Hello, welcome to the Wednesday, October 5th, 2016 edition of the Sand Center and Storm Center's Stormcast.

My name is Johannes Orich, and the day I'm recording from Honolulu, Hawaii.

Now, always like it when users share a little log snippets with us that they find interesting and exciting and new and different.

We had a couple of them today that weren't exactly new, but there's still something that keeps

popping up.

So I decided to write it up as a diary.

In this case, it is an SSL client connecting to a non-SSSL web server.

This sort of leaves a fairly characteristic pattern in your weblogs

because your web server essentially interprets that SSL client hello request

as a request to the web server.

The connection of course will fail. You'll see for

example 400 errors in return that isn't really an attack against your web

server. It's really someone just probing web servers trying to find

web servers that happen to support SSL. Typically you'll see this if you have an web server that's listening

on a port other than 80, like 8,000, 80, and the like. Those web servers sometimes do indeed

respond to SSL requests and that's why you see these scans coming in. It is an attack,

but it's nothing really that's usually going to harm your

non-susel web server. So keep those logs coming. Certainly always appreciate to see what

other people are seeing in their web server logs or any logs for that matter.

And today Animus, the maker of the One Touch insulin pump and Rapid 7, did release joint

advisories on vulnerabilities in this insulin pump.

The research was done by Jay Ratcliffe, who has done research into insulin pumps for

...