Categories
News

Cloud Egress Costs & DDoS

I recently came across an article online that detailed how, following a DDoS attack, the invoice from the cloud provider skyrocketed. It is crucial to monitor how a volumetric attack can impact your costs, particularly in terms of egress traffic or the resources needed from engineers to combat it. Implementing automated solutions such as rate limiting and traffic signals is highly recommended for a more efficient response. Remember to consider the cloud egress prices when devising your strategy.

Please also take into account auto-scaling limits, alerts. Also cost alerts, and spending limits should be in place.

Categories
Azure News

Azure shared dashboard not found, February 2024

Today, February 19, 2024, at 07:30 CET, I discovered that my shared dashboards are no longer working on the Microsoft Azure Portal. This issue was observed across multiple tenants and subscriptions. I do not yet know the root cause, but I suspect that it is an incident on Azure’s side.

Dashboard not found

Dashboard ” no longer exists. It was previously published to resource group ‘dashboards’ in subscription ‘00000000-0000-0000-0000-000000000000’.

https://portal.azure.com/*** (2024-02-19 11:00 CET)
Categories
Azure News

Azure Incident on January 21, 2024

Azure was reporting an issue on their status page. I have found it to be impacting services.

https://azure.status.microsoft/en-us/status

The case was resolved. In 14 days (February 5th, 2024), we can expect a final report. The final report was posted.

Categories
News Security

NoName057(16) DDoS January 2024

Before the World Economic Forum in January 2024 in Davos Switzerland, Chinese Premier Li Qiang arrived in Switzerland on Sunday and was officially received with military honors. On the same day, Ukrainian President Volodymyr Zelensky visited the Swiss Parliament Building in Bern. The World Economic Forum began in Davos on Monday. By Wednesday January 17th 2024, the first public reports appeared regarding DDoS attacks against websites in Switzerland, attributing them to the group NoName057(16).

Categories
News Security

Stay on top of Cyber Security Alerts

It’s important to stay on top of new discoveries and vulnerabilities, following up on products. Knowing is the first step, evaluation and taking action is the second step.

Cyber Security Alerts

Vendors

Another crucial step is to sign up for security advisories with all your key vendors to significantly reduce the response time to newly released security advisories from the supplier.

For example like:

  • Atlassian
    • If you are using Atlassian products, especially Data Center or perhaps an outdated server version, I recommend signing up for the Atlassian Security Advisory mailing list. They have recently started sending monthly updates and sometimes even more with crucial information regarding patching and vulnerabilities. In my opinion, it is an absolute must to follow. (2024-01-18)

Categories
News Security

Terrapin Attack, SSH protocol vulnerability

I had to evaluate the risk of a potential Terrapin attack.

  • CVE-2023-48795: General Protocol Flaw
  • CVE-2023-46445: Rogue Extension Negotiation Attack in AsyncSSH
  • CVE-2023-46446: Rogue Session Attack in AsyncSSH

The Terrapin attack can target connections secured with ChaCha20-Poly1305 or CBC-mode ciphers with Encrypt-then-MAC. There is a theoretical vulnerability in CTR-mode ciphers combined with Encrypt-then-MAC, but it is not currently exploitable in real-world scenarios.

The attack requires an active Man-in-the-Middle.

OpenSSH and other vendors have implemented a strict key exchange countermeasure, but for it to be effective, both client and server must support it. Connecting a vulnerable client to a patched server, or vice versa, still results in a vulnerable connection.

Categories
News

This Week: Inspiration and Knowledge at 37C3

Every year (when its possible) the Chaos Communication Congress is part of my last week of the year. I never had the chance to attend in person but some presentation are truly great. This year the 37 edition under the name 37C3 with the claim “unlocked” will take place over the course of 4 days.

ℹ This post will be updated multiple times over the next few days.

Categories
News Web

What is google-proxy-00-000-00-00.google.com?

Recently, I noticed a significant increase in requests from the hostnames like this google-proxy-00-000-00-000.google.com in my log files. Upon investigation, I discovered that this hostname is commonly used for previews in Google Search. However, this explanation did not seem to apply to my situation. Additionally, the source of this information is 10 years old. The received requests from those proxy domains also contained a regular browser user agent string and not an official Google user agent to identify a specific product or service. Further research revealed that Google Chrome is experimenting with hiding the IP address through IP Protection.

I am concerned about this development because routing traffic through Google’s servers may complicate efforts to block DDoS attacks or identify fraudulent activity.

In response to these concerns, Google is considering measures such as requiring authentication with the proxy for users of this feature, preventing the linking of web requests to specific accounts by proxies, and implementing rate-limiting to safeguard against DDoS attacks.

Please share additional insights in the comments. The comment submission form will automatically disappear after some time.

Categories
Azure News

Azure West Europe Dsv5 Availability

I experienced issues today (2023-12-12) while deploying Azure Kubernetes Service (AKS) to Azure West Europe. It appears that the CPU type availability is exhausted in West Europe, which is a significant concern if your Azure Governance and related policies dictate that deployment must occur in this region.

{"code":"InvalidTemplateDeployment","message":"The template deployment 'aksCluster-20231212T084250Z' is not valid accord
ing to the validation procedure. The tracking id is '3abc3456-a9cd-789e-12f3-g456hij78901'. See inner errors for details
.","details":[{"code":"BadRequest","message":"Provisioning of resource(s) for container service aks01-euw-dev in resourc
e group rgr-euw-dev failed. Message: The VM size of Standard_D16s_v5 is only allowed  in zones [2] in your subscription 
in location 'westeurope'. . Details: "}]}
Categories
News Web

Firefox – Copy Link Without Site Tracking

The latest version of Firefox features a new context menu option on links: “Copy Link Without Site Tracking.”

2023-12-11 latest Firefox 120.0.1