ISC StormCast for Thursday, October 13th 2016
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 12 October 2016
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Thursday, October 13th, 2016 edition of the Sandsenet Storm Center's |
| 0:06.6 | Stormcast. My name is Johannes Ulrich, and the day I'm recording from Jacksonville, Florida. |
| 0:12.6 | Just a quick reminder, we got a special webcast coming today about the Mirai Botnet. |
| 0:20.1 | If you are interested, sands.org slash webcasts, and it starts at 1pm |
| 0:27.3 | Eastern. A good reminder from Xavier about one Wi-Fi feature that keeps getting people into |
| 0:34.5 | trouble and this is the preferred network list where |
| 0:38.7 | essentially your computer remembers networks that you joined in the past and |
| 0:44.3 | will automatically connect you to these networks as long as the SSID remains the same |
| 0:50.9 | and of course there are plenty of tools out there that will just listen |
| 0:55.0 | for these probes and then offer whatever SSID the user is listening for, giving that |
| 1:04.0 | individual that runs this access point, a chance to play man in the middle. Actually, OS10 or MacOS, I should say, in the last update, did add a new feature |
| 1:15.6 | where whenever you do connect to an open access point, meaning an accent point, without any kind of encryption. |
| 1:23.6 | It does give you a little warning about this, but in general what it comes down to is be careful what public access point you connect to, best not to connect at all, and using something like a tethered cell phone instead, and occasionally review that preferred network list. Make sure there are no networks in there that you |
| 1:46.0 | want, don't want to connect without warning. And with all the news about in and of |
| 1:53.0 | things and associated vulnerabilities, well it's about time for things to get better a |
| 1:58.0 | little bit. Turns out today things just got verse. We have a new set of |
| 2:03.8 | vulnerabilities. I think it's about 14 vulnerabilities total in AV Tech IP cameras. Now not all of them |
| 2:12.3 | are remote code execution vulnerabilities, but of course there are some here and yeah actually |
| 2:17.2 | there is no |
| 2:17.8 | default password but instead we got an authentication bypass and command execution |
| 2:24.7 | vulnerability in the web interface for this particular camera at this point I would say if you |
| 2:31.7 | do have any kind of in-head connectedconnected camera, assume it's vulnerable. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.