DEF CON, Bitcoin, Cloudflare - Jan 29th-Feb 5th, 2024 - F5 SIRT - This Week in Security

Introduction

Hello again, Kyle Fox here.   I was going to write about the Boeing 737 MAX 9 door plug issues and what lessons we could learn in security from that, but I decided that since DevCentral has a limit to article size, I would save that for later.   This week we are mainly going to talk about the DEF CON situation and a number of other stories, with the usual round-up.

DEF CON 32 Cancelled?

 

So, Sunday evening I get an email noting that DEF CON 32, previously scheduled to occur at the Caesars Forum Convention Center, had its contract with Caesars Entertainment abruptly cancelled and that the event would be held at the West Hall of the Las Vegas Convention Center.  There has been a lot of speculation about the reasons Caesars cancelled the contract, but no firm information has of yet emerged.  Needless to say this has created a mess of work for all the events, villages both official and unofficial, parties and just plain attendees as there are no directly attached hotels to this part of the convention center and most hotels are at least a decent walk or ride on transit away.    The group I design badges for, DEFCON Furs, has had several conference calls looking to sort out a location for our suite that is also useful for our people.   Expect more updates as DEF CON 32 approaches.

 

Bitcoin Responsible for 2% of US Power Usage

 

Bitcoin is still showing up in the news for its power usage, this time a study by the US Energy Information Agency indicates that Bitcoin mining represents 0.6% to 2.3% of US power consumption.    The report notes Texas and Georgia are major centers for that power usage, most likely because of either low spot rates or low industrial rates for power.   Irregardless of where the power actually comes from, this power usage drives up demand for power generation using non-renewable resources like coal or gas and puts unnecessary strain on the electrical grid.

 

Cloudflare Reports a Security Incident from Thanksgiving 2023

 

Cloudflare announced that they had a security incident that was discovered around November 23rd, 2023.  This incident involved credentials compromised in a previous Okta attack that were reused to access an Atlassian server running the Atlassian suite of applications.  Upon discovery on the 23rd, Cloudflare was able to fully terminate the threat actors' access by the 24th and brought in CloudStrike to investigate the incident.   Cloudflare speculates that the attack was conducted by a nation-state actor based on the sophistication and deliberateness of the attack.

 

FBI Shuts Down Volt Typhoon Botnet

 

The US Federal Bureau of Investigation announced that it had shut down a botnet run by the group known as Volt Typhoon.    This botnet consisted of SOHO routers, mostly Cisco and Netgear routers that had been compromised because of latent defects that had not been patched.    This highlights two major issues with network infrastructure that is often very apparent in home and small office environments, the first being that hardware vendors may not prioritize or even issue patches for vulnerabilities in their products, and even when they do issue patches, those patches are not deployed regularly.    In some cases the ISP may be able to help with this as its common in the US for SOHO routers to be part of the ISP connectivity bundle, so a company like Comcast/Xfinity could in theory test and deploy patches to its routers located in customer's offices.    The US Cybersecurity and Infrastructure Security Agency has also urged manufacturers to maintain the software in their products and streamline patching, automate it if possible.

 

Florida is Moving to Prohibit Children Under 16 From Using Social Media

 

The Florida House or Representatives has passed a bill to prohibit children under 16 from using social media.   The bill will require social media companies to verify users age in the State of Florida, likely resulting in retention of data that could be used to de-anonymize social media users.    Needless to say this bill would have implications outside Florida and for more than just children under 16 since implementation assumes you can somehow figure out who actually resides in Florida as opposed to who is just there for Disney World.   The bill has since seen progress in the Florida Senate.

 

Roundup

 

• The YouTube recommendation this week is Captain Disillusion.  He is a VFX artist and Blenderer who produces a number of videos that dive into the technology of video and debunk viral videos that have been faked.
• Oxide Computer, a company that is working to build a whole new type of cloud-ready server system, has released Helios, their Illumos distribution.
• FCC wants to make AI robocalls illegal.  (Edit: They did.)
• A finance worker in Hong Kong was tricked into transferring $25 Million to scammers in an elaborate deepfake scheme.
• California legislators want to make cars limit your speed based on GPS data.  This, if passed, may result in unintended consequences, like attacks on the database, glitches causing excessive braking and other side effects.
• After sustaining damage, the little helicopter that could, Ingenuity, ends its mission on Mars.
• Trail of Bits has built a x509 test suite for validating cryptographic certificate use in applications.
• And yes, Canadian payroll is complex.