Cryptographic network protocol
POPULARITY
Categories
Microsoft and Google among most affected as zero day exploits jump 46% Vietnamese hackers use PXA Stealer, hit 4,000 IPs and steal 200,000 passwords globally New Plague Linux malware stealthily maintains SSH access Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
If you like what you hear, please subscribe, leave us a review and tell a friend!
We're throwing a party in Vegas! Someone called it SCWPodCon last year, and the name stuck. It's sponsored by Teleport, the infrastructure identity company. Get SSO for SSH! If Thomas was here, I'm sure he'd tell you that Fly.io uses Teleport internally. Oh also there's some thing called Black..pill? Black Pool? Something like that happening in Vegas, with crypto talks, so we chatted about them a bit, plus some other stuffSCWPodCon 2025: https://securitycryptographywhatever.com/events/blackhatTranscript: https://securitycryptographywhatever.com/2025/07/29/vegas-baby/Links:- Fault Injection attacks on PQCS signatures: https://www.blackhat.com/us-25/briefings/schedule/index.html#bypassing-pqc-signature-verification-with-fault-injection-dilithium-xmss-sphincs-46362- Another attack on TETRA: https://www.blackhat.com/us-25/briefings/schedule/index.html#2-cops-2-broadcasting-tetra-end-to-end-under-scrutiny-46143- Attacks on SCADA / ICS protocols (OPC UA): https://www.blackhat.com/us-25/briefings/schedule/index.html#no-vpn-needed-cryptographic-attacks-against-the-opc-ua-protocol-44760- Attacks on Nostr: https://www.blackhat.com/us-25/briefings/schedule/index.html#not-sealed-practical-attacks-on-nostr-a-decentralized-censorship-resistant-protocol-45726- https://signal.org/blog/the-ecosystem-is-moving/- https://en.wikipedia.org/wiki/Nostr- https://eurosp2025.ieee-security.org/program.html- https://cispa.de/en/research/publications/84648-attacking-and-fixing-the-android-protected-confirmation-protocol- https://hal.science/hal-05038009v2/file/main.pdf- 8-bit, abacus, and a dog: https://eprint.iacr.org/2025/1237.pdf- https://www.youtube.com/watch?v=Dlsa9EBKDGI- https://www.quantamagazine.org/computer-scientists-figure-out-how-to-prove-lies-20250709/- https://eprint.iacr.org/2025/118"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
Alistair Ross, creator of Al's Retro Geek Lab and the Back to the BBS documentary series, joins Alex to trace a life in computers from Atari 2600/VCS, ZX Spectrum, and IBM PC XT to today's maker scene, and to explain how modern cybersecurity practice shapes the way he runs and protects vintage systems. We talk nostalgia's pull (the smells, sounds, and CRT glow), the move from Scotland to New Zealand and what that meant for access to gear (hello, rare Poly-1), and even why the famously beefy UK plug reflects a tradition of safety‑first engineering, much like the internet standards that still underpin the modern net.Alistair unpacks the BBS resurgence: disappointment with a homogenized, corporate web drove hobbyists back to sysop‑run spaces where community matters. Modern boards run over Telnet/SSH and can bridge to APIs for news, weather, and chats; clients like SyncTERM and Netrunner make dialing in easy.From a security lens he recommends containerizing BBS services, strict least privilege, and favoring Linux for isolation; user access should start at low levels and only be elevated after trust is earned. For home labs: split traffic with two SSIDs and VLANs, keep retro boxes on untrusted segments, and remember old machines often can't do SSH - so plan defenses around clear‑text Telnet where needed.We cover counterfeit parts (how to spot sanded/re‑marked ICs, why to verify with ROM dumps, and when to buy from Mouser vs. eBay/AliExpress/Temu) and celebrate a community that helps each other, from FujiNet's fast hardware/software iteration to Perifractic's bid to revive the Commodore brand, plus forums like VCFed and Vogons.Asked which late retro icon he'd most like to interview, Alistair chooses Gary Kildall, outlining how CP/M's APIs and BIOS abstraction seeded the microcomputer era and how history often gets the story wrong. He also recalls lessons from interviews with Ken & Roberta Williams (Sierra): pioneers built from passion; today's breakthroughs feel iterative except for inflection points like AI.Media that shaped him? BBC's push around the BBC Micro with serious engineering, Econet networking, and classroom focus, plus magazines that taught kids to type, debug, and learn. He argues for hands‑on, offline-first learning again.On building for old platforms, Alistair mixes joyfully simple QuickBasic with modern workflows: write on a fast machine, cross‑compile with OpenWatcom or DJGPP, test in DOSBox, then copy to real hardwae and even draft small games with Gemini CLI before refining. He notes id Software's Doom used a similar cross‑compile workflow on NeXT.Future collabs he'd love? Deep hardware/firmware projects with teams like FujiNet, and admiration for projects such as PicoGUS and PicoMem that extend 8‑bit ISA machines, ideally while keeping upgrades removable so the original hardware (and smells!) remain. He also walks through software preservation, flux‑level imaging with Greaseweazle, sharing drivers to archive.org, and his balanced view on abandonware vs. active copyrights.Finally, Alistair offers guidance for newcomers: try emulation first, then step into hardware as budget allows (prices are rising); participate in forums; contribute images, manuals and code so others can restore machines tomorrow.
