Fast Flux DNS Threats, TikTok Faces EU Fury, NGINX Exposed | Tech News of the Week

[00:00:00.00]
Announcer: Welcome to Tech News of the Week with your host, Cthulu. Ya, ya, Cthulu for Tagen.

[00:00:07.00]
Ned: Welcome to Tech News of the Week. This is our weekly Tech News podcast, where Chris and I talk about '90s albums that we only listen to one song of. Wait, no, no, that's our other podcast. This is the podcast where we talk about four interesting news articles that we found this week.

[00:00:30.27]
Ned: Chris, why don't you go first?

[00:00:33.17]
Chris: Tiktok to be fined €500 million Bureau for illegal handling of European data. Say what you want about the Tok. Yeah, first off, that's right. We're calling it the Tok now.It's 2025.

[00:00:48.05]
Chris: Tiktok, two syllabus long. Nobody's got time for that.

[00:00:52.04]
Ned: Kesha actually gave her approval.

[00:00:53.28]
Chris: Say what you want about the Tok. Oh, I get it now. And their ongoing legal traumas in the United States. One One thing that has always been on people's radar is the fact that the company was born and is based in China, and as such, falls under the Chinese government's, let's say, encouragements to keep data about operations and foreign nationals inside of China's borders. Oh, and of course, the talk also grabs an exorbitant amount of information about its users, far exceeding rationality or common sense, let alone the bare minimums needed for the app to just show dumb videos of bad cooks or whatever. I swear, fucking the talk, man. The whole concept of one simple trick, recipes as a video subgenre, should be made illegal. None of That shit is even going to be edible, let alone good. Anyway, this week, Ireland's Data Protection Commission, yeah, they have those overseas. Seems like a good idea, does it not? They concluded a four-year investigation into the talk and found that their data practices were, shall we say, wanting. As such, by the end of this month, TikTok will be fined €500 million, or about €550 million in Freedom Currency, for violating the GDPR's rules about EU citizen data being shipped out of the EU.

[00:02:30.12]
Chris: Meanwhile, April fifth is the latest deadline for the talk to sell its US business or be banned forever. You, dear listener, are listening to this in the future, so you already know what happened with that one. But us here, back in the moldering past, we're just on pins and needles.

[00:02:53.13]
Ned: I could not care.

[00:02:55.06]
Ned: NGINX ingress invites everyone to the party. You get a Kubernetes cluster, and you get a Kubernetes cluster. Security firm, Whizz, has disclosed five vulnerabilities for the ingress NGINX controller that combined could allow an attacker to gain unauthorized access across all namespaces and secrets in the cluster, which is bad. Wow. Bad. Now, I want to start by saying that the attacker has to have access to the Kubernetes network in order to launch to reach the attack. The vulnerability is not with the ingress pods themselves, but rather with the ingress NGINX controller. The controller is responsible for accepting potential ingress deployments and deciding whether to admit them through a combination of an admission controller and the NGINX binary. The NGINX binary is used to validate a proposed configuration that was submitted through the admission controller. The attack in question uses a remote code execution vulnerability on the NGINX binary to run arbitrary code during that evaluation, which leads to a potential takeover of the ingress NGINX controller pod. From there, it can use other vulnerabilities in the pack to escalate privileges in the cluster. By default, the Admission Controller is accessible by any client on the Kubernetes network.

[00:04:28.22]
Ned: So this attack could be launched from a malicious pod or some other vulnerability that gives outside actors internal access. Patches are available, so if you are just hearing about this, time to stop listening and go start patching.

[00:04:46.02]
Chris: Bill Gates releases some of the very original Microsoft source code. Fair warning. The website attached to this interesting archive of historical artifacts is extremely Seemly annoying. Look at it for 90 seconds, you'll see what I mean. And I'm so, so sorry. Javascript was a mistake. Having said that, Have you ever wondered what the various bits of code that made Microsoft into the dominant monopolist, I mean, technical powerhouse that it is today? Well, lucky, lucky you. This Last week, Bill Gates shared on his site, gatesnotes. Com, some serious Microsoft history. This release is basically a series of entries that go all the way back to 1975 that catalog the journey of Microsoft from essentially nothing to corpo dominance. It tells the story of Microsoft's beginnings in a quasi-autobiographical and also hageographic way, but also includes a 100 megabit PDF download of a printout of the source code itself, which is unbelievably annoying now that I say it out loud. This is the stuff that started the company written by Bill Gates and Paul Allen back in 1975. Again, it should be noted this is all in service of advertising Bill's own part one autobiography, which also carries the name source code.

[00:06:23.13]
Chris: So clever. Get it? Do you get it?

[00:06:29.02]
Ned: I got it.

[00:06:31.22]
Chris: It's interesting, though, as a historical document, some of the stuff I definitely didn't know. If you're an actual programmer, it's probably interestinger than it is for me, considering as I, for one, do not know BASIC for the Altair 8080, so there's not a lot in here that is super stimulating. There are, however, definitely interesting things to note in the comments as usual. There are some callouts like old old-school programming workarounds such as buffers being too small to carry the data that it needs for the program to run, and so they have to be creative and hide that data and recall it from unexpected places. Not like anything like that is going to sit around in the code base for years and years and years and come back to bite you in undisclosed bugs that you have to figure out months and months of effort in. That wouldn't happen.

[00:07:20.17]
Ned: Never.

[00:07:23.02]
Chris: Go read it. It's fun.

[00:07:24.15]
Ned: All right. It's always DNS. Part 3 million. The Fast Fluxening. The redundantly named Cyber Security Infrastructure Security Agency, also known as CISA, issued a warning to service providers and organizations to be on the watch for a new DNS attack type called Fast Flux. The attack is named after the way it uses DNS to quickly cycle through DNS records in an effort to evade malware detection of malware communication out of an environment. Once a piece of malware has gained a toe hold on your system, one of the first things it does is try to phone home to its C2 infrastructure, which stands for command and control. From there, it can take new directives and start exfiltrating data. Now, the malware can't simply use a hard-coded IP address to reach the C2 servers as that would be swiftly detected and blocked with no way for the malware to change it. Instead, malware relies on the use of DNS to resolve a hostname for the C2 servers. But even then, many firewalls and other security appliances might notice a large volume of data flowing from the malware-infected client to this C2 IP address. Instead, fast flux is the practice of changing the IP address in the A-record every 3 to 5 minutes, relying on a botnet of nodes to supply the endpoint for each new IP address.

[00:08:56.08]
Ned: From a network standpoint, it looks a little more like regular traffic flowing to a bunch of different IP addresses instead of all traffic heading to that original address. Cisa recommends implementing some type of DNS filtering to prevent lookups against potentially malicious domains and also analyzing traffic flows to look for patterns that indicate exfiltration of data. Dns is always the problem. Long-lived DNS. All right, that's it. Now. Go away. Bye.