meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, September 17th 2018

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 17 September 2018

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Reversing Shortcuts; Not So Random UA; Safari DoS; Webroot SecureAnywhere; Intel ME

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, September 17th, 2018 edition of the Sands and its Storms Center's

0:07.0

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

0:13.8

This weekend, the DA wrote a diary with some shortcuts helping you to reverse malicious visual basic code.

0:21.6

What is mostly about is trying to decipher these obfuscated strings that are typically passed to create objects.

0:29.6

Well, the DA's assumption here is it's actually somewhat predictable what the attacker would like to create here with create objects.

0:39.3

And often, obfuscation doesn't change the length of the string.

0:43.3

So using these assumptions, you are able to make some intelligent guesses as to which object is being created without having to jump through all the hoops and the obfuscating the code.

0:55.7

So neat little trick if you do a lot of reverse analysis, but probably also requires some

1:00.1

experience to sort of make the right guesses here. But then we also have a question for you

1:07.6

listening to this podcast or reading our blogs. Did he for a long time now is seeing in

1:13.7

his weblogs an odd user agent. That user agent is UA Tools Random. This looks like a function,

1:22.8

a variable that wasn't properly expanded as the attack tool was run.

1:33.2

So really looks like an attempt to create a random user agent that failed.

1:38.2

So if you have any ideas, which attack tool could create a string like this,

1:39.9

well, please let us know.

1:46.4

And then we got a new denial of service attack against Safari.

1:52.3

Now, typically crashing a browser isn't really all that exciting, happens quite often.

1:59.5

But this one is particularly devastating for iOS, where it actually reboots the entire phone.

2:06.6

On desktop versions of Safari, it appears to at least under some circumstances lock up the browser. There are also some reports that this may affect some other browsers.

2:11.6

For example, Chrome if you enable the right development features or Firefox may be affected by this.

2:20.3

Also there are some reports of internet 11 on Windows 7 being affected by this vulnerability.

2:27.3

So it appears that the vulnerability is actually part of a WebKit, which is the Apple rendering library that is included in a lot of other

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.