Send us a textThe BCIT simulation team shares their transformative journey from siloed departments to a unified center of excellence, culminating in their recent SSH accreditation as Canada's fourth accredited program. Carrie Meager and Heather Epp reveal how leadership support, psychological safety, and human-centered approaches created their successful simulation community.• Evolution from fragmented lab-based learning across 11 buildings to a coordinated simulation program with standardized practices• Moving beyond skills training to develop critical thinking, communication, teamwork, and clinical decision-making• Building psychological safety at every level creates an environment where innovation thrives• SSH accreditation process provided structure while identifying areas for quality improvement• Focus on human elements through their 40+ simulated participant program addressing communication challenges• Creative approaches like "cakeable moments" and SimPath faculty development promote psychological safety• Leadership support from deans and directors was crucial for success• Innovative virtual simulations address costly consumables in programs like Med Lab SciencesThe BCIT simulation team welcomes connections through LinkedIn or email and can be found at conferences like SimExpo and IMSH. They're happy to share resources and support others building simulation programs.Innovative SimSolutions.Your turnkey solution provider for medical simulation programs, sim centers & faculty design.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SSH Tunneling in Action: direct-tcp requests Attackers are compromising ssh servers to abuse them as relays. The attacker will configure port forwarding direct-tcp connections to forward traffic to a victim. In this particular case, the Yandex mail server was the primary victim of these attacks. https://isc.sans.edu/diary/SSH%20Tunneling%20in%20Action%3A%20direct-tcp%20requests%20%5BGuest%20Diary%5D/32094 Fortiguard FortiWeb Unauthenticated SQL injection in GUI (CVE-2025-25257) An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. https://www.fortiguard.com/psirt/FG-IR-25-151 Ruckus Virtual SmartZone (vSZ) and Ruckus Network Director (RND) contain multiple vulnerabilities Ruckus products suffer from a number of critical vulnerabilities. There is no patch available, and users are advised to restrict access to the vulnerable admin interface. https://kb.cert.org/vuls/id/613753
本期节目应嘉宾的要求,我们只发布了文字稿。带来的不便还请各位听众谅解。 嘉宾 tanloong 链接 gh-133390: Support SQL keyword completion for sqlite3 CLI by tanloong · Pull Request #133393 · python/cpython SQLite Keywords QuantWiki - 中文量化百科 《阳光马达棒球场!》 文字稿 laike9m: 哈喽大家好,欢迎来到最新一期的《捕蛇者说》。我们今天请到了谭龙,然后让他来聊一聊给 CPython 做贡献的经历。谭龙其实最近给 CPython 提了一个 PR,然后也是他第一次给 CPython 做贡献。然后呢,这个贡献是给 SQLite 的那个命令行加了一些命令补全,就是可以补全 SQLite 的关键字。我们今天另外一位主播是 Manjusaka。 Manjusaka: 请叫我 Nadeshiko Manju,对吧?OK,大家好,好久不见,我又回来了。然后今天很高兴又来和 laike9m 进行搭档,来。 laike9m: 好,然后这是我们今天的嘉宾谭龙,你要不先简单介绍一下自己吧。 tanloong: Hello,大家好,我叫谭龙,我是山东的。然后 18 年的时候是来青岛上大学,然后大学本科毕业之后就在这找工作了。我本科不是计算机的,毕业之后找工作也找了一些计算机相关的工作,也有一些其他方面的工作,中间也换了好几次工作。最近是刚刚入职一家新的公司,然后是做数据分析方面的工作。谢谢。 laike9m: 所以你说你本科不是学计算机,方便透露一下吗?你本科学的是什么? tanloong: 我本科是英语的。 laike9m: 哦,这个跨度很大。 tanloong: 对,确实。其实我本科最开始填志愿的时候,我录取的专业也不是英语,是一个调剂的专业,叫生态学。然后我是大一下学期的时候想转专业,然后正好我们学校有转专业的政策,我就从高中学的那几门课里,我觉得英语我学得还可以,然后当时也比较喜欢,所以我就决定转英语了。直到后来快毕业的时候才有点接触到这个计算机方面的这个东西。 laike9m: 然后就发现自己还是更喜欢计算机一些。那所以你之后是进行一些自学吗?然后就去找工作还是? tanloong: 对,基本上是自学。最开始接触计算机是大一的寒假,我们辅导员让学生回家的时候在假期要学点东西,然后开学让交学习笔记。我当时从一个中国大学 MOOC 上注册了一个账号,然后它弹出来的,第一个给我推荐的课程就是 Python。那我就学这个吧。所以当时我就学,就学了这个。当时学得很不明白,然后就把 PPT 跟着敲了一遍,但是也云里雾里的。直到后来后面的几个寒暑假才看了一些成体系的 Python 的入门的书,然后算是入门 Python 了。 laike9m: 所以换句话说就是你其实一开始学,你并不知道 Python 是干嘛的,就是并没有特别地抱着某种目的,比如说我就想找一个程序员的工作这样子。 tanloong: 没有,开始的原因只是巧合,但后面坚持下来,应该也算是因为比较喜欢吧。我觉得比较有意思。 laike9m: 那还是挺有意思的,对,感觉是命运的安排。 Manjusaka: 咱行看起来都是转行的。诶,那 laike9m 你是转行吗? laike9m: 我本科也不是学计算机的,然后我知道你本科也不是,所以。 Manjusaka: 对,那看起来大家这三个人跟少女乐队一样,这三个人里面抽不出一张计算机本科学位。 laike9m: 对,但我觉得还是你的英语这个跨度最大。 Manjusaka: 啊,对,然后,哇,卧槽。啊,现在要是学日语的,我突然就想问一下为什么要学日语。 laike9m: 学日语的转计算机还真没见过,但是很多程序员都会日语。 Manjusaka: 有,可能在大连那边还真有。 laike9m: 啊,对,大连日本人比较多。 Manjusaka: 对,对,对,日语外包会多一些。 laike9m: 嗯,好,对,说回正题,就是你相当于一开始接触的编程语言就是 Python, 然后后来相当于你在工作中可以理解也是主要用 Python, 对吗? tanloong: 对的,我有两份工作是跟计算机相关,然后都是写 Python 的。第一个工作是之前的一份是写图形界面的,用的是 PySide, 然后就写一个称重系统。他们是一个建桥公司,就是他们需要统计他们的货车送多少货进他们工厂,然后运多少货出来,写一个这个图形界面,然后放在那个他们的磅站去,然后货车过磅的时候来统计数据。另一个工作是现在的工作是在一个私募公司做数据分析。我之前没接触过股票证券这方面的东西,现在还在学习。 laike9m: 你是开发算法吗,还是给他们开发一些内部工具或者界面之类的? tanloong: 内部工具,我们组三个人有写算法的,但是我是属于比较初级的那种,只能写一些帮他们节省时间的工具。 laike9m: OK,对,因为我感觉那种像交易的算法可能更需要用 C++ 一些,对吧?还是说其实也有用 Python,比较好奇。 tanloong: 我们公司开发部应该是写 C++ 的,然后应该也有写 Python, 但是数据分析我们那个组主要是做一些因子的构建,就分析哪些因子它对你的这个股票的收益率贡献比较大,就这种的,我们就主要是写 Python,不写 C++。 laike9m: 明白,好的。所以就是到了今天我们要聊这个话题,然后你给 CPython 做了一个贡献。那我相信就是百分之可能 99.99% 的用过 Python 的人都没有给 Python 做过贡献,那么你一开始是怎么有这个想法的?然后就是后来你是怎么去一步一步实施这个的? tanloong: 我最开始有这个想法是应该从天哥,就是 B 站的那个,对,他当时成为 Python Core Dev 之后,在直播的时候就有人在直播间问一个给 Python 做贡献的问题,做贡献难不难呢?这些之类的。但是天哥说,如果你想给 Python 做贡献,你是会发现有很多事可以做的,做贡献并不难。然后后来就是之前我在写称重系统的时候,需要用到 SQLite 去查用户存的那个本地的数据库。然后当时我就发现 Python 的 SQLite 的命令行界面有点不好使,就是如果它能有那个补全就好了,所以当时是有那个想法。然后实施是在后来我前段时间没有工作,然后就每天比较闲,然后我想找点事做,然后我想起来之前我想给那个 SQLite 的加补全的这个想法,我就试试吧。然后我就去 GitHub 上找,我就试了一下。然后试的时候我发现,我本来觉得这个应该是挺难的,因为我完全不知道它这个补全要怎么实现。但是我去看了一下 PDB,就是天哥维护的那个 PDB 里面的代码,它里面实现补全是那样写的,然后我就照着 PDB 的补全,然后给 SQLite 加了一个补全,然后就交了 PR。 laike9m: 所以其实也是从你的实际工作需求出发,然后加上高天的激励。对,你知道高天也来过我们这边好几次吧? tanloong: 对,两次。 laike9m: 老听众,看来是。对,然后我觉得这个还挺有意思,就是也是算是榜样的力量吧。就是我不知道还有没有其他人是这样,就是因为听到就是有个人跟他说,哎,其实做贡献没有那么难,然后去做了,但这样挺好的。我算吧。你也算吗? Manjusaka: 对,我算。当时我是先认识张翔老师,然后后面然后跟他聊了一些,就包括我可能当时,那位你可能还认识,那个 Ezio Melotti。谁?18 年北京的那位嘉宾,Ezio。 laike9m: 你说 PyCon。 Manjusaka: 对,就是当时我们不是邀请到另外一位来北京。 laike9m: 哦。PyCon China Beijing 2018。2018 吗?2018 我去了吗?我有点不记得了。没事你继续说吧。 Manjusaka: 你在北京,你当时还没 transfer 去美国,然后你从上海来北京。 laike9m: OK。 Manjusaka: 然后我当时聊了一下,就后面开始,正好 18 年,后面我就说我正好在休息,后面就开始陆陆续续提一些贡献,对。 