Year: 2014
Research: Xerox Printers Beaconing Out To The Internet
While conducting some research, I happened to notice a rather odd domain name that a particular server was beaconing out to. The domain in question was xeroxdiscoverysupernode3.com. Initially, I figured that the domain could be malware or phishing related as the likelihood of Xerox Corporation using such a long domain was relatively low. Upon further investigation, the xeroxdiscoverysupernode3 domain wasn’t even registered. Could a piece of malware have been constructed to call out to this specific domain to download additional files? Why wouldn’t the malware author register the domain ahead of time if that was the plan?
As this domain ended in the number 3, I pondered the idea of there being a ’1′, ’2′, or maybe even a ’4′ numbered domain that followed this same pattern. It turned out that xeroxdiscoverysupernode1, xeroxdiscoverysupernode2, and xeroxdiscoverysupernode3 were actively being queried for within the OpenDNS global infrastructure. Not only were the domains being queried, but each was receiving roughly 2,000 queries per hour (as seen below).
The plot thickens…
The full post can be read here: http://labs.opendns.com/2014/05/01/xerox-printer-beacons/
Photo Credit: Truthout.org via Compfight cc
Quick fix for Ruby after Xcode 5.1 update
If you’ve recently upgraded XCode to 5.1 on your OS X workstation/laptop you may have run into the following error when trying to install or update a gem:
root# gem install shodan
Fetching: json-1.8.1.gem (100%)
Building native extensions. This could take a while...
ERROR: Error installing shodan:
ERROR: Failed to build gem native extension.
/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/bin/ruby extconf.rb
creating Makefile
make "DESTDIR="
compiling generator.c
linking shared-object json/ext/generator.bundle
clang: error: unknown argument: '-multiply_definedsuppress' [-Wunused-command-line-argument-hard-error-in-future]
clang: note: this will be a hard error (cannot be downgraded to a warning) in the future
make: *** [generator.bundle] Error 1
Gem files will remain installed in /Library/Ruby/Gems/2.0.0/gems/json-1.8.1 for inspection.
Results logged to /Library/Ruby/Gems/2.0.0/gems/json-1.8.1/ext/json/ext/generator/gem_make.out
As discussed here the reason for this sudden error is found in the Xcode Release Notes:
The Apple LLVM compiler in Xcode 5.1 treats unrecognized command-line options as errors. This issue has been seen when building both Python native extensions and Ruby Gems, where some invalid compiler options are currently specified.
According to the blog post it seems that the newer version of the llvm compiler shipping with Xcode 5.1 is a little more restrictive when it comes to warnings. Furthermore it says that:
Projects using invalid compiler options will need to be changed to remove those options.
That is, developers should not expect this change to be reverted in the future.
It turns out that the temporary fix, until everyone updates their gems, is to run the following command instead of the usual gem install command:
root# ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future gem install gem_name
For example:
root# ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future gem install shodan
Building native extensions. This could take a while...
Successfully installed json-1.8.1
Fetching: shodan-1.0.0.gem (100%)
Successfully installed shodan-1.0.0
Parsing documentation for json-1.8.1
Installing ri documentation for json-1.8.1
Parsing documentation for shodan-1.0.0
Installing ri documentation for shodan-1.0.0
2 gems installed
There you go. Hope it helps.
My AGC Roundup
I had the opportunity to attend the Tenth Annual West Coast Infosec & Technology Growth Conference put on by AGC Partners on Monday, February 24th. I wasn’t able to stay for the entire day but I was able to run into a few people who I hadn’t seen in a while, couldn’t remember meeting, and people I had only ever “met” on Twitter.
The panels are led by security industry experts, bankers, and investors with executives (or their designates) from various companies as panelists. What do they talk about you might ask? Well, the people leading the panel ask hard questions about the industry, threats, and opportunities. The majority of the panelists answer in a way that can be explained by the following tweet:
Answer with your pitch…rinse, repeat.
— Andrew Hay (@andrewsmhay) February 24, 2014
You’re the CEO of a company. I get it. You’re passionate about your company, its products, its accomplishments, and its “innovation”. That doesn’t mean, however, that you get to take the current mature market, completely dismiss it, and say “the way my company does it is the only way that matters”. Case in point:
@451wendy he just wants all of your eggs in his basket #AGCconference
— Andrew Hay (@andrewsmhay) February 24, 2014
Not only is this particular “way” 5, 10, or a “mythical factor of never”-years away, it presumes that people are willing to completely re-architect their compute environment, IT delivery strategy, and, well, business simply to operate in a cloud environment. As I tweeted during the event:
Wow…dude, you don’t forklift to cloud overnight! #AGCconference
— Andrew Hay (@andrewsmhay) February 24, 2014
I stand by my statement that:
Saying “everything will be cloud” is a myopic view and pure vendor posturing #agc
— Andrew Hay (@andrewsmhay) February 24, 2014
The biggest companies in the world are not going to throw everything into the “cloud bucket” tomorrow, next week, or whenever your fiscal year closes. The baby is certainly not getting thrown out with the bathwater so perhaps a migration-based, staggered adoption message is more palatable? Want to run your messaging by me? I’m happy to help.