That sound you hear is Splunk leaking data Splunk has patched a slip in its JavaScript implementation that leaks user information. The advisory at Full Disclosure explains that the leak happens if an attacker tricks an authenticated user into visiting a malicious Web page. It only leaks the username, and whether or not that user has enabled remote access; but this …
No, that was Kerplunk.
Splunk, according to the urban dictionary, is "A mixture of spunk and splooge. This is formed by the combined semen during a bukkake session."
Having noted the dire quality of most of the definitions therein (scatological, improbable, misspelled: pick any three) I thought I might spend a wet weekend writing a crawler to add bogus versions of "dirty sanchez" to every existing word.
But on closer inspection it seemed this had already been done, more than once. So I went back to adding cocks through Google Map's user contributions :-)
it's probably intended to make the association with spelunking (cave exploration). Yes, it's a daft name, but the tool is very useful for allowing you to cross-reference activity. For example, if you have a VPN login, you can look at which systems were accessed from that IP address. In addition it provides an extra audit trail with the log entries being forwarded to a limited access system. I've recently introduced it where I work, but I still need to get a couple of custom log files integrated.
It's actually not bad if you ignore the marketing. Simple configuration on your servers to monitor your log4Xyz logs, Windows event logs, etc from disparate machines out there and you can do big data-esq mining on it all, find out which software/OS versions are being impacted by some specific exception (in pretty close to real time).
If I'm reading the JavaScript right, the attacker needs to know the hostname of the splunk server. In public facing servers that might be an issue, but it looks like it needs to be a targeted attack or mitm to be practical.
Name a web service that doesn't allow remote access. One that's powered off?
That said, can't tell if you're being deliberately obtuse or simply don't know what it is. Splunk is a log aggregation tool. Think the red-haired bastard step-child of syslog-ng, grep, sed, awk and rrdtool.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
