meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Wednesday, August 23rd 2017

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News

4.9754 Ratings

🗓️ 23 August 2017

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Keychain iCloud Storage Risks; Room Mapping With Speakers; .fish Used For Phishing

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Wednesday, August 23rd, 2017 edition of the Santa Net Stormson,

0:06.6

Stormcast. My name is Johannes Ulrich, and today I'm recording from Virginia, Beach, Virginia.

0:12.6

Russian forensics company Elcomsoft that has made a name for itself with the analysis of, for example, iPhones and ICloud data has released a new feature that

0:24.2

allows investigators to retrieve a copy of the Apple keychain from ICloud backups.

0:33.1

Now, while this sounds bad, it's actually not a vulnerability and comes with quite a few requirements.

0:41.1

Investigator first needs the username and password to access ICloud and also needs a trusted device that was synced with ICloud in order to unlock the keychain.

0:57.6

Also iOS and OS10 will not store the keychain with iCloud unless a two-factor authentication is enabled. Well, what this really means is that you

1:04.7

have to be careful with your iCloud credentials if you do store your keychain within iCloud.

1:10.2

That should be obvious in some way

1:13.1

that's true for any kind of password manager that does store credentials in the cloud the

1:20.6

security of these credentials is pretty much always linked to the security of the passphrase

1:25.6

that you use to authenticate.

1:28.1

The iCloud option is in so far probably better than some of these keychain managers

1:34.1

in that it does require two-factor authentication via a trusted device.

1:41.3

Now, Elcomsoft also announced that they will implement the ability to download the keychain

1:47.2

using an authentication token that can be retrieved from a PC or a Mac that is authenticated to ICloud.

1:55.3

This could be a little bit more problematic because that's a file that could probably be stolen using malware.

2:03.2

Another issue, of course, with all of these cloud-based passport managers

2:06.6

is that the user has little visibility in who is accessing their keychain using the cloud backup.

2:15.3

There are typically no easy accessible logs for the end user.

2:20.1

Now, one of the interesting new privacy threats that is associated with increasing home automation

2:26.7

is the ability of many of these devices to map rooms. Now, a few weeks back, there some release from Roomba. Rumba apparently did submit

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.