meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Thursday, October 21st, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 21 October 2021

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Leaked Covid Certs; Chrome Removes FTP; Squirrel VM Bug; BlackByte Decryptor

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Thursday, October 21st, 2021 edition of the Sansonet Storm Center's Stormcast.

0:07.8

My name is Johannes Ulrich, and I'm recording from Riyadh, Saudi Arabia.

0:13.6

A lot of jurisdictions these days do require COVID vaccination certificates in order to gain entry into public places like restaurants

0:24.2

or for travel.

0:26.8

Often these certificates are presented in form of a printed copy that contains a QR code.

0:34.7

And of course, various health information items that are identifying which vaccines you took

0:40.9

and when in order to qualify you as vaccinated. So with all these documents floating around,

0:48.7

Xavier went on a hunting expedition in order to see how many of these documents he can find on virus total.

0:56.6

Sadly, it looks like there's still a lot of organizations that are sending, for example,

1:01.1

email attachments by default to virus total, not realizing that essentially they're making

1:06.6

these documents public. So, for example, in order to qualify for a vacation or something like

1:13.5

this, you needed to send this certificate to a company and well, they may now have leaked it

1:20.4

to a virus total or possibly other sites. And Xavier found numerous examples with his simple search. I bet you probably could find

1:31.3

similar leaks also just by doing specific Google searches for these documents. Of course,

1:39.3

another issue is the use of QR codes here. Now, the certificates may not be so much of an issue, but in many

1:46.4

places also you are required to scan QR codes as you're entering venues using some specific

1:53.6

contact tracing applications. And Chrome has removed FTP in yet another sign that the good old file transfer protocol is going away in Chrome 95, which was released yesterday.

2:09.9

The complete codebase for FTP was removed.

2:13.8

Now, at least since about half a year ago or so, I believe, Google Chrome has no longer

2:20.2

supported FTP by default. Firefox did remove it July, if I remember correctly, and well,

2:30.7

Safari never really supported FTP. So at this point, the only place where you will likely find FTP in a web browser is probably Internet Explorer if you still keep that around.

2:43.6

But at the same time, be aware if you are relying on FTP servers, you probably should find another way to distribute the files, maybe HDPS,

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.