Podcast Detail

SANS Stormcast Monday Feb 24th: sigs.py update; Google Introdusing Quantum Safe Sigs; MSFT Update Win 11 issues; LTE/5G Vulns;

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9336.mp3

previous
next
Podcast Logo
sigs.py update; Google Introdusing Quantum Safe Sigs; MSFT Update Win 11 issues; LTE/5G Vulns;
00:00

Tool Update: Sigs.py
Jim updates sigs.py. The tool verifies hashes for files and automatically recognizes what hash is used.
https://isc.sans.edu/diary/Tool%20update%3A%20sigs.py%20-%20added%20check%20mode/31706

Google Announcing Quantum Safe Digital Signatures in Cloud KMS
Google announced the option to use quantum safe digital signatures for its
cloud key management system.
https://cloud.google.com/blog/products/identity-security/announcing-quantum-safe-digital-signatures-in-cloud-kms

Windows 11 Patch issues
The February Patch Tuesday appears to have caused issues with a number of Windows 11 systems. In particular the usability of the file manager appears to be affected.
https://www.windowslatest.com/2025/02/16/windows-11-kb5051987-breaks-file-explorer-install-fails-on-windows-11-24h2/

LTE/5G Vulnerabilities
Researchers at the university of Florida have identified a large number of vulnerabilities in 5G and LTE networks.
https://nathanielbennett.com/publications/ransacked.pdf

Podcast Transcript

 Hello and welcome to the Monday, February 24th, 2025
 edition of the SANS and Storm Center's Stormcast. My name is
 Johannes Ulrich and today I'm recording from Jacksonville,
 Florida. In diaries this weekend we got a new tool or
 an improved tool better from Jim. Jim looked into verifying
 hashes and improved his tool 6 .py. The big difference of
 this tool compared to some of the other tools is you don't
 have to tell it what hashing algorithm to use. So if you
 have a text file with file names and hashes of various
 formats, the tool will go through the text file, figure
 out what hash format was used for a particular hash based on
 its length, and then verify whether or not the file with
 that name matches that hash. That sort of solves some of
 the issues when you're dealing with, for example, trying to
 verify binaries. Every distributor of binaries sort
 of has their own little way how they're calculating the
 hashes. This makes it just a little bit more
 straightforward. And then a little follow-up to the
 Microsoft quantum computing story from last week. Google
 now rolled out post-quantum cryptography for its cloud key
 management system or KMS. This is the kind of stuff that we
 really need to implement some of these algorithms. Vendors
 like Google supporting them in their products to essentially
 then make it just the flip of a switch in order to switch to
 this new algorithm. Haven't played with it yet, but if
 anybody has, let me know what your experience is, if there
 are any issues that you ran into here. This wasn't
 necessarily prompted by Microsoft's announcement. I
 believe that Google has been working on this for a while.
 Just happened sort of that late last week. They made that
 announcement after Microsoft made their announcement about
 their breakthrough in quantum computing. Just want to also
 clarify a little bit the vocabulary here. So quantum
 computing, that's when we're talking about computers that
 use quantum effects in order to improve things like break
 ciphers. Then we do have post -quantum cryptography. Post
 -quantum cryptography means these are ciphers that are
 also something called quantum safe. So themselves, they
 don't need quantum computers in order to apply the cipher.
 They need normal or regular computers, but they basically
 are countering the threat posed by quantum computers.
 Then there's also something called quantum cryptography.
 Completely different, actually sometimes more correctly
 called quantum key exchange. They use quantum effects to
 actually transmit data and protect it from eavesdropping.
 Totally different from the other two. I've sometimes been
 misquoted myself too, where it says, hey, quantum encryption
 will protect against the threat posed by quantum
 computing. It's really post -quantum cryptography or
 quantum safe algorithms will protect against the threat
 posed by quantum computing. And apparently a number of
 users are having issues with the latest Microsoft updates
 and Windows 11. I will post a link to a website called
 Windows Latest that summarizes some of these issues that
 users are having. The good news so far appears to be if
 you uninstall the patch and reboot the system, things
 should go back to normal. One apparently particularly
 annoying issue is with the file manager where it breaks
 after you apply the patch. If you have any issues here, let
 me know if you found any other workarounds or any specific
 problems, particularly around Windows 11. This appears to be
 happening the most. And we got a paper from research at
 University of Florida that outlines a good number of
 different and new vulnerabilities in protocols
 and software related to 5G and LTE networks. What this really
 means to you is, for the most part, well, don't trust a
 network that you don't manage. So if you connect to another
 system over 5G, LTE, cable modem, it doesn't matter.
 Don't trust the network. Set up some form of end-to-end
 encryption. VPNs, of course, are your friend here for the
 most part. Now, if you happen to work for a telco, well,
 then don't trust the network you're managing. Think about
 out-of-band access and how you would detect some of these
 threats. It will probably take a while due to a large number
 of vulnerabilities here for them to be mitigated in some
 form. So overall, like I said, trust encryption end-to-end.
 Don't trust the network. Well, and that's it for today. So
 thanks for listening and talk to you again tomorrow. Bye.
 Bye. Bye. Bye. Thank you.