Episode 359
Netflix’s Dark Capacity
March 15th, 2018
31 mins 49 secs
Your Hosts
Tags
About this Episode
Netflix has a few tricks we can learn from, and the story of clever malware that was operating undetected since 2012.
Plus we discuss Let's Encrypt’s Wildcard support and explain what ACME v2 is.
Then we detail the bad position Samba 4 admins are in, and the real cause of these recent 1.7Tbps DDoS attacks.
Episode Links
- Hardcoded Password Found in Cisco Software — Cisco says that an attacker could exploit this vulnerability (CVE-2018-0141) by connecting to the affected system via Secure Shell (SSH) using the hardcoded password.
- Potent malware that hid for six years spread through routers — "The malware is highly advanced, solving all sorts of problems from a technical perspective and often in a very elegant way, combining older and newer components in a thoroughly thought-through, long-term operation, something to expect from a top-notch well-resourced actor."
- CVE 2018-1057: Authenticated Samba users can change other users' password — On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
- CVE-2018-1057 - SambaWiki Workarounds — Revoke the change passwords right for 'the world' from all user objects (including computers) in the directory, leaving only the right to change a user's own password.
- ACME v2 and Wildcard Certificate Support is Live — We’re pleased to announce that ACMEv2 and wildcard certificate support is live!
- It just got much easier to wage record-breaking DDoSes — Within days of the new technique going public, security firms reported it being used in a record-setting 1.3 terabit-per-second DDoS against Github and then, two days later, a record-topping 1.7 Tbps attack against an unnamed US-based service provider.
- The real cause of large DDoS — All the gigantic headline-grabbing attacks are what we call "L3" (Layer 3 OSI[1]). This kind of attack has a common trait - the malicious software sends as many packets as possible onto the network.
- Project Nimble – Netflix TechBlog — We set ourselves an aggressive goal of being able to fail over traffic in less than 10 minutes.
- Follow Up: Alex has a tip for Alex
- Question: Oliver asks about a fail2ban replacement
- S3Scanner — Scan for open S3 buckets and dump
- Chromium is also a Snap