Lululemon Athletica Inc. Website down for 24 hours

I have witnessed various retailers go down for half an hour or so (Bestbuy on Black Friday sales is very common), but never did I see a MAJOR retailer go down for 24 hours. The message that lululemon.com was showing for 24 hour span was:

We are usually awesome at this. Please don’t refresh your browser. You’ll be back in the flow shortly.

There was no word from the company on what exactly occurred. They use the largest CDN provider Akamai, the same provider that Apple uses. Akamai is known to be the top content delivery network provider, therefore I would assume that the issue was not with them. Even if your cloud storage or a dedicated server was to go down, recovering from back-up shouldn’t take longer than 30 minutes. The assumption here is that the dedicated server or cloud did go down and that the back-up they had was corrupt. Or they had major issues restoring form the original backup and had to resort to their secondary off-shore storage. I assume they have more than 1 backup location that they use. These are all assumption. Maybe their administrator went away for the long weekend. We really don’t know.

The moral of the story is, make sure your back-ups are not corrupt and that you are capable of recovering from a disaster within a 3o minute span especially in today’s technological advances of cloud storage.

 

Malware Reverse Engineering

Malware DissembleAs the title of this blog states, this short blog is about malware reverse engineering. This seems to be a very popular topic among security experts. The idea of reverse engineering of malware is to find out what weakness did the malware expose on your side (network, operating system, etc).

After researching for approximately 3 days, this is one tough area to learn. Assembly language and system calls are the two objectives that you are looking into when dissembling malware. The system I used is Late 2013 iMac with a Windows 7 virtual machine installed on it. The virtual machine is isolated and is not connected to the network. I did use a dissembler which was used for static analysis. Debugger is great because it provides you with a great sense of on the fly action that the malware migh execute. Debuggers that I consider valuable are: IDA Pro, Immunity Debugger and Oly Debugger. The one I spent most time on was IDA Pro. Keep in mind that these tools are not cheap. IDA Pro for example Starter edition is USD$589 and Pro is US$1129. I do believe this particular area will see significant growth as Malware becomes more sophisticated and the attacks turn toward mobile users.

What was I able to do in 3 days? Take a look at the diagram above. I did manage to dissemble one particular type of Malware, however my skills are fairly basic in this area, and I’m unsure if I got all the systems calls. This was a Windows based Malware, see if you can guess what Malware it is?

 

 

WannaCry Ransomware received how many payments?

As everyone knows by now WannaCry / WanaCrypt0r ransomware would encrypt your hardrive, lock you out and simply ask for payment between $300.00 to $600.00 to restore access back. There are certainly users out there that paid, but how many paid and how much did WannaCry / WanaCryptor. According to ActualRansom

The three bitcoin wallets tied to #WannaCry ransomware have received 296 payments totaling 48.86359565 BTC ($99,448.11 USD).

It is a very impressive amount of money for a few days of work.

Google disciplines Symantec for mis-issuing 30,000 Certs

In a extreme rebuke of one of many largest suppliers of HTTPS credentials, Google Chrome builders introduced plans to drastically limit transport layer safety certificates offered by Symantec-owned issuers following the invention they’ve allegedly mis-issued greater than 30,000 certificates.

Chrome plans to cease recognizing the prolonged validation standing of all certificates issued by Symantec-owned certificates authorities, Ryan Sleevi, a software program engineer on the Google Chrome group, stated in a web-based discussion board. Prolonged validation certificates are supposed to supply enhanced assurances of a website’s authenticity by displaying the identify of the validated area identify holder within the tackle bar. Below the transfer introduced by Sleevi, Chrome will instantly cease displaying that data for a interval of no less than a 12 months. In impact, the certificates might be downgraded to less-secure domain-validated certificates.

Extra steadily, Google plans to replace Chrome to successfully nullify all at the moment legitimate certificates issued by Symantec-owned CAs. With Symantec certificates representing greater than 30 % of the Web’s legitimate certificates by quantity in 2015, the transfer has the potential to stop tens of millions of Chrome customers from with the ability to entry giant numbers of websites. What’s extra, Sleevi cited Firefox information that confirmed Symantec-issued certificates are answerable for 42 % of all certificates validations. To reduce the possibilities of disruption, Chrome will stagger the mass nullification in a approach that requires they get replaced over time. To do that, Chrome will steadily lower the “most age” of Symantec-issued certificates over a collection of releases. Chrome 59 will restrict the expiration to not more than 33 months after they had been issued. By Chrome 64, validity could be restricted to 9 months.

