Hello, welcome to the Thursday, April 20th, 2017 edition of the Santonet Storms and Stormcast. My name is Johannes Ulrich and the I'm recording from Jacksonville, Florida.

Xavier today looked again at malicious Excel files. That's probably one of the most common ways that you will find at hackers trying to sneak

malicious code into your network.

Now filtering these Excel files and analyzing them is of course quite important and Xavier's

taking a look at them, in particular those Excel files that store, for example, the URL that's being

used to download additional data in hidden columns and cells within the Excel file.

And of course, as we are used to from Xavi, he also provides us with the Python scripts to do

this all ourselves. So all you have to do is run his Python script

and you get the content back of these cells.

He also has a little Python script

that will then extract binaries

that may come as part of the Excel spreadsheet.

And if you used some recent Bose wireless headphones,

you may have noticed that they come with a little app that you can install on your smartphone.

Well, it turns out according to a complaint filed in court yesterday that this app will also report back to Bose what you are

listening to. Now, the court document doesn't specify how it was discovered that this is what the

app was doing, but the complaint is specific enough in saying that segment.io, which is a marketing analysis company,

was actually at the receiving end of this data, transmitted very serial number of the headphone,

and then what kind of music or podcast or the like the listener was listening to.

It'll be interesting to see what comes out of this.

You can still use your headphones without the Bose Connect app,

but part of the selling point of these headsets is that you can control them with this app.

...