Fork me on Github
Fork me on Github

Joe Dog Software

Proudly serving the Internets since 1999

Amazon Web Services Free Edition

By jdfulmer | Published March 26, 2015 | Leave a comment

(Or how to run a website on a shoestring budget)

Last fall, Your JoeDog moved this site into Amazon’s web cloud. He’s using a micro instance on the free tier. It’s free for a year then $0.017 an hour after that.

Note that “micro” part. We’re talking about a pretty lean server. When it first came online, this site screeched to a halt at semi-irregular intervals. It was running out of memory. To increase its capacity while remaining in the free tier, Your JoeDog added some swap. “How do you add swap space in AWS?” Glad you asked. Here’s how:

  $ sudo /bin/dd if=/dev/zero of=/var/swap.1 bs=1M count=1024
  $ sudo chown root:root /var/swap.1
  $ sudo chmod 600 /var/swap.1
  $ sudo /sbin/mkswap /var/swap.1
  $ sudo /sbin/swapon /var/swap.1

You can check your creation with the free command:

  $ free -m

By adding swap, Your JoeDog was better able to keep this site humming. Unfortunately, it still locked up. One day, it locked up for an extended period of time.

To monitor the site’s availability, we signed up for pingdom. There’s a free version which allows you to monitor a single URL and send text alerts. (Email won’t do us much good since that service is hosted here.)

Not long after the alerts were configured, one fired. The site was down(ish). Downish? What’s that mean. It was more like a series of brief outages. While this was going on, Your JoeDog’s inbox started filling with new-comment-needs-approval messages.

LINK SPAMMERS!! Some asshole was botting the site with unthrottled comment posts and they essentially DOS’d it.

To free up resources, Your JoeDog created an AWS database instance and moved his content from a local database with an export/import. There’s only one reason you shouldn’t do the same: cost. After the free period, you’ll be charged for that as well.

So what’s the moral of this story? If you can afford it, don’t waste your time on the free instance. These micro VMs are too light to handle traffic bursts. And if you’re a serious business, then you really shouldn’t bother. In the grand scheme of things, Amazon’s computing-for-lease is really inexpensive … except, of course, if you’re a lowly open source developer.

 



CENTCOM Gets PWND

By jdfulmer | Published January 13, 2015 | Leave a comment

baseYour JoeDog followed the events in France pretty closely. After reading two days of reports from the US and Europe, he had no fscking clue what was going on. The killers were captured and one was dead! Um, the killers are in the woods with helicopters overhead! Um, no, they’re inside a Jewish deli back in Paris. In a rush to publish, the only thing they did was add to our confusion.

And so it goes with the CENTCOM hack. Your JoeDog heard ISIS was inside Pentagon computers!!1!1!!! After sifting through news reports, it appears that ISIS simply defaced their Twitter and YouTube accounts. Wait a second — CENTCOM has a twitter account? What do they post besides “blew up some shit today!”

Is this a Big Deal? It depends on your perspective. From a security standpoint, it’s not. Imagine if you shared your GMail password with a friend and he started sending dick pics to everyone in your address book. That’s pretty much what happened. ISIS gained access to the accounts and pranked the military.

From a public relations perspective, it’s embarrassing. Unless they’re absolute morans, no sensitive data was compromised.  You wouldn’t link your bank account to your twitter feed, there’s no reason to believe CENTCOM would do the same with its operational servers. But at the same time, it paints US military as a careless organization. It didn’t use two-factor authentication, its credentials were easy to crack and/or it fell for a phishing expedition.

It does make you wonder what else they’re “protecting” with ‘password123’ or to what extent the people inside Central Command are click-happy. Those are speculative musings which may have no basis in fact. Still, you can imagine a military ass-chewing that began with the Commander-in-Chief and worked its way down to the lowliest private. Your JoeDog is glad he doesn’t work in CENTCOM today.

 

 



About That JPMorgan Breach…

By jdfulmer | Published December 23, 2014 | Leave a comment

According to the New York Times, the JPMorgan breach “might have been thwarted if the bank had installed a simple security fix to an overlooked server in its vast network.” And what fix was that?

Two-factor authentication. With this type of security, a user is required to produce two factors of authentication. One could be a password and another could be a dynamically produced PIN number.

This appears to tell us that a major American bank was breached because they exposed a console login on a public network and someone ran a dictionary attack against it.

This means they never picked up thousands of failed login attempts on that server. And it means an unguarded and “overlooked” computer had access to their private network. Just wow.

Later we find another interesting morsel in that article.

It is not clear why the vulnerability in the bank’s network had gone unaddressed previously. But this summer’s hack occurred during a period of high turnover in the bank’s cybersecurity team with many departing for First Data, a payments processor.

Your JoeDog is not suggesting it was an inside job by disgruntled employees, rather it looks like JPMorgan-Chase was a shitty place to work.

 



Little Kim Needs Tech Support

By jdfulmer | Published December 22, 2014 | Leave a comment

The Australian Financial Review reports that Little Kim’s Internets are down.

