ISC StormCast for Monday, April 10th 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 10 April 2017
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, April 10th, 2017 edition of the Sansanet Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Orlando, Florida. |
| 0:12.3 | I'm here in Orlando, of course, at the Sands Conference, teaching intrusion detection. Well, if you missed me here at this conference, I'll actually be in San Diego second week of May teaching the defending web application class and also my two-day IPV6 class if you're interested in that. |
| 0:35.4 | But well, let's dive into security news and let's start with an article that DDA posted about |
| 0:43.3 | how prevalent malicious sites are among Alexa's top one million sites. |
| 0:49.3 | Actually, DDA looked at two different lists, Alexa and Umbrella, both lists that are commonly used as white lists because you don't want to lock your users out of popular sites. |
| 1:02.0 | Well, I mentioned it before. Often popular sites are also used for malicious purposes. In particular, sites that allow user content, can easily be abused |
| 1:13.7 | as command and control channels. No easy solution here for the defender, but in general, |
| 1:20.7 | don't trust white lists or blacklists blindly. Often they do require a more detailed review. |
| 1:29.3 | And apparently, someone managed to hack Dallas's emergency management system and turn on |
| 1:36.5 | every single tornado siren in Dallas on Saturday evening. |
| 1:42.6 | Now, while this attack first may appear more as a prank than a serious attack, |
| 1:47.0 | there was actually a quite serious side effect of this attack |
| 1:50.5 | in that the confusion it caused did flood 911 operators with calls |
| 1:57.2 | and there were substantial delays at times in answering 911 calls as a result of this attack. |
| 2:05.7 | These type of systems have been known to be quite vulnerable for quite a while now, also |
| 2:10.4 | emergency broadcast systems, and so it has been pointed out in the past that off occasion |
| 2:15.9 | alike isn't all that great for these systems. |
| 2:20.3 | At this point it's too early to speculate about what exact exploit was used here |
| 2:26.3 | or how this attack or who mounted it. |
| 2:29.3 | Well, the guess so far is that the attack came from a local source, which probably means that it was |
| 2:36.7 | more intended as a not so sophisticated prank. And Shadowbroker, the organization that did |
| 2:44.1 | try to sell a stash of stolen NSA hacking tools and already has released a number of interesting tools in the past. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.