Hello and welcome to the Wednesday, November 16th, 2020 edition of the Sandsenet Storm Center's Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

Start a little bit a new thing today and calling it a packet Tuesday. I have been floating the idea for a while,

sort of on social media,

and the idea of Packet Tuesday is to deep dive in a brief video

into a particular network packet feature.

The first one that I picked for today was these international domain names and how they're encoded

with puny code in DNS. So that'll be the first packet Tuesday and there will be one each Tuesday

going forward. If you have any packet that you're interested in, any feature, please let me know.

And of course, this is brand new, so any feedback is highly appreciated.

And talking about social media with Mastodon becoming quite popular, maybe even more popular

than Twitter right now when it comes to sort of the Infosec news scene.

The Maston platform is, of course, also receiving more scrutiny.

One example is a vulnerability found by Portsvicker.

Portsvicker, of course, the company behind the famous Burb proxy did discover an interesting vulnerability that allowed an attacker to essentially inject an invisible HTML form that then was used to harvest credentials.

The root cause here was a cross-site scripting vulnerability that allowed injection of HTML.

Now, often when we are talking about cross-side scripting, we're thinking about a lot of JavaScript.

Here, it's really more about HTML in the sense that an HTML form was injected.

And then the HTML form with a username and password field, well,

the browser would automatically refill the credentials if you're using a password manager.

And then the user was tricked into submitting the form by actually clicking on the little

ellipsis icon. So it wasn't 100% automatic.

Portsmaker did demonstrate the vulnerability with the InfoSec Exchange

...