technology:secure shell

Ditch your SSH keys and enable #aws SSM!
▻https://hackernoon.com/ditch-your-ssh-keys-and-enable-aws-ssm-ec1c2b27350c?source=rss----3a8144

https://cdn-images-1.medium.com/max/1024/1*fN8Ho-PT_2sxP70EFcYatA.jpeg

Photo by marcos mayer on UnsplashIf you manage AWS for an organization, big or small, chances are you have several Secure Shell (SSH) keys laying around you hardly use, OR WORSE, you don’t recall the account the key was made for. SSH key management is a rabbit hole in itself and most people understand the #security concerns that arise with improper SSH key hygiene. Luckily for us, there is a way to bid farewell to the the cumbersome practice of using SSH to remote into an EC2 instance. Allow me to introduce you the AWS service, Systems Manager (SSM).I will teach you the following in this guide:Identify SSM Remote Session Manager requirements-including for an enterpriseEnable Remote Session Manager for all EC2 instancesEnable Remote Session Manager loggingLock down Remote Session Manager (...)

#cybersecurity #devops #devsecops

The Linux XOR botnet is launching crippling DDoS attacks in excess of 150 Gbps

The XOR #DDoS #botnet can generate attacks more powerful than most businesses can withstand.

▻http://www.pcworld.com/article/2987580/security/a-linux-botnet-is-launching-crippling-ddos-attacks-at-more-than-150gbps.htm

Attackers install it on Linux systems, including embedded devices such as WiFi routers and network-attached storage (NAS) devices, by guessing SSH (Secure Shell) login credentials using brute-force attacks.

[...]

Old and unmaintained routers are especially vulnerable to such attacks, as several incidents have shown over the past two years.

▻https://www.stateoftheinternet.com/resources-web-security-threat-advisories-2015-xor-ddos-attacks-l

Akamai’s Security Intelligence Response Team (SIRT) is tracking XOR DDoS, a Trojan malware that DDoS attackers have used to hijack Linux machines to build a botnet for distributed denial of service (DDoS) attack campaigns with SYN and DNS floods.

• The XOR DDoS botnet has produced DDoS attacks from a couple of Gbps to 150+ Gbps
• The gaming sector has been the primary target, followed by educational institutions.
• The botnet has attacked up to 20 targets per day, 90% of which were in Asia.
• XOR DDoS is an example of attackers building botnets of Linux systems instead of Windows-based machines.
• XOR DDoS appears to be of Asian origin
• The malware spreads via Secure Shell (SSH) services susceptible to brute-force attacks due to weak passwords.
• To hide its presence, the malware also uses common rootkit techniques.
• Akamai’s SIRT expects XOR DDoS activity to continue as attackers refine and perfect their methods, including a more diverse selection of DDoS attack types.

What you can find in the Technical information about XOR:

• Indicators of binary infection
• Characteristics of the botnet and C2 communications
• Observed DDoS attack campaigns
• DDoS payloads for DDoS mitigation
• Snort rule to detect the initial registration of a bot with its C2
• YARA rule to detect infection by XOR DDoS malware on your hosts
4 steps to remove XOR DDoS malware from a Linux host

▻https://www.stateoftheinternet.com/downloads/pdfs/2015-threat-advisory-xor-ddos-attacks-linux-botnet-malware-remov

An argumentation (by a Linux fan) against blaming Linux about this botnet:
(albeit somewhat "de mauvaise foi", and using as main defence argument that anything can fail against brute force attacks):

▻http://www.infoworld.com/article/2990956/linux/dont-blame-linux-for-the-xor-botnet.html

The real culprits are the irresponsible vendors behind cheap broadband routers and their clueless customers

The existence of the XOR DDoS was already mentioned here in January 2015 by @stephane : ▻http://seenthis.net/messages/327907

#Microsoft : Support for Secure Shell (#SSH)
▻http://blogs.msdn.com/b/looking_forward_microsoft__support_for_secure_shell_ssh1/archive/2015/06/02/managing-looking-forward-microsoft-support-for-secure-shell-ssh.aspx

« Elliptic Curve Cryptography in Practice

de Joppe W. Bos1 , J. Alex Halderman , Nadia Heninger, Jonathan Moore, Michael Naehrig1 , et Eric Wustrow

In this paper, we perform a review of elliptic curve cryptography (ECC), as it it used in practice today, in order to reveal unique mistakes and vulnerabilities that arise in implementations of ECC. We study four popular protocols that make use of this type of public-key cryptography : Bitcoin, secure shell (SSH), transport layer security (TLS), and the Austrian e-ID card. We are pleased to observe that about 1 in 10 systems support ECC across the TLS and SSH protocols. However, we find that despite the high stakes of money, access and resources protected by ECC, implementations suffer from vulnerabilities similar to those that plague previous cryptographic systems. »

▻https://eprint.iacr.org/2013/734.pdf

Les auteurs ont mis la main sur plein de clés cryptographiques utilisant la technique (relativement) récente des courbes elliptiques et ont analysé ces clés. Les courbes elliptiques augmentent en popularité mais restent loin derrrière le classique RSA (par exemple, 10 % des clés SSH seulement, et 7 % des serveurs HTTPS). Plus gênant, l’examen de ces clés montre des faiblesses dans leur génération, telles que l’utilisation de générateurs aléatoires pas très aléatoires. On rencontre même des machines qui ont la même clé.

#cryptographie #courbes_elliptiques