Skip to main content

Posts

Facebooks IP block is scanning home networks

  Residential ISP log data from the east coast US Mark: if you're reading this I need you to get right on this issue please. (Thanks!) # whois.ripe.net inetnum:         31.13.64.0 - 31.13.127.255 netname:         IE-FACEBOOK-20110418 country:         IE org:             ORG-FIL7-RIPE admin-c:         NE1880-RIPE tech-c:         NE1880-RIPE status:         ALLOCATED PA mnt-by:         RIPE-NCC-HM-MNT mnt-by:         meta-mnt mnt-routes:     fb-neteng created:         2011-04-18T12:00:34Z last-modified:   2022-10-29T00:51:39Z source:         RIPE # Filtered organisation:   ORG-FIL7-RIPE org-name:       META PLATFORMS IRELAND LIMITED country:         IE org-type:       LIR address:         4 GRAND CANAL SQUARE, GRAND CANAL HARBOUR address:         462129 address:         Dublin address:         IRELAND phone:           +0016505434800 fax-no:         +0016505435325 admin-c:         PH4972-RIPE mnt-ref:         RIPE-NCC-HM-MNT mnt-ref:         meta-mnt mnt-by:         RIPE-NCC-HM-MNT mn
Recent posts

EC2 swap device management & fixing "swapoff failed: Cannot allocate memory"

 One of the sillier things I've done as an AWS/linux admin is provision an EBS disk as swap to an EC2 instance. I kept getting max allocate errors for a script I needed to run to execute a series of database queries. Reprovisioning to a new EC2 instance class with more RAM wasn't feasible at the time for some long-forgotten reason.  I would never do this if I owned the disks - provisioning swap to SSD will greatly reduce the lifetime of the disk, among many reasons why this is less than ideal. But Amazon has plenty of money. I figured I could cheaply provision an EBS volume & buy myself enough swap to complete the query. Then, in some point in the future, I could create a more beautimous solution. Well, if you're a sysadmin you know how this story ends. I moved onto other fires/projects, quickly forgot about the swap situation, and here I am years later, deprovisioning the server, in all its swappy glory. This wouldn't warrant a blog post, except for the fact that I

S3 static webhosting, DKIM signature size errors & why DNS prefers UDP

This weekend I spent some time migrating a few low-traffic websites from Nginx to AWS S3's static web hosting service. In theory, this is a straightforward process: move content from the old webroot to an S3 bucket that shares the name of the domain, enable static web hosting for the bucket & set a security policy that enables anonymous web users to see that content. In practice, there's a bit more involved: 1. S3 bucket resource paths can change, which will result in DNS failures unless you use a Route 53 hosted zone. You don't need to buy a domain from Amazon to do this, but you do need to use their nameservers. This isn't free, and there is an extra fee for DNSSEC. 2. Want an SSL/TLS certificate? Of course you do. This means generating a certificate within Amazon Certificate Manager. In most circumstances (without "legacy" client support for example), there is no charge for the certificate. But to serve traffic using that certificate requires provisioni

The tetraquarks are coming. Or are they?

  There has been grumblings since July that some of the folks over at LHC may have discovered a new fundamental particle: the dicharm tetraquark . From Quanta Magazine: [Igor]  Polyakov went away and double-checked his analysis of data from the Large Hadron Collider beauty (LHCb) experiment, which the Syracuse group is part of. The evidence held. It showed that a particular set of four fundamental particles called quarks can form a tight clique, contrary to the belief of most theorists. The LHCb collaboration reported the discovery of the composite particle, dubbed the double-charm tetraquark, at a conference in July and in  two   papers  posted earlier this month that are now undergoing peer review. Everybody loves a new particle. But early results from the LHC have jumped the gun before. And there is a debate about what exactly the LHC results mean. The leading alternative explanation at this point is the observation detected not a new composite particle but a rare Triangle Singulari

Here is how to mitigate CVE-2021-40444

UPDATE: Microsoft has released a patch for CVE-2021-40444 as of  9-14 ... but that doesn't mean its been installed on your systems yet, so check! The KB varies by distro, but it should be around KB5005565-KB5005568 for recent Windows 10 x64 versions. CVE-2021-40444 is a new remote code execution vulnerability in Windows that involves embedded ActiveX controls in Office document files (.doc, .docx, .docm, .dochtml).  All versions of Windows, including Server distros, are impacted. Exploits of this vulnerability are in the wild now. The Windows preview pane plays a role in the vulnerability; I haven't seen an example of the exploit, but Microsoft's recommended steps for mitigation involve disabling the preview pane for relevant file types. No security patch is available yet, but it is possible to mitigate the threat. Below, I've embedded code for a registry key that you can use to automatically patch your Windows 10 PC. The registry key simply automates Microsoft's r

This is a PPTP VPN intervention.

Six years ago (sigh), I wrote but never published this blog post begging users to find an alternative to the PPTP VPN protocol. They were already years out of date at that time. Even today, however, well-known companies like ExpressVPN are still providing PPTP to clients despite the fundamentally insecure nature of these types of tunnels. Consider this an intervention. For years, the Virtual Private Network (VPN) has been a mainstay of those trying to keep snoopers away from their online activities. Its important to keep in mind that a VPN is one part of a secure and private online presence - without complementing the use of a VPN with additional tools and habits, the security offered is more narrow than many users believe. There are two main reasons to use a VPN.  First and foremost, a VPN is a means of encapsulating your network traffic within an encrypted "tunnel". This makes it extremely difficult to see or manipulate that network traffic. This is typically the type of

Electromagnetic eavesdropping is cheap & easy - so why doesn't anyone believe it exists?

Below, I've included what would have been the first post in a series of posts I wrote about the  badBIOS  controversy in October 2013. I found the evidence in support of badBIOS to be unconvincing and I was concerned by how popular badBIOS became despite those obvious shortcomings. This wasn't a situation where an overexcitable press ran with a story that turned out to be inaccurate; the most early and adamant believers in  badBIOS  weren't reporters, they were ITSEC professionals. How were so many of us publicly duped by what was essentially a conspiracy theory? This post doesn't address badBIOS directly. However, badBIOS was presumed to somehow involve the manipulation of computers using acoustic transmissions. This post provides some historical context behind a strain of computer science research in this field and shows how commonly held beliefs about the feasibility of these attacks were generally inaccurate at the time of writing. In future posts I would have explo