A highlight from SN 818: News From the Darkside - Exim Email Server, Tor's Exit Nodes, TsuNAME, Project Hail Mary
We call him james tiberius gibson captain of the ship. Security steve gibson steve yolande. Oh what's ons again. Well you know. I did not want to talk about dark side but you have not hel way not to not to about dark side and what was interesting because like how long. How much time have i spent promising our listeners that you know we wouldn't keep talking about ransomware. But when this thing moves from you know an incidental concern about from like. It people to something that you know where our parents or grandparents or you know those who are predate. The internet like What ransomware what's that. I mean and when it steps out to dramatically affect our infrastructure and this group has a weird twist also like they've have an ethics page posted their site on the on the dark web about their intentions. Anyway we'll get to that. There was enough interest about this. Like enough insider information that war listeners would not have picked up from the mainstream media that i thought okay. We gotta talk about that but this is episode eight eighteen for patch. Tuesday of may which will be talking about next week because you know we have to wait to see what happens. We're going to look at a new and old threat to our global dns infrastructure. We also ask what the heck google is planning with their so called two step verification. We examine a huge new problem with the internet's majority of email servers microsoft exchange. That was march. And they're by no means the the biggest player it turns out that the biggest player. Xm has some like really bad problems. So buckle up We're also going to look at the reality of tor exit node. Insecurity leo and really substantiate the statements. You've been making when you're talking about our vpn sponsors that you know that's a just using tour doesn't do the problem. Yeah we're also going to touch on a new scifi novel from a very well known author Share a bit of closing the loop feedback from our listeners. And then we're going to settle down and take a look at this arguably the highest profile ransomware attack ever from what was previously a low key attacker. We'd never talked about dark side before you know we're talking about re yukan all these other guys and this player sort of interesting so l. n. For those listeners. Who've haven't well actually you. And i all of our conversation about our pitcher of the week was before you hit the record button. We have a picture that we're not going to explain. And we will explain watson iq tests. Actually it's not. It's a test of your educational levels. Maybe i don't. I don't think it's an intelligence test but it is a test so we'll we'll we'll have that in a moment But i word from our sponsor. This is a test. are you sure. There's no one on your network right now snooping around exfiltrated information. Getting ready to encrypt everything with ransomware. Sure that's what the colonial pipeline guys thought to. They needed this. They needed the things to canary. The last thing anyone wants right now. Is that data. Breach exfiltration It said that the pipeline folks hundred gigabytes of data was exfiltrated and then encrypted Rather than the villain lying in. Wait i'm going to suggest there is a hero in this story or there will be in your story if you know about the thinks canary thinks canary companies. Usually find out way too late. They've been compromised even if they've spent millions on. It security It's just not enough because as you know. Security is a layered thing. No one thing will fix everything but man you gotta have the canary. You just gotta and there's no reason not to it's affordable it's basically a honeypot. That's easy to configure easy to install and is irresistible to bad guys. So when they're going around looking for stuff to exfiltrated servers to log into they'll see the canary and it won't look vulnerable. It'll look valuable for instance. I've configured my canary to look like him. My sinology nass. Because i know the nasa i know the logging. I know exactly what it looks like. It came down to the mac address. It has an official mac address that is identical to a sinology mac address. You can say with the mac address is you can choose what it is. You can choose the user interface and when the bad guy sees that sinology use interfacing logs in you get a notification. You don't get overwhelmed by millions. And out of gatien's you just get very concise actionable notifications that include by the way the logging password. They use which is valuable information understanding. What they know already ran. The canary has completely changed. The game is designed to be installed and configured in minutes. And then if you'll forgive the pun left to its own devices you don't have to think about it in fact if you don't hear anything from the canary you can feel good.