Announcement is just the most recent growth in Google’s 18-month critique of practices by Symantec issuers. In October 2015, Symantec fired an undisclosed variety of workers answerable for issuing check certificates for third-party domains with out the permission of the area holders. One of many extended-validation certificates coated google.com and www.google.com and would have given the particular person possessing it the flexibility to cryptographically impersonate these two addresses. A month later, Google pressured Symantec into performing a expensive audit of its certificates issuance course of after discovering the mis-issuances went nicely past what Symantec had first revealed.

In January 2017, an unbiased safety researcher unearthed proof that Symantec improperly issued 108 new certificates. Thursday’s announcement got here after Google’s investigation revealed that over a span of years, Symantec CAs have improperly issued greater than 30,000 certificates. Such mis-issued certificates symbolize a probably important menace to nearly all the Web inhabitants as a result of they make it attainable for the holders to cryptographically impersonate the affected websites and monitor communications despatched to and from the legit servers. They’re a serious violation of the so-called baseline necessities that main browser makers impose of CAs as a situation of being trusted by main browsers.

Mr. Sleevi wrote:

As captured in Chrome’s Root Certificate Policy, root certificate authorities are expected to perform a number of critical functions commensurate with the trust granted to them. This includes properly ensuring that domain control validation is performed for server certificates, to audit logs frequently for evidence of unauthorized issuance, and to protect their infrastructure in order to minimize the ability for the issuance of fraudulent certs.
On the basis of the details publicly provided by Symantec, we do not believe that they have properly upheld these principles, and as such, have created significant risk for Google Chrome users. Symantec allowed at least four parties access to their infrastructure in a way to cause certificate issuance, did not sufficiently oversee these capabilities as required and expected, and when presented with evidence of these organizations’ failure to abide to the appropriate standard of care, failed to disclose such information in a timely manner or to identify the significance of the issues reported to them.

These issues, and the corresponding failure of appropriate oversight, spanned a period of several years, and were trivially identifiable from the information publicly available or that Symantec shared.

The full disclosure of these issues has taken more than a month. Symantec has failed to provide timely updates to the community regarding these issues. Despite having knowledge of these issues, Symantec has repeatedly failed to proactively disclose them. Further, even after issues have become public, Symantec failed to provide the information that the community required to assess the significance of these issues until they had been specifically questioned. The proposed remediation steps offered by Symantec have involved relying on known-problematic information or using practices insufficient to provide the level of assurance required under the Baseline Requirements and expected by the Chrome Root CA Policy.

Symantec officials released an email statement:

As the world’s leading cyber security company and the market leading Certificate Authority, we understand the importance of the trust chain we provide for our customers and everyone who uses the Internet. We learned of Google’s proposal when they posted it on their blog today. Their communication was unexpected and their proposed action is irresponsible. Our SSL/TLS certificate customers and partners need to know that this does not require any action at this time.

Symantec’s repeated violations underscore one of many issues Google and others have in imposing phrases of the baseline necessities. When violations are carried out by issuers with a sufficiently big market share they’re thought-about too huge to fail. If Google had been to nullify all the Symantec-issued certificates in a single day, it would trigger widespread outages. The penalties outlined by Sleevi appear to be aimed toward minimizing such disruptions whereas nonetheless exacting a significant punishment.

The penalties instantly revoke solely the standing of prolonged validation certificates issued by Symantec, a transfer that’s more likely to be a serious annoyance to many Symantec prospects and their web site guests, however not make websites unavailable. The untrusting of all Symantec certificates, in the meantime, has a a lot increased potential of making Web-wide issues.

As Sleevi defined it: “By phasing such adjustments in over a collection of releases, we goal to attenuate the affect any given launch poses, whereas nonetheless frequently making progress in the direction of restoring the mandatory degree of safety to make sure Symantec-issued certificates are as reliable as certificates from different CAs.”

Update: Symantec has released additional information on their Blog.

Our customers don’t have to worry about the SSL issues you see above. We have always used Comodo SSL certificates.

How do I refresh the hosts file on OS X?

Ever wanted to block certain hosts on your MAC and then simply clear DNS cache. It’s actually fairly easy. This brief tutorial is for OSX 10.9+.

