meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, September 25th 2017

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News

4.9754 Ratings

🗓️ 25 September 2017

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Forensics and "mount --bind"; Adobe PGP Error; AVAST Update; Go Keyboard Spyware

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, September 25th, 2017 edition of the Sandton at Storm Center's Stormcast. My name is Johannes Ulrich and the I'm recording from Baltimore, Maryland.

0:12.7

When you're doing forensics on a file system, the most volatile property of the files is probably the access time.

0:21.0

It's updated whenever you access the file, meaning whenever you read the file.

0:26.0

Now when Jim recently wrote about the tool Mac robber that he rewrote in Python, he also

0:32.8

noted that this tool was not going to collect checksums of these files by default because that again

0:41.2

would change the access time now in today's diary jim wrote about a little trick that he's using

0:48.5

in order to prevent that from happening and that is to actually use a bind mount a bind mount really maps one

0:56.2

directory in another location and by doing so with the read-only attribute if you are

1:02.6

accessing the file in that new location that you mapped it to then access times are

1:09.0

not updated so this is a pretty neat trick, but still be careful whenever you access files, that you

1:16.6

do it correctly, and that you are not inadvertently updating your access times.

1:22.8

PGP, pretty good privacy, is still probably the dominant encryption mechanism when you're trying to exchange email, in particular for vulnerability disclosure.

1:34.3

The advantage of PGP is it's implemented on many platforms as a standalone application.

1:40.3

It's pretty easy to encrypt a file and then attach the encrypted file to an email or to upload it to a website.

1:48.3

Well, to facilitate these exchanges, many companies are publishing PGP keys.

1:54.8

Now, the emphasis here should be on publishing your public PGP key.

1:59.6

Adobe apparently made a mistake late last week and published its

2:03.6

private key instead. Sadly, this mistake is more common than it should be a lot of people who

2:10.6

use PGP, don't use it regularly, and aren't really all that familiar with the mechanics of actually how these keys work.

2:19.6

And, well, Adobe is just the latest high-profile example to fall in this trap.

2:25.0

And Avast published an interesting blog post with some additional details about the C-Cleaner incident.

2:32.4

With the help of law enforcement, Avast was able to get a hold of the server used to control the bots that were infected with a C-cleaner.

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.