New Episode of Security Now: Security Now 1049
In this episode of Security Now, Steve Gibson and Leo Laporte discuss various topics related to computer security, including the arrests of hackers in the UK, new vulnerability reporting laws in Russia and China, and the return of DNS cache poisoning. They also cover topics such as NIST password policies, the practical implications of ransomware attacks, and vulnerabilities in DNS resolvers.
Arrests of hackers in the UK: The episode begins with a discussion on the arrest of two young hackers in the UK, aged 18 and 19, involved in a cyberattack against Transport for London (TfL). This attack caused three months of disruptions and cost TfL 39 million pounds. The hackers were part of the hacker group Scattered Spider and were arrested after an investigation by the National Crime Agency and the City of London Police. Steve Gibson expresses his sympathy for the young hackers, emphasizing that their actions will have lasting consequences on their lives.
New vulnerability reporting laws in Russia and China: The discussion then turns to new laws in Russia and China that require security researchers and companies to report vulnerabilities to the authorities. In Russia, a new law under discussion would require researchers to report vulnerabilities under threat of criminal sanctions. In China, a similar law has been in effect since 2021 and has led to a significant increase in the use of undisclosed vulnerabilities (zero-day) by Chinese hacker groups. Steve Gibson points out that these laws aim to arm the respective governments with cyber warfare tools, which could have global implications.
Return of DNS cache poisoning: A major topic of the episode is the return of DNS cache poisoning, a vulnerability discovered by Dan Kaminsky in 2008. Steve Gibson explains in detail how this vulnerability works and why it remains a threat. DNS resolvers use UDP requests to obtain the IP addresses of domains, but these requests can be intercepted and falsified by attackers. In 2008, the solution was to make DNS requests unpredictable by using random ports and request IDs. However, recent vulnerabilities in popular DNS resolvers like BIND and Unbound show that this solution has not been properly implemented.
NIST password policies: The discussion then turns to NIST password policies, which have been updated to reflect current best practices. The new guidelines recommend passwords of at least 15 characters for single-factor authentication and at least 8 characters for multi-factor authentication. Resolvers should also accept all printable ASCII characters and Unicode characters in passwords. Steve Gibson emphasizes the importance of these updates to improve password security.
Practical implications of ransomware attacks: Leo Laporte and Steve Gibson discuss the practical implications of ransomware attacks, highlighting that 95% of security professionals believe they can recover from a ransomware attack, but only 15% actually succeed. They discuss common attack vectors, such as compromised remote access, phishing, social engineering, and software vulnerability exploitation. Steve Gibson emphasizes the importance of maintaining strict security hygiene and implementing robust backup solutions.
Vulnerabilities in DNS resolvers: The episode concludes with a discussion on recent vulnerabilities in the DNS resolvers BIND and Unbound. These vulnerabilities allow attackers to poison DNS caches by sending unsolicited DNS responses. Steve Gibson explains that these vulnerabilities are due to a weakness in pseudo-random number generation and logic for handling unsolicited DNS responses. He emphasizes the importance of updating DNS resolvers to fix these vulnerabilities and protect against DNS cache poisoning attacks.
In conclusion, this episode of Security Now provides an in-depth look at current challenges in computer security and the measures organizations can take to protect themselves. Steve Gibson and Leo Laporte provide valuable information and practical advice to improve the security of systems and networks.
https://twit.tv/posts/transcripts/security-now-1049-transcript