Hello, welcome to the Friday, March 2nd, 2018 edition of the Sandton and Storm Center's Stormcast. My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

Let me first start up with a couple of updates on stories covered earlier this week. First of all, the denial of service attack via Memcash D.

There's now a good write-up from GitHub who was at the receiving end of one of these

denial of service attempts.

Well, it turns out that they received well over 1 terabit per seconds.

So this sort of sets new records as far as the amount of traffic

being hurled against a victim. The other issue regarding these Mimkash, the attacks

is that in my original write-up I missed the important feature of these attacks.

In my honeypot, I just saw them use the stats command, which does for sure provide some amplification,

but what's actually happening here in the commenter to the original diary mentioned this,

that the attacker will first actually load some data

into the database and then requested, which then leads to these very large amplifications.

The other story I would like to update is regarding Trustico.

First of all, yes, Trustico did offer a feature where they were creating

the key pair for you and apparently they did hold on to the secret key. They also had sort of

a feature on their website where you could convert your secret key from one format into another,

which of course did require that you uploaded your secret key

to Trustico's website.

Second part to this is today they displayed a lot of errors to users that tried to visit

their site.

Initially it looked like it was just overwhelmed based on the traffic caused by all the news regarding Trustico,

but apparently they also have arbitrary command injection vulnerably on their website,

...