ISC StormCast for Tuesday, June 4th, 2024

ISC StormCast for Tuesday, June 4th, 2024

Update: 2024-06-04
Share

Digest

This episode of Sands and Stormcast begins with a discussion about the capabilities of Wireshark, highlighting its ability to analyze and capture packets and dissect various protocols. The episode then delves into the creation of custom packet dissectors in Lua for protocols not supported by Wireshark, using an example of a firmware update protocol. The episode also covers a security researcher's discovery of vulnerabilities in Cox's cable modem API, emphasizing the importance of being cautious with ISP-provided equipment. Finally, the episode discusses malicious answers on Stack Overflow, where users are tricked into installing malicious software disguised as solutions to problems. The episode concludes with a reminder to patch vulnerabilities in Atlassian Confluence Data Center and Server, and a call for reviews on YouTube and Amazon Alexa.

Outlines

00:00:00
Introduction and Wireshark Capabilities

This Chapter introduces the Sands and Stormcast podcast and highlights the capabilities of Wireshark, emphasizing its ability to analyze and capture packets and dissect various protocols.

00:00:26
Creating Custom Packet Dissectors in Lua

This Chapter discusses the creation of custom packet dissectors in Lua for protocols not supported by Wireshark, using an example of a firmware update protocol. The chapter highlights the benefits of using Lua for dissector development and provides insights into the process.

00:01:46
Vulnerabilities in Cox's Cable Modem API

This Chapter discusses a security researcher's discovery of vulnerabilities in Cox's cable modem API, emphasizing the importance of being cautious with ISP-provided equipment. The chapter highlights the potential risks associated with such vulnerabilities and provides advice on mitigating them.

00:03:58
Malicious Answers on Stack Overflow

This Chapter discusses the issue of malicious answers on Stack Overflow, where users are tricked into installing malicious software disguised as solutions to problems. The chapter highlights the importance of verifying the authenticity of solutions and being cautious when downloading software from unknown sources.

Keywords

Wireshark
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communication protocol development, and education. It captures network traffic and displays it in a user-friendly format, allowing users to inspect the contents of packets and understand how network protocols work.

Lua
Lua is a lightweight, high-level scripting language designed for extending applications. It is known for its simplicity, portability, and fast execution speed. Lua is often used in game development, embedded systems, and web applications.

Packet Dissector
A packet dissector is a component of a network analyzer that interprets the data within a network packet. It breaks down the packet into its constituent parts, such as headers, payloads, and other fields, making it easier to understand the contents of the packet.

Cox Communications
Cox Communications is a major telecommunications company in the United States, providing cable television, internet, and phone services to residential and business customers. The company is known for its high-speed internet services and its focus on customer satisfaction.

Stack Overflow
Stack Overflow is a question-and-answer website for professional and enthusiast programmers. It is a popular resource for finding solutions to coding problems and learning new programming concepts. The website is known for its large community of users and its strict moderation policies.

CVE-2024-21683
CVE-2024-21683 is a vulnerability in Atlassian Confluence Data Center and Server that allows attackers to execute arbitrary code remotely. The vulnerability is considered critical and has been patched by Atlassian. Users are advised to update their Confluence instances to the latest version to mitigate the risk.

Firmware
Firmware is a type of software that is embedded in hardware devices, such as routers, modems, and printers. It provides the basic instructions for the device to operate and can be updated to fix bugs, add new features, or improve performance.

Bridge Mode
Bridge mode is a network configuration setting that allows a router or modem to act as a simple bridge, forwarding traffic between devices without any additional functionality. This can be useful for improving network performance or security.

Q&A

  • What are some of the capabilities of Wireshark?

    Wireshark is a powerful tool that can analyze and capture network packets, dissect various protocols, and provide insights into network traffic. It is used for network troubleshooting, analysis, software and communication protocol development, and education.

  • How can I create custom packet dissectors in Lua for protocols not supported by Wireshark?

    Lua is a lightweight scripting language that can be used to create custom packet dissectors for protocols not supported by Wireshark. The process involves defining the structure of the protocol and writing Lua code to interpret the data within the packets.

  • What are some of the vulnerabilities discovered in Cox's cable modem API?

    A security researcher discovered vulnerabilities in Cox's cable modem API that could potentially allow attackers to compromise customer modems. These vulnerabilities highlight the importance of being cautious with ISP-provided equipment and taking steps to mitigate potential risks.

  • What are malicious answers on Stack Overflow, and how can I avoid them?

    Malicious answers on Stack Overflow are disguised as solutions to problems but actually contain malicious software. To avoid them, it is important to verify the authenticity of solutions and be cautious when downloading software from unknown sources.

  • What is CVE-2024-21683, and how can I protect myself from it?

    CVE-2024-21683 is a critical vulnerability in Atlassian Confluence Data Center and Server that allows attackers to execute arbitrary code remotely. To protect yourself, update your Confluence instances to the latest version.

Show Notes

Comments 
loading
00:00
00:00
1.0x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

ISC StormCast for Tuesday, June 4th, 2024

ISC StormCast for Tuesday, June 4th, 2024

Dr. Johannes B. Ullrich