Hello and welcome to the Monday, January 2nd, 2023 edition of the Sandtonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

With one week of no podcasts, we do have a couple of diaries to catch up on, so I just want to do this

relatively quickly here. Jan looked at the SPF and DMR records in country-level government

domains. So most countries have country-level domain like dot UK or dot DE, and then they have a subdomain here for

government entities like Gov.uk, I believe it is, for the UK top-level domain. Jan looked at

how these domains are then configured with respect to SPF and DMAR.

This is, of course, rather complex because usually these domains cover the entire

country's government, so there's a wide range of different government organizations.

One thing I want to point out that the Yans of ended as a little end note here that eight of the second level

gov domains have actually these blocking records and that's something that you

should definitely consider for a domain that does not send any email SPF and

demarc records basically just state hey we are not sending any emails.

Other diaries we have are about, well, setting up a custom D-Shield listener in your honeypot.

Also, how to use a PowerShell to parse JSON from Amazon and from firewalls,

and then also how to set up the shield sensor

in Microsoft's Asia Cloud.

So check with the respective diaries for additional details.

And then just a quick follow-up

and a little bit more detail on the KSMBD vulnerability. This vulnerability

was made public just before the holiday week and, of course, lots of concern about that.

Luckily, my initial assessment that isn't quite as big of a deal as one may think has come

...