meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Wednesday, August 30th, 2023

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 30 August 2023

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Website Survivaltime; ActiveMime Maldocs; RocketMQ Exploited; ManageEnging Vuln;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Wednesday, August 30th, 2023 edition of the Sandcent Storm Center's Stormcast.

0:08.1

My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida.

0:14.1

Boyan today wrote up a little test-hitted, and that was setting up a new website and registering a TLS certificate for it,

0:22.9

and then waiting how long it takes for the website to be actually scanned.

0:27.6

Well, it turns out it only took seconds.

0:30.7

The culprit here is likely certificate transparency.

0:34.7

Now, to make it clear, certificate transparency is a good thing. It forces

0:39.6

certificate authorities to publish certificates that they issue, which you then can search to,

0:46.1

for example, identify certificates that someone may have retrieved for your domain without authorization. All public sort of authorities that

0:57.4

are part of the trusted sort of authority ecosystem have to publish these certificate transparency

1:04.4

logs and that basically ensures that they all sort of play by the same rules. But with these logs being public and relatively

1:12.8

easy to monitor, it's no surprise that various more or less bad guys, some of them are

1:20.3

sort of in our research category, are scanning any new website as it's being deployed. So your survival time here is really only a few

1:30.5

seconds, which of course important because often websites are being made life before the security

1:37.7

configuration of the site is completed. So it is a good reminder. Make sure that anything that you are making life is completely secure.

1:48.0

So don't wait until later. As far certificates go, what I usually recommend is if you have

1:54.4

internal websites, like development websites and such, it may just be not just simpler, but also safer to use an internal

2:03.2

set of authority for these sites. Of course, that only works if only a limited audience needs

2:09.4

to reach the site and for development and internal sites. It may be better to have an

2:14.5

internal set of authority, and of course internal set of authorities don't have to play by these rules and do not have to publish certificate transparency logs.

2:24.9

I have a blog post by the Japanese cert that I must admit I didn't really take quite serious yesterday.

2:32.8

And, well, today I looked at it again after one listener sort of pointed me to it.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.