meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, August 3rd 2017

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 2 August 2017

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Attacking #NoSQL; Web Developer Toolbar Hijacked; #Amazon stops selling #Blu

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Thursday, August 3, 2017 edition of the Santernut Storm Center's Stormcast. My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

0:12.0

Many modern web applications are moving to NoSQL databases. Now, with that, there are some new threats that you need to be aware of.

0:22.8

Boyan has a nice diary today that builds on a talk that he gave at Zan Spire,

0:30.0

explaining how to attack these no-SQL databases.

0:33.9

Now, with SQL injection, an attacker is typically able to rewrite SQL commands.

0:41.3

No SQL works a little bit different.

0:44.3

You typically can't easily rewrite commands as you can do with SQL.

0:49.3

But on the other hand, you're typically dealing with complex data types.

0:54.7

The example that Boyan here has is JSON, and then by using JSON tricks, it is often possible

1:03.5

to have the input misinterpreted and essentially go back to what you had with a SQL injection just now with no SQL databases

1:14.0

and you are then able to retrieve data that you weren't supposed to retrieve or even update data

1:21.5

that you weren't supposed to be able to update. So pretty interesting diary I think pretty

1:27.3

cutting-edge stuff that Boyan is doing

1:29.5

here. If you are using any of these NoSQL databases, in particular the ones that deal directly

1:35.8

with JSON data, then take a look at his diary. Yesterday I talked about how a developer for the copyfish extension in Google Chrome fell

1:47.5

for a fishing attack and as a result, his Google developer account was hijacked and the extension

1:54.5

replaced with adware. Apparently this wasn't the only extension that happened to. The very popular web developer toolbar also was replaced with AdWare yesterday.

2:07.6

So if you have that installed, make sure that you have the uninfected, the clean version installed.

2:14.6

Apparently in this case, the developer was able to get his account back,

2:20.4

and that particular extension should be okay now. And Kasperski is writing about further developments

2:28.8

with Android banking malware. The latest case that they discovered was a further development of the

2:37.5

SVPeng Trojan. That particular Trojan has been known for a while now, actually for a couple

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.