TechSNAP

We’re joined by a special guest to discuss the failures of campaign security, the disastrous consequences of a mismanaged firewall, and the suspicious case of Speck. Plus the latest vulnerabilities in Wireshark and OpenSSH, the new forensic hotness from Netflix, and some great introductions to cryptography. Links: I’m teaching email security to Democratic campaigns. It’s as bad as 2016. Botched CIA Communications System Helped Blow Cover of Chinese Agents NSA-Designed Speck Algorithm to Be Removed From Linux 4.20 Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Wireshark can be crashed via malicious packet trace files Service provider story about tracking down TCP RSTs The case of the 500-mile email Diffy: A cloud-centric triage tool for digital forensics and incident response An intensive introduction to Cryptography The Manga Guide to Cryptography | No Starch Press

To make DNS more secure, we must move it to the cloud! At least that’s what Mozilla and Google suggest. We breakdown DNS-over-HTTPS, why it requires a “cloud” component, and the advantages it has over traditional DNS. Plus new active attacks against Apache Struts, and a Windows 10 zero-day exposed on Twitter.Sponsored By: iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean Links: Firefox Nightly Secure DNS Experimental Results DNS-over-HTTPS DNS over HTTPS A cartoon intro to DNS over HTTPS Discussion of draft-ietf-doh-dns-over-https in the IETF's DOH Working Group High performance DNS over HTTPS client & server Cloudflare Resolver for Firefox Active Attacks Detected Using Apache Struts Vulnerability CVE-2018-11776 Windows 10 Zero-Day Vulnerability Exposed On Twitter Netdata: Get control of your servers. — netdata is a system for distributed real-time performance and health monitoring. It provides unparalleled insights, in real-time, of everything happening on the system it runs (including applications such as web and database servers), using modern interactive web dashboards. State of Software Distribution - 2018 — Few enterprises possess the ability to deploy the latest software and security patches at scale, putting their cybersecurity and business performance at risk. In the 2018 State of Software Distribution Report, we explore why IT decision makers say they struggle to keep up with the software distribution needs of the modern enterprise.

Microsoft’s making radical changes to Windows 10, and a new type of speculative execution attack on Intel’s processors is targeting cloud providers.Sponsored By: Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean Links: Hanging Up on Mobile in the Name of Security Windows 10 Enterprise Getting "InPrivate Desktop" Sandboxed Execution Feature Introducing the Windows Pseudo Console (ConPTY) Understanding L1 Terminal Fault aka Foreshadow Merge L1 Terminal Fault fixes from Thomas Gleixner Cabot: Self-hosted, easily-deployable monitoring and alerts service cabotapp/cabot - Docker Hub

Take down a Linux or FreeBSD box with just 2kpps of traffic, own Homebrew in 30 minutes, and infiltrate an entire network via the Inkjet printers. It’s a busy TechSNAP week.Sponsored By: Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean Links: HP Inkjet Printers Buffer Overflows in Processing Files Let Remote Users Execute Arbitrary Code Black Hat 2018: Update Mechanisms Allow Remote Attacks on UEFI Firmware | The first stop for security news How I gained commit access to Homebrew in 30 minutes Reconnaissance tool for GitHub organizations TruffleHog: Searches through git repositories for high entropy strings and secrets, digging deep into commit history BFG Repo-Cleaner by rtyley TCP implementations vulnerable to Denial of Service SegmentSmack: kernel: tcp segments with random offsets may cause a remote denial of service [CVE-2018-5390] Merge branch 'tcp-robust-ooo' · torvalds/linux New Sysadmin dealing with stress. Microsoft’s undersea data center now has a webcam with fish swimming past 27.6 petabytes of data

Reddit’s Two Factor procedures fail, while Google’s prevents years of attacks. We’ll look at the different approaches, and discuss the fundamental weakness of Reddit’s approach. Plus a Spectre attack over the network, BGP issues take out Telegram, and more!Sponsored By: Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean Links: Hey, don't route the messenger! Telegram redirected through Iran by baffling BGP leak Finding and Diagnosing BGP Route Leaks Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts New Spectre attack enables secrets to be leaked over a network NetSpectre: Read Arbitrary Memory over Network Password breach teaches Reddit that, yes, phone-based 2FA is that bad We had a security incident. Google Employees Use a Physical Token as Their Second Authentication Factor Cisco is buying Duo Security for $2.35B in cash

