Hello, welcome to the Friday, July 29, 2016 edition of the Sansonet Storms and Stormcast.

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

SSL, very hot topic, but also a topic that's often not quite well understood.

So today, Boyan is walking you through the exact steps required

to verify SSL certificate. Yes, there are tools that will do it for you, but with Boyan's

step doing it mostly on the command line with OpenSL, you actually sort of get to go through all the steps, verify the signatures

and see how it actually works, that you can for example make sure that a particular certificate

is signed by a particular certificate authority.

And yesterday I mentioned vulnerabilities in LastPass, the password manager.

Well, today LastPass did release an update for this product.

It also did clarify the differences between the two reported vulnerabilities.

The first one was reported actually over a year ago to last

pass by Matthias Carlson and then promptly patched. Mathias just took his time for users

to patch and such to publish the details. Just happened that also yesterday Tavis Ormandy

from Google did publish a tweet about a vulnerability that he found.

Now, he just found a vulnerability, reported it to LastPass.

He didn't report any details.

LastPass did immediately patch the vulnerability and did release an update.

So these were two different vulnerabilities

that were found at very different points in time. Just Mathias did wait a while to actually

release the details. Turns out that the vulnerability that Ormandy found only affects the last

past Firefox add-on, so that has been

...