meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, August 8th 2016

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 8 August 2016

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Analyzing RTF Files; Hacking Monitors; Bypassing USB Drive PINs

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, August 8, 2016 edition of the Sansanet Storm Center's Stormcast.

0:08.0

My name is Johannes Ulrich, and I'm recording from Jackson, Florida.

0:12.0

D.D.D.A. has been writing a couple of diaries lately about malicious RTF files,

0:19.0

and in response to help him better analyze make it easier to

0:23.5

analyze these files he wrote a tool RTF dump on Saturday. DDA did publish a diary

0:31.1

with links to videos showing you how to use RTF dump so if you run malicious RTFs, take a look at his tool and at his videos and should be relatively straightforward to figure out if an RTF file is malicious and what exactly it's trying to accomplish.

0:52.3

And vulnerable peripherals are in the news again. This time it's trying to accomplish. And vulnerable peripherals are in the news again.

0:57.1

This time it's monitors, just like any other piece of hardware monitors do have firmware,

1:04.0

they do have memory and complex CPUs that can be exploited.

1:10.0

In a presentation at DefCon, an exploit was demonstrated that would use the firmware in a monitor to then alter what is displayed on the monitor.

1:21.0

Of course, you could also then read whatever data is sent to the monitor.

1:26.5

So lots of options here that could lead to a full system

1:30.5

compromise without necessarily hitting the actual desktop or a laptop, but instead the entire

1:38.5

code is in the monitor where, well, usual anti-malware and forensic software can't get to it.

1:46.0

Interesting exploit. Not sure I'm really that surprised that it's possible,

1:50.0

but of course we'll have to see how practical,

1:54.0

in particular remote exploitation of these vulnerabilities will be.

1:59.0

It will certainly be an attractive way for an attacker that

2:02.9

has admin access to a system to gain persistent access. And over the last few years, several

2:09.2

manufacturers came up with external USB drives that include a keypad that allows you to lock the drive using a pin.

2:20.3

Now of course four even eight digit pins are relatively easily brute forced

2:26.3

so essentially what these devices do to prevent brute forcing is that they add a delay whenever you do enter the wrong pin or they may eventually totally

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.