Thursday, March 8, 2018

Beers with Talos EP24: Reflections on DDoS and Bad Authentication Schemes

Beers with Talos (BWT) Podcast Episode 24 is now available.  Download this episode and subscribe to Beers with Talos:

If iTunes and Google Play aren't your thing:

EP24 Show Notes: 

Recorded 3/2/18 - Craig is out this week, but the rest of the crew goes through COINHORDER and Memcached, and takes a deeper look at authentication and passwords. We cover an overview of reflection attacks and how some password schemes that are meant to protect, actually cause harm. We also bid you farewell, since our next episode is supposed to be live after the crew hosts a meeting that stands a not-insignificant chance of getting us all fired. Wish us luck — and send us questions that Craig can pose to really important Cisco executives.

The Timeline:

The Roundtable

01:02 - Matt cites support for the technology non-grata list in federal proceedings
06:16 - Joel complains about the weather, discovers Sir Salter Scott
08:48 - Nigel’s Mighty Reds Spotlight segment

The Topics

10:30 - COINHORDER - Stealing bitcoin with AdWords trickery and bulletproof hosting
19:03 - Trustico - Little Bobby Tables lights up the Twitters
25:15 - Passwords, authentication, and other things everyone got wrong from the start
46:10 - Memcached - Reflection attacks from boxes that shouldn’t touch the internet. Stop it.
52:50 - Closing thoughts - shout out to some Julian guy, and why this is our last podcast

The Links:

Scotland snow plow tracker:
Trustico twitter flames:
Memcached Talos post:
Memcached DDoS:


Featuring: Craig Williams (@Security_Craig), Joel Esler (@JoelEsler), Matt Olney (@kpyke) and Nigel Houghton (@EnglishLFC).
Hosted by Mitch Neff (@MitchNeff).

Find all episodes:

Subscribe via iTunes (and leave a review!)

Check out the Talos Threat Research Blog:

Subscribe to the Threat Source newsletter:

Follow Talos on Twitter:

Give us your feedback and suggestions for topics:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.