Hello, welcome to the Tuesday, January 23rd, 2018 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

We've got two quick and interesting diaries from the date today.

First one is about retrieving malware over Tor.

Tor, of course, is often used by attackers to anonymize themselves, but can also be useful

for the defender.

If you are analyzing malware, you often don't want to give away who it is actually who is

analyzing the malbear.

The DEA shows how to use Tor socks and curl in order to make this more anonymized download

pretty easy. And in a second diary, DDA is talking about how to properly analyze SSLTLS with

ViroShark if it's using an off port for example port 22 port 22 of course is

commonly used by SSH not SSL or TLS so if someone happens to use TLS over port 22

which is certainly possible you have to tell ViroShark to explicitly analyze it as TLS.

And looks like all the confusion about the Meltdown Inspector patches are just not settling

down.

Intel now removed some of the microcode patches that it has released, particular since a couple systems like

Ubuntu, Redhead, VMware and also HP had issues with these updates.

Now initially looked like only some of the older architectures were affected by this,

but it's also Pradwell and Skylake. Proudwell was released

in 2014, I believe. Skylake followed it sort of 2015, 2016, so these chips are still currently

being sold and they're having problems with these patches.

Linus Torwald also got in the game here about the patches that Intel released and he has

...