mastsec - Network

Why did the recent OpenSSL punycode vulnerability happened?Good analysis:https://words.filippo.io/dispatches/openssl-punycode/"Why does...

Why did the recent OpenSSL punycode vulnerability happened?

Good analysis:

https://words.filippo.io/dispatches/openssl-punycode/

"
Why does something like OpenSSL need to decode punycode?"

The answer is: an explicit IETF design choice, that made punycode decoding part of X.509 verification, without even a line of acknowledgement in the Security Considerations."

You should probably not use #AWS . Probably. Agree?https://www.karlsutt.com/articles/you-should-not-be-using-aws/#cloud

You should probably not use #AWS . Probably. Agree?

https://www.karlsutt.com/articles/you-should-not-be-using-aws/

#cloud

Everything you probably don't need to know about NGINX logs.Very detailed analysis of the source code and related error...

Everything you probably don't need to know about NGINX logs.

Very detailed analysis of the source code and related error logs:

https://trunc.org/learning/everything-you-dont-need-to-know-about-nginx-error-logs

#nginx #linux #security #infosec #logs

Create an empty 8G file to save you in case your disk gets...

Create an empty 8G file to save you in case your disk gets full:

https://brianschrader.com/archive/why-all-my-servers-have-an-8gb-empty-file/

Not sure I like this technique, but I have to agree that is pretty difficult to troubleshoot a server when the disks gets full.

That little file can save you a lot of hours.

Quoting Chris Krebs:"This is the real deal. If your organization runs an OWA server exposed to the internet, assume compromise between...

Quoting Chris Krebs:

"This is the real deal. If your organization runs an OWA server exposed to the internet, assume compromise between 02/26-03/03. Check for 8 character aspx files in C:\\inetpub\wwwroot\aspnet_client\system_web\. If you get a hit on that search, you’re now in incident response mode."

https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/

"The only way to force companies to provide safety and security features for customers and users is with government intervention. They...

"The only way to force companies to provide safety and security features for customers and users is with government intervention.

They routinely legislate safety — pollution standards, automobile seat belts, lead-free gasoline, food service regulations.

We need to do the same with cybersecurity: the federal government should set minimum security standards for software and software development."

https://www.schneier.com/blog/archives/2021/03/national-security-risks-of-late-stage-capitalism.html

Agree?

Before buying a NYT subscription, here's what it will take you to cancel it.https://imgur.com/a/K8m7p2tI was expecting them to require a...

Before buying a NYT subscription, here's what it will take you to cancel it.

https://imgur.com/a/K8m7p2t

I was expecting them to require a snail mail or a fax, but still a pain to have it cancelled.

Until they fix it, might be better not to subscribe to the NYT.

Barcode Scanner app on Google Play infects 10 million users with one update...

Barcode Scanner app on Google Play infects 10 million users with one update

https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/

Do you have this Barcode scanner app on your Android?

In August and September 2020, Verisign quantified that upwards of 45.80% of total DNS traffic to the root servers was, at the time, the...

In August and September 2020, Verisign quantified that upwards of 45.80% of total DNS traffic to the root servers was, at the time, the result of Chromium intranet redirection detection tests...

https://blog.apnic.net/2021/02/04/how-chromium-reduces-root-dns-traffic/

After a code change, Chrome was able to reduce this number significantly...

If you had email issues lately....Spamcop let their domain...

If you had email issues lately....

Spamcop let their domain expire:

https://www.bleepingcomputer.com/news/security/spamcop-anti-spam-service-suffers-an-outage-after-its-domain-expired/

Causing false positives to anyone using them.

Any unprivileged user can gain root privileges on a vulnerable host using a default sudo configuration by exploiting this...

Any unprivileged user can gain root privileges on a vulnerable host using a default sudo configuration by exploiting this vulnerability.

https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

If you allow users into your system via ssh, check this out asap.

Tim Cook: Why I kicked Parler off Apple's App Store.Apple, along with Amazon and Google, effectively kicked Parler off the internet in...

Tim Cook: Why I kicked Parler off Apple's App Store.

Apple, along with Amazon and Google, effectively kicked Parler off the internet in the wake of the January 6 US Capitol siege. Despite criticism that Big Tech wields too much power over speech, Apple CEO Tim Cook defended his decision....

https://www.cnn.com/2021/01/17/tech/tim-cook-apple-parler/index.html

What do you think? Do you agree?

Complicated battle between fighting misinformation/abuse vs free speech.

How I hijacked the top-level domain of a sovereign...

How I hijacked the top-level domain of a sovereign state

https://labs.detectify.com/2021/01/15/how-i-hijacked-the-top-level-domain-of-a-sovereign-state/

He registered an expired domain used by the .cd ccTLD. Great report.

NSA warns against using DoH inside enterprise networksThe NSA urges companies to host their own DoH resolvers and avoid sending DNS traffic...

NSA warns against using DoH inside enterprise networks

The NSA urges companies to host their own DoH resolvers and avoid sending DNS traffic to third-parties.

https://www.zdnet.com/article/nsa-warns-against-using-doh-inside-enterprise-networks/

Stealing Your Private YouTube Videos, One Frame at a Time...

Stealing Your Private YouTube Videos, One Frame at a Time

https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/

Really cool discovery and great bug bounty $$.

SolarWinds, whose software was backdoored to allow hackers to breach U.S. government agencies, was warned last year that anyone could access...

SolarWinds, whose software was backdoored to allow hackers to breach U.S. government agencies, was warned last year that anyone could access its update server using the password "solarwinds123"...

... APT they said... ?

https://www.reuters.com/article/global-cyber-solarwinds/hackers-at-center-of-sprawling-spy-campaign-turned-solarwinds-dominance-against-it-idUSKBN28P2N8

Over the last months, hackers have quietly added a subtle security flaw to over 50 large online stores, only to exploit them right before...

Over the last months, hackers have quietly added a subtle security flaw to over 50 large online stores, only to exploit them right before Black Friday...

The backdoor would ensure future access for the attackers, even if their primary operation was blown.

Sansec has been tracking this developing campaign since April this year, and found numerous stealthy tactics to dodge detection.

Good research:

https://sansec.io/research/magento-2-persistent-parasite

Why is the Google Cloud UI so slow?https://www.debugbear.com/blog/slow-google-cloud-ui"Here's what happens when the browser wants...

Why is the Google Cloud UI so slow?

https://www.debugbear.com/blog/slow-google-cloud-ui

"Here's what happens when the browser wants to run some JavaScript code.

-Parsing

-Compilation (also happens lazily)
Initialization – the browser runs module initialization code,

-Running core app code – renders the application using the initialized modules

For the whole Google Cloud page, just parsing the source code takes 250ms, and compilation takes another 750ms ...

Linkedin is a weird social network.https://divinations.substack.com/p/linkedins-alternate-universe

Linkedin is a weird social network.

https://divinations.substack.com/p/linkedins-alternate-universe

Nearly 70% of smart TVs and 46% of game consoles were found to contain hardcoded DNS settings - allowing them to simply ignore your local...

Nearly 70% of smart TVs and 46% of game consoles were found to contain hardcoded DNS settings - allowing them to simply ignore your local network’s DNS server entirely.

On average, Smart TVs generate an average of 60 megabytes of outgoing Internet traffic per day, all the while bypassing tools like PiHole - and DNS filters.
...

https://labzilla.io/blog/force-dns-pihole