Some Recent Security Things: (June 26th 2020)
I thought I'd quickly mention some recent security problems that have been going on, mostly because they're kind of strange, and I'm not really sure what's causing them.
Everyone's SSL Keys are Broken:
For some reason a bunch of SSL keys for seemingly unrelated things are expiring all at once, I'm not sure why this is, it could be some strange attack, or it could simply be someone revoking a key in the CA web of trust. Most of these expirations seem to be keys set for 2021, but if you've seen keys pre-maturely expiring around the date of this post (2021 or not) please e-mail me or message me in Riot.IM or something (I'd offer to find me in IRC, but all the IRC servers are down due to expired keys!). I remember seeing a bunch of security updates for
LibCrypto recently, so maybe
that had something to do with it.
Anyway, probably nothing but I hadn't made a post in a while so now you guys know I'm not dead.
Sudden DDoS of A Bunch of Stuff:
The other strange thing is from a couple weeks ago, there was a sudden large outage in cell phone networks in the US, at the same time a bunch of DDoS attack target towards US servers (Specifically in Washington) started. I'm not sure why, or how, but it seemed strange to me. Anyway, I'm not trying to start any conspiracy theories, I just didn't want this to go undocumented. I'm not sure what happened, maybe some company that does some back-end functionality of a bunch of cell companies got DDoS'd, and it lead to their towers not working, or maybe it's just a coincidence. Once again, if you know more about this or have some data about this, feel free to find me on Riot.IM or e-mail me.
Telegram Is Evil:
Telegram's canary disappeared, then a little later they released information on some users and on their message. This is a warning not to use it, and also a notice that I will no longer be answering Telegram message. Probably shouldn't trust any service that has a bunch of unqualified people roll their own crpyto anyway :/
Weechat Had A Buffer Overflow:
Yay one with a source, and source-code to look at! I just thought I'd bring this to attention, that there was a buffer overflow in the popular IRC client Weechat recently. If users set their nicknames too long and send some packets they could trigger it. At this point I think we need to accept that writing computer programs with networking functionality in C is it's own security flaw. It's too easy to make simple mistakes that can lead to major problems, when you're language can't call print on user input without creating a stack leak, you have a problem.
>>Weechat Security Page<<
That's About it:
Anyway, I just thought I'd write something about all these things, since I found them curious and hadn't written anything in a while.