Hello, welcome to the Monday, October 18, 2021 edition of the Sands and its Storm Center's Stormcast.

My name is Johannes Ulrich, and then I'm recording from Riyadh, Saudi Arabia.

With several working exploits being released for the recent Apache Directory Traversal War on vulnerabilities. No surprise that, well,

they're actively being exploited. Gee posted a couple of detects from his honeypot that

are going after these vulnerabilities. Remember, they're two distinct directory traversal

vulnerabilities, one affecting Apache 2449, one for Apache 245, Apache 2451 is the current fully patched version of Apache.

If you are running anything older than 2449, don't panic, you're not vulnerable.

Well, at least you're not vulnerable to these directory traversal of vulnerabilities, and

attackers are certainly going for the remote code execution option here.

Not a lot of victims possibly out there given the short amount of time that these Apache

versions were available. Also, the remote code

execution does require enabling CGI bin. Interesting, they're not just going after Linux,

they're also going after Windows it looks like with the attempts to load PowerShell using

this vulnerability. Some of the attacks, of course,

are really just trying to figure out if you are vulnerable by, for example, retrieving Etsy

password. So in short, well, if you are vulnerable, probably too late at this point, you're

already exploited, but probability of you are actually running the vulnerable version of Apache is very, very low.

And Scott Fendley posted more of a policy kind of diary dealing with non-removable storage and warranty repairs.

In the old days, well, if you had to send in a device for warranty repair, you often were able to remove any tribes beforehand,

or you could pay a little bit extra for your warranty in order to be allowed to keep the

drive, so it's not actually has to be sent back in case

even the drive fails. This becomes less and less of an option in particular for portable

...