Summary4 min read

SANS Stormcast Summary – February 24, 2025

Host: Johannes B. Ullrich
Podcast: SANS Internet Stormcenter Daily Cyber Security Podcast
Episode Highlights:

Updates on hash verification tool (sigs.py)
Google's move toward quantum-safe cryptography
Microsoft Windows 11 update issues
New LTE/5G protocol vulnerabilities

Episode Overview

This episode delivers a brisk overview of recent security events and updates, focusing on practical tools, vendor initiatives around quantum-safe cryptography, pressing Windows 11 patch problems, and new vulnerabilities in 5G/LTE protocols. Johannes distills these topics for cybersecurity professionals aiming to stay ahead of rapidly evolving threats.

Key Discussion Points & Insights

1. sigs.py Tool Update (00:14)

What’s New:
Jim from the SANS Internet Stormcenter improved his hash verification tool, now called sigs.py.
Feature Highlight:
Unlike traditional tools, users don’t need to specify the hash algorithm; sigs.py detects it based on hash length.
Real-World Benefit:
Simplifies verifying binaries from various distributors with their own hash conventions.
Quote:

"The big difference of this tool compared to some of the other tools is you don't have to tell it what hashing algorithm to use. So if you have a text file with file names and hashes of various formats, the tool will go through the text file, figure out what hash format was used for a particular hash based on its length..."
— Johannes B. Ullrich (00:32)

2. Quantum-Safe Signatures in Google Cloud (01:20)

Background:
Following Microsoft’s quantum computing announcement last week, Google has now updated its Cloud Key Management System (KMS) with post-quantum (quantum-safe) cryptography.
Importance:
Adoption by major vendors is key for broad and easy implementation of these future-proof algorithms.
Community Call:
Johannes encourages feedback from users who’ve tested it:

“Haven't played with it yet, but if anybody has, let me know what your experience is if there are any issues that you ran into here.”
— Johannes B. Ullrich (01:40)
Clarification of Terms:
- Quantum Computing: Uses quantum effects, can potentially break current ciphers.
- Post-Quantum Cryptography (Quantum-Safe): Resistant to quantum attacks, implemented on classic computers.
- Quantum Cryptography: Leveraging quantum effects in key exchange, a different domain altogether.
Quote:

“It's really post quantum cryptography or quantum safe algorithms [that] will protect against the threat posed by quantum computing.”
— Johannes B. Ullrich (03:00)

3. Microsoft Windows 11 Update Issues (03:25)

Issue:
Multiple users report problems with the latest Windows 11 patch, primarily affecting File Manager.
Solution:
Uninstalling the patch and rebooting appears to restore normal function.
Link Provided:
A reference to a site called "Windows Latest" summarizes these issues in more depth.
Community Engagement:
Listeners are encouraged to report additional problems or workarounds.
Quote:

“One apparently particularly annoying issue is with the file manager where it breaks after you apply the patch. If you have any issues here, let me know if you found any other workarounds or any specific problems, particularly around Windows 11.”
— Johannes B. Ullrich (03:53)

4. 5G/LTE Protocol Vulnerabilities (04:16)

New Research:
The University of Florida published research outlining multiple new vulnerabilities in 5G and LTE protocols and software.
Key Advice:
Never trust any network you don’t control—use end-to-end encryption whenever possible.
For Telco Professionals:
Don’t rely solely on your network perimeter; consider out-of-band access and active threat detection.
Underlying Message:
Given the sheer number of vulnerabilities, patching across the industry will take time; protective encryption habits are vital.
Quote:

“If you connect to another system over 5G, LTE, cable modem, doesn't matter, don't trust the network. Set up some form of end to end encryption. VPNs of course are your friend here for the most part.”
— Johannes B. Ullrich (04:36)

Memorable Moments & Notable Quotes

sigs.py Utility:
"Makes it just a little bit more straightforward" when verifying hashes across inconsistent distributions. (00:44)
Quantum-Safe Adoption:
"Make it just the flip of a switch in order to switch to this new algorithm." (01:34)
Clarification of Quantum Vocabulary:
"Quantum encryption will protect against the threat posed by quantum computing. It's really post quantum cryptography or quantum safe algorithms..." (03:00)
Pragmatic Security Reminder:
"Trust encryption end to end. Don't trust the network." (04:57)

