meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Wednesday, June 22nd 2016

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 22 June 2016

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min infosec news summary. News, patches, vulnerabilities and trends in information security. Apple Airport Update;

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Wednesday, June 22nd, 2016 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida. Apple released an update for its airport base station. It also covers the time capsule, which does contain the same Wi-Fi and router component as the

0:24.2

airport base stations. The vulnerability that's being addressed by this patch is a remote

0:31.1

code execution vulnerability in the DNS data parsing code. It's not really clear how this particular vulnerability would be exploited.

0:42.3

It could be as simple as something in an admin interface that could be used in order to execute arbitrary code.

0:51.3

The attacker, of course, would have to log in first. The advisory as typical for Apple

0:57.8

is very brief and there isn't really any detail here about whether or not it would require

1:03.0

authentication. Remote of course just means across the network. So I recommend you probably should

1:09.8

go ahead and update your firmware within the next

1:12.9

few days. And the SSL certificate marketplace is certainly starting to shake up somewhat with the

1:20.2

free Let's Encrypt service being online now for a few months. Startcom, an SL certificate authority that has issued free certificates for a few months. Startcom an SL certificate authority that has issued free certificates

1:30.3

for a few years now. Also now has an API that you can use to automate some of the certificate

1:39.8

issuing related tasks. StartCom's API, of course, does not just support their free offerings,

1:47.1

but also their for pay offerings like EV certificates. And the main purpose of the service

1:54.3

is not the free certificates, which they already had, but to make managing your certificates

2:00.4

simpler.

2:01.6

And criminals are now using some of the same techniques they have used in order to steal

2:06.6

online banking credentials to steal Bitcoin credentials from users. Of course, in particular,

2:13.6

with the recent search in Bitcoin value that has become a rather attractive target.

2:20.3

Also the increased interest in Bitcoin that comes with the increase in value has led to a lot of new users that may not necessarily be quite aware how Bitcoin works or what particular sites look like and how they

2:36.5

function. The domains being used in these attacks are typically typo squatting domains. So these

2:43.3

are domains that differ from the real domains with a couple of letters. In addition, these fake

2:50.2

domains are being advertised using Google Adverts.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.