">C</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=239&amp;2=comment&amp;3=comment" token="UEqJblgvDLsyBRLIA0F9atdiaIH0yG49vsgyqw32eGc"></drupal-render-placeholder> </section> Sun, 04 Jun 2017 20:37:21 +0000 Hoti 239 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/using-the-new-statx-system-call#comments https://tech.feedyourhead.at/content/using-the-new-statx-system-call#comments Impressions of the Open Source Datacenter Conference https://tech.feedyourhead.at/content/impressions-of-the-osdc <span class="field field--name-title field--type-string field--label-hidden">Impressions of the Open Source Datacenter Conference</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><img alt="osdc2017" data-entity-type="file" data-entity-uuid="89860874-9585-46a3-a164-518d38a5e8c4" height="2236" src="/sites/default/files/inline-images/IMG_20170518_104559_0.jpg" width="2981" /></p> <p>This year I participated the <a href="https://www.netways.de/events/osdc/program/">OSDC</a> again. The main topics of this year  were Linux Containers and Configuration Management. Some talks were about experiences of some companies with containers. Casey Callendrello from CoreOs talked about the container network interface used by some container technologies. A highlight was Seth Vargo from <a href="https://www.hashicorp.com/">HashiCorp</a> who explained some of HashiCorps Open-Source products like "vault". Another really cool talk was about <a href="https://www.inspec.io/">inspec</a>, a security testing framework.</p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">May 20 2017</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/news" hreflang="en">News</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=238&amp;2=comment&amp;3=comment" token="CHQvF8drQT6lrF4i_7o488vWZqPUjZFYKDZHy8lcWuM"></drupal-render-placeholder> </section> Sat, 20 May 2017 07:54:59 +0000 Hoti 238 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/impressions-of-the-osdc#comments https://tech.feedyourhead.at/content/impressions-of-the-osdc#comments Kernel-Programming: execute call_usermodehelper() within a systemcall https://tech.feedyourhead.at/content/kernel-programming-execute-call-usermodehelper-within-a-systemcall <span class="field field--name-title field--type-string field--label-hidden">Kernel-Programming: execute call_usermodehelper() within a systemcall </span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>In kernel-programming we should avoid doing call_usermodehelper() which allows to execute a command from kernel-space. And sometimes we even want to call this function within a systemcall.&nbsp; Normally, we really don't wanna do this. But, desperate times require extraordinary methods.</p> <p>When I first tried to execute call_usermodehelper() within a systemcall() I got a kernel failure. <a href="http://kernelnewbies.kernelnewbies.narkive.com/2n6EBkVX/call-usermodehelper-kernel-panic">So I googled and what I found was</a>:</p> <blockquote> <p>Are you calling call_usermodehelper() from within an interrupt handler ?<br /> <br /> I believe call_usermodehelper() must be called from a context that can<br /> wait.</p> </blockquote> <p>Seems like I need a context that can wait. So I created a worker_queue and inside the systemcall I just schedule a worker:</p> <div class="geshifilter"><pre class="c geshifilter-c" style="font-family:monospace;"><span style="color: #993333;">struct</span> work_cont <span style="color: #009900;">&#123;</span> <span style="color: #993333;">struct</span> work_struct real_work<span style="color: #339933;">;</span> <span style="color: #993333;">char</span> cmd<span style="color: #009900;">&#91;</span>MAX_STRING_LEN<span style="color: #009900;">&#93;</span><span style="color: #339933;">;</span> <span style="color: #009900;">&#125;</span><span style="color: #339933;">;</span> &nbsp; <span style="color: #993333;">struct</span> work_cont <span style="color: #339933;">*</span>execwq<span style="color: #339933;">;</span> &nbsp; <span style="color: #993333;">void</span> cmdexec_worker<span style="color: #009900;">&#40;</span><span style="color: #993333;">struct</span> work_struct <span style="color: #339933;">*</span>work<span style="color: #009900;">&#41;</span> <span style="color: #009900;">&#123;</span> <span style="color: #993333;">struct</span> work_cont <span style="color: #339933;">*</span>c_ptr <span style="color: #339933;">=</span> container_of<span style="color: #009900;">&#40;</span>work<span style="color: #339933;">,</span> <span style="color: #993333;">struct</span> work_cont<span style="color: #339933;">,</span> real_work<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> set_current_state<span