Hello, welcome to the Friday, June 1st, 2018 edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich and today I am recording from Jacksonville, Florida.

Recently you probably heard about all the advice that was given to reboot your home router.

I talked about the underlying threat VPN filter before, but I want to spend a couple

seconds here talking about rebooting your router.

Now, rebooting your router is probably going to get rid of most malware that typically

infects routers, but it doesn't undo any configuration

changes that were made. Moreover, with VPN filter, VPN filter is in so far special in that

it actually modifies your firmware. So a simple reboot isn't really going to fix it.

Now what you also should do if you are concerned of more advanced firmware is you should do a firmware upgrade and you should reset the router to factory default conditions.

The problem with the second step is that factory default often means,

well, a weak password, so make sure you change that as soon as possible. And today I published

a quick diary with a little bit more details and some basic step to keep you secure during this process.

And I've got an interesting vulnerability in the way some browsers are implementing a new

cascading style sheet feature, mix blend mode. What this refers to is that via style sheets,

you're able to overlay different layers and then blend them with each

other. Well apparently the time it takes to actually render the result depends on the

content of the lowest layer because the browser after all has to calculate how

that particular layer should appear after it is being blended with all the other layers.

The researchers came up with a pretty neat demo that attempts to read your name from Facebook,

so essentially it tries to de-anonymize you.

The way this works is that it loads your name from Facebook into an eye frame and then overlays this

...