Hello, welcome to the Monday, May 30th, 2016 edition of the Sandrine Storm Center's Stormcast. My name's Johannes Ulrich, and today I'm recording from Jacksonville, Florida. A little bit short episode today just because it's Memorial Day in the US, so don't really have an awful lot and exciting news today.

Guy did a little write-up about characterizing a distributed denial of service attack.

Typically, when you're under an attack like that, one of the critical things to do is always

to figure out what's the characteristics of the attacking traffic because that way

you can then communicate with your upstreams with your anti-Didos providers what traffic

to filter.

The attack was pretty modest as far as DDoS attacks go.

There were only about 100,000 packets per hour.

Normal or more aggressive denial of service attack would probably have that amount of packets

in a second or maybe in a minute.

There was some talk last week over a Blue Code certificate certificate that is trusted

in most operating systems.

Now, this is actually not new news.

That certificate has been there for a couple months.

Blue Code now states that they only used it for testing and

Symantec who signed that certificate actually retained the secret key so it's not that blue

code would be able to build this particular certificate into their proxy devices and use them for unauthorized

man-in-the-middle attacks.

I typically don't recommend that you go into these trusted authorities and selectively

disable some.

One problem may be that then you get a lot of warnings about invalid

certificates which kind of defeats the purpose of having these warnings or not trusting these

...