Episode 379: SegmentSmack is Whack
Take down a Linux or FreeBSD box with just 2kpps of traffic, own Homebrew in 30 minutes, and infiltrate an entire network via the Inkjet printers.
August 10, 201829m 16s
Audio is streamed directly from the publisher (aphid.fireside.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Take down a Linux or FreeBSD box with just 2kpps of traffic, own Homebrew in 30 minutes, and infiltrate an entire network via the Inkjet printers.
It’s a busy TechSNAP week.
Sponsored By:
- Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean
- iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!
- Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com
Links:
- HP Inkjet Printers Buffer Overflows in Processing Files Let Remote Users Execute Arbitrary Code
- Black Hat 2018: Update Mechanisms Allow Remote Attacks on UEFI Firmware | The first stop for security news
- How I gained commit access to Homebrew in 30 minutes
- Reconnaissance tool for GitHub organizations
- TruffleHog: Searches through git repositories for high entropy strings and secrets, digging deep into commit history
- BFG Repo-Cleaner by rtyley
- TCP implementations vulnerable to Denial of Service
- SegmentSmack: kernel: tcp segments with random offsets may cause a remote denial of service [CVE-2018-5390]
- Merge branch 'tcp-robust-ooo' · torvalds/linux
- New Sysadmin dealing with stress.
- Microsoft’s undersea data center now has a webcam with fish swimming past 27.6 petabytes of data
Topics
SegmentSmackFreeBSDLinuxUEFI remote attackBuffer overflowGitHub AuditTruffleHogGitRobundersea datacenterhomebrewEric HolmesSysadmin podcastTechSNAP