laike9m: 嗯,对对,其实我觉得翔哥一定程度上也是当时给了我一些激励或者指导嘛,对。 Manjusaka: 对,张翔老师还是非常 nice 的。 laike9m: 对,就给听众们如果有不知道,就是张翔是中国的第一个 CPython core developer, 第一个核心开发者,对,然后高天是第二个。 Manjusaka: 对,然后张翔老师应该是在 16 年晋升的。嗯,反正是老前辈了,老前辈了。 laike9m: 但其实他当时就是更多是因为工作中会需要改一些 CPython 代码,他当时在华为嘛,对吧? Manjusaka: 然后。哦,不不不,他晋升成为 CPython Core 的时候,我记得没错,是在新浪,然后他就开始编的。 laike9m: 哦,新浪,OK。 Manjusaka: 对,然后他去华为其实做的也不是跟 CPython 本身相关的,他是去做的 OpenStack 相关的东西。对,然后他对就是说是整个生态工具链会比较熟,所以说他可能跟高天老师就是说是有一点不一样,是张翔老师对于各种非常疑难问题的 debug 非常擅长,这也是我记得介绍人给他在他的 promote 介绍里面说的,对。 laike9m: 嗯,我记得他当时那个演讲。 Manjusaka: 对对对,然后我的很多 debug 技巧也来自于张翔老师,对。 laike9m: Anyway,我觉得后人都是在前人的一些基础上去做工作的。 Manjusaka: 是的,没错。 laike9m: 好,那说回谭龙的这个 PR,我其实也简单看了一下,其实我原来也不知道补全要怎么加,但发现其实还真的挺简单的。你可以跟听众们大概说一下这个流程吗?比如说我要给一个像 Python 的 SQLite 命令行加补全,它大概要做些什么工作? tanloong: 它是写一个 context manager,然后在你进那个 readline 的时候,你把 readline 的那个 completor 给替换成你自己的函数,然后在退出的时候再把它替换回你替换之前的那个函数,就你替换之前的那种 readline 的默认的 completor。然后你自己写的那个函数是还有一个 state, 就是 readline 调你的函数拿补全的时候,它会先给你发一个 state 等于 0, 这个时候你判断了 state 等于 0 的时候,你去生成一个完整的,就根据用户当前输入的那个 text, 生成一个完整的 completion candidate 的列表。然后 readline 会继续给你发 state 等于 1, 2, 3,这个时候你把你之前生成的 candidates 按照它发的 state 做个 index, 返回你的 candidates 对应的要补全的词。然后这中间就是 state=0 的时候,你的 candidates 最好需要缓存一下,不要在每次 readline 给你发 state=1, 2, 3 的时候你再重新生成,那样会比较耗时间,注意一下性能的问题。然后基本就是这样。 laike9m: OK,我说一下我看到的那个 PR 里面,我觉得比较关键的地方就是它其实就是一个首字母的匹配,就相当于首先你有一个关键词的列表,对吧?你要构建一个说哪些单词是 SQLite 关键词,比如说 SELECT 啊 JOIN 这种。然后我发现你是当用户每输入一个字符,然后你就会去跟这些关键词的前缀做一个匹配,对吧?然后发现如果有能 match 上的,你就把它作为一个 candidate 返回,作为补全的一个。 tanloong: 就其实那个关键字最开始的,你要拿到那个 SQLite 的完整的关键字的列表,当时对我来说还是挺难的。我最开始是从 SQLite 的文档里直接复制它的完整的所有的 147 个关键字,然后硬编码到 Python 里。但是有 core dev 说这样写不太好,而且其中有一个关键字并不是在所有的 SQLite 编译出来的时候都会支持的,是一个 V 开头的关键字。希望就是这个 SQLite 这个关键字能够动态生成。然后我当时查了一下,就是如果你想动态生成需要在 C level 去写,但是我这个 C 学的不太好,虽然之前学过一个学期的公开课,但是我完全不知道就是用我查到的 SQLite 文档里说生成关键字列表的那两个函数,去生产,我不知道要怎么写,然后我也不知道怎么把它放进 Python, 所以我当时说这个对我有点难。后来有一天晚上我看到那个消息里,那位 core dev 又说了一遍,就是非常希望这个关键字列表它是能从 C 里拿到的,而不是从 Python 里拿。我当时其实有点理解错了,我以为他的意思是让我把那个硬编码的关键字列表从 Python 给移到 C 里,然后我当时就把它移到 C 里了。虽然我对那个 Python 的 C 要怎么写,然后怎么把它暴露出来,暴露给 Python 的代码去能够访问,我用了一下 AI,当时是用的豆包,问怎么在 Python 的那个 C 里面存一个列表,然后能让它暴露出来,给 Python 的代码调用。然后当时豆包写上,然后我试了一下豆包给的结果,然后是可以的,然后我就直接硬编码到 C 里,然后问那个 core dev 行不行。但是 core dev 后来回复说他的意思是不是在 C 里硬编码,而是在 C 里要动态生成。当时我就,我感觉我理解错了。然后后来是另一位 core dev 帮忙给写的,然后他写了之后给发了一个 PR 到我的那个 fork 里,然后我合并进去,然后我的 fork 再合并到 CPython 的 main。 laike9m: 我还在想,就是因为我也看到你的那个 keywords 那部分是从 C 的 module 里 import 的。这个他当时说为什么要动态生成,其实我还是不太理解。可能就是 OK,我明白,但就是你编译的时候,你会根据你的 CPython 版本有不同的关键词,这样你就不用在那个 Python 里面写,比如说 if 是什么版本,然后你的关键字要加或者减一些东西是吧? tanloong: 对的,SQLite 它应该是在编译的时候有一个选项,如果你开了某个选项,那么它的关键词会有变化。 laike9m: 明白明白。 tanloong: 哦。 laike9m: 这个确实还挺 tricky 的,对,感觉是这个 PR 里面最困难的部分。 tanloong: 确实。 Manjusaka: 嗯。 laike9m: 那所以就是总体这个流程下来你有什么感受吗?因为我知道你的那个 PR 还被因为把 test break 了还被 revert 了一次,对吧? tanloong: 对,它是有一个测试在运行那个 run_pty 的时候,它是用那个 run_pty 生成一个 sudo terminal, 就在一个伪终端里去模拟用户的输入,然后查看它给的 candidates 是不是符合预期。但是在那个伪终端里,它给的 candidates 是带颜色的。就是你的 candidates,它的两边会有那个控制符。 laike9m: 它那个颜色码嘛,然后就不对了。 tanloong: 对,然后测试就 fail 了。当时是在那个 buildbot 上跑构建,就是构建失败,我找了一下,但是我想就是在那个 buildbot 上最好能有一个 interactive 的,就我能像在终端里我手动敲命令一样,我可以人为的去测试,然后看一下它中间到底是什么样子,再修改那个测试。但是 buildbot 我找不到我要怎么就进那个交互式的模式,也可能根本就没有。然后这个问题我解决不了。然后当时是有个 core dev 说他去找那个 buildbot 的 owner,然后问他要 SSH 的权限,然后他去调试。 laike9m: 等一下,我有一个疑问,就是为什么你这个 PR 感觉大家都很 helpful? 因为你知道一般的 CPython PR 就是你提了之后,可能很长时间都没有人理。这点你是怎么看的?就是感觉大家都会去帮你去 debug 或者帮你写些代码,这个是自然的吗?还是说他们本来就对这个很有兴趣还是怎么样? Manjusaka: 嗯,从我的角度出发的话,我不太确定,高天老师那边可能有其他的 input, 但是就我观察来看,这个取决于 core dev 风格。不过他们整体来说,对新人是比较友好的。而且去 buildbot 里面调试这种东西的话,我觉得这个东西其实也还好,你去翻看 CPython 的 PR 其实这种事情也有不少,所以说我觉得这个相对来说还好。但是对于一些争议或者说是还在试图达成共识的过程中,那确实是比较头疼的。但是如果说是已经达成共识要去实施的一个 PR, 那我觉得相对来说会好一些。 laike9m: 明白,所以就是这种没有什么争议性的,只是实现或者一些 debug 问题就会推进的比较快,然后大家也会帮忙。 Manjusaka: 对,而且这种东西我理解主要是你添加新的 feature,而不是更改 API 的话,那这种东西就会好很多。就像我上周的时候,我当时想改 sys._enable_profile() 那个 API, 就是新增加的那个远程 debug 的接口,我想新增加在它的 audit event 里面增加一些元数据。这就牵扯到了 API 的更改以及更内部的一些细节上的更改。然后我就和三个 core dev,然后 Victor, Paul,还有哪一位,然后就 battle 了两天,然后最后 I gave up。 laike9m: 好吧,他们可能有一些 concern。 Manjusaka: 对,就这种你增加一些新的 API 之类的,就是会有一些比较 concern, 但是如果说你是实现一个全新的 feature, 大家觉得你这个 feature 不是为了实现而去实现,那这种情况下相对来说还是会比较顺利的。 laike9m: 嗯,嗯,理解。还有一点就是我知道那个 CPython 的不同模块,它其实是不同的人来维护的嘛。 Manjusaka: 啊,是的,没错。 laike9m: 就可能恰好就是 SQLite 这个维护者,他就是比较积极,比较热心,就是反应比较快,所以。 Manjusaka: 啊,是的,没错。它是比较活跃的,就是 SQLite 这种东西。我就又说到一个伤心事。在改一个东西,然后被 Mark 直接给拒了,然后我现在都还推不动,虽然大家都说有需求,但是 Mark 就觉得说这个东西没需求,然后但是就给拒了,对。 laike9m: 我知道 Mark Shannon 这个人比较固执,对,也是跟人的性格有很大关系。 Manjusaka: 对,是的,没错,跟这个看具体的开发者的问题,对。 laike9m: 对,就是其实你会发现像 Python,如果你不了解,可能会觉得 Python 是一个有一个很庞大团队去维护的这么一个精密复杂的系统,但你真正去看它里面到底是怎么实现的,或者说去提 PR 才会发现可能每一个文件它就是那么一两个人懂,然后你就是要找那一两个 stakeholder, 如果你想做一些更改的话,然后你只要能比如说说服他们,然后你就可以做你想做的。对,它相当的扁平吧。 Manjusaka: 对,我觉得主要还是怎么说服。 laike9m: OK,所以说回谭龙你这个 PR 的话,然后就你把那个 core developer 帮你把测试修好了,对吧?然后你就重新提交,这样子。 tanloong: 对的。就我感觉给 CPython 这个维护者,在这些维护者之间就是它是有一个小圈子的,然后你作为一个新人去给他们交 PR 也是一个交际的过程。就是你要积极主动一点,然后就一般新人你第一次交 PR 的时候,比较容易会被带着审视的态度去看你的工作。然后你交 PR 的时候,你最好是把你之前想到的一些可能会拒绝你 PR 的理由给解释清楚,然后你为什么这样做,然后让他们就是在他们提出问题之前就看到你的解释,这样会就是更容易沟通,然后更容易让你的 PR 更顺利一点。 Manjusaka: 嗯,对。 laike9m: 我看到你其实你之前提了一个 issue 对吧,就是你说你希望能够在 SQLite 的命令行里支持这些补全。所以你提那个 issue 的时候当时就想说自己去实现这个吗?还是说你本来期待说其他人可以去做这个? tanloong: 是的,我是准备自己实现的。因为 Python 的 dev guide 里面写,如果你想交一个 PR,你应该先写一个 issue, 除非你交的 PR 是 typo fix。所以我就是先写的那个 issue,然后就紧接着交了 PR。当然那个 issue 题目写得有点大了,我那个 PR 只做了关键字的补全,但是 issue 是所有的补全。比如说你以后也许还会需要补全你的那个 SQLite 里面的表名,还有列名,还有函数名,这些目前还不支持。 Manjusaka: 明白。 laike9m: 所以你未来打算就是继续在这方面做一些事情吗?还是说就先到此为止? tanloong: 也许会吧。但是这个刚才说的表名、列名、函数名,我目前还没有想到就是要怎么才能实现它。我看到就是 Python 的 PyPI 上有一个第三方的 SQLite 的命令行是支持表名、列名、函数名的,而且它是 context-sensitive,就是它会检测你当前是不是需要输入一个表名或者列名,比如说你是在 SELECT 后面,那它就会给你补全列名。就像这种就是非常智能的补全,我还没有想到就是怎么在 CPython 里支持,也许没有那个能力去支持它,总之就是还不确定。 laike9m: 明白。对,那个可能要就是回溯一下,不光得去做一个前缀匹配,对,会更复杂一点感觉。