ISC StormCast for Friday, August 18th 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 18 August 2017
⏱️ 16 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Friday, August 18th, 2017 edition of the Sands and its Storm Center's Stormcast. |
| 0:07.4 | My name is Johannes Ulrich, and the day I'm recording from Jacksonville, Florida. |
| 0:11.9 | It looks like the bad guys just don't run out of features to take advantage of in Microsoft's Office software. |
| 0:19.6 | The latest feature is auto-updating links. You can link different |
| 0:24.0 | documents with each other in office, for example, a Word document in this case that includes an |
| 0:29.8 | RTF document and Office or Word in this case will automatically pull in that file in order |
| 0:36.8 | to update the related content. Well, in this particular case, will automatically pull in that file in order to update the related content. |
| 0:39.3 | Well, in this particular case, the attacker is using this trick in order to download a malicious |
| 0:45.2 | RTF document that then has additional exploit code in it. |
| 0:50.9 | This way, of course, they're avoiding some of the detection mechanisms that look for specific |
| 0:56.4 | download techniques in your web proxies. You may see these requests with a user agent of Microsoft |
| 1:03.8 | Office Protocol Discovery. Now, this of course by itself doesn't mean it's malicious. This |
| 1:10.7 | particular user agent is used for a bunch of different things. |
| 1:15.0 | But take a look and see if you find anything interesting. |
| 1:19.7 | And according to a paper published at Eusnix by researchers from IBM, it looks like the |
| 1:25.9 | Rohhammer attack is back and this time for MLC |
| 1:31.1 | Nant flash memory that's commonly found in SSD disks. |
| 1:36.4 | Now if you remember, the original Rohhammer attack affected RAMs memory and what essentially |
| 1:43.0 | did was that an attacker has access to a limited part of memory. |
| 1:47.9 | The attacker can now flip bits very quickly within the memory the attacker has access to. |
| 1:54.1 | And by doing so due to interference with adjacent rows, the attacker can actually in a somewhat controlled way flip bits in other parts of memory that the attacker typically would not have access to. |
| 2:09.1 | So apparently the same trick pretty much works with these MLC NAND flash chips and does affect solid state drives. An attacker essentially could |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.