Some new tools will give you better insights into your system under extreme load, and we flash back to the days of AOL and discuss the new way social hackers are spreading malware. Plus the death of a TLD, the return of SamSam, and more!Sponsored By: Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean Links: psi: pressure stall information for CPU, memory, and IO v2 — PSI aggregates and reports the overall wallclock time in which the tasks in a system (or cgroup) wait for contended hardware resources. Chinese “hackers” are sending malware via snail mail — The trick is simple: a package arrives with a Chinese postmark containing a rambling message and a small CD. The CD, in turn, contains a set of Word files that include script-based malware. These scripts run when the victims access them on their computers, presumably resulting in compromised systems. The death of a TLD SamSam: The (almost) $6 million ransomware — Through original analysis, interviews and research, and by collaborating closely with industry partners and a specialist cryptocurrency monitoring organisation, Sophos has uncovered new details about how the secretive and sophisticated SamSam ransomware is used, who’s been targeted, how it works and how it’s evolving. Open sourcing oomd, a new approach to handling OOMs — As our infrastructure has scaled, we’ve found that an increasing fraction of our machines and networks span multiple generations. One side effect of this multigenerational production environment is that a new software release or configuration change might result in a system running healthily on one machine but experiencing an out-of-memory (OOM) issue on another. Tyler's recent job story

Google and Amazon recently shutdown Domain Fronting. Their abrupt change has created a building backlash. We’ll explain what Domain Fronting is, how activists can use it to avoid censorship, and why large organizations are compelled to disable it. Plus how road navigation systems can be spoofed with $223 in hardware, and another bad Bluetooth bug.Sponsored By: Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean Links: Road navigation systems can be spoofed using $223 equipment The World Economy Runs on GPS. It Needs a Backup Plan Big bad Bluetooth blunder bug battered – check for security fixes Vulnerability Note VU#304725 - Bluetooth Diffie-Hellman key exchange Domain Fronting Domain Fronting Is Critical to the Open Web Russia Blocks Millions of Amazon and Google IPs in Bungled Attempt to Ban Telegram Blocking-resistant communication through domain fronting Duplicati gets some love Duplicati Duplicati - Docker Hub Installing Duplicati on Ubunutu Linux Ben's Backup Basics

Google's Cloud Platform suffers an outage, and iPhones in India get owned after a very specific attack. Plus how a malware author built a massive 18,000 strong Botnet in one day, and Cisco finds more "undocumented" root passwords.Sponsored By: Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean Links: Cisco Removes Undocumented Root Password From Bandwidth Monitoring Software Google Cloud Platform reports issues; Snapchat and other popular apps affected Google Cloud Status Dashboard Bogus Mobile Device Management system used to hack iPhones in India • The Register A major election software maker allowed remote access on its systems for years - The Verge Router Crapfest: Malware Author Builds 18,000-Strong Botnet in a Day Anian wants to lean better backup How To Choose an Effective Backup Strategy for your VPS | DigitalOcean Tarsnap - Online backups for the truly paranoid Borg Documentation — Borg - Deduplicating Archiver 1.1.6 documentation borgmatic duplicity: Main restic · Backups done right!

Good progress is being made on post-quantum resilient computing. We’ll explain how they’re achieving it, the risks facing traditional cryptography. Plus how bad defaults led to the theft of military Drone docs, new attacks against LTE networks, more!Sponsored By: Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean Links: Hacker Steals Military Docs Because Someone Didn’t Change a Default FTP Password Year-Old Critical Vulnerabilities Patched in ISP Broadband Gear | The first stop for security news Timehop admits that additional personal data was compromised in breach Researchers Uncover New Attacks Against LTE Network Protocol Breaking LTE on Layer Two Nintendo reportedly rolling out new, more hack-resistant Switch hardware Wire and post-quantum resistance What is quantum computing? Quantum Computing and its Impact on Cryptography Why Quantum Computers Might Not Break Cryptography Remote Manage Linux Boxes? Learning OpenStack?