但我觉得是一个好的开始吧,就是你有一个这种框架,就会有更多人去加更多的 feature 进去。也许未来就会有。 tanloong: 是的,确实。就那个关键字的 PR 合进去之后,过了几天,有另一位 contributor 交了一个 dot commands completion 的 PR, 现在给加了那个 dot commands 的补全。目前 Python 的 SQLite 的命令行就有三个 dot commands,就是 .help, .version, .exit。.exit 还是 .quit 就来着,总之是推出的那个 .command。然后那个 PR 现在正是就是刚刚建不久,然后还没有 core dev 留言,但是它实现的有一点简单,就是有一些问题,但是应该后面会就是慢慢给修上,然后给合进去。 laike9m: 其实你可以去那个 review,因为你比较熟,你是最熟的其实。 tanloong: 是,我还真给看了一下,然后写了两个评论。但是写的第一个评论就是那位交 PR 的人,他觉得没有必要,就是他持反对意见。然后第二个评论,那位交 PR 的人还没有回复,然后其他人也没有回复。 laike9m: 嗯,我觉得挺好,就是因为我知道就是如果你比如说在一些 issue 里面回复的比较多,然后就会被那个提拔成 triager 的权限,对吧?然后其实这个是 core dev 之前的一步。 tanloong: 对,确实。然后我看就是交那个 dot command completion PR 的那个人,他的评论比较多,一般 CPython 有什么新的 issue,他都会先跑到底下去评论,然后有时候评论这个 issue 和之前的某个 issue 有联系。就像这种之类的,或者有人交 PR,然后他会去给 review。但是我还没有太多追踪 CPython 的那些 issue 和 PR,然后没有评论多少,就主要是我自己参与的那些 issue 跟 PR。 laike9m: 对,我觉得每个人有不同的风格吧,也不用一定去迫使自己要怎么样之类的。像高天那种,就是从 PDB 模块开始,然后把 PDB 弄得特别熟,然后通过成为 PDB 的维护者,然后来成为 core dev,这个路径也挺好的。我觉得可能更实际一点吧,因为我觉得你要去就是对于一些每一个 change 做一些评论,这个还挺难的。 tanloong: 确实从一个单独的模块开始做,你确实你的那个在 CPython 社区里面的成长会更容易一点。因为你是这个模块的专家,然后别人有什么问题就只能来找你。但是我也觉得这个也挺难的。天哥是从一个完全的 CPython 的陌生人,然后进入到 CPython 一点点做贡献,最后成为 core dev。就像你从一个外人进一家公司,然后慢慢走到管理层,都是非常难的步骤,你要获得信任,然后你做的每一个工作你都要给解释清楚,然后让别人就是认为你是可以承担更重要的角色。我觉得这也是非常难的一个过程。 laike9m: 嗯,是的是的。对,其实说回来就是那个,像给 CPython 做贡献不光是一个技术面上的事情,它还有很多这种交流,对吧?然后尤其是当你和这些外国人交流,你不是用你的母语,然后他们的一些交流的习惯可能也不太一样,所以这个方面也会有一些壁垒吧?就是谭龙,因为你是英文专业,所以这方面你觉得说你的本科教育有帮到你吗? tanloong: 我觉得是有的。如果我没有选英语专业,我应该还停留在高中的那个状态,就是虽然当时英文成绩还可以,但是如果让我看一个全英文的网站,我是心里发怵的,我是心里有那个牴触的心理。但是大学接触英语比较多,然后主要是你抵触心理没有了,然后你愿意去哪怕接受自己写出来的英语没有那么完美,哪怕也不像母语,也不够 native-like, 你也可以接受自己写出来的这些句子,然后去交流。因为你只要能把意思给表达清楚,让对方看懂就可以。其实你放下这个心理负担,你会发现写英语还是没有那么难的。 laike9m: 是的,是的,同意,对。 Manjusaka: 我现在是有一个做简单的 workflow, 然后我会交给 AI 来帮我润色,然后扩展一下我单纯的观点。对,我觉得这是 AI 的一个很好的使用场景。 laike9m: 你用的是哪个工具呢?还是就是手动复制? Manjusaka: 我是直接在 Claude AI 上面给他固定了一组 prompt。 laike9m: 明白,明白。 Manjusaka: 我觉得这就是这一块东西很好用的方式,特别是在我跟他们长篇大论地 battle 的时候,还是挺好用的。 laike9m: 帮我写一个回复去反驳这个人。 Manjusaka: 对,我一般是 prompt 就是说是我引用的那一段,然后我首先给他一个正面的肯定,然后其次列出我对他的观点,一 ABC,然后对,然后就这样。 laike9m: 你写 prompt 的时候是拿中文写吗? Manjusaka: 我拿中文写。 laike9m: 嗯,OK,这样表意更准确一些。 Manjusaka: 对对对,你可以看我群里发的那个 issue,然后那个就是很多大段的,就是我是用 AI 生成出来的。 laike9m: 我想到之前在推特上看到一个段子,就是说在 AI coding 的时代,以前不都是什么 “Talk is cheap, show me the code” 吗?现在是 “Code is cheap, show me the talk”。 Manjusaka: 确实。Code is cheap, show me the talk. laike9m: 一个哥们他在他的 GitHub repo 里面就是把所有的他的那个跟 AI 的聊天记录全都传上去了。这个就是挺好玩的。 Manjusaka: 挺好玩的,挺好玩的。 laike9m: 对,像谭龙,我觉得你之前本来要在 C 模块里面写死 keyword 的时候,你也是用 AI 生成的,虽然后来发现那个路径是不对的,但是至少这方面 AI 的助力还是挺大的。 tanloong: 确实,如果我当时在紧接着问 AI 怎么不要硬编码,然后整个动态生成的话,也许我当时就能直接把动态生成的代码给交进去了,而不是让另一位 core dev 帮忙给写。嗯。 Manjusaka: 是的。 laike9m: 所以就是你对于这个给 CPython 第一次做贡献的这个流程,你有什么其他的一些感受吗?就是我们刚才还没有聊到的,你想分享的。 tanloong: 我没有了。 laike9m: 哦,行,那也没关系,好。我们也是觉得给 CPython 做贡献的人越多越好,然后可能也是能够给听众们一个激励吧。然后感觉这期其实录的挺快的,然后不知道有没有什么你想推荐的东西,就是如果你听我们之前节目的话,你应该知道有这个环节,对吧? tanloong: 我推荐一个网站是跟量化金融有关的,算是一个给入门的学习者的一个索引吧。那个网站叫 QuantWiki。是量化金融中文百科,然后里面有一些就是量化金融相关的入门的概念,还有一些前沿的证券公司发的研究报告,还收录了其他的类似的 Python Data Training 这方面的 GitHub 的 repo 的链接。如果是这方面像我这样的刚入门的学习者的话,可以就是了解一下。 laike9m: 我看了一下,这个写的还挺好的,就是他把各种概念和一些工具都列出来了,对。嗯,我们之前也请过大伟来聊,就是他开发了一些交易相关的工具,所以其实这方面 Python 应用也是挺多的,对。 Manjusaka: 哎,反正我觉得给 Python 做贡献,就觉得还是希望像谭龙这样的人越来越多。是的,是的。对,而且现在他们就感觉是整体都非常缺人的感觉。 laike9m: 哪个看上去像不缺人? Manjusaka: 嗯,这倒也是,确实。反正就之前我给 Brandon 和 Ken Jin 然后请教问题的时候他们都表示很新奇,我操居然还有 Freshman 对我们现在做的这块感兴趣。对,居然还有新人对我们感兴趣?Freshman,哦 Freshman。啊对,反正我觉得从他们视野来看,就整体的很多的地方都会很缺人。 laike9m: 嗯,是的是的,尤其是像你做的那些 debugging 啊,然后 tracing 的一些东西,我觉得懂的人真的很少。 Manjusaka: 我觉得就没人管的状态。而且就我现在对他们的 tracing 的部分有很大的怨言,就主要是 Mark 上面说... 哎,我后面会试着再推一推,但是就哎,随缘吧。 laike9m: 嗯,行。好的。Manjusaka 你有没有什么想推荐的东西。 Manjusaka: 我推荐一部番吧,《阳光马达棒球场!》,非常很不错的一部番,我推荐大家去看看。然后可能国内有很多朋友对于传统的国外的可能说足球或者其他也好,这种体育文化他并不清楚,这种体育文化到底应该是怎么样的,它是怎么样遍布在人的日常生活中的,然后有些人不清楚,那么我建议大家可以去看一下,然后挺治愈的一部番。 laike9m: 嗯,好的好的。啊,我先不推荐了吧,以后再说吧。对,我最近在看一些书,但是还没有看完,所以,对。好,其实我们这期是比较短的一期,然后但是也希望听众们可以从中学到一些东西,然后如果要记住一点的话,就是可能给 CPython 做贡献也没有那么难。对,好,我们这期就到此结束,然后各位听众我们就下期再见,大家拜拜。 众人: 拜拜。
Sudo patch your Linux systems. Cisco has removed a critical backdoor account that gave remote attackers root privileges. The Hunters International ransomware group rebrands and closes up shop. The Centers for Medicare and Medicaid Services (CMS) notifies 103,000 people that their personal data was compromised. NimDoor is a sophisticated North Korean cyber campaign targeting macOS. Researchers uncover a massive phishing campaign using thousands of fake retail websites. The FBI's top cyber official says Salt Typhoon is largely contained. Microsoft tells customers to ignore Windows Firewall error warnings. A California jury orders Google to pay $314 million for collecting Android user data without consent. Ben Yelin shares insights from this year's Supreme Court session. Ransomware negotiations with a side of side hustle. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today our guest is Ben Yelin from UMD CHHS, who is sharing a wrap up of this year's Supreme Court session. If you want to hear more from Ben, head on over to the Caveat podcast, where he is co-host with Dave as they discuss all things law and privacy. Selected Reading Linux Users Urged to Patch Critical Sudo CVE (Infosecurity Magazine) Cisco warns that Unified CM has hardcoded root SSH credentials (Bleeping Computer) Hunters International ransomware shuts down after World Leaks rebrand (Bleeping Computer) Feds Notify 103,000 Medicare Beneficiaries of Scam, Breach (Data Breach Today) N Korean Hackers Drop NimDoor macOS Malware Via Fake Zoom Updates (Hackread) China-linked hackers spoof big-name brand websites to steal shoppers' payment info (The Record) Top FBI cyber official: Salt Typhoon ‘largely contained' in telecom networks (CyberScoop) Microsoft asks users to ignore Windows Firewall config errors (Bleeping Computer) California jury orders Google to pay $314 million over data transfers from Android phones (The Record) US Probes Whether Negotiator Took Slice of Hacker Payments (Bloomberg) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Sudo chroot Elevation of Privilege The sudo chroot option can be leveraged by any local user to elevate privileges to root, even if no sudo rules are defined for that user. https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot Polymorphic ZIP Files A zip file with a corrupt End of Central Directory Record may extract different data depending on the tool used to extract the files. https://hackarcana.com/article/yet-another-zip-trick Cisco Unified Communications Manager Static SSH Credentials Vulnerability A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7
