Plus Cloudflare steps up its campaign to secure BGP, and why you might want to trade in cron for systemd timers.

Links:

• AMD Claims World’s Fastest Per-Core Performance with New EPYC Rome 7Fx2 CPUs
• AMD EPYC 7F52 Linux Performance - AMD 7FX2 CPUs Further Increasing The Fight Against Intel Xeon Review
• Understanding RAID: How performance scales from one disk to eight
• New Cloudflare tool can tell you if your ISP has deployed BGP fixes
• Is BGP safe yet?
• RPKI - The required cryptographic upgrade to BGP routing
• Why I Prefer systemd Timers Over Cron – Thomas Stringer
• systemd/Timers - ArchWiki
• systemd.time (Time format docs)
• systemd.timer (Unit docs)

Plus a look back at Apollo-era audio that's still relevant today with the surprising story of the Quindar tones.

Links:

• Critical Vulnerabilities in Microsoft Windows Operating Systems
• Win10 Crypto Vulnerability: Cheating in Elliptic Curve Billiards 2
• NSA discovers a serious flaw in Windows 10
• Exploiting CVE-2020-0601
• CVE-2020-0601 POC
• NSA Cybersecurity Advisory on CryptoAPI Flaw
• Why can’t I get to the internet on my new OPNsense install?! - Jim's Blog
• OPNsense: a true open source security platform and more
• There's An Actual Name And Reason For Those Beeps You Hear In Recordings Of Astronauts In Space
• Quindar Tones
• Cap'n Crunch Whistle and the Secrets of the Little Blue Box

Plus the importance of sane defaults and why netdata belongs on every system.

Links:

• Why you want QoS - Netdata Documentation — One of the features the Linux kernel has, but it is rarely used, is its ability to apply QoS on traffic. Even most interesting is that it can apply QoS to both inbound and outbound traffic.
• FireQOS Wiki — FireQOS is a helper to assist you configure traffic shaping on Linux.
• FireHOL - Linux firewalling and traffic shaping for humans — FireHOL is a language (and a program to run it) which builds secure, stateful firewalls from easy to understand, human-readable configurations. The configurations stay readable even for very complex setups.
• tc(8) man page — Traffic Control consists of the following: SHAPING When traffic is shaped, its rate of transmission is under control. Shaping may be more than lowering the available bandwidth - it is also used to smooth out bursts in traffic for better network behaviour. Shaping occurs on egress. SCHEDULING By scheduling the transmission of packets it is possible to improve interactivity for traffic that needs it while still guaranteeing bandwidth to bulk transfers. Reordering is also called prioritizing, and happens only on egress. POLICING Where shaping deals with transmission of traffic, policing pertains to traffic arriving. Policing thus occurs on ingress. DROPPING Traffic exceeding a set bandwidth may also be dropped forthwith, both on ingress and on egress.
• Overview of Traffic Control Concepts — Traffic control is the name given to the sets of queuing systems and mechanisms by which packets are received and transmitted on a router. This includes deciding which (and whether) packets to accept at what rate on the input of an interface and determining which packets to transmit in what order at what rate on the output of an interface.
• Advanced traffic control - ArchWiki
• Journey to the Center of the Linux Kernel: Traffic Control, Shaping and QoS — This document describes the Traffic Control subsystem of the Linux Kernel in depth, algorithm by algorithm, and shows how it can be used to manage the outgoing traffic of a Linux system.
• Netdata Real-time performance monitoring, done right! — Netdata is distributed, real-time, performance and health monitoring for systems and applications. It is a highly optimized monitoring agent you install on all your systems and containers.
• Add more charts to netdata — To collect non-system metrics, netdata supports a plugin architecture.

Plus what might be the world’s most important killswitch, the real dollar values for stolen credentials and the 19 year old attack that’s back.

Sponsored By:

• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!
• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com
• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean

Links:

• The Market for Stolen Account Credentials — But oh, how times have changed! With dozens of sites in the underground now competing to purchase and resell credentials for a variety of online locations, it has never been easier for a botmaster to earn a handsome living based solely on the sale of stolen usernames and passwords alone.
• Hackers shut down plant by targeting its safety system — FireEye reported that a plant of an unmentioned nature and location (other firms believe it's in the Middle East) was forced to shut down after a hack targeted its industrial safety system -- it's the first known instance of a breach like this taking place.
• FireEye Report on TRITON — We assess with moderate confidence that the attacker was developing the capability to cause physical damage and inadvertently shutdown operations. This malware, which we call TRITON, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers.
• ROBOT Attack: 19-Year-Old Bleichenbacher Attack — Dubbed ROBOT (Return of Bleichenbacher's Oracle Attack), the attack allows an attacker to perform RSA decryption and cryptographic operations using the private key configured on the vulnerable TLS servers.
• The ROBOT Attack - Offical Site
• Robot-detect: Detection script for the ROBOT vulnerability — Tool to detect the ROBOT attack (Return of Bleichenbacher's Oracle Threat).
• WannaCry: End of Year Retrospective — Since our Vantage team sinkholed and subsequently nullified the WannaCry attack on May 12th, 2017, we have been monitoring and maintaining the domain known as the WannaCry killswitch.
• Why NSA spied on inexplicably unencrypted Windows crash reports — And, according to slides published this weekend by Der Spiegel, this information also includes crash reports from Microsoft's Windows Error Reporting facility built in to Windows.
• Network namespaces — As the name would imply, network namespaces partition the use of the network—devices, addresses, ports, routes, firewall rules, etc.—into separate boxes, essentially virtualizing the network within a single running kernel instance.
• namespaces - Linux manual page — A namespace wraps a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. Changes to the global resource are visible to other processes that are members of the namespace, but are invisible to other processes. One use of namespaces is to implement containers.
• Network Namespaces » ADMIN Magazine — With network namespaces, you can virtualize network devices, IPv4 and IPv6 protocol stacks, routing tables, ARP tables, and firewalls separately, as well as /proc/net, /sys/class/net/, QoS policies, port numbers, and sockets in such a way that individual applications can find a particular network setup without the use of containers.
• How to Get the Network Namespace Associated With a Socket
• Network devices as virtual Ethernet devices — Virtualize network devices as virtual Ethernet devices by configuring direct MacVTap connections or virtual switches.
• Testing network software with pytest and Linux namespaces
• Implementation of IEEE 802.1ab (LLDP) — LLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as EDP or CDP. The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver Link-Layer notifications to adjacent network devices.
• WireGuard Routing & Network Namespaces — This allows for some very cool properties. Namely, you can create the WireGuard interface in one namespace (A), move it to another (B), and have cleartext packets sent from namespace B get sent encrypted through a UDP socket in namespace A.
• VRF for Linux — The concept of VRF was first introduced around 1999 for L3 VPNs, but it has become a fundamental feature for a networking OS. VRF provides traffic isolation at layer 3 for routing, similar to how you use a VLAN to isolate traffic at layer 2. Think multiple routing tables.
• linux/vrf.txt at master · torvalds/linux · GitHub
• Using VRFs with linux
• Feedback - DHCPDECLINE over and over again
• DHCP Snooping - Cisco
• Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites — In a blog post published on Tuesday, WordFence security firm revealed why WordPress recently kicked a popular Captcha plugin with more than 300,000 active installations out of its official plugin store.