Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
hello welcome to the thursday
0:02
august eighteenth two thousand twenty
0:04
two edition off the science and it's nonsense
0:06
storm gas my name is johan as
0:09
all right hand i know yet again recording from
0:11
jacksonville florida but you may
0:13
be able to tell by that thunderstorm
0:15
and to rein in the background these
0:18
last couple days i spent some time
0:20
looking at sub traffic to play with the you
0:22
will take as the came on ability
0:25
and as part of fed this
0:27
of overall experiments i also set
0:29
up set week as two weeks server
0:32
what surprised me and surprised
0:34
guess should not have surprised me was
0:37
how much this increase the
0:39
old boys over ip scanning traffic
0:42
and that was seen by this
0:44
server now voice over ip or
0:46
a sip a traffic is quite
0:48
commonly been used to scam
0:50
random the system say it off
0:52
makes one of the top ten ports
0:55
in our list but
0:57
as soon as i set up the server
1:00
that number of hits pry p wind
1:03
up easily by a factor
1:05
off of one hundred and
1:07
it was a very simple setup of the server
1:09
didn't will allow any of phone
1:11
calls said just sort of was you
1:14
just accepting packets and were returning
1:17
a permission denied that
1:19
a percent of all kinds of attacks
1:21
are scams that i know that
1:24
of one was they're basically someone just
1:26
try to call a number be up my
1:28
server the second one was ready
1:30
actually tried to register
1:32
and extensions with this voice
1:34
over ip servitude then of course would have allowed
1:37
them to impersonate whatever
1:39
company runs of that particular
1:41
server and the two
1:43
most called number of other sort of matchstick
1:46
harman exploit activity that seen
1:48
in exposed voice over ip
1:50
servers one number
1:52
was in the palace
1:54
time at territories quite often
1:57
in areas like this that are some of
1:59
not a loaded in unlimited
2:02
a calling plan for such people
2:04
still worry about the cost
2:07
of calls and of course that
2:10
leads to them attempting to use
2:12
unprotected voice over ip server is the
2:14
second one was a number in chicago
2:17
this may have been attempt to use
2:19
set of for scam calls of course
2:22
using some yeah be configured
2:24
voice over ip server makes it easier
2:27
to hide the true identity off the
2:29
scammer and also makes
2:31
it less likely that the it is camera
2:33
is then shut down we
2:36
got zero days today as today
2:38
be received a few interesting updates
2:40
all passing act the fleet exploited
2:43
a worn abilities let's start
2:45
with apple aapl up the that mack
2:47
was monterey and the i us
2:49
as well as i pad west's and
2:51
to dissipate sixty two warner
2:54
bullies and all me to warn of
2:56
billions both of these worn abilities
2:58
are already actively being
3:01
exploited model of details
3:03
here of course as typical for apple
3:05
one of these want to believe is in a web
3:08
kid and allows for operate code
3:10
execution as the victim
3:12
is visiting a particular a website
3:15
the second one is of then a problem
3:17
that allows for privilege escalation
3:19
so if you're connecting those
3:21
to warn abilities it's a user
3:24
visits a malicious website the
3:26
attacker will be able to
3:28
execute code as route not
3:30
clear if older versions of mack was
3:33
are effective as well what apple
3:35
typically dust with these web kids want
3:37
a belief is that they will later
3:40
released an update for safari that
3:42
success of these are wet can issues
3:45
for older operating systems
3:48
the to release too bleak rome one
3:51
all for and it does six
3:53
a number of critical and a medium
3:55
flaws but it also does
3:58
a tourists of on ability that's
4:00
already have been exploited for
4:02
that sort of our second or third
4:05
if you count apple as to sarah
4:07
day being patched and
4:09
a third item here is not exactly as siro
4:11
day but some worn ability in cisco
4:14
equipment that wasn't
4:16
sort of properly patched recently
4:19
rapid , researcher j cop
4:21
baines at the discover to warn
4:23
ability and the problem you're essentially
4:25
is that the an administrator
4:28
if they're connecting at who militias
4:32
adapt this secure device manager
4:34
secure device dm a server a while
4:37
that malicious server can execute
4:40
arbitrary code on the administrators
4:42
workstation now, you expect
4:45
there is some kind of certificate setup
4:47
or so, to make started you're connecting it to the
4:49
correct server apparently it that
4:51
hasn't been done properly by
4:54
sisqo and i wasn't update released
4:57
last week when this was first
4:59
announced and jacob also released
5:02
a xbox one called state
5:04
state state the
5:06
fix that cisco blind was that
5:09
will not give you a up
5:12
when you're connecting, but that pop up morning,
5:14
we'll just tell you is that the
5:16
version of the asdm
5:19
server is out of date? it also
5:21
suggests patching so let's
5:23
hope that that this prompt cisco
5:26
administrator into maybe look closer
5:29
but by the time you connected,
5:32
it's pretty much already at too late
5:34
of for big her earlier to overcome
5:36
is that administrator first
5:39
needs to connect to the malicious server
5:41
using that cline and
5:44
is it for today, is thanks
5:47
for listening and talk to you tomorrow
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More