Week 6, 2017 - Mirai follow up; Gitlab dataloss; Chrome for iOS

By (3 minutes read)

More information about Mirai, Gitlab’s dataloss, and Chrome for iOS was open sourced.

Mirai follow up

At last week’s Enigma conference, a Google security engineer spoke about how Project Shield handled the attacks on KrebsOnSecurity. The short article about it is an interesting read, and unsurprisingly it all comes down to scale.

Obviously Google has been able to mostly handle the attacks on the site (with only brief interruptions of the service), but the attacks were quite powerful. At the height attacks of 450.000 queries per second from about 175.000 IPs, but later on more sophisticated attacks started happening as well. I don’t want to repeat everything from the Art Technica article, so I suggest you have a read yourself.

Additionally, if you like reading about the Mirai bot some more, Krebs researched who is behind the bot and shared his findings. It won’t come as a surprise that the person he accuses denies his involvement, but if you like the security aspects here you should have a read through.

Gitlab data loss

Gitlab had an outage involving dataloss. In short, the events seemed to have been that they had spammers causing massive load which led to the db having a replication lag. While attempting to fix things, an engineer ran a command on the wrong machine basically wiping the database. Unfortunately, this sort of thing happens but it’s at this point that the story becomes really interesting.

Gitlab had set up various redundant types of backups, but it turned out that each of these failed in its own way.

This is pretty much the nightmare scenario when your system goes down. It also shows how fragile data is even when you think it’s secure. The second best thing you can do when this occurs is to restore as much data as possible from backups you have randomly taken, in this case a backup taken for testing.

The best thing though should be be to prevent this from happening in the first place by testing your database backups regularly.

Chrome for iOS open sourced

Without wading into a debate of whether Android or iOS is better1, one of the limitations of iOS is that web browsers can’t use their own rendering engine. This is a security requirement, and isn’t a major concern for most things unless you want the latest and greatest HTML 5 features and they’re not implemented yet2.

For an open source project like Chrome however, this had an extra disadvantage. They couldn’t keep the code of all their versions in a single repository. This meant that development was slower, as they first had to go through Chromium and from there be merged into the private repository for the iOS version. They were finally able to refactor everything enough that the iOS version is now included in Chromium. As it’s the second most popular browser on iOS (obviously after the default Safari), it’s good to see that it will now be able to use the latest features. Even if it’s still limited by needing to use the built-in rendering engine.

  1. Short answer, it depends on what you use it for. ↩︎

  2. From all accounts, it sounds like the upcoming iOS 10.3 might actually include a fair number of these features. ↩︎

comments powered by Disqus