meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, July 18th 2016

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 18 July 2016

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. More Python Malware; Critical Juniper Vulnerability

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, July 18th, 2016 edition of the San Center and Storm Center's Stormcast.

0:07.3

My name is Johannes Ulrich and I'm recording from Minneapolis, Minnesota.

0:11.6

Did he a while ago posted a Yara rule that allows you to find any PE files that are using Pi installer.

0:19.1

Pi installer being a tool that can be used to run Python scripts as standalone code on Windows systems.

0:27.6

Now of course this is also used by Benign software, but the DDA found additional examples of Malware that were essentially just written in Python and

0:40.0

then wrapped with Pynstaller in order to launch them. In case you're using his Yara rule,

0:47.4

make sure that you're looking for false positives. But if you find something interesting,

0:52.1

please let us know. DDA would like to look at a couple more malware samples that are using installer.

0:59.9

And Juniper announced a rather serious vulnerabilities in its IPSEC implementation.

1:07.0

When you're using digital certificates in order to authenticate users, one thing of course

1:13.3

it has to be made sure is that the certificate is signed by a trusted certificate authority

1:19.7

and this is not being done properly.

1:23.6

Instead, it just looks whether or not the name of the certificate authority matches.

1:28.3

It does not verify whether or not an actual authorized key was used to sign the certificate.

1:36.3

So what should happen is if a user tries to log in to your VPN and the user presents a certificate to authenticate itself.

1:46.0

The VPN server should now verify the signature of that certificate using the actual

1:53.0

certificate of a trusted certificate authority.

1:57.0

Well, instead it just checks whether or not the name that's mentioned in the certificate that's presented by the user matches one of the trusted set of authorities.

2:06.6

So there is no actual cryptographic match done, just a simple string comparison of the name that's claimed to have signed the certificate authority.

2:16.6

And of course, anybody can come up with a certificate, with any name, and then sign a certificate.

2:24.2

So this essentially invalidates the access control on these VPN implementations.

2:30.4

Juniper released an update for JunoS and they also did release a workaround.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.