Episode 350

Trials of TLS


December 29th, 2017

50 mins 43 secs

Your Hosts

About this Episode

The trials and tribulations of the long journey to TLS 1.3, and the “middleware” that’s keeping us from having nice things. Plus a pack of Leaky S3 bucket stories and the data that was exposed.

Then we do a deep dive into some SMB fundamentals and practical tips to stay on top of suspicious network traffic.

Episode Links

  • Why TLS 1.3 isn't in browsers yet — It has been over a year since Cloudflare’s TLS 1.3 launch and still, none of the major browsers have enabled TLS 1.3 by default.
  • TLS 1.3 middleboxes test — This page performs some tests to check for middlebox interference with TLS 1.3. For that it requires Adobe Flash and TCP port 843 to be open. If this is not the case, all tests will fail with N/A.
  • Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS — AWS account credentials and firmware AES encryption keys were also exposed on GitHub,
  • Data on 123 million US households exposed — Leaky bucket might be a better description because when opened the database revealed the personal financial data of 123m American households – in effect everyone with an address in the US around the time of the file’s creation in 2013.
  • Massive US military social media spying archive left wide open in AWS S3 buckets — Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest.
  • Security Monkey — Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. Support is available for OpenStack public and private clouds. It provides a single UI to browse and search through all of your accounts, regions, and cloud services. The monkey remembers previous states and can show you exactly what changed, and when.
  • An Introduction to SMB for Network Security Analysts — At its most basic, SMB is a protocol to allow devices to perform a number of functions on each other over a (usually local) network.
  • StorageCrypter Ransomware: Security Threat or Clickbait? — Hats off to the most buzzword-loaded headline of the year: “StorageCrypt Ransomware Infecting NAS Devices Using SambaCry”.
  • DHCPDECLINE Follow Up — I think I have a hypothesis. When dhclient is offered an IP, it attempts to look it up in dhcpd.leases (under /var), and if /var has errors, the lookup fails and says "not found" (which is what the DHCPDECLINE line says in the log).
  • Please keep some BSD — Please don't get too Linux single-minded. Some FreeBSD plugs here and there are welcome.
  • Repairing a 1960s mainframe: Fixing the IBM 1401's core memory and power supply — Core memory was a popular form of storage in this era as it was relatively fast and inexpensive. Each bit is stored in a tiny magnetized ferrite ring called a core.