Hello, welcome to the Friday, October 6, 2017 edition of the Sancented Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Published a brief diary and tool earlier today that will take a PCAP file and extract HTTP requests and turn them into curl commands.

Curl, if you're not familiar with it, is a little Unix command line tool that allows you to send

HTTP requests. So what this tool does essentially, it allows you to replay the requests

that were included in that PCAP file.

I ran into the need for such a tool when I was working recently with a web-based API

where I tried to sort of send some requests to it.

And I always like to do it in the browser, but in this particular case, it was really

not that easy in the browser, but in this particular case, it was really not that easy in the

browser to figure out which requests cost what, so that tool came in handy in order to get

all of the requests extracted at the same time, and make it easier to screen through for the ones

that are actually important.

And Apple today released an update for Mac OS High Sierra fixing a rather embarrassing security

flaw.

With MacOS High Sierra, Apple introduced a new file system, the Apple file system. And with that, of course, you can also encrypt your files

as you were able before, but the implementation of the encryption had a pretty interesting bug.

Now, when you set up encryption for a particular drive, you can also set up a password hint. However, it turned out that Apple saved

the password in the password hint, not the actual text that you entered as a password hint.

So whenever you used a password hint, no matter what text you entered there, it would be replaced

with the password. and then when you request

the password hint, what you actually get back is the clear text password. Now, when I saw this

...