* Posts by jerky_rs

4 posts • joined 27 Oct 2015

Transatlantic link typo by Sweden's Telia broke Cloudflare in the US

jerky_rs

Our monitors picked this up (pingdom.com and check_mk distributed deployments) and we had escalations within 3 minutes.

http://status.pingdom.com/incidents/0n95zvcxb19m

I watched multiple routes reconverge and as they did so the lights went green, for example we had one German monitor going via London/NYC on Telia.net with 99.3% loss, it re-routed and went via another carrier to some US deployments we had in IAD and DFW.

I have some screenshots if you want this has nothing to do with Cloudflare if a user is routed via some carrier network that goes down.

Linux greybeards release beta of systemd-free Debian fork

jerky_rs

personally i think SystemD is overally complicated for what it achieves, sure it boots faster but on a server all i care about is that it comes up and things are simple. With Systemd there is no clear detail of how and what starts unless you reverse targets out of the systemd directory which is ridiculous as compared to "chkconfig --list | grep 3:on" . If we really needed something to start up different processes and manage(and dependencies) them in a simple way they should have just used SupervisorD and include files. Sadly SystemD is much more then what it needs to be.

This is another great example of why systemd is not very good

tcp6 0 0 :::9090 :::* LISTEN 1/systemd

Err so something with PID 1 is listening on 9090, wonder what that is? Start fgrep your systemd directory and hopefully it returns something with 9090 (happens to be cockpit socket..)

As an RHCE for over 10 years i think this is the biggest mistake Redhat has ever made, but i guess we must learn to love systemd. Its in my opinion as bad or worse then firewalld or networmanager both of which have no business being on a server. (desktop sure why not).

TalkTalk attackers stole 'incomplete' customer bank data, ISP confirms

jerky_rs

Technically you only need to encrypt the 6 digits in the middle of the card number which is pretty ridiculous seeing you could derive the encrypted part by generating numbers in between that pass a LUN check, the postcode (truncated to digits only), numeric part of the address and CV2 all matching will get you a successful auth 99 times out of 100

As a PSP/online store you are not ever allowed to store CV2 only use it for time of submission to the bank. Mastercard/Visa both have additional ability to protect transaction with 3DSecure but this is not generally mandatory to perform a credit card transaction.

Having personally worked at a PCI DSS level 1 PSP for over 5 years and having seen how this stuff works in the backend is somewhat amazing what actually gets transferred. For example all Credit Card numbers for settlement files are plaintext uploaded via PSTN to a banks FTP site authenticated only with username/password and in some cases the file remains there, god knows what the banks actually do to protect this but it is common knowledge in PSP that this type of data is unencrypted in Auth files as well as on many private MPLS networks that BT manage.

TalkTalk attack: Lad, 15, cuffed by UK cyber-cops

jerky_rs

Re: Are we to believe this is the work of a 15yr old ?

Seems like a lot of these replies seem to think a 15 year old boy is not capable of such things, probably due to most peoples lack of natural aptitude , Over 40 years ago by the age of 13 Bill Gates was already programming and hacking other systems, i think it is pretty obvious that any naturally bright youth could do this nowadays.

I have no idea if it was him, but certainly one might assume its reasonable it could be a 15 year old boy or girl. Maybe he just had a compromised PC that was being used a proxy but who knows, certainly would not rule him out due to his age.

Biting the hand that feeds IT © 1998–2019