Hello, welcome to the Monday, August 1st, 2016 edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich, and the day I'm recording from Boston, Massachusetts.

I got a quick update to a story from Friday.

Did he found a new version of the tool that he used to analyze that RTF document RTF object.

Philippe told him that there is a new version that will actually parse the document

just like Didi described it in his diary out of the box without having to apply some of the additional tricks that Didy had to apply.

So nice if you run into one of these RTF documents, they certainly are somewhat common

and are often to transmit malicious code.

A few weeks ago I mentioned that StartSSL had problems with its certificate portal that you used to verify whether or not

you're actually responsible for a particular domain. You could actually fake this verification

and be considered responsible for any domain out there. Well, it turns out StartSel is not the only one with vulnerabilities

like this. We have a new report here from Matthew Pryne who looked at Komodo's trial certificates

and how they are validated. The problem here was that Komodo, when you are trying to

verify yourself for a particular

domain, is sending you an email or sending an email to the contact that's listed for the

domain with a link that the user then has to click on.

Well, this is pretty much what all certificate authorities are doing.

The problem here was that due to vulnerability in how the email is being assembled, it is

possible for an attacker to try to verify domain name, but then use HTML as the company name,

and that HTML will be inserted into the email without properly escaping

it, leaking to the validation code to being leaked to the attacker.

Once the attacker knows that validation code, then of course they're able to inject this

...