ISC StormCast for Friday, August 29th 2014

By Johannes Ullrich Telling Good from Evil: Not easy in Javascript; Honeynet releases beeswarm; FF 32 introducing SSL Cert Pinning; JP Morgan Breached;
Obfuscated Javascript: Good or Evil
JP Morgan Breach
Firefox 32 To Introduce SSL Cert Pinning
Honeynet Project introduces “Beeswarm” More Here    

ISC StormCast for Thursday, August 28th 2014

By Johannes Ullrich More Memory Scraping for CC Date; More router backdoors; more browser and MSFT patches; more malvertisements
More Memory Scraping in PoS Devices
Google Chrome 37 Released
Microsoft Re-Releases MS14-045
More Router Backdoors: Netis Routers use hard coded password on UDP/53413
Synology Software Update
Popular Websites like and TMZ offering Malvertisements More Here    

ISC StormCast for Wednesday, August 27th 2014

By Johannes Ullrich Point of Sales Devices and PCI
Netflix Releases Security Tools
New Free Windows Firewall / Network Monitoring Systems More Here    

ISC StormCast for Tuesday, August 26th 2014

By Johannes Ullrich Looking for Packets: 1900/UDP DoS and abnormal CRL Downloads; SONY Playstation Network DoS and Bomb Threat; Are users too complacent?
Are you seeing abnormal CRL Downloads?
UDP port 1900 (UPNP) Reflective DDoS Attacks
SONY Playstation Network DoS Attack and Bomb Threat
Kaspersky Report Shows Users are concerned about online risks but don’t do anyth
ing about them More Here    

ISC StormCast for Monday, August 25th 2014

By Johannes Ullrich What are the 2% of attacks your firewall misses? Stiffed by Synolocker crew? Try F-Secure for Help!
NSS Cyber Resiliance Report
F-Secure Releases Tool to Help Decrypt Synolocker Files (IF YOU PAID THE RANSOM)
US-Cert: Over 1,000 Business Infected By Back-Off PoS Malware
NIST Releases Guidance on SSH Key Management More Here    

ISC StormCast for Friday, August 22nd 2014

By Johannes Ullrich #OpenIOC support for ISC API; Side Channels steal keys and screen content; More bad SSL news for Android apps; Fake Anti Virus as dead as real Anti Virus
ISC update: OpenIOC output for our API
Side Channel Attacks via Shared Memory on Android
Reading Encryption Keys from Surface Electric Potential Measurement
Mobile Applications use bad SSL Implementations
Current State of Fake Anti Virus More Here    

ISC StormCast for Thursday, August 21st 2014

By Johannes Ullrich Heartbleed claims another victim; Traffic Signal Insecurity; Stuxnet Vulnerability still present; Get ready to phase out SHA-1
Heartbleed Bug Identified as Root Cause of Large Medical Data Breach
Manipulating Traffic Signals
Stuxnet Vulnerability Still Frequently Unpatched
Google Chrome Leading the Charge in Deprecating SHA-1 for SSL Certificates!msg/blink-dev/2-R4XziFc7A/YO0ZSrX_X4wJ More Here    

ISC StormCast for Wednesday, August 20th 2014

By Johannes Ullrich Lots of crypto: 1024 even less trusted; Facebook sees lots of STARTTLS; PGP: Still right for modern times?
1024 Bit CAs even less trusted
Facebook sees vast improvement in STARTTLS use over only 3 months
PGP Showing Its Age, but no suitable replacement in sight More Here    

ISC StormCast for Tuesday, August 19th 2014

By Johannes Ullrich More about UDP and bad NAT; Lots of Patient Records Lost; More Syrian Malware; Odd new Facebook “age verification” trick
2nd Part of the UDP behind NAT riddle
4.5 Million Patient Files Lost
Pro Syrian Malware on the Rise
More Here    

ISC StormCast for Monday, August 18th 2014

By Johannes Ullrich Beware of the Patch – UDP behind NAT may not be firewalled – yet another PHP cgi exploit – talk quiet, your smart phone is vibrating
MSFT MS14-045 Patch Causes Blue Screen of Death
The dangers of UDP services behind NAT
PHP CGI exploit with interesting reverse shell
Smart Phone Gyroscope Sensitive Enough to Detect Speech
Internet Wide Scan Finds Many Exposed VNC Servers
More Here