Big thank you to Cisco for sponsoring this video and sponsoring my trip to Cisco Live San Diego. This video features David Bombal and Kyle Winters demonstrating practical cybersecurity techniques. Kyle walks through how to use Hydra to brute force SSH passwords, explaining the process of leveraging wordlists and optimizing the attack. Following the offensive demonstration, Kyle transitions into defensive measures, showing viewers how to quickly and easily set up an SSH honeypot using Cowrie. The honeypot serves as a decoy to attract and monitor malicious actors attempting to access a network. The demonstration includes setting up the honeypot on an Ubuntu host, configuring IP tables for port redirection, and monitoring logs for incoming connection attempts. The video highlights the importance of understanding both attack methods and defensive strategies in cybersecurity. Kyle also mentions free ethical hacking training resources available through Cisco Networking Academy (netacad.com) and future tutorials on Cisco U (u.cisco.com). // COMMANDS // Devices: client 192.168.1.10 server 192.168.1.11 ubuntu-honeypot 192.168.1.21 Nmap scan: nmap -sn 192.168.1.0/24 Verify Hydra installed: hydra -h Show wordlists: ls -al /usr/share/wordlists/ Crack with known username: hydra -l admin -P /usr/share/wordlists/top-passwords-shortlist.txt -t 4 -f ssh://192.168.1.11 Crack with unknown username: hydra -L /usr/share/wordlists/top-usernames-shortlist.txt -P /usr/share/wordlists/top-passwords-shortlist.txt -t 4 -f ssh://192.168.1.11 Create dir for Cowrie: mkdir cowrie cd cowrie/ Clone cowrie: git clone https://github.com/cowrie/cowrie . Launch the python virtual environment: python3 -m venv cowrie-env source cowrie-env/bin/activate Install python requirements: pip install --upgrade pip pip install -r requirements.txt Copy and edit the config: cp etc/cowrie.cfg.dist etc/cowrie.cfg vi etc/cowrie.cfg Setup port forwarding for SSH to Cowrie: sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222 sudo iptables-save Start Cowrie: bin/cowrie start Check Cowrie status: bin/cowrie status View logs: tail -f var/log/cowrie/cowrie.log // Kyle Winter's SOCIALS // Socials: / kyle-m-winters Cisco Blogs: https://blogs.cisco.com/author/kylewi... // Website REFERENCE // https://www.netacad.com/courses/ethic... https://u.cisco.com/ // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
In this episode, recorded live at PSConfEU, Andrew catches up with some of the PowerShell team from Microsoft to talk all things PowerShell—from AIShell to PSResourceGet to the future of DSC and OpenSSH. First up is Steven Bucher, Product Manager on the PowerShell team, who discusses the massive scale of PowerShell usage, the state of PowerShell 7, and the team's focus on security and reliability. He also gives an exciting walkthrough of AIShell and how it's helping users stay in the terminal while getting AI-driven help, error resolution, and integration with providers like Azure OpenAI and AI Foundry. Then we hear from Anam, a software engineer working on PSResourceGet, PowerShell Gallery, and security. She shares details on the rewrite of PowerShellGet, performance improvements, and new features like container registry support. She also dives into Microsoft's Artifact Registry (MAR) and offers her take on coding as a creative, artistic endeavor. Lastly, Tess joins the conversation to talk about OpenSSH and Desired State Configuration (DSC). She highlights the native cross-platform capabilities of DSC v3, its decoupling from PowerShell, and the move toward supporting resource development in languages like Python. Tess also shares the significance of SSH server availability in Windows Server 2025 and reflects on her open-source journey and love of outdoor sports. Whether you're managing packages, remoting with SSH, exploring AI integrations, or just want to know more about some of the people behind PowerShell, this episode delivers valuable insights from the team building the tools you use. Links and Mentions: https://www.linkedin.com/in/anamnavied/ https://www.linkedin.com/in/tess-gauthier-a43a368a/ https://www.linkedin.com/in/stevenabucher/ https://andrewpla.tech/links https://github.com/PowerShell/PowerShell https://github.com/PowerShell/AIShell https://github.com/PowerShell/PSResourceGet https://github.com/PowerShell/Win32-OpenSSH https://github.com/microsoft/DSC The PowerShell Podcast on YouTube: https://youtu.be/F4mVUHinjf4 The PowerShell Podcast: https://pdq.com/the-powershell-podcast Guests: Stephen Bucher – Product Manager II on the PowerShell Team Anam Navied – Software Engineer 2 @ Microsoft Tess Gauthier – Software Engineer @ Microsoft | OpenSSH
PhoneBoy discusses the latest TechTalk on AI Agents, Threat Prevention Performance Boost in R82, R82 JHF 25, SAML and Secondary Connect, SSH to a given VS, and the generic-object API.
