Tag Archives: Cloud

Interview of Mathias Ortmann MEGA CTO

I had the chance to interview Mathias Ortmann, co-founder and Chief Technology Officer (CTO) of MEGA, through Xavier Buck a Luxembourgish entrepreneur. Mathias Ortmann review the launch of MEGA, the secured Cloud based file sharing plate-forme.

170322703851009d6a62f78

How did you start MEGA adventure?

When we learned that our extradition proceedings would be delayed by the US government appealing against the high court’s decision that we are allowed to see evidence, we knew that we would be in for a long and costly legal battle. The only way to finance it is to make money, and since we have some expertise in the field of cloud storage, we decided to go down that path.

MEGA buz has generate a lot of cyber attacks, you excepted it?

Cyber attacks in the sense of denial-of-service or hacking attempts – not yet.
Cyber attacks in the sense of massive user demand – oh yes!

What do you think regarding the encryption polemic?

We are a bit disappointed by statements like “If you can break SSL, you can break MEGA” and the uninformed discussion about our de-duplication strategy. However, there is also a positive side – so far, two genuine vulnerabilities have been found, reported to us and fixed: A crypto-unrelated XSS issue and a basic design flaw in our static content verification process. We are still undecided on the issue of whether we should protect users that choose unsafe passwords or rather educate them better so that they don’t.

You host some servers in USA, should you worry?

Despite the WHOIS result, we have no serves in the US (or Africa).

MEGA propose a secured cloud storage as a service. What counter measure are in place in order to protect copyrights?

Copyrights are not affected by encryption. Whether or not the data is encrypted, policing all user files for copyrighted content is neither required nor permitted, and we enforce a takedown policy that complies with all applicable laws and works just fine despite the encryption.

Why is MEGA the best?

Are we the best? We leave that up to the market to decide. We believe that our product – the combination of privacy, convenience, performance and pricing – is an attractive one, and we hope that it will be accepted and become popular despite our legal fight and the negative crypto-related PR that erupted immediately after our launch. To use the weather as an analogy (MEGA vs. the market leaders): We believe that a few dissipating clouds in a blue sky are still better than standing in the rain all the time!

Metasploit VMware Auxiliary Modules

Metasploit provide some VMware auxiliary modules who will permit you to fingerprint, gather information’s, enumerate users/groups/permissions, enumerate or terminate user administrative sessions, enumerate virtual machines hosted on ESX/ESXi and power on/off virtual machines.

You can find all these auxiliary modules through the Metasploit search command.

VMWare ESX/ESXi Fingerprint Scanner (esx_fingerprint)

To invoke this auxiliary module just type the following command :

This module attempt try to access to VMware ESX/ESXi Web API interfaces and attempts to identify the running version of ESX/ESXi. Web API interfaces are running on port 443/TCP with “/sdk” default URL, also all connections are encrypted in SSL.

You can run this module against multiple hosts by defining the “RHOSTS” variable. “RHOSTS” variable could be a unique IP address, an IP addresses range (ex : 192.168.1.0-192.168.1.255, or 192.168.1.0/24) or a file (ex : file:/tmp/ip_addresses.txt). Also in order to parallelize brute force attempts, just increase the number of concurrent threads by setting the “THREADS” variable.

VMWare Authentication Daemon Version Scanner (vmauthd_version)

To invoke this auxiliary module just type the following command :

This module will gather information’s about an ESX/ESXi host through the vmauthd service on port 902/TCP.

You can run this module against multiple hosts by defining the “RHOSTS” variable. “RHOSTS” variable could be a unique IP address, an IP addresses range (ex : 192.168.1.0-192.168.1.255, or 192.168.1.0/24) or a file (ex : file:/tmp/ip_addresses.txt). Also in order to parallelize brute force attempts, just increase the number of concurrent threads by setting the “THREADS” variable.

VMWare Web Login Scanner (vmware_http_login)

To invoke this auxiliary module just type the following command :

This module attempts to authenticate to the VMWare HTTP service for VmWare Server, ESX, and ESXi.

You can run this module against multiple hosts by defining the “RHOSTS” variable. “RHOSTS” variable could be a unique IP address, an IP addresses range or a file. This module is also attempting to authenticate using username and password combinations indicated by the “USER_FILE“, “PASS_FILE“, and “USERPASS_FILE” options. You can use SkullSecurity password lists. Also in order to parallelize brute force attempts, just increase the number of concurrent threads by setting the “THREADS” variable.

All valid user and password combinations are in green, invalid login are in red.

VMWare Authentication Daemon Login Scanner (vmauthd_login)

To invoke this auxiliary module just type the following command :

This module will test vmauthd logins on a range of machines and report successful logins.

You can run this module against multiple hosts by defining the “RHOSTS” variable. “RHOSTS” variable could be a unique IP address, an IP addresses range or a file. This module is also attempting to authenticate using username and password combinations indicated by the “USER_FILE“, “PASS_FILE“, and “USERPASS_FILE” options. You can use SkullSecurity password lists. Also in order to parallelize brute force attempts, just increase the number of concurrent threads by setting the “THREADS” variable.

