meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, April 7th 2017

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 7 April 2017

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Antivirus Assisted Attacks;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, April 7th, 2017 edition of the Santernet Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

0:12.1

Researchers at the Technical University of Brownschweig and the University of Guttig came up with an interesting trick to actually help antivirus in your attack.

0:24.0

Essentially, what they're after here is false positives.

0:27.7

Now, false positives we talked about often here on the podcast, but in this particular case,

0:34.9

it is sort of false positives that are specifically introduced by the attacker.

0:40.3

As a little example, if you are using, for example, an antivirus signature,

0:46.3

something that is detected as malicious as a password or a username when you're logging in to a site, that username will almost certainly end up

0:57.0

in a log file and Antimalver may now consider this log file malicious and depending on the

1:05.0

configuration of your antivirus may actually even delete it. Another scenario they're proposing is the use of the signatures

1:14.3

in cookies. So you are tricking a user to visit your malicious website. You are returning a cookie

1:23.1

that contains a string that, again, triggers antivirus signatures with that string.

1:30.3

You then essentially lock up the user's cookie database because it is now blocked by anti-malvary.

1:38.3

I'm not sure how practical all of these attacks are, but it's certainly an interesting attempt to show that signature-based

1:47.6

Malware detection certainly hits its limits.

1:51.3

There is of course the famous ACAR pattern, which is standard pattern that is usually used

1:57.2

for antivirus testing and could be used in this capacity here.

2:02.6

In this particular attack, what they actually did is that they sort of reversed some of the bite patterns

2:09.6

that antivirus looked for based on current samples they collected.

2:15.6

And while we are kind of used to this from consumer level device, it's sad to see that

2:22.7

Cisco had to patch yet another default credential vulnerability.

2:27.1

This time it affects the 1830 and 1850 series access points, particularly the Mobile Express software that ships with these

2:37.7

access points.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.