Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
Lord welcome to the Wednesday May twenty
0:02
ninth. Two thousand Twenty Four Addition off
0:05
the science and it stomps on as
0:07
storm cast. My name is Johan as
0:09
all right And then I'm recording from
0:11
Jacksonville, Florida. It's.
0:14
Something a little bit different today.
0:16
Know a diary but instead a
0:18
little a video talking about Siegel
0:20
Injection how to prevent it in
0:22
Python Sequin Jackson. Not a new
0:24
topic at all. actually I had
0:26
a diary couple years ago. I
0:28
think about that this little python
0:30
issue. but I thought given all
0:32
the seagull injection of on a
0:35
believe we had recently and assists
0:37
as announcement about getting rid of
0:39
single injection, maybe good to revisit
0:41
some of these issues. And oh
0:43
maybe. Getting. The mode of a doing
0:45
a couple more videos him an extent
0:47
couple weeks let me know if there
0:50
is a particular topic that you're interested
0:52
in. Over
0:54
to their don't have a
0:56
Single injection Born and Billions
0:58
that an O S Command
1:00
injection a wall my Billie
1:02
and this is one that
1:04
I already mentioned. The It's
1:06
and Forty net forty seem
1:08
and Derby now have a
1:10
roof concept. An additional details
1:12
from Horizon Three quick summary
1:14
here is it's trivial to
1:16
exploit and the the worn
1:19
ability actually is extremely similar.
1:21
Twelve wanna believe they patched
1:23
last year. Down to the
1:25
point where it's in a particular
1:27
A P I call where it's
1:29
busy, just the next parameter. There's
1:31
a server ip address that was
1:33
the parameter of that was Wanna
1:35
Bowl last year. while at this
1:37
time it was the Mound Point
1:39
which is the second parameter to
1:42
have this particular A P. I
1:44
call. Them It's pretty much just
1:46
the case of missing input validation. But actually,
1:48
maybe. That may. Make a
1:50
good of video for later. maybe
1:52
to talk node about west Command
1:54
injection and how to prevent some
1:56
of these smaller billy's because they
1:58
are very common. In and these
2:01
kind of a blinds. It's. And
2:04
Kaspersky came across some a ransom
2:06
error that actually takes advantage of
2:08
bit locker. seen as a couple
2:10
times in the past, but a
2:12
surprise we don't see it more
2:14
often. Given Nets bit locker, it
2:17
is a common component and been
2:19
no isn't is is considered a
2:21
benign is so excluded from any
2:23
kind of and I'm outta been
2:25
an offer sudden and goes out
2:27
and starts encrypting your files. Speed
2:29
hacker. it does create a random
2:32
passphrase. use it at who. Encrypt
2:34
the system, then deletes hidden forces
2:36
at a reboot. Probably the biggest
2:38
advantage sure to the attacker is
2:41
there is no crate weights to
2:43
display a ransom message to the
2:45
Us are. instead the volume off
2:48
of the tries to volume label
2:50
is just changed to a d
2:52
the attackers email address so the
2:55
victim would force have discovered this
2:57
which of course particular when you're
2:59
talking less sophisticated victims and such
3:02
as this may actually be. Missed.
3:05
And then we got a couple
3:08
more up Proof of concept Mana
3:10
believes of node A one is
3:12
of for out Warner Billie Nbg
3:14
Lipsey function icons the Simpson is
3:17
a use the to convert international
3:19
characters are international, conversion is kind
3:21
of what it's a sort force
3:24
and the born a belief particular
3:26
exploitable Vr P H P but
3:28
your best option the is just
3:30
the update and V lip see
3:33
end up These has been out
3:35
of for. A while now. And
3:39
if you need more motivation to
3:41
apply the latest Apple updates there
3:44
is have proof of concept exploit
3:46
for our want to believe that
3:48
Apple passed on May thirteen with
3:51
Mack West Sonoma Fourteen Point Five.
3:53
This is a privilege escalation worn
3:55
ability in the U D S.
3:58
The universal disc format thrive. And
4:00
er yes said the for of
4:03
contract for his out The researcher
4:05
who published at this particular exploit
4:07
the one at a O L
4:10
a n sit also published a
4:12
number of other wanna believe I
4:15
am just going and tall saw
4:17
a link as who have this
4:19
researchers that X profile so you
4:22
see some of the earth proof
4:24
cause exploits that of or recently
4:26
published by them. Well.
4:29
And visit A for a
4:31
two days. So thanks for
4:33
listening, thanks for subscribing and
4:35
thanks for letting all your
4:37
friends and enemies know about
4:40
this Podcast Thought: talk to
4:42
you again. Tomorrow by.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More