meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, August 10th 2017

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 10 August 2017

⏱️ 7 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DirectDefense Accuses Carbon Black of Data Leak;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Thursday, August 10th, 2017 edition of the Santernet Storm Center's Stormcast.

0:07.2

My name is Johannes Ulrich, and I am recording from Jacksonville, Florida.

0:11.9

Virus Total is a great service operated by Google that allows everybody to upload binaries to the service and have them scanned by a number of different anti-malver tools.

0:26.1

Now, the problem with Virus Total, of course, is that once you upload the particular file to Virus Total, it stays with Virus Total, and Virus Total does provide access to files uploaded to researchers and to anti-malware

0:41.8

companies. Apparently some people are still not aware of this and security company

0:47.9

direct defense did note that a large number of files were uploaded via Carbon Black. Now, Carbon Black

0:58.0

is an endpoint security solution. It has its own analysis of files, runs them in sandboxes,

1:05.0

does various signature scans on any file that it encounters, and it does offer the option to users to upload these files to

1:14.9

a virus total.

1:16.7

Apparently this option is not enabled by default.

1:20.3

The user has to enable it in order to make the tool upload the files, but it looks like a lot of large companies went ahead and enabled it.

1:31.3

By default, Carbon Black does take a more secure approach in that it only sends

1:38.3

hashes of files to a virus total in order to check if they are known malicious files.

1:46.0

Of course sending the hash to virus total only works if the identical file was already identified as malicious.

1:54.0

It won't work if a slight variation of the file is being investigated, but that again is something that the user has to figure out

2:02.4

whether or not they think it's worthwhile to risk leaking data to virus total by sending complete

2:09.5

binaries. Carbon plaque does display a privacy notice when you enable the virus total feature,

2:15.7

but then again, who reads those privacy notices?

2:19.9

So regardless, this specific case, my recommendation is always, if you do want to do some

2:25.6

wholesale scanning with virus total, let's say scan every single attachment that you're receiving

2:32.6

via email and I have seen people do that.

2:35.0

Only send the hash to a virus total. Do not send the full attachment to virus total.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.