ISC StormCast for Thursday, August 31st, 2023
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 31 August 2023
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Thursday, August 31st, 2020, |
| 0:05.1 | edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich, and |
| 0:10.8 | today I'm recording from Jacksonville, Florida. Well, as you may have heard, Florida was |
| 0:18.1 | hit by a significant hurricane today. Luckily, Jacksonville, where I live, wasn't really affected, but I figured maybe a good opportunity to sort of share some general hurricane preparedness tips. Of course, much of that can be applied to all kinds of disasters. One issue actually that someone brought up in a comment on social media was that the sort of home office small business type of setups are even more significant now with people working at home, |
| 0:50.1 | where your disaster recovery plan will often depends on people being able to continue to work at home. |
| 0:57.3 | But on the other hand, you may actually have an advantage if you have a more geographically diverse workforce |
| 1:03.5 | in that not everybody necessarily is affected by a disaster like this. |
| 1:09.9 | So if you're interested, take a look at the diary I wrote and any comments, any other tips that you may find useful. |
| 1:17.8 | Please share them. |
| 1:20.6 | And security labs did release proof of concept, exploit and details about fixing vulnerabilities in Notepad++. |
| 1:32.1 | Notepad++, a very popular Windows application. |
| 1:36.6 | The problem here is if you open a crafted file with Notepad++, well, remote code execution may have. |
| 1:49.0 | And before you say, okay, nobody's ever going to open a random document in Notepad Plus Plus. |
| 1:50.0 | The overall vulnerability here is very similar to many of the exploits that we have seen, for |
| 1:56.0 | example, against Microsoft Office software. |
| 2:00.0 | And a developer or someone else using Notepad++ quite regular may of course open a random document |
| 2:07.2 | they receive in an email or find on a website in this tool. |
| 2:12.4 | The problem here is that the vulnerabilities have not been fixed yet. Security Lab who identified these |
| 2:20.6 | vulnerabilities, I think has done a real good job, at least according to our timeline, and |
| 2:25.1 | not just notifying Notepad plus-plus maintainers, but also suggesting, for example, |
| 2:31.8 | fixes and even creating some private pull requests for them to |
| 2:36.6 | incorporate these fixes. But that apparently has not happened so far, even though |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.