The hottest gadget on Indiegogo is… a router?

The title, which I took the liberty to borrow from the German site MacLife.de, quite nicely captures the pleasant surprise we experienced during the campaign for Turris Omnia. I admit that the amount of collected money came as a bit of a surprise even to us. Just by the way, in our guessing competition among the team members, the most daring guess was USD 560 thousand, almost USD 300 thousand less than was eventually collected. We perceived this campaign only as a test, whether there is any interest in the market. And now we know there is, especially when we remind ourselves that certainly not everyone would contribute to the crowdfunding. Sending money to some of such campaigns means that the person prefers a pig in a poke to the bird in the hand. It already happened many times that a promising-looking project simply wasn’t finished or that the result didn’t live up to the original promises. Another problem is that businesses do not usually purchase through such campaigns, as it is not simple for them in terms of accounting. This also makes the collected amount a great promise for future.
Read more

CSIRT teams in 2015

Among CSIRT/CERT teams in Europe and around the world, the Czech Republic is known for a relatively high number of officially established security teams. Operating mainly within Europe, there is the GÉANT organization, which promotes the development and creation of new security teams through its long-established service Trusted Introducer. It is an initiative that aims to facilitate building of trust between security teams of educational and research institutions, operators, providers and government institutions that, within their address space, deal with security incidents, such as botnets, spam, phishing, open resolvers or more sophisticated incidents . Each team faces very similar, if not identical problems and therefore sharing of experience should be taking place to streamline their work. Withholding important information in this environment, on the other hand, does not usually bring any competitive advantage.

Read more

Metal or not metal? That is the question!

This Hamletesque question has haunted our team in connection with Omnia for a few months. Turris Omnia was introduced as a home router in a nicely shaped plastic case and for a long time we did not even think of other options. 5 GHz Wi-Fi connection was intended to be provided by three outside antennas and the “older” Wi-Fi at the 2.4 GHz frequency was supposed to be broadcast, sort of obligatorily, with two internal antennas, more or less for backwards compatibility with older devices.

Read more

Will mojeID become the national electronic identity? You can now use it to login to the European Comission services

The end of September marked the ending of one of the so-called large-scale pilot projects of the European Commission – the STORK 2.0 (Secure idenTity acrOss boRders linKed 2.0) project, whose aim was to try out in practice the possibilities of cross-border recognition of electronic identities, which is something that should be compulsorily introduced since September 2018 in accordance with the eIDAS Regulation. For the Czech Republic, the realization of this project involved the Ministry of the Interior and CZ.NIC with its mojeID service, which has been chosen as the national identity (Czech only).

Read more

Useful tools for malware analysis

In early October, the international project “Cyber ​​Security in the Danube Region” organized training for security teams operating within the region. As sharing of information and knowledge are essential in the field of security, I decided to write a post in which I would like to draw attention of the security community in the Czech Republic to two very interesting free tools.

Read more

Scripting in Knot DNS Resolver

This week I was approached by a man dressed in platypus pyjamas, he asked me: “These layers and modules you talk about, they’re cool. But can it be even better?”. After the initial costume distraction wore off, I pondered a bit and said: “Sure, let me just grab a cup of coffee”. The real story is that the layers are now much more interactive, and the documentation is improved.

Read more

MojeID now speaks more languages: it has learned the SAML and OpenID Connect protocols

Since its establishment in 2010, the mojeID service was closely connected with the OpenID 2.0 authentication protocol. This protocol was the best choice for us at the time, as it combined the implementation simplicity with availability of libraries for various programming languages. However, OpenID 2.0 is not the only authentication protocol. I wrote in our blog (only in Czech) about several others, like the SAML protocol or OpenID Connect. Especially for the latter one, OpenID Connect, standardization of which was finished at the beginning of last year, analysts forecast a promising future. The good news is that mojeID is no longer “monolingual”, it is now able to communicate with service providers via the mentioned protocols.

Read more

Insistent router botnet

Not so long ago, monitoring attackers in our telnet honeypots helped reveal an interesting botnet composed of ASUS brand home routers. A botnet trying to log into our SSH honeypot running on Turris routers most frequently in the last two weeks is a botnet whose IP addresses, according to Shodan, often have one common characteristic: they respond with cookie AIROS_SESSIONID on port 80. This cookie points at AirOS running on Ubiquiti airRouter. According to data from Shodan, about 20% of attacking IP addresses out of a total of about 6500 can be identified as AirOS due to this cookie. Many addresses, however, come from dynamic pools yet unknown to Shodan.

Read more