Hello, welcome to the Tuesday, October 10th, 2017 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Singapore.

Xavier today had some fun with a Word document that arrived as an XML file.

I believe ever since Word 2007, the default format was actually XML and it's the open

XML format that Word is using to save files as.

But in this particular case, while it does use open XML data, the actual data part is

base 64 encoded.

This leads to many anti-malware products not actually recognizing this file as a Word document,

so they're not looking for some of the standard tricks that the bad guys are playing

with Virt.

In this particular case, a malicious macro.

So after all, an old trick, base 64 encoding can still be used to fool various anti-malware products.

I don't really think there are a lot of business reasons to receive an XML document that's not recognized as a vert document which actually

may be one way to filter these particular files. Credit card skimmers that are built

into gas station gas pumps have become a real big problem in part because it's

relatively easy usually for an attacker to install

these skimmers without being noticed.

Now a new project developed an Android app skimmer scanner that will look for these skimmers

using Bluetooth.

The way this particular app works is that it does look for Bluetooth devices

with specific titles, HC05, which is very typical for these skimmers. And I will try to connect

to them with the default password, one, two, three, four, and send just a letter P to that

...