meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, February 8th 2019

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News

4.9754 Ratings

🗓️ 8 February 2019

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Value of UAC; Apple Releases Facetime Patch; Skype Blured Background; 2nd MSFT Exchange Advisory

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, February 8th, 2019 edition of the Santern Storm Center's Stormcast. My name is Johannes Ulrich. And the I'm recording from Jacksonville, Florida.

0:13.7

One of the problems that often happens in security is people dismissing security features because they are not perfect because they're ways to

0:23.7

bypass the security feature.

0:25.6

And well, to be honest, probably that's true for every single security feature out there.

0:31.5

And one example that Boyan brings up today is UAC, the user access control.

0:39.3

It actually showed up first in Windows Vista and sort of did a little privilege separation

0:45.3

between administrating features and normal user features for administrator accounts.

0:52.3

Now as soon as the feature was released, there was a lot of talk

0:56.8

about how it can be bypassed, how it's not really perfect in sort of fulfilling its particular

1:03.0

role. But truth being told, it does prevent some real attacks and enabling it or actually keeping it enabled isn't really all

1:13.8

that difficult and that's sort of and that's what boyan's diary today is about how uAC actually

1:20.0

did get in the way of a pen test that he was conducting and apple today released updates for iOS and MacOS Mojave. This update mainly

1:34.6

fixes the vulnerability in group FaceTime calls that may enable the caller to actually

1:41.9

cause the recipient to answer the call. This vulnerability, of course, was highly

1:46.9

publicized now. Apple actually has a disabled group FaceTime on their servers so that mitigated

1:55.4

the vulnerabilities. And if you do not apply this update, Group FaceTime will remain disabled. If you, for example,

2:04.8

have one of the recent iOS beta versions, Group FaceTime will still be disabled because these

2:11.9

beta versions do not have this patch applied. So while there was a lot of talk about this vulnerability, this isn't necessarily a patch

2:20.7

that you need to apply right now unless you really rely on group FaceTime and would like

2:25.3

to enable this again.

2:26.7

Now, the other reason by you may want to apply this update quickly is it also fixes two

2:33.1

additional vulnerabilities for macOS and three additional

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.