Important Timestamps

| Time | Segment | |----------|-----------------------------------------------| | 00:14 | sigs.py tool improvement | | 01:20 | Google announces quantum-safe signatures | | 02:20 | Explanation of quantum cryptography terms | | 03:25 | Windows 11 patch problems | | 04:16 | New 5G/LTE vulnerabilities and recommendations|

Takeaways

sigs.py lowers barriers for integrity checking across diverse hash usages.
Quantum-safe cryptography is moving from theoretical to practical adoption in cloud services.
Be wary of new Windows 11 patches until compatibility/bugs are well understood.
End-to-end encryption remains paramount—even in modern mobile networks plagued by unknown vulnerabilities.

Stay vigilant, trust encryption, and contribute feedback to the community as new tools and threats emerge!

Loading summary

Transcript1 lines

[00:00]
A
Hello and welcome to the Monday, February 24, 2025 edition of the Sands & the Stormcenters Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida in diaries. This weekend we got a new tool or an improved tool better from Jim. Jim looked into verifying hashes and improved his tool 6Py. The big difference of this tool compared to some of the other tools is you don't have to tell it what hashing algorithm to use. So if you have a text file with file names and hashes of various formats, the tool will go through the text file, figure out what hash format was used for a particular hash based on its length, and then verify whether or not the file with that name matches that hash. That sort of solves some of the issues when you're dealing with, for example, trying to verify binaries. Every distributor of binary sort of has their own little way how they're calculating the hashes. This makes it just a little bit more straightforward. And then a little follow up to the Microsoft quantum computing story from last week. Google now rolled out post quantum cryptography for its cloud key management system, or kms. This is the kind of stuff that we really need to implement some of these algorithms. Vendors like Google supporting them in their product products to essentially then make it just the flip of a switch in order to switch to this new algorithm. Haven't played with it yet, but if anybody has, let me know what your experience is if there are any issues that you ran into here. This wasn't necessarily prompted by Microsoft's announcement. I believe that Google has been working on this for a while. Just happened sort of that, you know, late last week they made an announcement after Microsoft made their announcement about their breakthrough in quantum computing. Just want to also clarify a little bit the vocabulary here. So quantum computing, that's when we're talking about computers that use quantum effects in order to improve things like break ciphers, then we do have post quantum cryptography. Post quantum cryptography means these are ciphers that are also sometimes called quantum safe. So themselves they don't need quantum computers in order to apply the cipher. They need normal regular computers. But they basically are countering the threat posed by quantum computers. Then there's also something called quantum cryptography. Completely different, actually sometimes more correctly called quantum key exchange, but use quantum effects to actually transmit data and protect it from eavesdropping. Totally different from the other two. I've sometimes been misquoted myself too where it sort of says, hey, quantum encryption will protect against the threat posed by quantum computing. It's really post quantum cryptography or quantum safe algorithms will protect against the threat posed by quantum computing and apparently a number of users are having issues with the latest Microsoft Updates and Windows 11. I will post a link to a website called Windows Latest that summarizes some of these issues that users are having. The good news so far appears to be if you uninstall the patch and reboot the system, things should go back to normal. One apparently particularly annoying issue is with the file manager where it breaks after you apply the patch. If you have any issues here, let me know if you found any other workarounds or any specific problems, particularly around Windows 11. This appears to be happening the most and we got a paper from research at University of Florida that outlines a good number of different new vulnerabilities in protocols and software related to 5G and LTE networks. What this really means to you is for the most part, well, don't trust a network that you don't manage. So if you connect to another system over 5G, LTE cable modem, doesn't matter, don't trust the network. Set up some form of end to end encryption. VPNs of course are your friend here for the most part. Now if you happen to work for a telco, well then don't trust the network you're managing. Think about the out of band access and how you would detect some of these threats. Will probably take a while due to a large number of vulnerabilities here for them to be mitigated in some form. So overall, like I said, trust encryption end to end. Don't trust the network. Well, and that's it for today. So thanks for listening and talk to you again tomorrow. Bye.