ISC StormCast for Thursday, May 4th 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 3 May 2017
⏱️ 8 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Thursday, May 4th, 2017 edition of the Sansonet Stormsendos Stormcast. My name is Johannes Ulrich. |
| 0:09.0 | And today I'm recording from Jacksonville, Florida. If you have an email account, then you very likely saw an interesting Google Docs fish earlier today. |
| 0:19.6 | Now, these emails typically arrived from valid Gmail accounts, |
| 0:25.5 | not necessarily someone you knew. And what really sort of gave them away as malicious or odd |
| 0:32.1 | was the two field in email, which wasn't your name. Instead instead it was an email address that looked suspicious |
| 0:39.2 | it had a lot of ages and followed by melnator.com at least the samples that I have seen. Now the |
| 0:48.3 | tricky part about this fishing attempt was that you typically never get asked for your password. What this fish is after |
| 0:58.0 | is O-O-O-O-O-R credentials. Now, O-O-Oth is an interesting authentication scheme that you see used a lot by social |
| 1:06.5 | media, by Google, and it allows you to assign certain privileges to applications. |
| 1:13.5 | So the way Oath works, you could assign privileges to an application that, for example, |
| 1:20.1 | needs access to your Google documents. So the application requests as access from you, you authenticate to Google and then |
| 1:29.3 | basically tell Google that it's okay to let this particular application access your Google |
| 1:35.3 | documents. |
| 1:36.3 | You probably have done that before, Facebook, Twitter, all of these social media sites also |
| 1:42.3 | heavily rely on OOF. |
| 1:45.0 | The good part about OOath is that this third-party application never actually needs to know your username and password. |
| 1:53.0 | Instead, during that handshake where you approve the application, this application is being provided a very application-specific password that works only with this application |
| 2:04.3 | and only allows access to specific items that you allowed access to. |
| 2:10.6 | So in this particular case, the fishing attempt did just that. |
| 2:15.9 | It asked you for access. Now, it did in particular ask access not to Google documents, but instead to read, send, delete and manage your email. In addition, it also asked for access to manage your contacts. This may have given it away that this was not just a normal document |
| 2:36.1 | that someone wanted to share with you, but if you clicked on allow, then Google issued an application |
| 2:44.1 | specific password, an Oath token to this malicious application. It made it more likely for people to fall for it by calling |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.