Hello, welcome to the Monday, January 9th, 2017 edition of the Sands and the Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

We got a couple of stories related to security tools to start out with.

First, John posted about how he found various cookie databases that appear

to originate from browsers in Virus Total. VirusTotal as a paid service offers subscribers to

search through all submitted files, even those that do not lead to any hits when inspected by virus totals, malware scanners.

John, for example, has some Yara rules that he is using to search for domain names that he

owns to see if they show up in any malware.

And of course, malware that wouldn't be detected by standard end of virus engines would be

particularly interesting here. These files are often... Of course, malware that wouldn't be detected by standard in the virus engines would be particularly

interesting here.

These files are often of specific interests to researchers as a result.

But some security tools submit all unknown files they encounter to virus total for inspection.

As a result, confidential data often then ends up in

virus total like these cookie files and then can be downloaded by anybody with a paid

virus total subscription. So be careful when submitting data to sites like virus total. Often, all you

really have to do is submit a hash of the file.

And of course, you don't reveal the content of the file. There are also, for example,

email gateways that submit all attachments to VirusTotal. Particularly often homemade solutions

do that. Don't do it. You're really exposing all of your confidential data that way.

Secondly, Xavier reminds us that security tools often run with elevated privileges and if compromised,

these privileges can be leveraged by NetHacker to further compromise network. For example,

...