ISC StormCast for Monday, November 20th 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 20 November 2017
⏱️ 7 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, November 20th, 2017 edition of the Sands and its Stormson as Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida. |
| 0:12.4 | Recently a few times I've talked about Bitcoin theft. Well, looks like we have yet another method how bitcoins are being stolen, did he observed in his |
| 0:23.6 | web logs an increase in scans for what looks like Bitcoin wallets. |
| 0:29.6 | Apparently a lot of people are careless and expose these wallets on their website using standard |
| 0:36.6 | file names like wallet.sip or wallet backup. |
| 0:40.3 | . . And the bad guys have figured it out now and are scanning the internet for respective files. |
| 0:49.3 | These scans aren't all that new, they have happened in the past, but the frequency of them has certainly |
| 0:55.0 | increased recently. And Pratt is looking at some recent malicious spam that he has received |
| 1:02.8 | this time, yet again, the good old roots of a fake resume. It doesn't actually push ransomware apparently this time. Now, this same family of |
| 1:14.2 | Malware has pushed ransomware in the past, but appears to have switched back now to banking |
| 1:20.7 | malware. I wonder if this is a little bit of Trent Ver. The bad guys are getting a bit sick of ransomware, |
| 1:27.1 | and it's switching back to a good old banking matter, but one sample, of course, is a little bit early to call this a trend. |
| 1:37.0 | And Big IP released an important update for its products that patches of vulnerability in TLS. |
| 1:46.2 | Due to this vulnerability, it's possible for an attacker to decrypt TLS sessions if the |
| 1:53.2 | RSA algorithm was used in order to exchange keys. |
| 1:58.2 | Now before you run out and panic and update all of your servers on this short week, |
| 2:04.7 | let's look at some of the dependencies for this attack. First of all, you need to have a client |
| 2:10.4 | Zell profile enabled and RSA key exchange. Now most servers probably do have RSA key exchange enabled, but then if |
| 2:21.3 | you do use Diffy-Hellman ciphers, then you are actually not vulnerable because just attacking |
| 2:28.2 | the key exchange won't really help the attacker. Also, by default, big IP is configured with what they call the generic alert |
| 2:37.0 | option. That does not really return a lot of detail to the attacker, so with this option enabled, |
| 2:45.6 | it'll take more work for the attacker to actually decrypt the session. And if you do actually require a valid client certificate, then you are only vulnerable |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.