Allan Jude and Wes sit-down for a special live edition of the TechSNAP program. Joined by Jed and Jeff they have a wide ranging organic conversation. Special Guest: Allan Jude.Sponsored By: Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean

Netflix has learned the hard way how to utilize all the logs, we cover their lessons in their journey to build a fully observable system. Plus the Lazy State FPU bug that cropped up this week, backdoored Docker images, your questions, and more!Sponsored By: Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean Links: INTEL-SA-00145 Colin Percival on Twitter NetBSD Documentation: How lazy FPU context switch works Lazy FPU Save/Restore (CVE-2018-3665) 17 Backdoored Docker Images Removed From Docker Hub Lessons from Building Observability Tools at Netflix Jobs at Linux Academy

Microsoft puts a data center under the ocean, and they might be onto something. The Zip Slip vulnerability sneaks into your software, and VPNFilter turns out to be more complicated than first known. Plus the mass exploit of Drupalgeddon2 continues, we break down why, a batch of questions, and more.Sponsored By: iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean Links: Microsoft sinks data centre off Orkney How to protect yourself from megabreaches like the one that hit Ticketfly Three months later, a mass exploit of powerful Web servers continues Breach detection with Linux filesystem forensics Zip Slip Vulnerability VPNFilter Update RouterSploit: Exploitation Framework for Embedded Devices

We explain how the much hyped VPNFilter malware actually works, and its rather surprising sophistication. Plus a clear break down of the recent Kubernetes news, how a 40 year old tel-co protocol is being abused today, and a Git vulnerability you should know about.Sponsored By: Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean Links: Hiding Information in Plain Text - IEEE Spectrum Remediating the May 2018 Git Security Vulnerability – Microsoft DevOps Blog When to use git subtree? - Stack Overflow Ghostery Email Incident Update - Ghostery Surprise! Student receives $36,000 Google bug bounty for RCE flaw – Naked Security SS7 routing-protocol breach of US cellular carrier exposed customer data | Ars Technica SnoopSnitch - Apps on Google Play Kubernetes Containerd Integration Goes GA - Kubernetes Hackers infect 500,000 consumer routers all over the world with malware | Ars Technica FBI seizes domain Russia allegedly used to infect 500,000 consumer routers | Ars Technica Singapore ISP Leaves 1,000 Routers Open to Attack | Threatpost | The first stop for security news Don't let Frank near the server Dave decides to move some plugs...

We’ll explain how Speculative Store Bypass works, and the new mitigation techniques that are inbound. Plus this week’s security news has a bit of a theme, and we share some great war stories sent into the show.Sponsored By: Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you! Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean Links: Security Flaw Impacts Electron-Based Apps Attackers Use UPnP to Sidestep DDoS Defenses | Threatpost | The first stop for security news Another severe flaw in Signal desktop app lets hackers steal your chats in plaintext Critical Linux Flaw Opens the Door to Full Root Access | Threatpost | The first stop for security news Microsoft, Google: We've found a fourth data-leaking Meltdown-Spectre CPU hole • The Register Speculative Store Bypass explained: what it is, how it works TechSNAP Episode 351: Performance Meltdown Dave's Users flip the switch! Dave's War Story is really Screwy! Egon's Adventures in misslabled VMs

The EFail hype-train has hit hypersonic speed, we’ll tap the breaks and explain who disclosed it, what it is, what it’s not, our recommendations, and early reactions. Plus things to consider when deciding on-premises vs a cloud deployment, and the all business gadget from 1971 that kicked off the consumer electronics revolution. Links: The HP-35 — Consumer Electronics, an Origin Story The people cost of building out a Kubernetes cluster on-prem | Operos EFAIL — EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails. efail-attack-paper.pdf GnuPG Efail press release Response No, PGP is not broken, not even with the Efail vulnerabilities - ProtonMail Blog — Recently, news broke about potential vulnerabilities in PGP, dubbed Efail. However, despite reports to the contrary, PGP is not actually broken, as we will explain in this post. Eric's War Story is VERY Familiar When it rains it pours for Steve Critical Cisco WebEx Bug Allows Remote Code Execution Cisco WebEx and 3rd Party Support Utilities