Logo

    patchtuesday

    Explore "patchtuesday" with insightful episodes like "InfoSecSync Weekly News Week Ending July 23, 2021" and "2021-002-Elastic Search license changes, Secure RPC patching for windows, ironkey traps man's $270 million in Bitcoin" from podcasts like ""The InfoSecSync Podcast" and "Brakeing Down Security Podcast"" and more!

    Episodes (2)

    2021-002-Elastic Search license changes, Secure RPC patching for windows, ironkey traps man's $270 million in Bitcoin

    2021-002-Elastic Search license changes, Secure RPC patching for windows, ironkey traps man's $270 million in Bitcoin

     

    Secure RPC issue - 

    Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472 – Microsoft Security Response Center

    How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (microsoft.com)

    Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472 – Microsoft Security Response Center

    Elastic Search 

    https://anonymoushash.vmbrasseur.com/2021/01/14/elasticsearch-and-kibana-are-now-business-risks

    “There are those who will point to the FAQ for the SSPL and claim that the license isn’t interpreted in that way because the FAQ says so. Unfortunately, when you agree to a license you are agreeing to the text of that license document and not to a FAQ. If the text of that license document is ambiguous, then so are your rights and responsibilities under that license. Should your compliance to that license come before a judge, it’s their interpretation of those rights and responsibilities that will hold sway. This ambiguity puts your organisation at risk.”

    Doubling down on open, Part II | Elastic Blog  - license change affecting Elastic Search and Kibana

    MongoDB did something similar in 2018: mjg59 | Initial thoughts on MongoDB's new Server Side Public License (dreamwidth.org)  

    Hacker News Discussion: MongoDB switches up its open source license | Hacker News (ycombinator.com)

    @vmbrasseur:  (1) VM (Vicky) Brasseur on Twitter: "With today's relicensing to #SSPL, Elasticsearch & Kibana are no longer #OpenSource but are instead business risks: https://t.co/XNx2EMLNfH" / Twitter

    (1) Adam Jacob on Twitter: "Yeah, come on - how can this be "doubling down on open"? Some true duplicity here. https://t.co/rlJVnLxYwP - we're taking two widely used, widely distributed, widely incorporated open source projects and making them no longer open source. But we're doubling down on open!" / Twitter

    [License-review] Approval: Server Side Public License, Version 2 (SSPL v2) (opensource.org)

    “We continue to believe that the SSPL complies with the Open Source

    Definition and the four essential software freedoms.  However, based on its

    reception by the members of this list and the greater open source

    community, the community consensus required to support OSI approval does

    not currently appear to exist regarding the copyleft provision of SSPL.

    Thus, in order to be respectful of the time and efforts of the OSI board

    and this list’s members, we are hereby withdrawing the SSPL from OSI

    consideration.”

    (could be ‘open-source’, but negative feedback on mailing lists and elsewhere made the remove it from consideration from OSI)

    Open Source license requirements: The Open Source Definition | Open Source Initiative

    What does this mean? 

    If you have products that utilize ElasticSearch/MongoDB/Kibana in some way, talk to your legal teams to find out if you need to divest your org from them. These are not ‘opensource’ licenses… they are ‘source available’

    It might not affect your organization and moving to SSPL might be feasible. If your product makes any changes internally to ElasticSearch, 

    Notable links

    JTNYDV  - specifically the CIS docker hardening 

    Twitter: @jtnydv

    Bug Detected in Linux Mint Virtual Keyboard by Two Kids - E Hacking News - Latest Hacker News and IT Security News

    https://www.bleepingcomputer.com/news/microsoft/microsoft-sysmon-now-detects-malware-process-tampering-attempts/

    https://www.coindesk.com/anchorage-becomes-first-occ-approved-national-crypto-bank

    https://www.cnn.com/2021/01/15/uk/bitcoin-trash-landfill-gbr-scli-intl/index.html

    https://www.techradar.com/news/man-has-two-attempts-left-to-unlock-bitcoin-wallet-worth-dollar270-million

    https://www.linkedin.com/posts/amandaberlin_podcast-mentalhealth-neurodiversity-activity-6755910847148691456-Lms5

    https://www.linkedin.com/posts/amandaberlin_swag-securitybreach-infosecurity-activity-6755884694501498880-yAck

     

    Check out our Store on Teepub! https://brakesec.com/store

    Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

    #AmazonMusic: https://brakesec.com/amazonmusic 

    #Brakesec Store!: https://brakesec.com/teepub 

    #Spotifyhttps://brakesec.com/spotifyBDS

    #Pandorahttps://brakesec.com/pandora 

    #RSShttps://brakesec.com/BrakesecRSS

    #Youtube Channel:  http://www.youtube.com/c/BDSPodcast

    #iTunes Store Link: https://brakesec.com/BDSiTunes

    #Google Play Store: https://brakesec.com/BDS-GooglePlay

    Our main site:  https://brakesec.com/bdswebsite

    #iHeartRadio App:  https://brakesec.com/iHeartBrakesec

    #SoundCloudhttps://brakesec.com/SoundcloudBrakesec

    Comments, Questions, Feedback: bds.podcast@gmail.com

    Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

    https://brakesec.com/BDSPatreon

    #Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

    #Player.FM : https://brakesec.com/BDS-PlayerFM

    #Stitcher Network: https://brakesec.com/BrakeSecStitcher

    #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

    Logo

    © 2024 Podcastworld. All rights reserved

    Stay up to date

    For any inquiries, please email us at hello@podcastworld.io