Hello, welcome to the Tuesday, October 18th, 2016 edition of the Sandsenet Storms and a Stormcast.

My name is Johannes Ulrich and I am recording from Baltimore, Maryland.

And while we got big news about HTTP or in particular how it affects Firefox users.

In Firefox, you have the ability to enable a

telemetry module that will report back user statistics off your browsing behavior to Mozilla.

And according to these statistics last week, more than 50% of requests sent by Firefox users went over HDPS instead of HDP.

This is published by Josh from the Let's Encrypt Project and certainly the Let's Encrypt

project can be credited with a good increase in the number of HDPS-capable websites.

And memory forensics is certainly becoming more and more important as the amount of memory

available in common systems increases and less and less malware of course is being safe to disk, but it also does provide access to data that's typically only found encrypted.

In a nice blog post at Tech Arnakey by Kevin, he writes up how to retrieve passwords from last pass that have been stored in memory and

as he points out this is not a vulnerability in last pass last pass has to decrypt

the passwords of course you could also pull these passwords passwords out of the

browser when the browser has the passwords in memory even if the

user typed in the password but nevertheless I really like about this article that

he doesn't just tell you sort of how to do it with last pass but also how he went

about finding out how to do it with last pass so what he does here should be adaptable to other password managers as well.

And of course, in order to get access to the memory on a system, you already have to operate

as the user that you're targeting here or better as administrator.

So again, this doesn't really present any fundamental new

vulnerability. Just something to keep in mind when you're using these tools and to keep in

particular when you're trying to do memory forensics in order to recover some of this data.

...