ISC StormCast for Thursday, January 18th, 2024
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 18 January 2024
⏱️ 7 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Thursday, January 18th, 2020, |
| 0:04.6 | for edition of the Sands and its Storms Centers, Stormcast. |
| 0:08.6 | My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida. |
| 0:14.7 | One assumption when running a honeypot is that any vulnerabilities being exploited by an attacker |
| 0:20.8 | are likely also vulnerabilities |
| 0:23.5 | that are frequently seen on system because an attacker wouldn't really waste their resources |
| 0:29.4 | exploiting hardly seen vulnerabilities. Well, the same is probably also true for passwords. |
| 0:36.2 | With our Telnet and SSH logs. We are collecting |
| 0:40.5 | passwords that attackers are attempting against our honeypots. And Jesse took a look at, well, |
| 0:48.3 | how numbers are being used in these passwords. Numbers are often used as part of passport requirements to achieve a certain |
| 0:56.4 | complexity. Attackers, of course, know that users are gravitating to certain numbers, like |
| 1:03.3 | password 1. Well, some interesting findings here from Jesse. First of all, the number one is by far the most common use number, |
| 1:14.7 | followed by two and three. No big surprise here. What I also like is that when Jesse looked for |
| 1:22.2 | groups of four numbers, that year numbers like 2022, 2021, 2021, 23 are right there in the top. Of course, |
| 1:33.3 | the overall top is one, two, three, four. So hackers know how our users are likely going to |
| 1:39.8 | react to password complexity and also password rotation requirements. And that in part is reflected in the passwords that they're attempting. |
| 1:49.4 | Probably the lesson that has been pushed in recent years to focus on length and not just simple complexity and not to require passport rotation is a sound advice given this data from our honeypots. |
| 2:06.4 | Kerserski has an interesting blog post about how to detect malware on iOS. |
| 2:12.3 | Detecting malware on iOS can be tricky because, well, a lot of the internal database and such are not necessarily |
| 2:20.3 | that well documented. It can be quite tricky to extract all the data. Well, what they found was |
| 2:28.3 | that one of the simplest way to get a pretty good idea if a system is compromised is the shutdown log. The shutdown log |
| 2:38.9 | is created whenever the system is the iPhone or iOS device is being rebooted or shut down. And |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.