Hello, welcome to the Friday, January 17th, 2020 edition of the Sandton and Storm Center's

Stormcast. My name is Johannes Ulrich. And today I'm recording from Jacksonville, Florida.

So we've got a couple new developments to talk about with respect to the CVE 2020601 vulnerability1 vulnerability, that's the crypto API vulnerability, has also

sort of become known now as either let's decrypt or curveball.

Well, we do have actually now some tests available for you, a website curveballttest.com that you can use to check if your

browser is vulnerable. On that website, you will also find a download for a simple binary

that's signed with a valid certificate, so you can see if that gets noticed. Now, while we're

experimenting with this, one thing we noticed is that browsers and various endpoint protection software

really is sort of now detecting some of these invalid certificates.

For example, Chrome just released an update

that will block any invalid sites,

even though Chrome itself on Windows 10 is vulnerable.

It uses the crypto API, but they added some additional checks to the browser itself to block it.

Also, Firefox, of course, never really was vulnerable.

And the Windows Defender also notes for example binaries with the bad

signatures. All of these endpoint protection parts are a little bit hit and miss depending on

whether or not your signatures are all up to date. So even if you didn't patch, which still

you should, it's still highly recommended that you patched. These other protection mechanisms will at least soften the impact of any exploit

being directed at you. And we got a smaller but significant update for the Citrix ADC vulnerability.

It turns out that the workaround actually doesn't work on certain

builds of version 12.1 of the uplines. Now, if you're running one of these affected versions,

you should, according to the Dutch Cybersecurity Center, just turn off the device and wait for a patch

...