Meltdown and Spectre attacks
Eniko Toth

Meltdown and Spectre attacks

A new class of side-channel attacks have been appeared, which exploit the following CPU vulnerabilities: CVE-2017-5715 : branch target injection CVE-2017-5753 : bounds check bypass CVE-2017-5754 : rogue data cache load Meltdown and Spectre rely on them and allow the hackers to read the memory content of other programs, it means they can access the stored sensitive data like passwords, photos, emails, secret documents, etc. The original coordinated disclosure date of this issue was planned for January 9, but the issue became public 6 days earlier....
Read more
Software-defined storage pool
Daniel Mecsei

Software-defined storage pool

At Virtualization Day 2017 in Budapest, Hungary, we saw pretty good presentations about a different type of virtualizations and architecture concepts. In forenoon, Gergely Rab from Dell have shown us some very useful tools and solutions for software-defined storage architecture. One of these products is ScaleIO, which utilizes standard x86 servers and Ethernet network. In a standard lifecycle, you firstly plan and deploy your new array, then expand and optimize the storage. When the array comes to the end of its life, the process begins again, and you’ll also have to migrate your data...
Read more
Unix vs. Linux systems
Mariann Csorba

Unix vs. Linux systems

Mariann Csorba
Before the expansion of Windows Operational Systems and the creation of the Linux, the world was ruled by UNIX systems. The UNIX was used predominantly in the 1980’s. Despite of its positive traits it was mainly used by research centers, institutes and school’s operational system. It can be thanked partly to its price, and also to the fact that originally it wasn’t designed for domestical usage but for big computers. The UNIX was a closed-source system and with the exception of some institutes, noone could get access to it.   It’s history When the UNIX was only well-known in...
Read more
Pi-Ninja-Security for RaspberryPi
Nikoletta Szabo

Pi-Ninja-Security for RaspberryPi

Nikoletta Szabo
The real geek escaped from one Ninjastic developer of ours lately, and in his freetime he decided to try to install BitNinja on his Raspberry Pi 2 model B. And guess what happened? He was successful! What is more, BitNinja also captured some attacks with its port honeypot module. Now, let me describe you the process of the installation and what he exactly found. So the tool is Raspberry Pi 2 model B, and he uses Linux: Raspbian GNU/Linux 8 on it.   The process: Bitninja is not available for arm architecture, so he was not able to install it from the Bitninja debian reposit...
Read more
BitNinja overcomes CVE-2016-5696 vulnerability
Nikoletta Szabo

BitNinja overcomes CVE-2016-5696 vulnerability

Nikoletta Szabo
CVE-2016-5696 Linux Kernel vulnerability has been recognized two weeks ago by some watchful researchers , who immediately informed the world of the Internet about the potential dangers waiting for them. This vulnerability can be exploited by an attack called with the umbrella term: “man in the middle attack” and is mainly conducted by off-path hackers. RedHat and many other companies informed their clients about the new foundings and described the issue the following way: ” Researchers have discovered a flaw in the Linux kernel’s TCP/IP networking subsystem implementation of...
Read more

How to monitor your server load?

Daniel Mecsei
What is the average load in Linux? The load is a measure of the amount of computational work that a computer system performs. The Linux generates a metric of three average load numbers in the kernel which the user can easily query by running the uptime command. The three values of load average refer to the past one, five, and fifteen minutes of system operation. Each process using or waiting for CPU increments the load number by 1, however, Linux also includes processes in uninterruptible sleep states (waiting for I/O activity). For example, if you have an eight-core CPU, and the l...
Read more