The trials and tribulations of the long journey to TLS 1.3 & the “middleware” that’s keeping us from having nice things. Plus a pack of Leaky S3 bucket stories & the data that was exposed.

Then we do a deep dive into some SMB fundamentals & practical tips to stay on top of suspicious network traffic.

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:


Show Notes:

Why TLS 1.3 isn’t in browsers yet

It has been over a year since Cloudflare’s TLS 1.3 launch and still, none of the major browsers have enabled TLS 1.3 by default.

Leaky S3 Buckets

“I had seen unencrypted flight logs, passports, drivers licenses, and identification cards,” Finisterre said, adding: “It should be noted that newer logs and PII [personally identifiable information] seemed to be encrypted with a static OpenSSL password, so theoretically some of the data was at least loosely protected from prying eyes.”

For a researcher at UpGuard, on 6 October the answer turned out to be an intriguing 36GB database file sitting in plain view_on an Amazon Simple Storage Service (S3) bucket uploaded by analytics company Alteryx._

Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing “dozens of terabytes” of social media posts and similar pages — all scraped from around the world by the US military to identify and profile persons of interest.

Introduction to SMB for Network Security

Of all the common protocols a new analyst encounters, perhaps none is quite as impenetrable as Server Message Block (SMB). Its enormous size, sparse documentation, and wide variety of uses can make it one of the most intimidating protocols for junior analysts to learn. But SMB is vitally important: lateral movement in Windows Active Directory environments can be the difference between a minor and a catastrophic breach, and almost all publicly available techniques for this movement involve SMB in some way. While there are numerous guides to certain aspects of SMB available, I found a dearth of material that was accessible, thorough, and targeted towards network analysis. The goal of this guide is to explain this confusing protocol in a way that helps new analysts immediately start threat hunting with it in their networks, ignoring the irrelevant minutiae that seem to form the core of most SMB primers and focusing instead on the kinds of threats an analyst is most likely to see.

The StorageCrypter Ransomware appears to be targeting NAS systems around the world but the facts surrounding it have been somewhat confusing.


Repairing a 1960s mainframe: Fixing the IBM 1401’s core memory and power supply

The IBM 1401 was a popular business computer of the early 1960s. It had 4000 characters of internal core memory with additional 12000 characters in an external expansion box. 2 Core memory was a popular form of storage in this era as it was relatively fast and inexpensive. Each bit is stored in a tiny magnetized ferrite ring called a core. (If you’ve ever heard of a “core dump”, this is what the term originally referred to.) The photo below is a magnified view of the cores, along with the red wires used to select, read and write the cores.4 The cores are wired in an X-Y grid; to access a particular address, one of the X lines is pulsed and one of the Y lines is pulsed, selecting the core where they intersect.

Question? Comments? Contact us here!