Hello, welcome to the Thursday, July 13th, 2017 edition of the Sands and the Storm Center's Stormcast. My name is Johannes Ulrich and I am recording from Stockholm, Germany.

File integrity management is always a hot topic and, of course, important for security to make sure if files got changed and why they got changed.

Now, the first part, the if is actually not that hard usually, and Xavier has another trick

here to do this using backup files, given that backups are usually pretty good in identifying

files that changed in order to create incremental

backups. He mentions R-Sync as a tool to do that with. Our sync actually can use things

like checksums to compare files, so it doesn't just rely on the file date, for example, or the size of the file.

So this is, in my opinion, actually, the easy part of file integrity management.

The hard part is then to always go through these reports and figure out which files are

supposed to change.

For example, libraries may be updated by automatic update processes.

Change control really has to tie into this as well. Otherwise, you will very quickly get overwhelmed

by these reports. Ethereum is a new and up-and-coming cryptocurrency that in many ways even surpasses the

mindshare of Bitcoin at this point.

It's not quite as big yet, but has been rising very steadily until recently.

So no big surprise that criminals are turning from Bitcoin to Ethereum to find new victims.

In particular, a wallet service called My Ether wallet appears to be a target here of these scams.

Now, these scams don't really use traditional fishing via email. Instead, they're

using new media like Slack and Reddit in order to impersonate official My Ether wallet chatbots.

Over the last six days, it appears that these attacks did steal around $700,000 worth of

crypto coins from various users.

Now, this attack is not a breach in My Ether wallet.

...