meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, November 4th, 2024

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 4 November 2024

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Odd SSH Username; QPDF; Okta bcrypt issue; Synology Patches; Fake Lastpass Reviews;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Monday, November 4, 2024 edition of the Sandsenet Storm Center's Stormcast.

0:08.2

My name is Johannes Ulrich and I'm recording from Riyadh, Saudi Arabia.

0:13.5

I've got a couple of small diaries to start out with.

0:16.4

First, take a closer look at one of the usernames that I discussed in a recent diary of, well, not so common, but top 10 Zhaj

0:27.6

usernames. This one is Gen Zey Long. It is also the name of a Chinese poet. So it could be related to that.

0:37.8

Guy only saw this particular username being used in the last couple weeks and with

0:42.3

passwords that are either derived from the username or used by IP cameras. So it could be possibly

0:50.4

one of those common backdoor passwords, but haven't really seen it document anywhere.

0:58.2

Another quick diary from this weekend, DDA is introducing a Quick Tool Q PDF.

1:05.8

This tool allows you to extract streams from a PDF, similar to what DDA's own PDF parser.Py

1:15.5

tool is doing. QPDF is Windows executable and directly has the ability to export the data

1:23.4

as JSON formatted files.

1:35.2

And then we have some interesting details from Octa regarding a vulnerability that discovered October 30th.

1:40.5

This particular vulnerability leads to a potential, even though somewhat theoretical,

1:46.5

a vulnerability if you're using the Active Directory LDAB delegated authication or DellOth systems. The vulnerability is interesting because it is an example of how an odd

1:55.0

behavior of a hashing algorithm can really lead to an actual vulnerability.

2:02.6

Octa uses B-Crypt to hash the strings that are being used for authentication.

2:09.6

That is of course not a bad hashing algorithm by any means, but the problem is that B-Crypt only hashes the first 72 bytes of

2:21.7

the input. So as long as the first 72 bytes are the same, well, then you end up with the same hash.

2:29.9

This doesn't sound like a huge issue if you're just hashing passwords.

2:41.4

But what Octa actually is doing, the string is hashing is concatenated from the username,

2:44.2

the username, and then the password. So if the username exceeds 52 bytes, well, the password doesn't really matter anymore.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.