HUP cikkturkáló

Summary of the Amazon S3 Service Disruption

( RaptoR | 2017. 03. 03., p – 13:47 )
HUP cikkturkáló

Összefoglaló arról, hogy miért állt le a fél internet kedden: https://aws.amazon.com/message/41926/

The Amazon Simple Storage Service (S3) team was debugging an issue causing the S3 billing system to progress more slowly than expected. At 9:37AM PST, an authorized S3 team member using an established playbook executed a command which was intended to remove a small number of servers for one of the S3 subsystems that is used by the S3 billing process. Unfortunately, one of the inputs to the command was entered incorrectly and a larger set of servers was removed than intended. The servers that were inadvertently removed supported two other S3 subsystems. (...)

Remélem a "felhős" 

rm -rf

-et kiadó illetőnek ismét irodalmi érték közelében van már a vérnyomása. :)

RASPBERRY PI ZERO W JOINS THE FAMILY

( scottscott | 2017. 02. 28., k – 10:42 )
HUP cikkturkáló

Today is Raspberry Pi’s fifth birthday: it’s five years since we launched the original Raspberry Pi, selling a hundred thousand units in the first day, and setting us on the road to a lifetime total (so far) of over twelve million units. To celebrate, we’re announcing a new product: meet Raspberry Pi Zero W, a new variant of Raspberry Pi Zero with wireless LAN and Bluetooth, priced at only $10.

https://www.raspberrypi.org/blog/raspberry-pi-zero-w-joins-family/

Cloudpets: 2.2 million voice recordings of parents and their children exposed

( toMpEr | 2017. 02. 28., k – 00:15 )
HUP cikkturkáló

The security vulnerability was recently detailed in a lengthy post by Troy Hunt over on his website. The issue, it seems, is CloudPets’ lax security, which allowed ‘a MongoDB that was in a publicly facing network segment without any authentication’ requirements to be indexed by a search engine called Shodan. This database contains extensive information about the company’s users.

https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leak…

Cloudbleed: CloudFlare leaked passwords, 2FA secrets, full HTML in plaintext.

( toMpEr | 2017. 02. 24., p – 10:19 )
HUP cikkturkáló

Big-name websites leaked people's private session keys and personal information into strangers' browsers, due to a Cloudflare bug uncovered by Google researchers.
As we'll see, a single character – '>' rather than '=' – in Cloudflare's software source code sparked the security blunder.

This leak was triggered when webpages had a particular combination of unbalanced HTML tags, which confused Cloudflare's proxy servers and caused them to spit out data belonging to other people – even if that data was protected by HTTPS.

Még a végén kiderül, hogy mégsem olyan jó ötlet az internet 20%-át egy cégen keresztül kiszolgálni...

https://www.theregister.co.uk/2017/02/24/cloudbleed_buffer_overflow_bug…
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cl…

Shattered: Az első SHA1 ütközés

( toMpEr | 2017. 02. 23., cs – 17:48 )
HUP cikkturkáló

We have broken SHA-1 in practice.
This industry cryptographic hash function standard is used for digital signatures and file integrity verification, and protects a wide spectrum of digital assets, ranging credit card transactions, electronic documents, open-source software repositories and software updates.
It is now practically possible to craft two colliding PDF files and obtain a SHA-1 digital signature on the first PDF file which can also be abused as a valid signature on the second PDF file.
For example, by crafting the two colliding PDF files as two rental agreements with different rent, it is possible to trick someone to create a valid signature for a high-rent contract by having him or her sign a low-rent contract.

https://shattered.it/
https://security.googleblog.com/2017/02/announcing-first-sha1-collision…

Feliratkozás a következőre: HUP cikkturkáló