meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, October 20th 2016

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 19 October 2016

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. #ICS Files Used to "Amplify" spam;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Thursday, October 20th, 2016 edition of the Sand Center and Storm Center's Stormcast.

0:07.9

My name is Johannes Ulrich, and it I'm recording from Baltimore, Maryland.

0:13.1

Xavier wrote up some interesting span that he received recently with a calendar file as an attachment.

0:20.3

Now, I've seen these attachments before.

0:23.2

Typically, the point here is to have that appointment added to your calendar automatically,

0:29.6

which some mail clients will do,

0:32.3

and then, of course, the reminder essentially will amplify the spam.

0:37.4

In this case, however, it looks like they played a little bit a different trick.

0:42.3

What they did is they added 50 different participants to this appointment

0:47.9

and then they're counting on the recipient of the email to cancel the appointment, which will send an email to all 50 participants, essentially distributing the spam even further.

1:02.9

Interesting approach, because this way the attacker actually only has to send one email and gets the victim to amplify these emails to the 50 different recipients.

1:15.3

You should definitely not configure your mail client to automatically add appointments.

1:20.7

There should at least be a prompt asking you if you want to have them added to your calendar

1:26.0

and then just delete them if you don't like the particular invite if you want to have them added to your calendar and then just delete them if you don't like

1:29.3

the particular invite if you think it is spam and do not cancel or otherwise respond to these

1:37.3

messages.

1:38.3

And the process used by Komodo to verify ownership of domains for SL certificates had an interesting

1:48.7

vulnerability if you try to verify a Belgium or European domain. These are the dot BE or dot

1:57.3

EU domains. Turns out that for those particular top level domains, you cannot get a text

2:04.8

representation of the who is information that includes the owner's email address and commonly

2:11.0

that is used to verify the ownership of a particular domain. Instead, these particular top-level domains only offer this data in image form

2:22.3

in order to prevent spammers from harvesting the data.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.