North Korea’s already tenuous links to the Iinternet went completely dark on Monday after days of instability, in what internet monitors described as one of the worst North Korean network failures in years.

The loss of service came just days after President Barack Obama pledged that the United States would launch a “proportional response” to the recent attacks on Sony Pictures, which government officials have linked to North Korea.

North Korea doesn’t have a large internet presence. Their public address space is 175.45.176.0 — 175.45.179.255. Some companies have more addresses than that. Your JoeDog looked for servers in that address space to see if he could substantiate this report.

At the time this article was published, the North Korean government portal www.naenara.com.kp (175.45.176.67) was inaccessible by any means. To circumvent firewalls, he used web tools that allow you make requests from various locations throughout the globe. As best as he can tell, their network is indeed completely black.

 



Do Native Koreans Even Talk Like This?

By jdfulmer | Published December 22, 2014 | Leave a comment

hacked

Gawker is on the case, you guys. Today they ran a story which raised concerns about the official FBI narrative of the Sony Pictures infiltration. It’s mostly a recap of concerns we’ve already raised. However, down in the comment section we find an interesting perspective. Let’s examine that comment.

The commenter taught English to Korean students for a several years. To this person, the splash screen doesn’t read like English used by a Korean ELS speaker:

The use of contractions (we’ve and we’ll) is characteristic of someone near-fluent, too sophisticated to be dropping articles.

Ordinal date — my students always hated ordinals because they’re irregular (24th)

The repeated pronouns (“we” and “you” and “us”) doesn’t seem like how a Korean person would phrase it, because Korean pronouns are freighted with t/v distinction and honorifics that English doesn’t capture. For that reason, my students circumlocuted those words when they could because they felt imprecise.

It’s totally possible that the North Korean version of Korean is different enough than the South Korean that the markers would be different, though.

The author of the article, Sam Biddle, responded “Interesting.”

Indeed.

 



So Who Hacked Sony? Four Theories

By jdfulmer | Published December 21, 2014 | Leave a comment

little kim plays computerThe official narrative holds that agents of the North Korean government infiltrated Sony Pictures’ corporate network and used that attack as leverage to stop the release of a Seth Rogen film. While that might make a good Seth Rogen movie, it hardly seems plausible given what is currently known.

You don’t have to be a conspiracy theorist to take a skeptical view of the official narrative. Yet only the most conspiratorial would claim the attack was fabricated. Somebody infiltrated the Sony network. The question remains: Who done it?

Over at New York Magazine, Margaret Hartmann offers four alternative culprits:

  1. A disgruntled former employee. There are many ways to make money from this intrusion but the attacker(s) chose instead to embarrass the company.
  2. Hacktivists. This was a high profile breach largely because the intruders contacted and taunted Sony executives in the press. Their behavior more closely resembles Anonymous or LulzSec than a nation state.
  3. The Chinese. The cybersecurity firm Mandiant has been hired to investigate the breach. They’ve investigated so many Chinese attacks that they’ve become the firm’s specialty.
  4. Everybody. There’s overlap in all these theories and it’s possible the answer is D.) All of the above.

Regular readers know Your JoeDog subscribes to “All of the above” or as he put it, “everybody and his sister.” For a successful attack on a corporate network to generate maximum LULZ, bragging must occur. It’s very likely somebody breached the network and provided details that enabled successive visitors to play inside the breach.

 

 



Pyongyang Responds

By jdfulmer | Published December 20, 2014 | Leave a comment

lil-kimIn response to Washington’s allegation that it was behind the Sony Pictures cyberattack, Pyongyang demanded a joint inquiry into the matter. North Korea claims it can prove it was not involved.

If the US has the goods, then it should welcome this offer. Does anybody think they have the goods? Your JoeDog does not. The information they’ve revealed thus far is weak and void of detail. Apparently the good stuff is classified. We’re supposed to take them at their word.

Your JoeDog has a hard time taking governments at their word. He never bought the case against Saddam Hussein and thus far he remains unconvinced on this one. If North Korea was involved, then declassify the evidence and display it to the public. If not, then Your JoeDog will continue to call bullshit.

Here’s what we know:

  • On November 21st, the perpetrators contacted Sony executives and demanded ransom. The group called itself “God’sApstls.” There was no mention of the supposedly offensive Seth Rogen film.
  • Soon after that, we learned about the Guardians of Peace. Images of hacked Sony Computers appeared on the Internet in which a splash screen exclaimed, “Hacked by #GOP
  • On December 1st, a representative of the GOP contacted CSO. The group claimed it had no ties to North Korea and no aims to stop The Interview as Sony suggested.
  • On December 9th, Joe Demarest, assistant director with the Federal Bureau of Investigation’s cyber division, told a conference there was no attribution to North Korea. This means they couldn’t find a trail of crumbs back to the attackers.
  • Yesterday, the FBI announced that Pyongyang was behind the attack. It staked its claim based on a code signature and IP addresses it claims were hard coded inside the malware.

