ZRAT, Malware, Boeing, CF, Rights, Firefox, Disinfo, G+, DNS

  • It's annoying that Windows lacks simple and efficient tools like blkdiscard. Which is very nice especially with ZRAT SSDs which is a way to very quickly get rid of data on disk, so it's not trivially recoverable.
  • Triton malware. Just as expected. Everyone knew this is coming. In more generic sense, it's really dangerous that systems are insecure, as well as that the people blindly trust IT systems. The blind trust to computers, makes all kinds of horrible attacks possible, where humans are just one tool in the process. They think they're doing the right thing, when they're still doing exactly what the attackers wants them to do. Therefore it doesn't even mean that the attackers would need to be able to directly affect the target system, when they can do it indirectly.
  • Some notes about the 737MAX failure: ”Boeing wanted the simplest possible fix that fit their existing systems architecture, so that it required minimal engineering rework”. - Sounds pretty familiar. Let's tape some ad hoc and kludge on top of it, and never mind testing, because it would just add extra costs. We will find out in production if it doesn't work.
  • Cloudflare monsters in the middleboxes. Technologies like MITMEngine and MALCOM. It's interesting that they consider other proxies and middle boxes as security risk. Yet reverse proxies like Cloudflare and Akamai aren't considered as a security risk. I think it's kind of disinformation for technically illiterate people. Also it's disinformation that browser agent and ciphersuite mismatch would indicate presence of middlebox. It's trivial to change ciphersuite settings, as well as change supported elliptic curve groups etc. These are strange statements from technically oriented team.
  • User rights management, many systems are so badly designed and hard to use, that it basically leads to always incorrect user right settings. It would take forever to get the user rights right, so it's easier just to configure everything wide open and then it's done. Badly documented and hard to follow + illogical.
  • Firefox 66 brings scroll anchoring. Yay! One of the most annoying feature of many web-sites and also desktop / mobile applications is constant moving of buttons on screen, so when you click / touch something, you don't have any idea what option you'll end up with, because the content isn't static. This change is really really welcome and awesome. I'll really which this would be standard for all user interfaces anyway.
  • Classic disinformation. So many guides on the net tell to use command cipher /w:c to wipe free space. But that's so wrong, it's missing essential part. It has to be cipher /w:c: Why? Or if there are multiple disks mounted into the same file system then full path like cipher /w:c:\mountpoint\ Why? Because the single letter after /w: isn't valid drive or path designation and will lead to c drive being wiped even if you would try to wipe some other path. But you don't believe how many instructions on the net get it totally wrong, and provide disinformation to users, instead of telling how to do things correctly.
  • My Google Plus (Google+) account is finally closed. What comes to cloud services, those aren't data storage services where data would be stored permanently. Of course this is no news to anyone, but it seems that unfortunately many people completely miss this fact.
  • DNS reverse lookup timings - I've had feeling that Cloudflare DNS isn't as fast as they advertise. They claim it's so fast, but when running large logs and doing tons of reverse DNS lookups. I feels slow, you can see it clearly when doing massive reverse lookups. - Here's results for some tests I did. 200 IP addresses reverse looked up in sequence using different DNS services. Basically this usually leads to situation where everything is readable and writable by everyone and many paths are fully accessible with guest account. Otherwise things just won't work. The measured time is for whole batch of 200 lookups:
  • DNS reverse lookup timings:
  • 114 seconds ISP's own DNS server (Telia, Finland)
  • 105 seconds Cloudflare 1.1.1.1
  • 93 seconds Quad 9 9.9.9.9
  • 66 seconds OpenDNS 208.67.222.222
  • 45 seconds Google DNS 8.8.8.8

2020-05-31