Uh-oh! I'll find out what's up (down?).
We caught it here first!
ML Monitoring as a Service.
It turned out that in some unusual circumstances, which I’ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.
For the avoidance of doubt, Cloudflare customer SSL private keys were not leaked. Cloudflare has always terminated SSL connections through an isolated instance of NGINX that was not affected by this bug.
Google cached pages found that they had crawled "private messages from well-known services, PII from major sites that use cloudflare, and even plaintext API requests from a popular password manager that were sent over https".
cloudflare quickly reproduced the problem, told me they had convened an incident and had an initial mitigation in place within an hour.
"You definitely got the right people. We have killed the affected services"
I always use my own account with sudo.
If anything sudo is safer. You have better accountability as to who made what change in a multi-administrator environment, and you can limit what access a sudo user has (what applications they are able to elevate).
The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second. Additional analysis on the attack traffic suggests the assault was closer to 620 Gbps in size, but in any case this is many orders of magnitude more traffic than is typically needed to knock most sites offline.
Martin McKeay, Akamai’s senior security advocate, said the largest attack the company had seen previously clocked in earlier this year at 336 Gbps. But he said there was a major difference between last night’s DDoS and the previous record holder: The 336 Gpbs attack is thought to have been generated by a botnet of compromised systems using well-known techniques allowing them to “amplify” a relatively small attack into a much larger one.
In contrast, the huge assault this week on my site appears to have been launched almost exclusively by a very large botnet of hacked devices.
Thats one big botnet if they're really not using reflection attacks.
@BBigford If only it was that simple. Apple have been based in Cork since 1980, initially as a factory and now as their primary European contact centre. They are a massive employer in the south, with 5,000 in the city as it is and 1,000 more planned.
I don't think they'll be going anywhere too fast, but its definitely going to have repercussions.
(Disclaimer: used to work at the Cork centre)
Matthew Garret of CoreOS on Twitter (@mjg59)
Lenovo aren't deliberately blocking free software on recent laptops (spoiler: it's Intel's fault)
OH MY GOD the person who started the Lenovo shitstorm is Ryan Farmer https://www.phoronix.com/scan.php?page=news_item&px=Microsoft-Signature-PC-No-Linux …, who spammed me after I debunked him in 2008
Summary: This guy has a history of making over the top accusations, and responds badly when called on it. Don't enable him.
The background is straightforward. Intel platforms allow the storage to be configured in two different ways - "standard" (normal AHCI on SATA systems, normal NVMe on NVMe systems) or "RAID". "RAID" mode is typically just changing the PCI IDs so that the normal drivers won't bind, ensuring that drivers that support the software RAID mode are used. Intel have not submitted any patches to Linux to support the "RAID" mode.
In this specific case, Lenovo's firmware defaults to "RAID" mode and doesn't allow you to change that. Since Linux has no support for the hardware when configured this way, you can't install Linux (distribution installers will boot, but won't find any storage device to install the OS to).
The real problem here is that Intel do very little to ensure that free operating systems work well on their consumer hardware - we still have no information from Intel on how to configure systems to ensure good power management, we have no support for storage devices in "RAID" mode and we have no indication that this is going to get better in future. If Intel had provided that support, this issue would never have occurred. Rather than be angry at Lenovo, let's put pressure on Intel to provide support for their hardware.
One Raspberry Pi 3 that I previously used as a low speed torrent box, but now have running a SANS DShield sensor.
Do you have fwupdatemgr installed?
I had a microcode update applied by Korora 26 during the week, perhaps that?
Check dnf history?
MS knows of the issue.
Improvements and fixes
This security update contains improvements and fixes for the following nonsecurity issues:
- Some attachments are not removed when you forward mails that contain inline images and you check the Read all mails as Plain Text check box.
Known issues in this security update
- After you install this security update, attachments are removed when you forward plain text emails.