Hello, welcome to the Tuesday, June 5th, 2018 edition of the Santernet Storm Center's Stormcast.

My name is Johannes Ulrich and the air I'm recording from Augusta, Georgia.

Rob today took a closer look at Authenticode Microsoft's longstanding standard to sign executable code.

In particular, Rob looked at how feasible it is to restrict

execution to signed code only. Rob put together some neat scripts to enumerate all executables,

summarizing the certificates used, and also the certificate authorities used to sign these certificates. to look at unsigned code of course as well to figure out if any unsigned

binaries are important in the daily use of Windows and products like Office.

One interesting find the copy of a Windows 10 Rob investigated, actually included one legitimate

binary that was verified using a test certificate authority.

But he also found a number of unsigned files.

For example, part of the Hyper V system appears to be unsigned, which is in particular troubling,

given the importance this HyperV subsystem has in some of the newer security restrictions on Windows.

Given the fact that numerous Microsoft Office files as well as Windows operating system components are not signed.

It turns out to be a little bit more difficult and expected to restrict Windows 10 to execute signed code only.

Take a look at his post.

If you are interested in this technique and his scripts or if you have any experiences to share, one reader

pointed out that just in time compiled.net applications are also a challenge when it comes

to executing signed code only.

And a cyber risk company, Kena security, reminds all organizations using Google's G Suite to review their Google groups.

Apparently, administrators do not quite understand the privacy settings for the corporate version of Google Groups.

As Kena discovered, groups are supposed to be for internal use only, are often configured

to be visible to anybody from the internet. Part of the misunderstanding may be how these groups

...