All valid user and password combinations are in green, invalid login are in red.

 

VMWare Enumerate Host Details (vmware_host_details)

To invoke this auxiliary module just type the following command :

This module attempts to enumerate information about the host systems through the VMWare web API.

You can run this module against multiple hosts by defining the “RHOSTS” variable. “RHOSTS” variable could be a unique IP address, an IP addresses range or a file. You have to provide a valid “USERNAME” and “PASSWORD“. In order to parallelize brute force attempts, just increase the number of concurrent threads by setting the “THREADS” variable. Also, you can enumerate hardware details of the host by setting the “HW_DETAILS” option to “true“.

VMWare Enumerate User Accounts (vmware_enum_users)

To invoke this auxiliary module just type the following command :

This module will log into the Web API of VMWare and try to enumerate all the user accounts. If the VMware instance is connected to one or more domains, it will try to enumerate domain users as well.

You can run this module against multiple hosts by defining the “RHOSTS” variable. “RHOSTS” variable could be a unique IP address, an IP addresses range or a file. You have to provide a valid “USERNAME” and “PASSWORD“. Also, in order to parallelize brute force attempts, just increase the number of concurrent threads by setting the “THREADS” variable.

VMWare Enumerate Permissions (vmware_enum_permissions)

To invoke this auxiliary module just type the following command :

This module will log into the Web API of VMWare and try to enumerate all the user/group permissions. Unlike “vmware_enum_users” auxiliary module this is only users and groups that specifically have permissions defined within the VMware product.

You can run this module against multiple hosts by defining the “RHOSTS” variable. “RHOSTS” variable could be a unique IP address, an IP addresses range or a file. You have to provide a valid “USERNAME” and “PASSWORD“. Also, in order to parallelize brute force attempts, just increase the number of concurrent threads by setting the “THREADS” variable.

VMWare Enumerate Active Sessions (vmware_enum_sessions)

To invoke this auxiliary module just type the following command :

This module will log into the Web API of VMware and try to enumerate all the login sessions.

You can run this module against multiple hosts by defining the “RHOSTS” variable. “RHOSTS” variable could be a unique IP address, an IP addresses range or a file. You have to provide a valid “USERNAME” and “PASSWORD“. Also, in order to parallelize brute force attempts, just increase the number of concurrent threads by setting the “THREADS” variable.

Unfortunately this module is not working with VMware ESXi 5.0

VMWare Terminate ESX Login Sessions (terminate_esx_sessions)

To invoke this auxiliary module just type the following command :

This module will log into the Web API of VMWare and try to terminate user login sessions as specified by the session keys.

You can run this module against one host by defining the “RHOST” variable. You have to provide a valid “USERNAME” and “PASSWORD“. Also you have to provide a session key identified by the previous “vmware_enum_sessions” auxiliary module by defining the “KEYS” variable.

Unfortunately this module is not working with VMware ESXi 5.0

VMWare Enumerate Virtual Machines (vmware_enum_vms)

To invoke this auxiliary module just type the following command :

This module attempts to discover virtual machines on any VMWare instance running the web interface. This would include ESX/ESXi and VMWare Server.

You can run this module against multiple hosts by defining the “RHOSTS” variable. “RHOSTS” variable could be a unique IP address, an IP addresses range or a file. You have to provide a valid “USERNAME” and “PASSWORD“. Also, in order to parallelize brute force attempts, just increase the number of concurrent threads by setting the “THREADS” variable. By defining the “SCREENSHOT” variable, the auxiliary module will try to take a screenshot of the running VM.

VMWare Power On Virtual Machine (poweron_vm)

To invoke this auxiliary module just type the following command :

This module will log into the Web API of VMWare and try to power on a specified Virtual Machine.

You can run this module against one host by defining the “RHOST” variable. You have to provide a valid “USERNAME” and “PASSWORD“. Also you have to provide a virtual machine name identified by the previous “vmware_enum_vms” auxiliary module by defining the “VM” variable (for example : set VM CentOS 5.8 i386).

VMWare Tag Virtual Machine (tag_vm)

To invoke this auxiliary module just type the following command :

This module will log into the Web API of VMWare and ‘tag’ a specified Virtual Machine. It does this by logging a user event with user supplied text.

You can run this module against one host by defining the “RHOST” variable. You have to provide a valid “USERNAME” and “PASSWORD“. You have to provide a virtual machine name identified by the previous “vmware_enum_vms” auxiliary module by defining the “VM” variable (for example : set VM CentOS 5.8 i386). Also you have to provide a message through the “MSG” variable.

VMWare Power Off Virtual Machine (poweroff_vm)

To invoke this auxiliary module just type the following command :

This module will log into the Web API of VMWare and try to power off a specified Virtual Machine.

