Episode α2: Industrial Control Systems and Content Distribution

2023-06-03 - (5 min read)

Welcome to The Lock Podcast, where I explore technology and information security topics. This is the second alpha (α) episode of The Lock Podcast, or 🔒 ("The Lock.") For every episode I choose a few topics that may interest you, the listener, and I provide follow-up links at "lock podcast dot com", in case you want to know more. I do sincerely hope you all enjoy the show. Episode α2 includes:

Industrial control systems attacks,
Residential Botnets with Zyxel and Mirai,
last week's major vulnerabilities,
Recent and Upcoming Hacker and Security Conferences,
and building a resilient website

I'm M.J., and here is the news.

Top tech news has the Nintendo video game Zelda: Tears of the Kingdom continuing to amuse fans, and has issued a patch correcting a duplication bug. At the same time, the Japanese moon lander Hakuto or White Rabbit, appears to have taken an unfortunate three-mile drop at 100 meters per second into the moon due to a software glitch failing to account for the new landing site, according to Hakamada officials. Lastly, after settling complaints about animal welfare violations in its work, Elon Musk's firm Nuralink has obtained FDA approval for human brain implants.

In industrial news, Microsoft reports that the threat agent Volt Typhoon has been targetting critical United States infrastructure using standard living-off-the-land techniques. While at the same time, CISA has added another industrial control system vulnerability to its catalog of known exploits.

This week's Top Information Security news, Cisco Talos reports the increased use of the Intellexa Predator malware. This research is an expansion of Google's Threat Analysis Group (TAG) work from May 2022, that resulted in the published article "Protecting Android users from 0-Day Attacks". The Mirai botnet has also been upgraded to include multiple Zyxel remote buffer overflow vulnerabilities. CVEs 2023-33009 and 33010 were issued according to the Zyxel advisory.

Last week was Security B-Sides Budapest, Roanoke, Dublin, ExploitCon Boise, and Security Fest in Gothenburg. This coming week is x33fcon, Headwear.io USA, BSidesBuffalo, and CONFidence. Links to more information about the conferences is available at lockpodcast dot com slash events.

Finally, over the years, I've iterated through several hosting styles. A lot of VPS', some racked servers in data centers, and too many rented servers to count. All to get the uptime and latency that others were eventually selling at a far lower price than I could manage, with the sole advantage of "doing it myself." I did participate in a couple cooperatives that aimed to do it ourselves but eventually we all fell victim to AWS, Azure, OCI or Google Cloud. The reality is that what used to be measured in servers or packages is now measured in services or providers. Striking a balance between giving up control and uptime was a challenge. The DNS for this site lives on CloudNS, which chooses either Bunny.net or OpenBSD.Amsterdam to send traffic to, and those each serve up static HTML generated with the Rust tool Zola a decendant of Hugo. Both Bunny.net's Edge Rules and OpenBSD's RelayD Response Headers allow for setting Response Headers that are fun to get graded at Security Headers.com, as often it is a trial-and-error to get them right. Testing what has been built as it is being constructed is essential. I'll use services like Pingdom, WebPageTest, and PageSpeed.dev and do some of the ol' load testings before making them public with Let's Encrypt serving the TLS certificate.

Links to more information about all of the mentioned topics are available at lockpodcast.com

Links and Notes