This week went in a different direction from what we normally do. We discussed some news, a twitter conversation about someone from the 'ahem' "media" that suggests that you disable Windows Update on your home devices. We discuss the pros and mostly cons of doing that, and alternatives to protect your home and work devices from that.
We talked about the Comcast Xfinity applicances and how they have a vulnerability that could make it appear that traffic created by people outside of your house could look like it was coming from your home network.
We discuss the public disclosure of Carbon Black's architecture and seeming sharing of customer events to 3rd parties... it's not all black and white, and we discuss those here.
Youtube Channel: https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw
Join our #Slack Channel! Sign up at https://brakesec.signup.team
#iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/
Comments, Questions, Feedback: firstname.lastname@example.org
Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
Twitter discussion -
[sic] “tons of problems with Automatic Update patches so far this year”
[sic] “if you’re savvy enough to be reading this, you should consider turning Auto Update off, too”
Advocating disabling auto-updates in an OS is reckless.
Home networks for majority of users is completely flat
One Vlan (e.g. 192.168.1.0/24)
‘Savvy’ = technical
Which many of our users are not
Probable scenario: Bad guy targets you or family through a phish. They gain access to family computers, and pivot through those to your office computer
Blue teamers: suggest backups and backup options to keep their data safe and allow them to feel safer with automatic updates enabled, and VLANs if possible
Typically enterprises will hold off a few days or a week to push out Windows patches; Auto-updates are controlled.
The twitter guy said that in more recent Windows versions, WU take precedence over WSUS… need to confirm that… -- brbr
Confirmed… you can override WU… https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607/
--this-- not because of title, but because of people jumping to conclusions (example of irresponsible disclosure)
Agreed… that shiz is damaging -- brbr
NoStarch TCP guide - https://www.nostarch.com/tcpip.htm
[graphic of IPv4 header from wikipedia article]
IHL - size of the header (minimum of 5)
DSCP - has to do with traffic shaping and QoS
ECN - notifies the network of congestion and allows infrastructure to implement congestion controls to compensate
Must be supported by both ends, and completely optional to enforce
Total Length - total size of the packet
Identification - interesting field, you can use it to hide data (Covert_TCP), otherwise, it’s used for ‘used for uniquely identifying the group of fragments of a single IP datagram”