Hello, welcome to the Tuesday, November 22nd, 2016 edition of the Sandson and Storms,

Stormcast. My name is Johannes Ulrich, and the I am recording from Jacksonville, Florida.

The DA came across an interesting new variation of the old password encrypted zip file trick.

Now, we have seen this for many years where malware comes

attached as a zip file that's encrypted in order to prevent anti-malware from analyzing the file.

Now typically the password is then just mentioned in the text of the email. Sometimes we have also seen images with the password

in order to prevent automatic algorithms from finding the password. In this latest iteration,

the password is actually a comment inside the SIP file. You may attach comments to SIP files that are being displayed then when

you're trying to decompress the file and in this case this comment will then provide you with

the password. Shouldn't really be too hard for anti-malware than to figure out what the password is,

but of course they first have to start looking for this particular variation.

And just as a side note, of course, researchers often use password-incrypted zip files in order

to exchange samples. Typically, the password in these cases is just the word

infected, sometimes malware or things like that.

Well, I've actually observed that some mail systems do actually unsyp these files if they're

using one of these standard passwords.

And just to show it's not just the no-name cheap Asian

cameras that are affected by simple vulnerabilities. Siemens today announced that its IP-based

CCTV cameras also suffer from pretty easy to exploit vulnerability. Now this is not a hard-coded

password like we had, for example, in some of these systems infected by the Mirai bot, but instead

in this case, NetHacker can simply retrieve the current password for the camera by accessing a specific

URL. We have seen this before where configuration files and the like were not adequately protected

...