meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, August 11th, 2023

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 11 August 2023

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SQL Auth Weakness; Windows Defender Pretender; Dell Compellent Static Key; Sogou Keyboard Vuln;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, August 11, 2020,

0:04.5

edition of the Sandinand Storm Center's Stormcast.

0:08.1

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

0:13.0

Boyan today wrote a quick and really neat diary about a weakness in SQL server of that's not new but still often overlooked

0:24.8

because, well, there are often no great alternatives. The problem is that if an

0:30.3

attacker is able to observe the authentication process, there is a password being exchanged that's really just obfuscated. It's not

0:40.8

encrypted. The obfuscation is pretty straightforward. You basically just swap the two nipples

0:47.8

in each bite and then XOR each byte with a 5.

0:59.1

That's all it takes in order to then retrieve the original password.

1:06.4

And Boyan wrote a little Python script to make that even easier for you to perform. As Boyan points out that often there is no great alternative here, it would require a major sort of application rewrite.

1:14.8

Of course, at that point, you may as well use some more modern technologies like a Rest API or something like this, instead of connecting directly back to the SQL server.

1:27.8

And back in April, Microsoft patched vulnerabilities in Windows Defender, and we now have

1:34.7

thanks to research a safe breach, who originally found the vulnerability, more details about

1:40.8

what is exactly involved. The researchers did present at Black Hat this week.

1:48.1

Their talk, which also included a tool defender pretender, that basically demonstrates that

1:54.6

due to this vulnerability, it's not just possible to alter the signatures that Windows Defender uses, and with that,

2:03.4

of course, you could easily make it blind to particular Malibur, but also to get Windows

2:08.7

Defender itself to actually run malicious code.

2:13.1

Part of the issue here is that the signature files that the Windows Defender downloads are not

2:19.6

just the actual signatures, but there's also executables involved here, and then these files

2:25.5

are not properly validated after being downloaded, which does allow an attacker to essentially

2:31.5

replace some of these binaries and with that execute optory code.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.