Hello, welcome to the Thursday, March 2, 2017 edition of the Sandsenet Storm Center's Stormcast. My name is Johannes.

Ulrich and I'm recording from Jacksonville, Florida. Today we got a quick diary from Boyan about TLS on unexpected ports.

In this case, Port 389. Port 389 is usually used for LDAB but

LDAP has an option where you can use start TLS to enable TLS on the fly for an

existing connection typically that's done for SMTP and quite commonly done

for SMTP for LDA done for SMTP for LDAP.

It's not as common and not as well known that you can actually use that option.

Of course, once you enable that option, you have to make sure that TLS is configured correctly.

And that's exactly what Boyan was testing here with the NMAP script

that he used to verify the TLS configuration. And if you're still daring enough to run Wordpress

and have the NextGen gallery plugin installed, it's time to patch. SQL injection vulnerability has been made public in this plugin with sufficient detail

to exploit it.

So I wouldn't be surprised if we already have people going around and scanning for vulnerable

implementations.

So this vulnerability does not affect all WordPress installs, but only those that have this

next-gen gallery plugin installed.

The German Fraunhofer Institute looked at nine different popular Android password managers

and found that all of them are to some extent

vulnerable. Now, some of the vulnerabilities are common to many of the applications. For example,

insecure storage of master keys. Other vulnerabilities are only affecting some of these applications.

One that comes up a couple times and is probably almost more severe is that passwords may be

leaked to the wrong subdomain.

...