This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-878
This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-878
Container-based Linux distributions are gaining traction, especially for edge deployments that demand lightweight and secure operating systems. Talos Linux, developed by Sidero Labs, is purpose-built for Kubernetes with security-first features like a fully immutable file system and disabled SSH access. In a demo, Sidero CTO Andrew Rynhard and Head of Product Justin Garrison explained Talos's design philosophy, highlighting its minimalism and focus on automation. Inspired by CoreOS, Talos removes traditional tools like systemd and Bash, replacing them with machineD, a custom process manager written in Go.Talos emphasizes API-driven management rather than SSH, making Kubernetes cluster operations more scalable and consistent. Its design supports cloud, bare metal, Docker, and edge devices like Raspberry Pi. Kernel immutability is reinforced by ephemeral signing keys. Through Sidero's Omni SaaS, Talos nodes connect securely via WireGuard. The operating system handles all certificates and network connectivity internally, streamlining security and deployment. As Garrison notes, Talos delivers a portable API for “big iron, small iron—no matter what.”Learn more from The New Stack about Sidero Labs: Is Cluster API Really the Future of Kubernetes Deployment? Choosing a Linux Distribution Join our community of newsletter subscribers to stay on top of the news and at the top of your game. https://thenewstack.io/newsletter/
This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails Show Notes: https://securityweekly.com/psw-878
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT
June's Patch [FIX] Tuesday unpacks a lighter-than-usual Windows patch cycle — but don't get too comfortable. Join Automox cybersecurity experts as they break down high-risk vulnerabilities across macOS and Windows, including:A chained SSH vulnerability (CVE-2025-26465 & CVE-2025-26466) that allows memory exhaustion and bypasses host key verificationA WebDAV remote code execution flaw (CVE-2025-33053) actively exploited in the wildMultiple macOS threats, from sandbox escapes to keychain access and privilege escalationThe team also shares patching strategies, mitigation tips, and password hygiene advice you'll want to follow.
This Week's Topics: AI defend their own survival SSH backdoor installed on Asus routers GPS blackout would shut down the world Episode's chat: https://britishtechnetwork.com/chat/view.php?dt=2025-06-05 Guests: Jeff Gamet, Patrice Brend'amour, Ian Grant, Tom […]
This Week's Topics: AI defend their own survival SSH backdoor installed on Asus routers GPS blackout would shut down the world Episode's chat: https://britishtechnetwork.com/chat/view.php?dt=2025-06-05 Guests: Jeff Gamet, Patrice Brend'amour, Ian Grant, Tom […]
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Simple SSH Backdoor Xavier came across a simple SSH backdoor taking advantage of the ssh client preinstalled on recent Windows systems. The backdoor is implemented via an SSH configuration file that instructs the SSH client to connect to a remote system and forward a shell on a random port. This will make the shell accessible to anybody able to connect to the C2 host. https://isc.sans.edu/diary/Simple%20SSH%20Backdoor/32000 Google Chrome to Distrust CAs Google Chrome will remove the Chunghwa Telecom and Netlock certificate authorities from its list of trusted CAs. Any certificates issued after July 31st will not be trusted. Certificates issued before the deadline will be trusted until they expire. https://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html Microsoft Emergency Update to Fix Crashes Caused by May Patch Microsoft released an emergency update for a bug caused by one of the patches released in May. Due to the bug, systems may not restart after the patch is applied. This affects, first of all, virtual systems running in Azure and HyperV but apparently has also affected some physical systems. https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23h2#kb5058405-might-fail-to-install-with-recovery-error-0xc0000098-in-acpi-sys Qualcomm Adreno Graphics Processing Unit Patch (Exploited!) Qualcomm released an update for the driver for its Adreno GPU. The patched vulnerability is already being exploited against Android devices. https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html
Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SSH authorized_keys File One of the most common techniques used by many bots is to add rogue keys to the authorized_keys file, implementing an SSH backdoor. Managing these files and detecting unauthorized changes is not hard and should be done if you operate Unix systems. https://isc.sans.edu/diary/Securing%20Your%20SSH%20authorized_keys%20File/31986 REMOTE COMMAND EXECUTION ON SMARTBEDDED METEOBRIDGE (CVE-2025-4008) Weatherstation software Meteobridge suffers from an easily exploitable unauthenticated remote code execution vulnerability https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008 https://forum.meteohub.de/viewtopic.php?t=18687 Manageengine ADAuditPlus SQL Injection Zoho patched two SQL Injection vulnerabilities in its ManageEngine ADAuditPlus product https://www.manageengine.com/products/active-directory-audit/cve-2025-41407.html https://www.manageengine.com/products/active-directory-audit/cve-2025-36527.html Dero Miner Infects Containers through Docker API Kaspersky found yet another botnet infecting docker containers to spread crypto coin miners. The initial access happens via exposed docker APIs. https://securelist.com/dero-miner-infects-containers-through-docker-api/116546/
In this episode we talk to Justin Garrison - Head of Product at Sidero Labs, the makers of Talos! The Talos distro is a reimagining of Linux for distributed systems like Kubernetes. Talos strips away everything unnecessary—no shell, no SSH, no package manager—leaving just what you need to run K8s clusters. All system management is done through a secure API, eliminating configuration drift and reducing your attack surface with a read-only filesystem. 00:00 - Intro 06:25 - New AI business ideas! 11:51 - What does "API Driven Linux" mean? How to find Justin: justingarrison.com Justin's links: Talos: https://www.talos.dev/ Getting started: https://www.talos.dev/v1.10/introduction/quickstart/
Forecast = Mostly cloudy with a chance of rogue SSH access—keep your patches up to avoid a phishy forecast! Welcome to Storm⚡️Watch, where we unpack the latest in cybersecurity threats, research, and the tools that keep the digital world safe. In this episode, we invite GreyNoise Security Architect and researcher Matthew Remacle (a.k.a., Remy) to kick things off with a deep dive into a fascinating and highly sophisticated botnet campaign targeting ASUS routers—a story that starts with a little help from machine learning and ends with some hard lessons for defenders everywhere. GreyNoise researchers spotted this campaign using SIFT, their AI-powered network traffic analyzer, which sifted through more than 23 billion network entries and managed to flag just 30 suspicious payloads targeting ASUS routers. What made this botnet stand out was its surgical precision and stealth—far from the usual noisy, attention-grabbing attacks. The attackers knew exactly what they were doing, focusing on disabling TrendMicro security features embedded in the routers, essentially breaking in by first turning off the alarm. The attack chain reads like a masterclass in persistence: brute force and clever authentication bypasses got them in the door, a null byte injection tricked the router's authentication system, and a command injection vulnerability allowed them to manipulate logging features in a way that opened up even more attack paths. The real kicker? The final backdoor was installed using legitimate ASUS features, meaning it could survive firmware updates and stay hidden from traditional detection methods. This campaign affected thousands of routers globally, with over 4,800 compromised devices detected and counting. Even after ASUS released a patch—adding character validation rather than fixing the underlying flaw—researchers found that the fundamental vulnerability remained, and attackers could potentially work around the patch. This story highlights the ongoing challenges in IoT security: complexity breeds vulnerability, persistence is a nightmare to detect and remove when attackers use legitimate features, and patches often address symptoms rather than root causes. It's a reminder that traditional signature-based detection is no longer enough—behavioral analysis and AI-driven anomaly detection are now essential for spotting these advanced threats. We also touch on the bigger picture: the evolving cat-and-mouse game between attackers and defenders, the importance of defense in depth, and why understanding normal network behavior is more critical than ever. Plus, we look at the human element—attackers who are patient, technically sophisticated, and deeply aware of how to evade detection. For organizations, the takeaways are clear: defense in depth, behavioral monitoring, asset management, and patch management are all non-negotiable. And for everyone else, it's a reminder that the devices we trust to protect us are themselves complex and potentially vulnerable computers. Later in the episode, we take a closer look at vulnerability scoring systems—CVSS, EPSS, and SSVC—and why reading between the scores is so important for risk management. We also highlight the value of fresh, actionable data from sources like Censys and VulnCheck, and round things out with a nod to the ongoing conversation happening on the GreyNoise blog. Thanks for tuning in to Storm⚡️Watch. Stay vigilant, keep learning, and remember: in cybersecurity, the difference between safe and compromised can be as subtle as a single null byte. Storm Watch Homepage >> Learn more about GreyNoise >>