style="color: #009900;">&#40;</span>TASK_INTERRUPTIBLE<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> &nbsp; <span style="color: #993333;">char</span> <span style="color: #339933;">*</span>argv<span style="color: #009900;">&#91;</span><span style="color: #009900;">&#93;</span> <span style="color: #339933;">=</span> <span style="color: #009900;">&#123;</span> <span style="color: #ff0000;">&quot;/bin/sh&quot;</span><span style="color: #339933;">,</span> <span style="color: #ff0000;">&quot;-c&quot;</span><span style="color: #339933;">,</span> c_ptr<span style="color: #339933;">-&gt;</span>cmd<span style="color: #339933;">,</span> NULL <span style="color: #009900;">&#125;</span><span style="color: #339933;">;</span> <span style="color: #993333;">static</span> <span style="color: #993333;">char</span> <span style="color: #339933;">*</span>envp<span style="color: #009900;">&#91;</span><span style="color: #009900;">&#93;</span> <span style="color: #339933;">=</span> <span style="color: #009900;">&#123;</span> <span style="color: #ff0000;">&quot;HOME=/&quot;</span><span style="color: #339933;">,</span> <span style="color: #ff0000;">&quot;TERM=linux&quot;</span><span style="color: #339933;">,</span> <span style="color: #ff0000;">&quot;PATH=/sbin:/bin:/usr/sbin:/usr/bin&quot;</span><span style="color: #339933;">,</span> NULL <span style="color: #009900;">&#125;</span><span style="color: #339933;">;</span> &nbsp; call_usermodehelper<span style="color: #009900;">&#40;</span> argv<span style="color: #009900;">&#91;</span><span style="color: #0000dd;">0</span><span style="color: #009900;">&#93;</span><span style="color: #339933;">,</span> argv<span style="color: #339933;">,</span> envp<span style="color: #339933;">,</span> UMH_WAIT_PROC<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> &nbsp; <span style="color: #b1b100;">return</span><span style="color: #339933;">;</span> <span style="color: #009900;">&#125;</span> &nbsp; DEFINE_MUTEX<span style="color: #009900;">&#40;</span>cmd_mutex<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> &nbsp; <span style="color: #808080; font-style: italic;">/* Please note that this code is just an incomplete example to give an idea how to call call_usermodehelper from a systemcall. You have to include/implement my_own_systemcall() by yourself */</span> asmlinkage <span style="color: #993333;">long</span> my_own_systemcall<span style="color: #009900;">&#40;</span><span style="color: #993333;">const</span> <span style="color: #993333;">char</span> __user <span style="color: #339933;">*</span>filename<span style="color: #339933;">,</span> <span style="color: #993333;">const</span> <span style="color: #993333;">char</span> __user <span style="color: #339933;">*</span><span style="color: #993333;">const</span> __user <span style="color: #339933;">*</span>argv<span style="color: #339933;">,</span> <span style="color: #993333;">const</span> <span style="color: #993333;">char</span> __user <span style="color: #339933;">*</span><span style="color: #993333;">const</span> __user <span style="color: #339933;">*</span>envp<span style="color: #009900;">&#41;</span> <span style="color: #009900;">&#123;</span> mutex_lock<span style="color: #009900;">&#40;</span>cmd_mutex<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> <a href="http://www.opengroup.org/onlinepubs/009695399/functions/strncpy.html"><span style="color: #000066;">strncpy</span></a><span style="color: #009900;">&#40;</span>execwq<span style="color: #339933;">-&gt;</span>cmd<span style="color: #339933;">,</span>argv<span style="color: #009900;">&#91;</span><span style="color: #0000dd;">1</span><span style="color: #009900;">&#93;</span><span style="color: #339933;">,</span>MAX_STRING_LEN<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> mutex_unlock<span style="color: #009900;">&#40;</span>cmd_mutex<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> &nbsp; schedule_work<span style="color: #009900;">&#40;</span><span style="color: #339933;">&amp;</span>execwq<span style="color: #339933;">-&gt;</span>real_work<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> <span style="color: #009900;">&#125;</span> &nbsp; <span style="color: #993333;">int</span> __init loadlkm<span style="color: #009900;">&#40;</span><span style="color: #993333;">void</span><span style="color: #009900;">&#41;</span> <span style="color: #009900;">&#123;</span> execwq <span style="color: #339933;">=</span> kmalloc<span style="color: #009900;">&#40;</span><span style="color: #993333;">sizeof</span><span style="color: #009900;">&#40;</span><span style="color: #339933;">*</span>execwq<span style="color: #009900;">&#41;</span><span style="color: #339933;">,</span>GFP_KERNEL<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> INIT_WORK<span style="color: #009900;">&#40;</span><span style="color: #339933;">&amp;</span>execwq<span style="color: #339933;">-&gt;</span>real_work<span style="color: #339933;">,</span> cmdexec_worker<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> &nbsp; <span style="color: #b1b100;">return</span> <span style="color: #0000dd;">0</span><span style="color: #339933;">;</span> <span style="color: #009900;">&#125;</span> &nbsp; <span style="color: #993333;">void</span> __exit clean_up<span style="color: #009900;">&#40;</span><span style="color: #993333;">void</span><span style="color: #009900;">&#41;</span> <span style="color: #009900;">&#123;</span> flush_work<span style="color: #009900;">&#40;</span><span style="color: #339933;">&amp;</span>execwq<span style="color: #339933;">-&gt;</span>real_work<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> kfree<span style="color: #009900;">&#40;</span>execwq<span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> <span style="color: #009900;">&#125;</span></pre></div> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">May 05 2017</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Programming" hreflang="en">Programming</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/kernel" hreflang="en">Kernel</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/c" hreflang="en">C</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=237&amp;2=comment&amp;3=comment" token="P7KlDPQpsZqjJjomBm5cZBXxoIUhy9Qw3z0TJq9Bz24"></drupal-render-placeholder> </section> Fri, 05 May 2017 08:47:52 +0000 Hoti 237 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/kernel-programming-execute-call-usermodehelper-within-a-systemcall#comments https://tech.feedyourhead.at/content/kernel-programming-execute-call-usermodehelper-within-a-systemcall#comments Containers explained in 500 lines of code https://tech.feedyourhead.at/content/containers-explained-in-500-lines-of-code <span class="field field--name-title field--type-string field--label-hidden">Containers explained in 500 lines of code</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>I am currently writing a work about containers and I found this <a href="https://blog.lizzie.io/">amazing blog</a> which explains <a href="https://blog.lizzie.io/linux-containers-in-500-loc.html">containers in 500 lines of code</a>(and about 3000 lines of very well structured text). I can definitely recommend <a href="https://blog.lizzie.io/">Lizzies-Blog.</a></p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Apr 21 2017</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/external" hreflang="en">External</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=236&amp;2=comment&amp;3=comment" token="oeCJgT6oShZee1DrgYluYnBEIgVjdlVT5GAHh287l0s"></drupal-render-placeholder> </section> Fri, 21 Apr 2017 21:15:12 +0000 Hoti 236 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/containers-explained-in-500-lines-of-code#comments https://tech.feedyourhead.at/content/containers-explained-in-500-lines-of-code#comments Dangerous remote Linux-Kernel bug(CVE-2016-10229) discovered https://tech.feedyourhead.at/content/Dangerous-remote-Linux-Kernel-bug-discovered <span class="field field--name-title field--type-string field--label-hidden">Dangerous remote Linux-Kernel bug(CVE-2016-10229) discovered</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><a href="http://www.securityfocus.com/bid/97397/info">Eric Dumazet of Google found a very dangerous remote execution bug in the Linux Kernel</a>. It's located in the recv-syscall with the MSG_PEEK-flag set. Attackers can remotely execute code on the target..</p> <p>I used a google-dork to find vulnerable software:</p> <pre> MSG_PEEK filetype:c </pre> <p>And found some possible targets:</p> <ul> <li>asterisk(chan_unistim.c,ooh323c-addon)</li> <li>pulseaudio</li> <li>systemd</li> <li>dnsmasq</li> <li>netcat</li> <li>busybox</li> <li>nginx</li> <li>The mirai-botnet</li> <li>The adore-ng kernel rootkit</li> </ul> <p>I did not dig deeper in the source-code but this bug seems to have a reasonable impact.