meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, September 2nd 2016

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 1 September 2016

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Malware Using MaxMind For Host ID/GeoLoc.

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Friday, September 2, 2016 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich and if I'm recording from Jacksonville, Florida.

0:12.9

Apparently, Malware authors are now using Max Mine's geolocation service in order to figure out if they may have gotten into a researcher's sandbox

0:25.2

or in a geographic area they would like not to do business with.

0:30.9

You have seen this in the past, for example, with Russian malware that tries to avoid

0:35.5

Russian targets in order to avoid running afoul of any Russian laws.

0:42.3

But also with MaxMite, you don't just get geolocation, you also get more details about the ISP.

0:49.3

So for example, if it's running on a cloud system, you probably know that it's not an end user that is running your malware.

1:00.0

Well, it mixed what I see here in my own investigation.

1:03.0

A lot of malware doesn't seem to care.

1:05.0

But then again, if you have something a little bit more special and targeted, they usually do take precautions not to run in

1:12.7

sandboxes or researchers' machines. Content security policy is one of those security features

1:20.6

I'm really struggling with, trying to figure out how to best deploy and get the best value

1:27.3

out of it. Google now did publish an

1:30.5

interesting paper looking at content security policy, how it's used in the wild, and it gives

1:37.6

some decent really hints in how to deploy content security policy correctly. One of the problems I always run into with content security policy correctly.

1:49.9

One of the problems I always run into with content security policy is in an existing large website, like the internet storms on our website.

1:52.6

It's really hard to sort of in hindsight limit what kind of JavaScript, what kind of

1:57.9

style sheets and such you're using in your application, particular

2:02.6

with inline JavaScript and inline styles.

2:06.6

Probably inline styles being more of a problem for me here personally than JavaScript.

2:12.6

Google found in its own enumeration of content security policies that over 94% of policies

2:21.0

are bypassable in part because they do things like specify an unsafe in line source and

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.