エピソード

  • Episode α1
    2023/05/26
    Welcome to The Lock Podcast, exploring technology and information security topics. This is the first alpha (α) episode of The Lock Podcast, or 🔒 ("The Lock"), where I choose a few issues and events that seem noteworthy to me. Then, I bring them to you in a short format with links at "lock podcast dot com" if you want to know more. I do sincerely hope you all enjoy the show.
    Episode α1 includes:
            - the Montana TikTok ban and response, 
            - last week's major vulnerabilities,
            - Recent and Upcoming Hacker Conferences,
            - and building a packet filter minefield on an OpenBSD router.

    I'm M.J., and here is the news. 

    Top tech news in the United States is that the Montana legislature has passed Senate Bill 419, approving a complete ban of the online, short video platform TikTok within the state. This bill, subtitled "Prohibiting a Mobile Application Store From Offering the TikTok Application to Montana Users," is being challenged as a constitutional First Amendment Free Speech matter by a coalition made up of the American Civil Liberties Union (ACLU), the Electronic Frontier Foundation (EFF), and other organizations. 

    Top Information Security news this week, CISA issued two Cisco IOS alerts due to overflow vulnerabilities and advisories for five industrial control systems. In consumer news, SANS Bites discussed Apple's released fixes for three vulnerabilities using their Rapid Security Response distribution method. Finally, as Trend Micro reported, specific OEM-packaged Android IoT devices are being pre-infected with Lemon Group malware. 

    Last week was THOTCON in Chicago and Security B-Sides Seattle and Fort Wayne, Indiana; and this week, Security B-Sides Budapest, Roanoke, Dublin, ExploitCon Boise, and Security Fest in Gothenburg. Links to more conferences are available at lockpodcast dot com slash events.  

    Finally, while updating my OpenBSD edge router, I found a link to "Tim's blog" in a comment—specifically, their aggressive pf configuration, which I modeled mine after. The idea is that systems have a handful of ports that services are listening on. So if an uninvited device attempts to connect to a network on multiple ports to check out what is available, you can safely take this as validation of malicious intent and drop further traffic from them. Accomplishing this combines triggering drop responses across a "minefield" of ports 1024 to 9999, adding caught agents to a troublemaker's table. For good measure, any popular service not offered but connected to should be tagged straight away as trouble. Stateful remains safe, of course, with egress traffic allowed back in while troublemakers coming in get dropped. Again, check out Tim's blog for more information and example pf configs. 

    Links to more information about all of the mentioned topics are available at lockpodcast.com

    続きを読む 一部表示
    3 分
  • Episode α2: ICS, Botnets with Zyxel, Hacker Conferences, Building Resilent Websites
    2023/05/27

    Welcome to The Lock Podcast, exploring technology and information security topics. This is the second alpha (α) episode of The Lock Podcast, or 🔒 ("The Lock"), where I choose a few issues and events that seem like they may interest you, the listener, with follow-up links at "lock podcast dot com" in case you want to know more. I do sincerely hope you all enjoy the show.
    Episode α2 includes:
            - Industrial control systems attacks,
            - Residential Botnets with Zyxel,
            - last week's major vulnerabilities,
            - Recent and Upcoming Hacker Conferences,
            - Built with building a resilient website with Zola, OpenBSD.Amsterdam, Bunny.Net, CloudNS, and Let's Encrypt.

    I'm M.J., and here is the news.

    Top tech news has the Nintendo video game Zelda: Tears of the Kingdom continuing to amuse fans with a new patch, correcting a duplication bug. At the same time, the Japanese moon lander Hakuto (Japanese for White Rabbit) appears to have taken an unfortunate three-mile drop at 100 meters per second into the moon due to a software glitch failing to account for the new landing site, according to Hakamada officials. Lastly, after settling animal welfare violations in its work, Elon Musk's firm Nuralink has obtained FDA approval for brain implants.

    In industrial news, the threat agent Volt Typhoon targets critical United States infrastructure using standard living-off-the-land techniques. At the same time, CISA added another industrial control system vulnerability to its catalog of known exploits.

    This week's Top Information Security news, Cisco Talos, reports the increased use of the Intellexa Predator malware based on the research from Google's Threat Analysis Group (TAG) article Protecting Android users from 0-Day Attacks in May of 2022. Additionally, the Mirai botnet has also been upgraded to include multiple Zyxel remote buffer overflow vulnerabilities. CVEs 2033-33009 and 33010 were issued according to the Zyxel advisory.

    Last week was Security B-Sides Budapest, Roanoke, Dublin, ExploitCon Boise, and Security Fest in Gothenburg. This coming week is x33fcon, Headwear.io USA, BSidesBuffano, and CONFidence. Links to more conferences are available at lockpodcast dot com slash events.

    Finally, over the years, I've iterated through several hosting styles. A lot of VPS', some racked servers in data centers, and too many rented servers to count. All to get the uptime and latency that others were eventually selling at a far lower price than I could manage without taking on customers to break even with the advantage of "doing it myself," and I did participate in a couple cooperatives that aimed to do just that. The reality is that what used to be measured in servers or packages is now measured in services or providers. The DNS for this site lives on CloudNS, which chooses either Bunny.net or OpenBSD.Amsterdam to send traffic to, and those each serve up static HTML generated with the Rust tool Zola which behaves almost exactly like Hugo from the GoLang space. Once generated with Zola, the HTML and associated files are uploaded to the CDN Bunny.Net and a well-placed host at OpenBSD.Amsterdam to serve up files synced with rclone. To top things off, both Bunny.Net's Edge Rules and RelayD's Response Headers allow for setting Response Headers that are fun to get graded at Security Headers.com, as often it is a trial-and-error to get them right. Testing what has been built as it is being constructed is essential. I'll use services like Pingdom, WebPageTest, and PageSpeed.dev and do some of the ol' load testings before making them public.

    Links to more information about all of the mentioned topics are available at lockpodcast.com

    続きを読む 一部表示
    4 分