Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Godaddy DDoS Attack

Published: 2012-09-10
Last Updated: 2012-09-10 21:39:54 UTC
by Johannes Ullrich (Version: 2)
15 comment(s)

Update: GoDaddy appears to make some progress getting services back online. The web site is responding again. DNS queries appear to be still timing out and logins into the site fail. (17:30 ET)

GoDaddy is currently experiencing a massive DDoS attack. "Anonymous" was quick to claim responsibility, but at this point, there has be no confirmation from GoDaddy. GoDaddy only stated via twitter: "Status Alert: Hey, all. We're aware of the trouble people are having with our site. We're working on it."

The outage appears to affect the entire range of GoDaddy hosted services, including DNS, Websites and E-Mail. You may experience issues connecting to sites that use these services (for example our DShield.org domain is hosted with GoDaddy). 

 At this point, I would expect GoDaddy to keep its users up to date via it's twitter feed (http://twitter.com/GoDaddy ). I am not aware of a reachable network status page for GoDaddy.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

15 comment(s)

Microsoft Patch Tuesday Pre-Release

Published: 2012-09-10
Last Updated: 2012-09-10 11:09:16 UTC
by Johannes Ullrich (Version: 1)
2 comment(s)

We only expect two bulletins from Microsoft tomorrow [1]. Both bulletins are rated important. The first one affects Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1, and the second one affects Microsoft Systems Management Server 2003 Service Pack 3  as well as Microsoft System Center Configuration Manager 2007 Service Pack 2. 

While these are popular software packages, they are far less popular then some of the usual suspects (Office, Windows, Internet Explorer). In part, the low number of bulletins appears to be intentional, to not distract from the more complex issue which will affect Windows users starting with the October update set: Windows will no longer allow SSL certificates with RSA keys that are less then 1024 bits in length. The update is already available to allow for testing, but in October, it will be pushed as a patch.

The reason Microsoft is so careful with this update is that it will not just effect certificates issues by Microsoft and other well known certificate authorities, but it will also affect internal certificates. For example if you are using an internal certificate authority, and created certificates with insufficient key sizes to sign e-mail messages via S/MIME, these certificates will no longer work after you applied the update [3].

As a first step, you should install the patch on a test system, and watch for any problems. You should also carefully inventory your certificates, in particular if you are using non-standard (internal) certificate authorities. As you are recreating new certificates, DO NOT create 1024 bit RSA keys. Windows will still accept them, but 1024 bits is an absolute minimum size, and not necessarily sufficient. 2048 or 4096 bits is the size you should try to use. 

 

 

[1] http://technet.microsoft.com/en-us/security/bulletin/ms12-sep
[2] http://technet.microsoft.com/en-us/security/advisory/2661254
[3] http://support.microsoft.com/kb/2661254

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

2 comment(s)
ISC StormCast for Monday, September 10th 2012 http://isc.sans.edu/podcastdetail.html?id=2788
Diary Archives