Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MSFT Surprise Patch for Total #Meltdown; #APFS Still Logs Some Passwords; #Cloudflare Announces DNS - SANS Internet Storm Center MSFT Surprise Patch for Total #Meltdown; #APFS Still Logs Some Passwords; #Cloudflare Announces DNS


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
podcast logo

ISC StormCast for Monday, April 2nd 2018

A daily summary of cyber security news from the SANS Internet Storm Center
Author:Johannes B. Ullrich, Ph.D.
See below for a schedule of classes I teach.
Created: Monday, April 2nd 2018
Length: 5:36 minutes
Today's Headline: MSFT Surprise Patch for Total #Meltdown; #APFS Still Logs Some Passwords; #Cloudflare Announces DNS

If you like this podcast, then please consider telling others about it. Use this button to Tweet about this episode: click here. Errors? Corrections? Complaints? Player Problems? Please let us know here: https://isc.sans.edu/contact.html

Plain HTML5 Player
Fancy Player (with skip back/forward)

Show Notes

Microsoft Patching Total Meltdown Patch Again (hopefully for real)
https://support.microsoft.com/en-us/help/4100480/windows-kernel-update-for-cve-2018-1038

APFS Still Logging Some Encryption Passphrases
https://eclecticlight.co/2018/03/31/encryption-passphrases-are-still-left-in-logs-how-apple-abuses-its-unified-log/
https://twitter.com/6IX7ine

Cloudflare Announcing Anonymous/Fast DNS Service
https://blog.cloudflare.com/announcing-1111/

Discussion

You mentioned Quad9 in this podcast when talking about the Cloud Flare DNS service announcement. Something I've come across with Quad9 but not with other DNS services like 1.1.1.1 or Google's 8.8.8.8 is that Quad9 appears to be blocking some non-traditional URLs. I haven't seen any issues with the normal .coms or .nets, but have seen a lot of issues specifically with .bank. I have been working with Quad9s tech support on this but was curious if anyone else had seen the same thing with non .com URLS.
Posted by KRihner on Mon Apr 09 2018, 20:18
interesting. I just tested it, and it looks fine for a couple of sample records I looked up:

$ dig +short register.bank @9.9.9.9
64.41.83.142

$ dig +short sport NS @9.9.9.9
anycast24.irondns.net.
anycast9.irondns.net.
anycast10.irondns.net.
anycast23.irondns.net.

Maybe they fixed the problem, or it only affects specific domains.
Posted by Johannes on Mon Apr 09 2018, 22:08
I looked again today. I was using nslookup in Windows CMD and setting the server to 9.9.9.9 which makes dns.quad9.net my DNS server. Yesterday afternoon when I posted the comment I was getting an DNS timeouts. Checked again just now and it is resolving the .bank URLs. I haven't heard anything else back from Quad9 support, but I'm guessing they fixed the problem.
Posted by KRihner on Tue Apr 10 2018, 18:58

New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form

Interested in attending one of my classes? See below for my current schedule.

Intrusion Detection In-DepthSan AntonioAug 6th - Aug 11th 2018
Defending Web Applications Security EssentialsAmsterdamSep 3rd - Sep 8th 2018
Defending Web Applications Security EssentialsLas VegasSep 23rd - Sep 28th 2018
Intrusion Detection In-DepthTysonsOct 15th - Oct 20th 2018
Defending Web Applications Security EssentialsDenverOct 24th - Oct 29th 2018
Intrusion Detection In-DepthWashingtonDec 13th - Dec 18th 2018