Tag Archives: Linux

SambaCry – Keep Calm and Carry on

28 May 2017

Actually, it was only a matter of time until Samba, the popular implementation of the Windows SMB services on Linux and Unix, was hit by a WannyCry akin malware. All version of Samba from 3.5.0 onwards are vulnerable to CVE-2017-7494 or SambaCry.

The good news is that this vulnerability is complex to exploit: An attacker must upload a shared library with the malicious code to a writable samba share and then cause the server to load and execute it. Patches are available for the major Linux distributions.

How large is the problem? Shodan finds 471,578 systems which are exposed to the Internet.

SambaCry Shodan Map

SambaCry Shodan Map. Click to enlarge.

90% of the systems are operated in 3 countries, United Arab Emirates, Argentina, and Italy by the major telecommunication providers in these countries. Since an older version of Samba is used on this internet routers they are not vulnerable against SambaCry.

Most of the work has to be done in the United States and Germany. Although only 2 % of the affected systems are operated there, many organizations are affected.

Don’t panic! Even though many systems are affected by SambaCry this does not mean, that they are vulnerable against the exploit. Remember, you have to upload the malicious code to a writable Samba share on a server first. Under normal conditions, Linux admins don’t open Samba shares writable to everyone on servers exposed to the internet.

Thus, the best approach to reduce the risk is to check the Linux systems at the network perimeter with publicly available Samba shares and to close the writable, if any. As always, it is good to have an up-to-date system inventory in place. This will reduce the amount of work dramatically.

Take care! And don’t forget to check the network perimeter to your production networks.

Advertisements

LIFARS: Hackers Disable ‘Smart’ Rifle and Change Its Target, Remotely

4 August 2015

When I read the LIFARS post ‘Hackers Disable ‘Smart’ Rifle and Change Its Target, Remotely’ I felt really appalled. Not so much because the rifle’s built-in Linux server was compromised, but rather because the software developers ignored really all requirements about security and safety. Just one example from the post:

Every rifle contains a built-in network password that’s default and cannot be changed.

I do not know what planet these developers are living on, but it’s definitely not the earth.

From my point of view the software must force the marksman to change the password before he fires the first shot. In addition, Two Factor Authentication is mandatory in safety relevant cases, on a transaction basis, and with the second factor always entered directly on the rifle. Preferably through a custom grip, like the Walter PPK which Q gave to 007 in Skyfall.

Imagine security and safety standards are such bad in the billions of devices making up the Internet of Things universe. With this Doomsday is no longer just a religious concept …

Sleep well!