ISC StormCast for Friday, April 21st 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 20 April 2017
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Friday, April 21st, 2017 edition of the Sansonet Storm Center's Stormcast. |
| 0:08.1 | My name is Johannes Ulrich, the time recording from Jacksonville, Florida. |
| 0:12.5 | Let's start today with a good reminder from Xavier to watch your DNS logs. |
| 0:17.9 | I always keep saying it's probably one of the most useful logs to watch if you have to pick one. |
| 0:24.6 | And in this case, again, it's about very large, very long DNS queries that are often used in indicative of covert channels. |
| 0:34.6 | Xavier uses a little bit of different trick than what I usually do. He uses the |
| 0:39.4 | base 32 command in order to encode the data. I usually just use XXD. The result is similar. |
| 0:47.1 | Base 32 is probably actually a little bit more efficient. And apparently the W3C, the organization that is behind many web standards, is considering |
| 0:58.2 | making ambient light sensors in devices accessible via JavaScript. Ambient light sensors are |
| 1:06.1 | typically used to dim or brighten displays in order to adjust them with the surrounding in some more modern, |
| 1:14.7 | fancy devices. They also adjust the color temperature to the temperature of the light in the room. |
| 1:21.5 | Now, with this JavaScript extension, JavaScript would have access to the sensor and with that, |
| 1:26.8 | of course, would learn more about the |
| 1:29.2 | environment the phone or the computer is used in which has some privacy implications. |
| 1:36.7 | Now this standard is far from finalized yet so not exactly clear what like for example the update |
| 1:42.9 | frequency is or the |
| 1:44.7 | granularity of the readout, but in a proof of concept, a demo, a researcher was able to, for |
| 1:52.4 | example, read QR codes and other data displayed on the screen, including, for example, |
| 1:58.5 | to identify popular websites. Now, based on the demo, it's my example, to identify popular websites. |
| 2:01.6 | Now, based on the demo, it's my impression this was sort of a best case, so likely the |
| 2:06.6 | details won't be as granular as in this demo, but overall, of course, it could certainly |
| 2:14.6 | leak information about the user. Personally, I could see some form of covert channel where you have some device in the room that changes lighting conditions, |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.