Hello, welcome to the Thursday, March 1st, 2018 edition of the Sansonet Stormsendors Stormcast.

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

Let's start today with a couple updates regarding the Memcash, the Denial of Service Attacks.

First of all, on Tuesday, MemcashD released a new version

1.5.6 and this version now disables UDP by default, so you have to specifically enable it.

Secondly, Kevin put together a little post with some tips on how to secure MAMCash.

It's actually by default reasonably secure in that it does only listen on Lubek.

A reader also left a comment with a little bit of more questionable way to defend yourself

against these denial of service attacks in that, well, what's attacking

you here are Memcash servers that are likely listening for commands from anybody, and these

commands can include the shutdown or flush all command, which will essentially stop the attack against you. Of course, doing so

may have legal and ethical implications. And then sadly, we got another and kind of odd

certificate authority issue. Now, this case is about Trustico. Trustico is a reseller for DigiCert.

And apparently at the beginning of February, Trustico did ask DigiCert to mass revoke certificates

that were issued by Trustico.

The problem here was that Trustico was a reseller.

And typically, the owner of the certificate

has to ask for the revocation, which is really the customer of Trustico in this case.

So if you ordered a certificate from Trustico, then you have to ask Trustico to revoke it.

And Trustico should be able to revoke them on their own.

But for whatever reason, they asked Digisert to do it.

Digisert didn't really feel comfortable doing so without really Trastico being the actual

...