ISC StormCast for Tuesday, March 19th, 2024
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 19 March 2024
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Tuesday, March 19th, 2024 edition of the Sandsenet Stormsetters Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida. |
| 0:13.7 | Well, it has long been shown that RSA certificates that are only 1224 bits in length are not considered secure. |
| 0:23.6 | And well, back sort of around 2010, I think there was this famous demo where a group in Switzerland did break RSA 1024 with a bunch of PlayStation's. |
| 0:36.6 | Microsoft now announced that they will soon get rid of 1024-bit RSA keys, operating system-wide for Windows. |
| 0:48.2 | Now, you may wonder, hey, isn't that already kind of a thing? |
| 0:52.0 | You can already not really get a certificate from a public sort of authority |
| 0:56.8 | that's less than 2048 bit in size. The problem here is that there are a lot of sort of internal |
| 1:03.9 | Windows components that use RSA and they often use internal sort of authorities and they they, of course, can still create these shorter |
| 1:13.2 | keys. So Microsoft wants you to know to make sure to no longer create these shorter keys, |
| 1:19.0 | because in the near future, and there is no specific date here, these shorter keys will no longer |
| 1:26.5 | work with Windows. |
| 1:29.0 | Web browsers, of course, have not trusted these short keys for quite a number of years now. |
| 1:35.8 | And Google announced a significant upgrade to its safe browsing feature. |
| 1:40.9 | The way this worked until now was that your browser would download a list of malicious sites or hatches of these malicious sites every 30 to 60 minutes. |
| 1:53.2 | Well, of course, these lists have been growing and also it has been more and more important to very quickly block some of these sites. |
| 2:02.1 | So starting soon, Google Chrome at least, will check sites real time. |
| 2:08.8 | There's a small downside to this, or well, depending on how you look at it, maybe a large downside. |
| 2:14.5 | And that's that in doing so, your system will essentially tell |
| 2:20.3 | Google what websites you are visiting. Well, Google says that they're actually avoiding this |
| 2:28.0 | issue by sending your data through a privacy server that will obfuscate and anonymize the data. |
| 2:35.9 | We'll see how this all works out, but yes, this should give you a more agile response |
| 2:43.0 | and require less resources on the local system, which of course is particularly important |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.