meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Tuesday, July 18th 2017

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 18 July 2017

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Brazil Phishing Scam Targeting 2FA; FreeRadius Update;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Tuesday, July 18th, 2017 edition of the Sands and at Storm Center's

0:06.2

Stormcast. My name is Johannes Ulrich, and today I am recording from Jacksonville, Florida.

0:12.8

Renato came across an interesting fishing attempt that actually involved two-factor

0:18.3

authentication. Two-factor authentication is usually the best defense against

0:23.6

fishing, but in this particular case, the bad guys actually tried to bypass two-factor authentication as

0:31.5

well. This attempt was directed against Brazilian users of a bank in Brazil that does hand to its customers

0:40.5

little cards with essentially one-time passwords that you can use. So it's really just a printed

0:47.7

set of numbers. Now what this particular fishing attempt did was they asked the user for their username and

0:55.3

password and then they asked them to just take a picture off that card with their camera

1:01.5

and send it and upload it via the fishing site.

1:06.4

I think this is pretty ingenious and I can see where victims will fall for something like this

1:12.6

because they don't quite understand the significance of actually taking a picture and sending

1:18.9

it in given that they still believe that they are connected to their bank.

1:24.8

Now this is also one problem of these printed one-time password cards.

1:31.7

They are quite cheap to produce, of course, and not all that inconvenient to use.

1:39.0

But the problem with these systems is that you don't really know if someone made a copy of the card and probably

1:46.6

many users will make copies of these cards in order to have like one at work, one at home,

1:52.6

and maybe keep one in their wallet. That's one advantage of going with real hard tokens that will only display one number at a time and

2:04.4

they actually have some protection against, for example, disassembling the token.

2:11.0

And Guido Francon is at it again with his fusing skills and this time he looked at the radius and DHCP parsers produced by the

2:22.3

Free Radius project. Radius is an authentication protocol used in many networking systems. Free

2:31.3

Radius is probably the most popular open source implementation of this protocol,

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.