You can run this module against one host by defining the “RHOST” variable. You have to provide a valid “USERNAME” and “PASSWORD“. Also you have to provide a virtual machine name identified by the previous “vmware_enum_vms” auxiliary module by defining the “VM” variable (for example : set VM CentOS 5.8 i386).

Should Dropbox be Shutdown for Spreading Mass Malwares ?

Blog posts on Symantec and ThreatPost have point the fact that Dropbox is used by bad guys to spread spam and phishing campaigns and also malwares. All theses malwares, files used in phishing and spamming campaigns coming from the “Public Folder” of malicious Dropbox accounts. Any file put in this folder gets its own Internet link so that he can be shared with others. Examples of malwares spread by Dropbox :

http://dl.dropbox.com/u/58336523/x/login.php, PHP/IRCBOT used in remote file inclusion campaigns.

http://dl.dropbox.com/u/63038576/Script.exe, WORM/Ainslot.A.1946 used in infection campaigns.

The problem is that Dropbox is not spreading malwares since few days. If you take a look at Clean MX database, Dropbox is present since 2010-04-19, with an explosion of malwares in 2011. The fact that Dropbox spread malwares is real and it is the case since long time. Dropbox is also present in Malc0de database since 2012-02-26.

Compared to other malware spreaders, Dropbox has a privileged status. For example, in November 2011, FileAve.com a free file hosting provider notorious for spreading thousands of malwares were shutdown after years of activities. FileAve.com have provide 50 MB free storage and a free sub domain for each created account (ex : http://yourname.fileave.com). FileAve.com was present in Clean MX database since the 2007-11-30, in Malc0de database since the 2010-01-11 and in our database since the 2009-02-16. The shutdown of FileAve.com was a good news for every one.

We can ask us a legitimate question, should Dropbox be shutdown, same as for FileAve.com ? Aren’t they both malware spreaders ?

Cloud or not to Cloud ?

Le Cloud est un sujet à la mode depuis déjà quelques années, mais pour ceux qui ne savent pas encore ce qu’est le Cloud, un petit rappel bref n’est pas inutile.

Vous utiliser, la majorité d’entre-vous, les services de Google, tels que Google Mail, Google Calendar, Google Docs, Skype, etc. Tous ces services sont des services “Cloud”. Vous n’avez plus à vous soucier d’installer un serveur de mail pour votre entreprise, Google vous l’offre et prend en charge l’administration et les évolutions du service. Vous n’avez plus besoin d’installer un logiciel du type Outlook pour gérer vos contacts et vos rendez-vous, Google Mail et Calendar répondent à vos besoins. Pourquoi installer Microsoft Office, Microsoft et Google vous propose gratuitement ou de louer à la demande ces suites de logiciels bureautique. Les domaines d’applications du Cloud peuvent se multiplier à l’infinie.

Pour une entreprise, l’avantage économique du Cloud se situe à ne plus à avoir de dépenses d’investissement de capital (CAPEX) sur le hardware, les logiciels, etc. De ne plus avoir besoin d’une escouade d’informaticiens interne, car toute l’administration et la gestion quotidienne sont délocalisées chez le fournisseur de service “Cloud”.

Beaucoup de souplesse, d’agilité, d’intérêts financier dans le Cloud, mais pour autant la mutualisation des infrastructures, des logiciels à aussi comme contrepartie de délocaliser et de mutualiser les risques. Est-ce que vos données d’entreprises sont bien séparées des données d’autres entreprises, est-ce que les personnes qui accèdent à vos données sont bien autorisées à le faire, est-ce que les locaux et ressources du fournisseur sont bien protégées contres des accès physiques frauduleux, est-ce que vos données seront toujours accessible pour que vous puissiez continuer à travailler à n’importe quel moment, est-ce que les lois en vigueur pour votre fournisseur sont conformes à vos obligations légales ? Etc.

Il suffit simplement de se projeter une semaine en arrière pour voir que la délocalisation et la mutualisation des risques est effectivement un facteur à prendre en compte lorsque l’on veut se lancer dans une expérience “Cloud”.

Skype, par exemple, a subit cette semaine une journée entière de perturbation, empêchant quelques dizaines de millions d’utilisateurs de pouvoir tous simplement téléphoner … Les entreprises basant leurs appels uniquement sur Skype ont bien sûr mal évalués, ou omit, le risque encouru de la perte de ce canal de communications. Il est toujours nécessaire de penser à une roue de secours.

Encore cette semaine, Microsoft a reconnus que des données de sociétés clientes du service BPOS (Business Productivity Online Suite) ont vu celles-ci se voir accéder par des utilisateurs d’autres sociétés. Malheureusement Microsoft n’est pas dans la possibilité de savoir depuis combien de temps ces accès ont pu avoir lieu.

Le Cloud sera de toute façon la prochaine évolution forcée de l’informatique grand publique et professionnelle, mais plutôt que de vous lancer tête baisser dans l’aventure, n’oubliez pas d’évaluer vos risques.