Hello, welcome to the Monday, February 26, 2018 edition of the Santered Storm Service Stormcast. My name is

Johannes Ulrich. I'm recording from Jacksonville, Florida. First, a couple of quick notes about

diaries from this weekend. Did he wrote about a slightly better, simpler way to download malware via Tor.

He had a diary about this a few weeks ago, but this new method makes things a little bit

easier. Secondly, Guy wrote about black hole advertising sites with pie hole. Now, pie hole

is sort of a sinkhole that you can install in your network, and then you can redirect black hole sites to this sinkhole. Of course, Guy had something like this with his DNS black hole. This is something that you would use to collect data from outbound connections.

So it's not your honeypot that collects inbound connections, but instead you're trying to

figure out what potentially malicious sites your users are connecting to and what data they

would be sending to these malicious sites.

I usually try to stay a little bit away from legal issues and the like, but there is an interesting

settlement that was reached between a tax layer, a tax preparation company and the Federal Trade

Commission, the FTC.

The problem here was credential stuffing.

Now, that term is a little bit new and it's really sort of a variation of a password prude force attack in that that hacker instead of just randomly guessing passwords is

using not just using some and passwords but other identifying

information that was leaked in breaches at other companies.

So the problem here is how do I protect my own site from an attacker that gained access

to my user's username and password via a third-party

side that I don't control.

Well, the FTC apparently is the opinion you should do something about it.

Now, I haven't had access to the full text of the settlement.

I'm just linking in the show notes to a summary.

...