So somehow we’ve gone from a ransom note by God’sApstls to a cyberattack from Pyongyang. Are we supposed to think North Korea was demanding ransom and taunting Sony before it got around to the movie it found so offensive? Certainly North Korea is a strange place, but that doesn’t make sense even for them….

 



BREAKING: The FBI Makes A Claim

By jdfulmer | Published December 19, 2014 | Leave a comment

The FBI disagrees with Your JoeDog. As of a few minutes ago, the Times published an article in which the FBI accuses North Korea of organizing the cyber attack on Sony Pictures.

Okay, what do they got?

The bureau said that there were significant “similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks” to previous attacks by the North Koreans. It also said that there were classified elements of the evidence against the North that it could not reveal.

This is not unexpected. Cyber attackers around the world share code, tools and ideas. I wouldn’t be surprised if this toolkit contains signatures that match those used by the CIA, Iran, Israel or Anonymous.

What else do you got?

“The F.B.I. also observed significant overlap between the infrastructure used in this attack and other malicious cyberactivity the U.S. government has previously linked directly to North Korea,” the bureau said. “For example, the F.B.I. discovered that several Internet protocol addresses associated with known North Korean infrastructure communicated with I.P. addresses that were hardcoded into the data deletion malware used in this attack.”

The wording here is curious: “known North Korean infrastructure.” What does that mean? Are they in North Korea’s one known block of public IP addresses or are these Class C addresses the FBI has seen before? Kim Hak Uhr codes at a workstation with a 192.168.0.4 address so it must be North Korea!!1!1!

So we have a similarities of code, unknown IP addresses and evidence the FBI can’t reveal because s3cr37s! That’s pretty scant. I remain skeptical, very skeptical.

 



No, North Korea Is Not Responsible For The Sony Pictures Attack

By jdfulmer | Published December 18, 2014 | Leave a comment

Hacky Hack HackYour JoeDog is skeptical — very skeptical.

Unnamed US intelligence agents claim North Korea was “centrally involved” in the Sony Pictures cyber break-in. A leading “expert” is ninety percent certain North Korea was behind the attack. Well, Your JoeDog is one-hundred percent certain they weren’t.

Remember Stuxnet? It was a worm that infiltrated Iran’s nuclear facilities and attacked their centrifuges. It was certainly developed by a nation state. We still don’t know which one. Israel? They’re on the short list. The United States is, too.

That’s how nations roll when they commit cyber attacks. They don’t send emails which berate a target over its lax security. Nor do they send ransome requests. They certainly don’t give themselves nicknames like Guardians Of Peace. If North Korea would have infiltrated Sony they would have kept it on the downlow. Their message would have been implicit.

The initial interaction between the attackers and Sony was all about money. “Pay the damage,” they implored, “or Sony Pictures will be bombarded as a whole.” There was no mention of Seth Rogen’s film. There was nothing political in that message. The group that claimed responsibility was called “God’sApstls.” The “Guardians of Peace” surfaced later, after depictions of a splash screen on Sony computers surfaced on the Internets. It read, in part, “Hacked by #GOP”

In a December 1st email to CSO, a GOP representative claimed the group had no ties to North Korea:

“We are an international organization including famous figures in the politics and society from several nations such as United States, United Kingdom and France. We are not under direction of any state.

“Our aim is not at the film The Interview as Sony Pictures suggests. But it is widely reported as if our activity is related to The Interview. This shows how dangerous film The Interviewis. The Interview is very dangerous enough to cause a massive hack attack. Sony Pictures produced the film harming the regional peace and security and violating human rights for money.

“The news with The Interview fully acquaints us with the crimes of Sony Pictures. Like this, their activity is contrary to our philosophy. We struggle to fight against such greed of Sony Pictures.”

Distancing yourself from the country you represent is a funny way to promote its interests….

Personally, I wouldn’t be surprised if everybody and his sister has been inside Sony’s network. Compromising a system is only half the fun. Bragging about it is the other half. Could NK agents have caught wind of the break-in along with enough details to gain entry themselves? Sure. They may even exchanged Bitcoins for details. Maybe they were inside Sony but they didn’t orchestrate the attack and they certainly weren’t the ones who sent those emails.

 



A Cyber Pearl Harbor

By jdfulmer | Published December 3, 2014 | Leave a comment

Earlier this year, Home Depot fell victim to one of the worst known cyber attacks. Its systems were infiltrated and attackers stole personal information from millions of customers. The company suffered little from the attack; its stock is now at an all-time high. In the past year alone, there have been many high profile cyber attacks that have been met with little more than a shrug.

Leon Panetta, a former US Secretary of Defense, once claimed it would take a cyber “Pearl Harbor” before Americans were willing to do what was necessary to fix their computer infrastructure vulnerabilities. We haven’t faced such a catastrophe but, as the New York Times discovers, people are starting to realize that more attention must be paid to these sorts of threats. Your JoeDog has seen this new attitude first hand. His company now has more security analysts than systems analysts.

[NY Times: Hacked vs. Hackers]