Slingshot Orbit of Technology

There is now word of a new security hole discovered in a basic protocol used for encrypting web traffic. Its name is POODLE, which stands for Padding Oracle on Downgraded Legacy Encryption, and it was discovered by three Google security researchers—Bodo Moller, Thai Duong, and Krzysztof Kotowicz – they published a paper (.pdf). POODLE instead targets the clients allowing a man-in-the-middle attack to decrypt “secure” HTTP cookies and is estimated that SSLv3 accounts for between 1% and 3% of all Internet traffic. Heartbleed and Shellshock were vulnerabilities that allowed an attacker to hack a server. This makes the third major vulnerability released on the Internet this year and is another warning that this level of vulnerability discovery may be the new shape of things to come.

POODLE affects SSLv3 or version 3 of the Secure Sockets Layer protocol, which is used to encrypt traffic between a browser and a web site or between a user’s email client and mail server. POODLE is a death blow to this version of the protocol; it can only reasonably be fixed by disabling SSL v3.0 altogether. It’s not as serious as the recent Heartbleed and Shellshock vulnerabilities, but POODLE could allow an attacker to hijack and decrypt the session cookie that identifies you to a service like Twitter or Google, and then take over your accounts without needing your password.

A test for your browser is available at this link

To exploit the vulnerability, you must be running javascript, and the attacker has to be on the same network as you—for example, on the same Starbucks Wi-Fi network you’re using. This makes it less severe than an attack that can be conducted remotely against any computer on the Internet.

How to test for SSL POODLE vulnerability?

$ openssl s_client -connect google.com:443 -ssl3

If there is a handshake failure then the server is not supporting SSLv3 and it is secure from this vulnerability. Otherwise it is required to disable SSLv3 support.

How to disable the SSLv3 support on Nginx?

In nginx configuration, just after the “ssl on;” line, add the following to allow only TLS protocols:

ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

How to disable the SSLv3 on Apache?

SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2

Here are some additional articles:

• POODLE Attack and SSLv3 Support Measurement
• Imperial Violet – Poodle Attack on SSLv3
• Dancing Poodles

Kali Linux is commonly used inside of VMware Workstation, VMware Fusion, and/or VMware Player – allowing for to stretch the window freely, copy files from the host OS to the guest (Kali) and from the guest to the host. But in order for these features to work, you have to install VMware Tools. This can sometimes be a hard project for beginners.

Open up Terminal and run the command, apt-get update to make sure Kali Linux is up-to-date. After checking its databases, Kali will ask you if you want to install updates, when it does, hit Enter for yes. Do NOT close the Terminal while it’s updating, as this might ruin Kali.

When it’s done updating and you are presented with the root@kali prefix again, type: apt-get install linux-headers-$(uname –r) and hit Enter. You will be prompted if you want to install the latest headers, hit Enter for yes. Wait for it to complete before closing the command window. This step will avoid the “Kernel headers error” when installing VMware tools.

Click Install VMware Tools…/Reinstall VMware Tools… on the submenu and copy the tools file to the “root” folder. Type cd /media/cdrom and hit Enter. Type ls in the same Terminal, and hit Enter. Type cp then copy and paste the name of the VMware tools .tar.gz folder. Then add /root/ to the end. (see example below)

cp VMwareTools-9.6.2-16388356.tar.gz /root/
cd /root/
tar –xf VMwareTools-9.6.2-16388356.tar.gz
cd vmware-tools-distrib
./vmware-install.pl

In this article I am going to discuss how to install the Nvidia CUDA toolkit for carrying out high-performance computing (HPC) with an Nvidia Graphics Processing Unit (GPU). CUDA is the industry standard for working with GPU-HPC.

Installation and Testing

The first task is to make sure that you have the GNU compiler collection (GCC) tools installed. This is carried out by installing the build-essential package:

sudo apt-get install build-essential

I’ll assume that you have a 64-bit system for the remainder of the article. The next step is to download the specific DEB package for the 64-bit version of CUDA for Ubuntu 14.04. I placed this in my home Downloads directory:

cd ~/Downloads
wget http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1404/x86_64/cuda-repo-ubuntu1404_6.5-14_amd64.deb

The following commands will install CUDA 6.5:

sudo dpkg -i cuda-repo-ubuntu1404_6.5-14_amd64.deb
sudo apt-get update
sudo apt-get install cuda

We also need to add the following lines to our .bash_profile file in our home directory, in order to obtain the required compilation tools on our PATH:

export PATH=/usr/local/cuda-6.5/bin:$PATH
export LD_LIBRARY_PATH=/usr/local/cuda-6.5/lib64:$LD_LIBRARY_PATH

Remember to make sure that the terminal has access to these variables:

source ~/.bash_profile

Before proceeding to test the GPU cards we will ensure that the drivers are correctly installed. The following line will provide us with the driver version:

cat /proc/driver/nvidia/version

The output on my system is as follows

NVRM version: NVIDIA UNIX x86_64 Kernel Module  331.89  Tue Jul  1 13:30:18 PDT 2014
GCC version:  gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1)

Check the version of the Nvidia CUDA compiler:

nvcc -V

The output on my system is as follows

nvcc: NVIDIA (R) Cuda compiler driver
Copyright (c) 2005-2014 NVIDIA Corporation
Built on Thu_Jul_17_21:41:27_CDT_2014
Cuda compilation tools, release 6.5, V6.5.12

via: http://www.quantstart.com/articles/Installing-Nvidia-CUDA-on-Ubuntu-14-04-for-Linux-GPU-Computing

NetworkMiner is a Windows program but can be run on Linux using Mono. Here’s how to get NetworkMiner up in running on Kali Linux:

apt-get install libmono-winforms2.0-cil
wget sourceforge.net/projects/networkminer/files/latest -O /tmp/networkminer
cd /tmp
unzip ./networkminer -d /opt
cd /opt/NetworkMiner_1-6-1
chmod +x NetworkMiner.exe
chmod -R go+w AssembledFiles/
chmod -R go+w Captures/
mono /opt/NetworkMiner_1-6-1/NetworkMiner.exe

via: http://www.netresec.com/?page=Blog&month=2011-12&post=No-more-Wine—NetworkMiner-in-Linux-with-Mono

As this was posted, Apple had not yet released a security patch to update the version of Bash so lets look at upgrading Bash via Homebrew instead.

Homebrew is a package manager, similar to apt or yum, which allows Mac users to install open-source packages from the command line. To install, paste this line into your Terminal.

ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Then, run:

brew doctor
brew update

And type:

brew install bash
sudo sh -c 'echo "/usr/local/bin/bash" >> /etc/shells'
chsh -s /usr/local/bin/bash
sudo mv /bin/bash /bin/bash-backup
sudo ln -s /usr/local/bin/bash /bin/bash
which bash
bash --version

You will need to restart your Terminal/iTerm and confirm the version:

exit
which bash
bash --version

If desired change the rights of the moved backup file:

sudo chmod a-x /bin/bash-backup

Don’t forget to run the test code to confirm your Bash is patched.
[Exploit 1] [Exploit 2] [Exploit 3]

Update 09/29/2014: If you didn’t patch the bug manually, you can download and install Apple’s patch for OS X Mavericks here.

Update 09/30/2014: he updates are available for the other OS X versions:

• OS X Lion
• Mountain Lion

The version after applying this update will be:

• OS X Mavericks:  GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
• OS X Mountain Lion:  GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin12)
• OS X Lion:  GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin11)