Hello and welcome to the Monday, March 4, 2020, edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

I mention Confluence pretty regularly.

Well, it turns out that some of the older vulnerabilities are still being exploited.

Gee rode up an attack against one of our honeypots that tried to exploit CVE 2020-226-134.

So about a two-year-old vulnerability. A classic OGNL interaction. In this case, it's being used to

inject a little bash script that will then download additional malware. Personally, I doubt that

these attacks are actually all that terribly successful, given that the vulnerability is reasonably

old and it's heavily exploited.

So any confluence server that you may actually still find to be vulnerable probably already

has been exploited multiple times.

And in a blog post on attack ships on fire, we do have a problem that I have actually been struggling

with in the past with our In the Storm Center website. We used to use Google Analytics on

our website and we also do use content security policies. I found it back then terribly difficult to come up with a decent

common security policy while still using Google Analytics. Actually, more recently,

I removed Google Analytics in part for that reason. And this blog post now outlined some of the

pitfalls here where really you kind of have to implement a very open conscript policy in order to allow the Google Analytics script to work.

Similar issues are also run into with if you're using like the standard code to detect if someone is connecting from Europe

to sort of display them the annoying cookie banners, they also make it very difficult to then

still use a relatively useful con and security policy. In general, when it comes to con security

policies, I love them, I use

them, but I always tell people you have to understand they are hardly ever perfect. There is

...