meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, October 8th 2018

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 8 October 2018

⏱️ 7 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. WPA2 Krack Attack Update; Cisco Patches; git Vulnerability; SWATing

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, October 8, 2018 edition of the Sansanet Storm Center's Stormcast.

0:07.0

My name is Johannes Ulrich, and I'm recording from Honolulu, Hawaii.

0:12.0

Just a quick update on the Bloomberg story regarding the rogue chips that allegedly were found on super micro motherboards. We have a few more

0:23.9

denials of the store including Department of Homeland Security did publish

0:29.7

press release stating that they're not aware of any implants like this. On the

0:35.6

other hand Bloomberg reconfirmed that even in light of all of these

0:40.1

denials that they're standing by their story. So really hard to tell. Again, don't panic. I wouldn't

0:49.1

go in and rip apart all of your servers. If this story is true, then likely only very specific organizations were targeted with these malicious chips.

1:02.0

Well, it was about a year ago that Matthew Vanhoeff did find the crack attack in WPA2 and well with WPA3 on the horizon now

1:14.9

Matthew did publish an update about his work about weaknesses in WPA2 what he found is

1:23.3

that there are a couple ways how mitigation of the crack attack is lagging. For example,

1:30.9

WNM, the wireless network management feature, which is a power safe feature that you find a lot

1:37.2

in mobile device and such, can be used to bypass some of the crack countermeasures. Secondly, also some of the patches being

1:46.9

deployed have been deficient and not really addressing the entire crack problem. Now

1:54.5

the patches have been improved and OS10 for example was an example here So if you're up to date, you should be okay.

2:04.6

He also showed how a new feature, that's Phil's or the fast initial link setup, can be used in order to again get back to the crack attack.

2:14.6

However, this particular feature has only been finalized in June of 2017

2:21.3

and hasn't really shown up yet in hardware. This feature is also more for direct contact

2:28.3

between clients, so probably not such a big issue at this point. In short, sometime next year, WPA-3 should be

2:38.4

arriving in the form of hardware. So we'll see what this will do. This should prevent the

2:45.6

crack attack and should in general make WPA more secure and also in some cases more usable.

2:53.0

So we'll see what it hacks people will come up with once this new standard is actually being used in the wild.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.