meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, June 15th 2017

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 14 June 2017

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information and cyber security. Malicious Headphones; Systemd Odd Defaults; VoLTE Vulnerabilities;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Thursday, June 15th, 2017 edition of the Sands and a storm center's

0:06.3

Stormcast. My name is Johannes Ulrich, and today I am recording from Jacksonville, Florida.

0:12.5

Looks like some users discovered somewhat of an annoyance when it comes to network settings and

0:17.8

System D. System D is a recent addition to Linux and it is used to start various

0:26.1

services like for example the networking subsystem.

0:30.8

Turns out that if you do not configure your DNS server or NTP server it does fall back to not well documented defaults. Now,

0:41.9

typically that's not a huge issue. The defaults for the DNS server are the Google DNS server,

0:48.7

which are quite often used. Anyway, the NTP server is a little bit more tricky because it also uses a Google server

0:56.6

that actually should no longer be used.

1:00.3

But the overall problem may be that, for example, if you're using DNS queries to unauthorize

1:07.5

DNS servers to identify infected systems, this may lead to false positives.

1:13.6

Also, DNS changers often have set the DNS settings to the Google DNS servers in order

1:21.6

to bypass some filters. So overall, if you seize Linux systems all of a sudden connecting to Google DNS

1:30.0

servers, it may not be malicious, it may just be this default configuration. And researchers at

1:37.7

P1 security took a closer look at voice over LTE. And now with LTE networks, what's happening is that pretty much data is the only thing being sent.

1:51.4

And if you're running voice over LTE, what you're actually doing is you're running voice over IP.

1:57.9

And with that, of course, voice over LTE inherited all the favorite voice over IP

2:03.6

protocols like for example SIP and associated vulnerabilities so for example SIP invites can be used in order to enumerate users just like it has been done for normal voice over IP networks. In addition, once Malware infects

2:20.9

an endpoint like a phone, it's able to listen in on the call. The calls, for example, on Android,

2:26.7

are just terminated on a special interface. So just like any other network interface, you could

2:33.1

run T-Svied-up on it in order to record the call.

2:37.0

The encryption with voice over LTE is done by LTE, so the actual voice over LTE channel does not add any additional encryption.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.