Welcome to the regular networking and cybersecurity newsletter! With this letter, it is all about the most exciting articles published between August 31 and September 6, 2020.
"On Sunday, August 30, 2020, it all started with a simple question: "What's happening?"
Approximately around 10 UTC, the global Internet started experiencing a very specific state of connectivity - inside the network of one of the largest Tier-1 operators in the world, CenturyLink (primary AS3356), something bad was undoubtedly going on."
"Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device."
"For the past few months, I've been running a handful of SSH Honeypots on some cloud providers, including Google Cloud, DigitalOcean, and NameCheap. As opposed to more complicated honeypots looking at attacker behavior, I decided to do something simple and was only interested in where they were coming from, what tools might be in use, and what credentials they are attempting to use to authenticate. My dataset includes 929,554 attempted logins over a period of a little more than 3 months.
If you're looking for a big surprise, I'll go ahead and let you down easy: my analysis hasn't located any new botnets or clusters of attackers. But it's been a fascinating project nonetheless."
"Today, we're announcing Microsoft Video Authenticator. Video Authenticator can analyze a still photo or video to provide a percentage chance, or confidence score, that the media is artificially manipulated. In the case of a video, it can provide this percentage in real-time on each frame as the video plays. It works by detecting the blending boundary of the deepfake and subtle fading or greyscale elements that might not be detectable by the human eye."
"A recent extension that aims to add support for transport options to the User Datagram Protocol (UDP) is already showing promise. Unfortunately, its deployment may be undermined by the way existing network devices process UDP length and checksum.
In this post we at the Electronics Research Group, University of Aberdeen, show how using an ad-hoc option can help to overcome these limitations."
"I discovered a bug which leads to a memory corruption in
(net/packet/af_packet.c). It can be exploited to gain root privileges from unprivileged processes.
To create AF_PACKET sockets you need CAP_NET_RAW in your network namespace, which can be acquired by unprivileged processes on systems where unprivileged namespaces are enabled (Ubuntu, Fedora, etc)."
"This post explores Project Zero Issue 2046, a seemingly unexploitable and simple bug that turns out to be exploitable in a very complex manner."
"Recent changes in the kernel memory accounting" - a presentation by Roman Gushchin from Facebook
An academic paper of the week - The Sound of Silence: Mining Security Vulnerabilities from Secret Integration Channels in Open-Source Projects
Thank you for reading and sharing!
For feedback, please write to us at firstname.lastname@example.org.