Arkadiy Tetelman A security blog

A Summary of Zoom's Bad Security Month

As a result of the global pandemic Zoom has seen an explosion in usage (going from 10M to 200M daily active users) and has received quite a bit more scrutiny into their security and privacy practices. This has caused them to get reamed in the press for a number of issues:

Continue reading "A Summary of Zoom's Bad Security Month" →

Detecting Manual AWS Console Actions

In this post I’ll describe a set of AWS Cloudtrail alerting rules that let you detect when someone makes a manual change in your AWS Console. This has been one of the highest signal / lowest noise alerts we created in our organization - it lets us know when engineers do things like, i.e., manually add new security group ingress rules through the AWS Console: alert

Continue reading "Detecting Manual AWS Console Actions" →

Pair Locking your iPhone with Configurator 2

In response to the recent iphone bootrom bug (and also because I was already in the market for a new phone), I recently purchased a new iPhone XR. This gave me a chance to re-run the steps required to pair lock the device, a process which prevents law enforcement from using forensics tools against your phone, and the result of which is this blog post.

Continue reading "Pair Locking your iPhone with Configurator 2" →

Quantifying Untrusted Symantec Certificates

I was reading Hackernews the other day when I came upon the following tweet: Symantec deprecation tweet which made me curious to quantify exactly how many and which sites will have their trust removed. This blog post answers these questions by writing a scanner to detect bad Symantec certificates (using the same logic Google Chrome uses), and running it against the Alexa Top 1 Million sites. But first, some context.

Continue reading "Quantifying Untrusted Symantec Certificates" →

Deploying EFF's Certbot in AWS Lambda

This post describes the steps needed to deploy Certbot (a well-maintained LetsEncrypt/ACME client) inside AWS Lambda. The setup used below is now powering 100% automated TLS certificate renewals for this website - the lambda runs once a day and if there’s less than 30 days remaining on my existing cert it will provision a new one and import it to be served by my CDN.

Continue reading "Deploying EFF's Certbot in AWS Lambda" →