Every business has essential tools to keep it running. Reiki businesses are no different. In this episode, I'm taking you behind the scenes of my business sharing 6 common Reiki business tools and the ones I use. All of these tools are covered in-depth in the Build Your Reiki Business program:https://standingstoneshealing.com/build Join the Reiki Business Roundtable:https://standingstoneshealing.com/roundtable TidyCal:https://tidycal.com Massage Magazine Insurance: Use coupon code SSH to save $20https://www.massageliabilityinsurancegroup.com Hostinger affiliate link:https://www.hostinger.com/referral?REFERRALCODE=R5ASTANDIV8G Podcast episode on insurance:https://youtu.be/Y37n9Vk3K1w Podcast episode on website mistakes:https://youtu.be/xR5YHwIMMH8 Join September's Reiki Business Summit:https://reikibusinesssummit.com Reiki Business Roundtable:https://standingstoneshealing.com/roundtable Reiki Business Blueprint:https://standingstoneshealing.com/blueprint Free Reiki Biz Kit:https://standingstoneshealing.com/reikibizkit Join the Reiki Business Collective:https://facebook.com/groups/reikibiz ChristianStanding Stones Healing Legal Disclaimer: Standing Stones Healing Co. does not diagnose, treat, or cure any physical or mental illness with this podcast or any other services, products, or media offered by Standing Stones Healing Co. By using Standing Stones Healing Co. products, services, or media, you agree to hold harmless Standing Stones Healing Co. for any adverse reactions that may result from use of said products, services, or media. Standing Stones Healing Co. services are not a replacement for licensed medical care or professional legal, business, tax, or financial consultation. All Standing Stones Healing Co. services, products, messages, and media are for informational, educational, and entertainment purposes only and do not constitute medical, emotional, financial, or legal advice. Thank you. For more information, see the Standing Stones Healing Co. Terms of Service:https://standingstoneshealing.com/terms
This week, we're pulling back the curtain on SSH from a digital forensics perspective.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
No Internet Access: SSH to the Rescue If faced with restrictive outbound network access policies, a single inbound SSH connection can quickly be turned into a tunnel or a full-blown VPN https://isc.sans.edu/diary/No%20Internet%20Access%3F%20SSH%20to%20the%20Rescue!/31932 SAMSUNG magicINFO 9 Server Flaw Still exploitable The SAMSUNG magicINFO 9 Server Vulnerability we found being exploited last week is apparently still not completely patched, and current versions are vulnerable to the exploit observed in the wild. https://www.huntress.com/blog/rapid-response-samsung-magicinfo9-server-flaw Bring Your Own Installer: Bypassing SentinelOne Through Agent Version Change Interruption SentinelOne s installer is vulnerable to an exploit allowing attackers to shut down the end point protection software https://www.aon.com/en/insights/cyber-labs/bring-your-own-installer-bypassing-sentinelone Commvault Still Exploitable A recent patch for Commvault is apparently ineffective and the PoC exploit published by watchTowr is still working against up to date patched systems https://infosec.exchange/@wdormann/114458913006792356
Inside FreeBSD Netgraph: Behind the Curtain of Advanced Networking, Launching BSSG - My Journey from Dynamic CMS to Bash Static Site Generator, OpenZFS Cheat Sheet, Dipping my toes in OpenBSD in Amsterdam, SSH keys from a command: sshd's AuthorizedKeysCommand directive, How to move bhyve VM and Jail container from one host to another host, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines Inside FreeBSD Netgraph: Behind the Curtain of Advanced Networking (https://klarasystems.com/articles/inside-freebsd-netgraph-advanced-networking/?utm_source=BSD%20Now&utm_medium=Podcast) Launching BSSG - My Journey from Dynamic CMS to Bash Static Site Generator (https://it-notes.dragas.net/2025/04/07/launching-bssg-my-journey-from-dynamic-cms-to-bash-static-site-generator/) News Roundup OpenZFS Cheat Sheet (https://freebsdfoundation.org/blog/openzfs-cheat-sheet/) Dipping my toes in OpenBSD, in Amsterdam (https://ewintr.nl/posts/2025/dipping-my-toes-in-openbsd-in-amsterdam/) SSH keys from a command: sshd's AuthorizedKeysCommand directive (https://jpmens.net/2025/03/25/authorizedkeyscommand-in-sshd/) How to move bhyve VM and Jail container from one host to another host ? (https://vincentdelft.be/post/post_20250215) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Dave - Webstack (https://github.com/BSDNow/bsdnow.tv/tree/master/episodes/609/feedback) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)
News includes a critical Unauthenticated Remote Code Execution vulnerability in Erlang/OTP SSH, José Valim teasing a new project, Oban Pro v1.6's impressive new "Cascade Mode" feature, Semaphore CI/CD platform being open-sourced as a primarily Elixir application, new sandboxing options for Elixir code with Dune and Mini Elixir, BeaconCMS development slowing due to DockYard cuts, and a look at the upcoming W3C Device Bound Session Credentials standard that will impact all web applications, and more! Show Notes online - http://podcast.thinkingelixir.com/251 (http://podcast.thinkingelixir.com/251) Elixir Community News https://paraxial.io/ (https://paraxial.io/?utm_source=thinkingelixir&utm_medium=shownotes) – Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a limited time offer. https://x.com/ErlangDiscu/status/1914259474937753747 (https://x.com/ErlangDiscu/status/1914259474937753747?utm_source=thinkingelixir&utm_medium=shownotes) – Unauthenticated Remote Code Execution vulnerability discovered in Erlang/OTP SSH. https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 (https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2?utm_source=thinkingelixir&utm_medium=shownotes) – Official security advisory for the Erlang/OTP SSH vulnerability. https://paraxial.io/blog/erlang-ssh (https://paraxial.io/blog/erlang-ssh?utm_source=thinkingelixir&utm_medium=shownotes) – Paraxial.io's detailed blog post addressing how the SSH vulnerability impacts typical Elixir systems. https://elixirforum.com/t/updated-nerves-systems-available-with-cve-2025-32433-ssh-fix/70539 (https://elixirforum.com/t/updated-nerves-systems-available-with-cve-2025-32433-ssh-fix/70539?utm_source=thinkingelixir&utm_medium=shownotes) – Updated Nerves systems available with SSH vulnerability fix. https://bsky.app/profile/oban.pro/post/3lndzg72r2k2g (https://bsky.app/profile/oban.pro/post/3lndzg72r2k2g?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement of Oban Pro v1.6's new "Cascade Mode" feature. https://oban.pro/articles/weaving-stories-with-cascading-workflows (https://oban.pro/articles/weaving-stories-with-cascading-workflows?utm_source=thinkingelixir&utm_medium=shownotes) – Blog post demonstrating Oban Pro's new Cascading Workflows feature used to create children's stories with AI. https://bsky.app/profile/josevalim.bsky.social/post/3lmw5fvnyvc2k (https://bsky.app/profile/josevalim.bsky.social/post/3lmw5fvnyvc2k?utm_source=thinkingelixir&utm_medium=shownotes) – José Valim teasing a new logo with "Soon" message. https://tidewave.ai/ (https://tidewave.ai/?utm_source=thinkingelixir&utm_medium=shownotes) – New site mentioned in José Valim's teasers, not loading to anything yet. https://github.com/tidewave-ai (https://github.com/tidewave-ai?utm_source=thinkingelixir&utm_medium=shownotes) – New GitHub organization related to José Valim's upcoming announcement. https://github.com/tidewave-ai/mcpproxyelixir (https://github.com/tidewave-ai/mcp_proxy_elixir?utm_source=thinkingelixir&utm_medium=shownotes) – The only public project in the tidewave-ai organization - an Elixir MCP server for STDIO. https://x.com/chris_mccord/status/1913073561561858229 (https://x.com/chris_mccord/status/1913073561561858229?utm_source=thinkingelixir&utm_medium=shownotes) – Chris McCord teasing AI development with Phoenix applications. https://ashweekly.substack.com/p/ash-weekly-issue-13 (https://ashweekly.substack.com/p/ash-weekly-issue-13?utm_source=thinkingelixir&utm_medium=shownotes) – Zach Daniel teasing upcoming Ash news to be announced at ElixirConf EU. https://elixirforum.com/t/dune-sandbox-for-elixir/42480 (https://elixirforum.com/t/dune-sandbox-for-elixir/42480?utm_source=thinkingelixir&utm_medium=shownotes) – Dune - a sandbox for Elixir created by a Phoenix maintainer. https://github.com/functional-rewire/dune (https://github.com/functional-rewire/dune?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository for Dune, an Elixir code sandbox. https://blog.sequinstream.com/why-we-built-mini-elixir/ (https://blog.sequinstream.com/why-we-built-mini-elixir/?utm_source=thinkingelixir&utm_medium=shownotes) – Blog post explaining Mini Elixir, another Elixir code sandbox solution. https://github.com/sequinstream/sequin/tree/main/lib/sequin/transforms/minielixir (https://github.com/sequinstream/sequin/tree/main/lib/sequin/transforms/minielixir?