Hello, welcome to the Wednesday, September 19th, 2018 edition of the Sandton Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

One of the reconnaissance tools that has become really popular over the last year or so is certificate transparency. These are the logs that

certificate authorities maintain whenever they are issuing a certificate and well these logs are

public and Rob now has a nice overview of various tools that you can use to query these logs.

Personally, I do think that certificate transparency is a necessary feature of certificate

authorities and you should certainly take advantage of it in a defensive sense in that you

monitor any certificates being issued for your domains.

If you do want to keep your own host names or internal certificates private,

then by all means set up your own internal certificate authority

and then you don't have to really comply with these certificate transparency requirements.

And then a listener reminded me that I overlooked an issue that came up actually late last

week about Cody, the open source home theater software.

You'll find that a lot of these video sticks and other similar small appliances that you usually buy for around $100 are built around Cody.

Now, the thing with Cody is that you can download add-ons, and the official add-ons, of course, are somewhat restricted in their functionality.

So a lot of users attempted to sign up for alternative repositories,

which provide add-ons that may not be as well vetted as the original installation or these

official add-ons.

The result is that, yes, your TV stick may be mining crypto coins or backdoors

could be installed via these malicious add-ons. EZt security wrote this up in a blog post

with details about some of the crypto mining plugins that they found. So if you're running

the software, take a look at it and

...