Handler on Duty: Jan Kopriva
Threat Level: green
Podcast Detail
SANS Stormcast Monday Feb 24th: sigs.py update; Google Introdusing Quantum Safe Sigs; MSFT Update Win 11 issues; LTE/5G Vulns;
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9336.mp3

sigs.py update; Google Introdusing Quantum Safe Sigs; MSFT Update Win 11 issues; LTE/5G Vulns;
00:00
My Next Class
Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Apr 13th - Apr 18th 2025 |
Application Security: Securing Web Apps, APIs, and Microservices | San Diego | May 5th - May 10th 2025 |
Tool Update: Sigs.py
Jim updates sigs.py. The tool verifies hashes for files and automatically recognizes what hash is used.
https://isc.sans.edu/diary/Tool%20update%3A%20sigs.py%20-%20added%20check%20mode/31706
Google Announcing Quantum Safe Digital Signatures in Cloud KMS
Google announced the option to use quantum safe digital signatures for its
cloud key management system.
https://cloud.google.com/blog/products/identity-security/announcing-quantum-safe-digital-signatures-in-cloud-kms
Windows 11 Patch issues
The February Patch Tuesday appears to have caused issues with a number of Windows 11 systems. In particular the usability of the file manager appears to be affected.
https://www.windowslatest.com/2025/02/16/windows-11-kb5051987-breaks-file-explorer-install-fails-on-windows-11-24h2/
LTE/5G Vulnerabilities
Researchers at the university of Florida have identified a large number of vulnerabilities in 5G and LTE networks.
https://nathanielbennett.com/publications/ransacked.pdf
Discussion
Microsoft's latest update has caused one Dell Optiplex 7060 running Windows 11 Education version 23H2 here to not connect to the network. It can't ping anything not even a loopback ip address, but ironically it can download and install optional windows updates. Unfortunately, so far none of those have fixed the problem. Strange.
Posted by willowinthewind on Tue Feb 25 2025, 17:44
New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form
Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Apr 13th - Apr 18th 2025 |
Application Security: Securing Web Apps, APIs, and Microservices | San Diego | May 5th - May 10th 2025 |
Network Monitoring and Threat Detection In-Depth | Baltimore | Jun 2nd - Jun 7th 2025 |
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Jul 14th - Jul 19th 2025 |
Podcast Transcript
Hello and welcome to the Monday, February 24th, 2025 edition of the SANS and Storm Center's Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida. In diaries this weekend we got a new tool or an improved tool better from Jim. Jim looked into verifying hashes and improved his tool 6 .py. The big difference of this tool compared to some of the other tools is you don't have to tell it what hashing algorithm to use. So if you have a text file with file names and hashes of various formats, the tool will go through the text file, figure out what hash format was used for a particular hash based on its length, and then verify whether or not the file with that name matches that hash. That sort of solves some of the issues when you're dealing with, for example, trying to verify binaries. Every distributor of binaries sort of has their own little way how they're calculating the hashes. This makes it just a little bit more straightforward. And then a little follow-up to the Microsoft quantum computing story from last week. Google now rolled out post-quantum cryptography for its cloud key management system or KMS. This is the kind of stuff that we really need to implement some of these algorithms. Vendors like Google supporting them in their products to essentially then make it just the flip of a switch in order to switch to this new algorithm. Haven't played with it yet, but if anybody has, let me know what your experience is, if there are any issues that you ran into here. This wasn't necessarily prompted by Microsoft's announcement. I believe that Google has been working on this for a while. Just happened sort of that late last week. They made that announcement after Microsoft made their announcement about their breakthrough in quantum computing. Just want to also clarify a little bit the vocabulary here. So quantum computing, that's when we're talking about computers that use quantum effects in order to improve things like break ciphers. Then we do have post -quantum cryptography. Post -quantum cryptography means these are ciphers that are also something called quantum safe. So themselves, they don't need quantum computers in order to apply the cipher. They need normal or regular computers, but they basically are countering the threat posed by quantum computers. Then there's also something called quantum cryptography. Completely different, actually sometimes more correctly called quantum key exchange. They use quantum effects to actually transmit data and protect it from eavesdropping. Totally different from the other two. I've sometimes been misquoted myself too, where it says, hey, quantum encryption will protect against the threat posed by quantum computing. It's really post -quantum cryptography or quantum safe algorithms will protect against the threat posed by quantum computing. And apparently a number of users are having issues with the latest Microsoft updates and Windows 11. I will post a link to a website called Windows Latest that summarizes some of these issues that users are having. The good news so far appears to be if you uninstall the patch and reboot the system, things should go back to normal. One apparently particularly annoying issue is with the file manager where it breaks after you apply the patch. If you have any issues here, let me know if you found any other workarounds or any specific problems, particularly around Windows 11. This appears to be happening the most. And we got a paper from research at University of Florida that outlines a good number of different and new vulnerabilities in protocols and software related to 5G and LTE networks. What this really means to you is, for the most part, well, don't trust a network that you don't manage. So if you connect to another system over 5G, LTE, cable modem, it doesn't matter. Don't trust the network. Set up some form of end-to-end encryption. VPNs, of course, are your friend here for the most part. Now, if you happen to work for a telco, well, then don't trust the network you're managing. Think about out-of-band access and how you would detect some of these threats. It will probably take a while due to a large number of vulnerabilities here for them to be mitigated in some form. So overall, like I said, trust encryption end-to-end. Don't trust the network. Well, and that's it for today. So thanks for listening and talk to you again tomorrow. Bye. Bye. Bye. Bye. Thank you.