Hello, welcome to the Thursday, May 26, 2020 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Today's diary comes from Rob with a little N-map trick.

Now, an N-map, as a target, you may specify a host name, but if you do so,

only the first IP address returned is actually being scanned. The other IP addresses are

ignored. And that's, of course, a problem if you're using, for example, multiple IP address

for load balancing, and you would like to check all of your IP addresses, in particular if you're using, for example, multiple IP address for load balancing, and you would like to

check all of your IP addresses, in particular if you're looking for, for example, TLS certificates

and such, that can be quite handy. Well, NMAP actually has a switch for that resolve all. That switch

will use all the IP addresses being returned and run whatever scans you're specifying

against all the IP addresses.

This is not a very well-known switch, so something that you may find helpful.

And yesterday I reported about the modifications made to the CTX Python library and the PHP Pass

PHP library.

Well, today, the malicious actor who made those changes came forward and stated that they

actually just were conducting some research, as they called it.

We had it happen before where researchers

did make modifications to open source projects like this, and commonly, well, it's not

considered ethical. And of course, in these case, actual secrets were exfiltrated. The researcher

claims that they did not save those secrets,

but of course, we only got the word of a person who has issues with ethics in the first place,

so I would hope that you are resetting those secrets if you are affected.

...