Hello, welcome to the Thursday, October 1st, 2020 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida.

You always love emails from our readers with puzzles, and well, maybe you can help me solve the latest one and it's about

a file called FPURL.XML. This reader states that on their IIS server, they do see a significant

number of requests for FPURL. XML. Now, best I can tell, this file is related to the Windows

federated identity. If you are using Windows Hello for business, for example, this file

appears to be used.

Now what's not really clear is if these hits that they're seeing against their IS server,

if they are sort of some form of reconnaissance trying to download the file,

which may reveal some trust relationships,

or if this is just something certain clients are doing

in order to check if they can use this authentication method. Overall, Windows Hello for

Business seems to be a good and interesting way to authenticate your users. It essentially does allow

users to authenticate via their Azure Active Directory. So if they have set up, for example,

two-factor authentication via Azure AD, they'll be able to leverage them to authenticate to your application.

So any insight as to how this file may be useful to an attacker or how it may just get

accessed as part of clients hitting your application?

Well, please let us know.

Anything is appreciated here. And if you are using

HP's thin client devices and manage them with the HP device manager, well, you have a critical

update that you need to apply quickly. Sadly, the HP vulnerability bulletin here doesn't do the

vulnerability quite just it. What happened was that Nikki Plur, security researcher, did look

...