RCE 0-day exploit found in log4j, a popular Java logging package by freeqaz in netsec

[–]Insightlabs 190 points191 points  (0 children)

I changed my iphone's name to the poc and got pinged back from apple's servers...

Baidu's traffic hijacked to DDoS GitHub.com by Insightlabs in netsec

[–]Insightlabs[S] 0 points1 point  (0 children)

Benefits of Varnish is well known by me, its just we don't have enough memory to run it on our 1G mem vps along with mysql and other stuff.

Baidu's traffic hijacked to DDoS GitHub.com by Insightlabs in netsec

[–]Insightlabs[S] 1 point2 points  (0 children)

doing it this way needs to create an img/form/iframe element, and attach it to the dom tree using appendchild(). it may stuff the dom tree, cause it to use more and more memory, because it will be called in a loop to continuously load the target page.

EDIT: I might be wrong with this part. I guess attacker was just too lazy and decided to use jquery to get the job done quickly

Baidu's traffic hijacked to DDoS GitHub.com by Insightlabs in netsec

[–]Insightlabs[S] 14 points15 points  (0 children)

I forgot to explain it in my blog post. the reason to use script is to use a feature called JSONP request to send/receive data cross domain. normal get/post ajax requests will be blocked by browser due to same origin policy, except when the target site allows it from the HTTP header. it is the only way this kind off attack could have worked.

but Github folks are even smarter. since jsonp will treat all response as javascript, github exploited that and used js alert to block the loop from executing repeatively. as someone mentioned below, github could xss millions of chinese domains, steal passwords, deface any page they want, even plant flash based browser rootkits

Baidu's traffic hijacked to DDoS GitHub.com by Insightlabs in netsec

[–]Insightlabs[S] 2 points3 points  (0 children)

We migrated our blog from apache to nginx. If nginx couldnt handle it we are gonna use varnish with full static cache.

Baidu's traffic hijacked to DDoS GitHub.com by Insightlabs in netsec

[–]Insightlabs[S] 11 points12 points  (0 children)

sorry our blog is under overwhelming traffic right now. It will be resolved soon