</p> <p><strong>Update:&nbsp; </strong><a href="https://plus.google.com/+EricDumazet/posts/ZQie5XjAic2">According to Eric Dumazets Google+-Site this bug seems to affect only a few releases </a></p> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Apr 14 2017</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/security" hreflang="en">Security</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/external" hreflang="en">External</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=235&amp;2=comment&amp;3=comment" token="hW2IOZmCmwFRCThT3QIYuPVZe3WfYbKntb8NOSMWcoA"></drupal-render-placeholder> </section> Fri, 14 Apr 2017 12:12:58 +0000 Hoti 235 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/Dangerous-remote-Linux-Kernel-bug-discovered#comments https://tech.feedyourhead.at/content/Dangerous-remote-Linux-Kernel-bug-discovered#comments Nasty Cisco bug discovered https://tech.feedyourhead.at/content/nasty-cisco-bug-discovered <span class="field field--name-title field--type-string field--label-hidden">Nasty Cisco bug discovered</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><a href="http://thehackernews.com/2017/03/cisco-network-switch-exploit.html?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29">The latest wikileaks revealings gave also insights about an interesting bug in cisco products.  </a> No I am not talking about the <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3881">bug in the Cisco Cluster Management Protocol (CMP).</a> I am talking about the open telnet ports.Ten years ago it was already recommended to use ssh instead and there are still so many devices out there with open telnet ports. Now it really is time to close them.</p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Mar 20 2017</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/security" hreflang="en">Security</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/news" hreflang="en">News</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/external" hreflang="en">External</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=234&amp;2=comment&amp;3=comment" token="YxofjnyF2RT8es-4pCtuo9SNHwHmzmd9QBf68BSAdjk"></drupal-render-placeholder> </section> Mon, 20 Mar 2017 20:43:30 +0000 Hoti 234 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/nasty-cisco-bug-discovered#comments https://tech.feedyourhead.at/content/nasty-cisco-bug-discovered#comments Happy PI-Day https://tech.feedyourhead.at/content/pi-day-2017 <span class="field field--name-title field--type-string field--label-hidden">Happy PI-Day</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><img alt="pi-pie" data-entity-type="file" data-entity-uuid="13ee6d40-66e5-4cdf-8a34-f6dc13fb5ab3" src="/sites/default/files/inline-images/pi-pie.gif" /></p> <p><a href="http://www.piday.org/">It's 3/14 - Happy PI Day </a></p> <p> </p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Mar 14 2017</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/Fun" hreflang="en">Fun</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=233&amp;2=comment&amp;3=comment" token="xmq9QDnbO0STEomcLqlvVhqBnipegehLxsKP-lpF1PQ"></drupal-render-placeholder> </section> Tue, 14 Mar 2017 15:22:46 +0000 Hoti 233 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/pi-day-2017#comments https://tech.feedyourhead.at/content/pi-day-2017#comments EFF: Digital Privacy at the U.S. Border https://tech.feedyourhead.at/content/eff-digital-privacy-at-the-us-border <span class="field field--name-title field--type-string field--label-hidden">EFF: Digital Privacy at the U.S. Border</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><a href="https://www.eff.org/wp/digital-privacy-us-border-2017">The Electronic Frontier Foundation released guidelines for protecting your data when you pass the U.S. Border.</a></p></div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/users/hoti" typeof="schema:Person" property="schema:name" datatype="">Hoti</span></span> <span class="field field--name-created field--type-created field--label-hidden">Mar 11 2017</span> <div class="field field--name-field-tagies field--type-entity-reference field--label-above"> <div class="field__label">Tags</div> <div class='field__items'> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/news" hreflang="en">News</a></div> <div class="field__item"><i class="fa fa-tags"></i> <a href="/tags/external" hreflang="en">External</a></div> </div> </div> <section class="field field--name-comment-node-blog field--type-comment field--label-hidden comment-wrapper"> </section> <section class="field field--name-comment field--type-comment field--label-above comment-wrapper"> <h2 class='title comment-form__title'> <i class="fa fa-comments-o"></i> Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=232&amp;2=comment&amp;3=comment" token="xoSTz6d_2GY6Oe1Q1oEuv8wSoFMB45wo44DmnMsuP7s"></drupal-render-placeholder> </section> Sat, 11 Mar 2017 21:59:59 +0000 Hoti 232 at https://tech.feedyourhead.at https://tech.feedyourhead.at/content/eff-digital-privacy-at-the-us-border#comments https://tech.feedyourhead.at/content/eff-digital-privacy-at-the-us-border#comments