1. Open your TERMINAL (Launchpad > Other > Terminal).

2. To edit your hosts file simply type in:

sudo vim /etc/hosts

3. Type “i” to insert or edit the hosts file.

4. Lets say we wanted to block ads from this particular domain: pubads.g.doubleclick.net. The format would go as follows:

0.0.0.0 pubads.g.doubleclick.net

You can also do this localized format as well:

127.0.0.1 pubads.g.doubleclick.net

5. Once you are happy with the changes click “esc” on your keyboard. Then :wq

That’s is, you have now edited your hosts file on your MAC.

6. We now need to flush the DNS. In your terminal type in:

sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

Hopefully, this helps someone to block porn, social network, gambling and so on. If you don’t have a list, there is a great community that grabs information from adaway.org, mvps.org, malwaredomainlist.com, someonewhocares.org, yoyo.org, and potentially others to create their lists. Have a look by clicking this > hosts file that is updated.

How do I load a sql.gz file to my database? (importing)

Many of us use phpmyadmin to utilize any sort of importing and exporting of MySQL databases. But what if there was an easier way and faster solution. You will need SSH access to your VPS or dedicated server box. Its a one liner:

zcat /path/to/file.sql.gz | mysql -u ‘root’ -p ‘password’ your_database

zcat = decompresses the data of all the input files, and writes the result on the standard output. zcat concatenates the data in the same way cat does. The names of compressed input files are expected to end in .Z, .gz, or .bz2.

path = you must know full path of your sql file

-u username = in this example we are using root as the username, however you can use a username of your particular mysql that you are importing.

-p = is the password for your username above

your_database = name of the database where you are importing your sql.gz file.

That’s it, fairly simple. If you run into any issues don’t hesitate to contact us.

Run OPTIMIZE TABLE to defragment tables for better performance

If you are noticing slugging performance wits your MySQL database, this simple tutorial is for you. This is particularly important for websites that have a large MySQL database. Please note that you must have root access and SSH access to proceed further. Log into your web hosting via SSH and follow below.

Run this command:

Code:

mysqlcheck -u root –auto-repair –optimize –all-databases

If you notice issues you can fix tables by issuing:

Code:

mysqlcheck -A -r -p

If everything has been fixed it is highly recommended to restart your MySQL server:

/etc/init.d/mysql restart

That is all, you should see increase in your MySQL queries and of course better performance.

Hackers want Ransom from Apple

It has been discovered mischievous group of hackers claiming to have entry to over 300 million iCloud accounts is threatening Apple to remotely wipe knowledge from these thousands and thousands of Apple gadgets until Apple pays it $75,000 in crypto-currency or $100,000 price of iTunes present playing cards.

The hacking group, who recognized themselves as ‘Turkish Crime Household,’ has demanded a ransom to be paid in Bitcoin or Ethereum, one other in style crypto-currency.

” the hacker instructed Motherboard.

Nonetheless, the story appears inconsistent, as on its Twitter account, the group claims to have entry to 200 million iCloud accounts, whereas in one of many emails, it says to entry 300 million Apple e mail accounts and in one other, the quantity will get nearly double to 559 million.

At the moment, it is vitally tough for even Apple to confirm the claims. Nonetheless, the corporate has warned the group saying that it doesn’t reward cyber criminals for breaking the legislation and asking them to take away the video because it was “searching for undesirable consideration.”

iOS green screen of death

I remember the days when windows used to be plagued with the lovely blue screen of death. It used to be a regular occurrence especially if you installed a third party driver or hardware that windows wasn’t particularly fond of. I have since switched to MacOS and have never experience such events ever again.

Now I mostly use mobile devices such as an iPad and iPhone to complete 90% of my work. And I must say I spend most time on these types of devices. I use both of the devices for both work and play. Which brings me to what had happened few days ago. I was on FaceTime and my iPhone 6S Plus running 10.2 locked up with the following green like screen:

iOS green screen of death

Nothing was responsive and I had to perform a hard reboot (home+power). The phone did go back to normal. I did some googling and I can’t figure out what this is? If anyone has any ideas feel free to drop me a line.

Android: versionCode vs. versionName

When you are releasing an Android application you are faced with deciding of putting a versionCode and versionName. Both are usually found in your manifest. However, I have started to input them in my Gradle and more developers have started to do the same. But what the heck is the difference between the two.

Android:versionCode – An internal version number. Not visible to users.

Android:versionName – The version name shown to users.

My releases usually look as follows:

versionCode – 1
versionName – 1.0

Lets pretend I have just updated my app to the next version, it would look as follows:

versionCode – 2
versionName – 1.1

Full detailed explanation can be found under Android Deveoper Guide.