Hello, welcome to the Friday, January 20th, 2017 edition of the Sandton and Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Brussels, Belgium.

I've talked in the past a couple times about Elasticsearch and MongoDB and how it is being attacked.

Most recently, there was a big rash of compromised MongoDB systems

where attackers held the data for ransom or at least claimed to have it,

even though they already had it deleted.

The latest big data database that's being attacked like this is Hadoop. According to one of our

handers actually, John Bamanick, who wrote this for Fidelis, they have seen databases being deleted

that were not adequately secured. And just like the other NoSQL databases, Hadoop also is often installed without credentials.

I guess it was just a matter of time and of course, like anything that you make accessible to the Internet and don't adequately secure,

it will get stolen or will get wiped just a matter of time.

And of course, this year will mean the end of Shah 1 based certificates.

And starting next week, you may actually see some of the effects.

Mozilla is supposed to release Firefox 51 on Tuesday,

and with that, Shah 1-based certificates will be marked unsafe. A week later on January 31st,

we'll get the same from Google with Chrome 56, and mid-February with the February patch Tuesday,

Microsoft will also cut off support for Shaw 1 in Edge

and Internet Explorer.

Earlier this year, actually on January 1st,

Windows already stopped accepting Shaw 1 based certificates. certificates. So with that, you really,

really need to get going quickly and make sure that you no longer have any SL web servers

that use SHA-1-based certificates. Most existing browsers already allow you to disable them or present

...