Hello and welcome to the Friday, September 29, 2023 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Got a quick diary by DDA today about decoding IP addresses displayed in Windows event logs, in particular event IDs like, for example, 1002, which is a DHS error.

Now, typically, that shouldn't really be all that difficult.

The IP address is displayed as an integer, and you would expect this to be your usual network Indian integer.

Of course, quite often, actually, I always recommend to developers to represent IP addresses as integers

because then you are avoiding a lot of the ambiguities that you have with various string encodings of IP addresses.

But turns out that Windows had a little bit different idea.

They're actually using the Little Indian format with the most significant byte last.

What this means is if you're just straightforward decoding it,

you would basically receive the byte values in the opposite order.

Well, DDA is showing you how to decode it in CyberCheft.

So hopefully this will help you make more sense of these Windows event logs.

And Google this week released a new stable channel update for Google Chrome.

This update fixes 10 security fixes, and well, one of the reasons, of course, why I'm mentioning this is that one of these vulnerabilities, a heap buffer overflow in VP8 encoding in lip VP CX, is already being exploited.

This particular vulnerability has a CVE number of 2023, 5217. As usual, make it a point to at least

once a day restart Google Chrome or other web browsers,

just to give them a chance to update them.

And the Zero Day initiative today published six advisories regarding the email server XM.

Now, the big problem here is that there are no patches for any of these six vulnerabilities,

despite having notified XM over a year ago back in June of 2022.

...