Hello and welcome to the Monday, January 26, 2006 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the Sands.edu graduate certificate program in cyber defense operations.

I just want to start out with a quick update on the 40 OS SAML bypass issue.

We now have an official statement from 40Net regarding this problem.

And they basically say, say well kind of what you

already knew that it was Samel and single sign on related so the mitigation still stands

you should disable single sign on and there is no patch available yet and 40 net didn't say

about a schedule or anything like this just just that they're working on it.

One interesting sort of little titbit from the 40 Net advisory is that this does not just affect the 40 cloud implementation of single sign-on,

but essentially more or less any system that you're using that uses SAML to authenticate to 40 OS could potentially be bypassed.

So it's basically how 40OS implement SAML and how it verifies whether or not these SAML messages are correctly signed.

This, of course, is an ongoing issue.

Not just 4DNet has been struggling with implementing Samel correctly.

There have been multiple issues.

We have talked about this here in the podcast before,

where it was possible to bypass Samel authentication by manipulating these digitally signed messages.

And we got a second out-of-band update from Microsoft that was triggered by January's security updates. This time it's Outlook that's being patched. Again, these updates are not security

updates so much,

but they're fixing problems that were introduced by the security update.

Here, apparently, if you're using Outlook and you're storing PST files on OneDrive,

you may have Outlook hanging and you can't exit it.

...