Dyn a cloud-based DNS service under DDoS attack and took down major sites such as Twitter/Reddit/Spotify/Paypal and others

last updated in Categories Link

A massive DDoS (distributed denial-of-service) attack against a popular cloud-based DNS provider Dyn.COM took down major websites. The DYN.COM confirmed it on twitter:

Following sites are having issues due to DNS problems:

  1. Twitter
  2. SoundCloud
  3. Spotify
  4. Netflix
  5. Reddit
  6. Disqus
  7. PayPal
  8. Basecamp
  9. Business Insider
  10. CNN
  11. Esty
  12. Github
  13. Guardian.co.uk
  14. Imgur
  15. HBO Now
  16. Pinterest
  17. Recode
  18. The Verge
  19. Wired and more

You can verify NS with the following standard Unix command:
$ host -t ns twitter.com

twitter.com name server ns2.p34.dynect.net.
twitter.com name server ns1.p34.dynect.net.
twitter.com name server ns4.p34.dynect.net.
twitter.com name server ns3.p34.dynect.net.

From the official announcement:

This attack is mainly impacting US East and is impacting Managed DNS customers in this region. Our Engineers are continuing to work on mitigating this issue. Services have been restored to normal as of 13:20 UTC on 21/Oct/2016. But, I’m still seeing problems.

This DDoS attack may also be impacting Dyn Managed DNS advanced services with possible delays in monitoring. Our Engineers are continuing to work on mitigating this issue. — Oct 21, 2016 – 16:48 UTC

See the “DDoS Attack Against Dyn Managed DNS” update page for up to date information.

(Image credit)

Dirty COW (CVE-2016-5195) is a local privilege escalation vulnerability. Do not ignore this bug.

last updated in Categories Link

A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. A local unprivileged user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. In other words, the normal user can overwrite files they are allowed just to read it. For example, /etc/passwd can be edited or deleted by a normal user. The vulnerability easily exploited with a local shell account.

How old is this bug?

I can not belive, but bug existed for in the kernel for eleven years, to give normal users full root access.

How do I fix my server or desktop powered by Linux?

Apply fix ASAP:

If you just want the Kernel patch to go here.

What about my Android phone?

You need to wait to get an update (also known as firmware ROM) from your phone manufacturer.

How To Set Up SSH Keys

last updated in Categories Link

SSH keys provide a better and secure way of logging into a server with SSH than using a password. If you are a sysadmin or programmer, you may need to use SSH to fix server or update code. This guide explains how to setup SSH keys securely between your server and client computer.

Read more…

You can now live patch Ubuntu Linux Kernel without rebooting the box

last updated in Categories Link

Kernel live patching enables runtime correction of critical security issues in running kernel without rebooting. Try new service from Canonical the company behind Ubuntu Linux operating system. It uses upstream Linux kernel 4.x kpatch technology. This guide explains how to enable or patch your Ubuntu Linux 16.04 LTS server without rebooting the box.

Read more…