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository that contains Mini Elixir, an Elixir AST interpreter. https://www.reddit.com/r/elixir/comments/1k27ekg/webuiltacustomelixirastinterpreter_for/ (https://www.reddit.com/r/elixir/comments/1k27ekg/we_built_a_custom_elixir_ast_interpreter_for/?utm_source=thinkingelixir&utm_medium=shownotes) – Reddit discussion about Mini Elixir AST interpreter. https://github.com/semaphoreio/semaphore (https://github.com/semaphoreio/semaphore?utm_source=thinkingelixir&utm_medium=shownotes) – Semaphore CI/CD platform open-sourced under Apache 2.0 license - primarily an Elixir application. https://semaphore.io/ (https://semaphore.io/?utm_source=thinkingelixir&utm_medium=shownotes) – Official website for Semaphore CI/CD platform. https://docs.semaphoreci.com/CE/getting-started/install (https://docs.semaphoreci.com/CE/getting-started/install?utm_source=thinkingelixir&utm_medium=shownotes) – Installation guide for Semaphore Community Edition. https://bsky.app/profile/markoanastasov.bsky.social/post/3lj5o5h5z7k2t (https://bsky.app/profile/markoanastasov.bsky.social/post/3lj5o5h5z7k2t?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement from Marko Anastasov, co-founder of Semaphore CI, about open-sourcing their platform. https://github.com/elixir-dbvisor/sql (https://github.com/elixir-dbvisor/sql?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository for SQL parser and sigil with impressive benchmarks. https://groups.google.com/g/elixir-ecto/c/8MOkRFAdLZc?pli=1 (https://groups.google.com/g/elixir-ecto/c/8MOkRFAdLZc?pli=1?utm_source=thinkingelixir&utm_medium=shownotes) – Discussion about SQL parser being 400-650x faster than Ecto for generating SQL. https://bsky.app/profile/bcardarella.bsky.social/post/3lndymobsak2p (https://bsky.app/profile/bcardarella.bsky.social/post/3lndymobsak2p?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement about BeaconCMS reducing development due to Dockyard cuts. https://bsky.app/profile/did:plc:vnywtpvzgdgetnwea3fs3y6w (https://bsky.app/profile/did:plc:vnywtpvzgdgetnwea3fs3y6w?utm_source=thinkingelixir&utm_medium=shownotes) – Related profile for BeaconCMS announcement. https://beaconcms.org/ (https://beaconcms.org/?utm_source=thinkingelixir&utm_medium=shownotes) – BeaconCMS official website. https://github.com/BeaconCMS/beacon (https://github.com/BeaconCMS/beacon?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository for BeaconCMS. Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Discussion Resources Discussion about Device Bound Session Credentials, a W3C initiative being built into major browsers that will require minor changes to Phoenix for implementation. https://w3c.github.io/webappsec-dbsc/ (https://w3c.github.io/webappsec-dbsc/?utm_source=thinkingelixir&utm_medium=shownotes) – W3C - Device Bound Session Credentials proposal https://github.com/w3c/webappsec-dbsc/ (https://github.com/w3c/webappsec-dbsc/?utm_source=thinkingelixir&utm_medium=shownotes) – Device Bound Session Credentials explainer https://developer.chrome.com/docs/web-platform/device-bound-session-credentials (https://developer.chrome.com/docs/web-platform/device-bound-session-credentials?utm_source=thinkingelixir&utm_medium=shownotes) – Device Bound Session Credentials (DBSC) on the Google Chrome developer blog https://en.wikipedia.org/wiki/TrustedPlatformModule (https://en.wikipedia.org/wiki/Trusted_Platform_Module?utm_source=thinkingelixir&utm_medium=shownotes) – Wikipedia article on Trusted Platform Module, relevant to Device Bound Session Credentials discussion. https://www.grc.com/sn/sn-1021-notes.pdf (https://www.grc.com/sn/sn-1021-notes.pdf?utm_source=thinkingelixir&utm_medium=shownotes) – Other podcast show notes discussing Device Bound Session Credentials (DBSC). https://twit.tv/shows/security-now/episodes/1021?autostart=false (https://twit.tv/shows/security-now/episodes/1021?autostart=false?utm_source=thinkingelixir&utm_medium=shownotes) – Security Now podcast episode covering Device Bound Session Credentials (time coded link to discussion). Find us online - Message the show - Bluesky (https://bsky.app/profile/thinkingelixir.com) - Message the show - X (https://x.com/ThinkingElixir) - Message the show on Fediverse - @ThinkingElixir@genserver.social (https://genserver.social/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen on X - @brainlid (https://x.com/brainlid) - Mark Ericksen on Bluesky - @brainlid.bsky.social (https://bsky.app/profile/brainlid.bsky.social) - Mark Ericksen on Fediverse - @brainlid@genserver.social (https://genserver.social/brainlid) - David Bernheisel on Bluesky - @david.bernheisel.com (https://bsky.app/profile/david.bernheisel.com) - David Bernheisel on Fediverse - @dbern@genserver.social (https://genserver.social/dbern)
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Honeypot Iptables Maintenance and DShield-SIEM Logging In this diary, Jesse is talking about some of the tasks to maintain a honeypot, like keeping filebeats up to date and adjusting configurations in case your dynamic IP address changes https://isc.sans.edu/diary/Honeypot%20Iptables%20Maintenance%20and%20DShield-SIEM%20Logging/31876 XRPL.js Compromised An unknown actor was able to push malicious updates of the XRPL.js library to NPM. The library is officially recommended for writing Riple (RPL) cryptocurrency code. The malicious library exfiltrated secret keys to the attacker https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor https://github.com/XRPLF/xrpl.js/security/advisories/GHSA-33qr-m49q-rxfx Cisco Equipment Affected by Erlang/OTP SSH Vulnerability Cisco published an advisory explaining which of its products are affected by the critical Erlang/OTP SSH library vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy
Send us a textWendy LaGrange, VP and Managing Director at Wallcur (now part of 3B Scientific), reveals the vital role of the Corporate Roundtable within the Society for Simulation in Healthcare. This behind-the-scenes organization bridges the gap between industry partners and educators to advance healthcare simulation and improve patient outcomes.• Corporate Roundtable serves as the corporate arm of SSH, bringing together approximately 50 companies • Started 15 years ago as a small committee, now playing a significant role in shaping healthcare simulation• Members meet quarterly to align industry goals with SSH's strategic priorities• Corporate Roundtable hosts workshops focused on research and development, connecting innovators with industry resources• A new "shark tank" platform is being developed to help bring simulation innovations from concept to market• Industry representation on the SSH Board of Directors ensures the corporate perspective influences policy and advocacy• Competition transforms into collaboration when companies unite under the shared goal of advancing healthcare educationTo learn more about the Corporate Roundtable or how your company can get involved, visit the SSH website or contact the SSH staff liaison for more information.Innovative SimSolutions.Your turnkey solution provider for medical simulation programs, sim centers & faculty design.
Adversary nations are using ClickFix in cyber espionage campaigns. Japan's Financial Services Agency issues an urgent warning after hundreds of millions in unauthorized trades. The critical Erlang/OTP's SSH vulnerability now has public exploits. A flawed rollout of a new Microsoft Entra app triggers widespread account lockouts. The alleged operator of SmokeLoader malware faces federal hacking charges. A new scam blends social engineering, malware, and NFC tech to drain bank accounts. GSA employees may have been oversharing sensitive documents. Yoni Shohet, Co-Founder and CEO of Valence Security, who cautions financial organizations of coming Chinese open source AI. Crosswalks in the crosshairs of satirical hacking. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Yoni Shohet, Co-Founder and CEO of Valence Security, discussing how the onslaught of more open source AI tools coming out of China will be difficult to manage for companies especially those in the financial sector. Selected Reading North Korea, Iran, Russia-Backed Hackers Deploy ClickFix in New Attacks (Hackread) Countries Shore Up Their Digital Defenses as Global Tensions Raise the Threat of Cyberwarfare (SecurityWeek) Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts (The Record) Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (Bleeping Computer) Widespread Microsoft Entra lockouts tied to new security feature rollout (Bleeping Computer) Alleged SmokeLoader malware operator facing federal charges in Vermont (The Record) New payment-card scam involves a phone call, some malware and a personal tap (The Record) Sensitive files, including White House floor plans, shared with thousands (The Washington Post) Hacking US crosswalks to talk like Zuck is as easy as 1234 (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Microsoft Entra User Lockout Multiple organizations reported widespread alerts and account lockouts this weekend from Microsoft Entra. The issue is caused by a new feature Microsoft enabled. This feature will lock accounts if Microsoft believes that the password for the account was compromised. https://www.bleepingcomputer.com/news/microsoft/widespread-microsoft-entra-lockouts-tied-to-new-security-feature-rollout/ https://learn.microsoft.com/en-us/entra/identity/authentication/feature-availability Erlang/OTP SSH Exploit An exploit was published for the Erlang/OTP SSH vulnerability. The vulnerability is easy to exploit, and the exploit and a Metasploit module allow for easy remote code execution. https://github.com/exa-offsec/ssh_erlangotp_rce/blob/main/ssh_erlangotp_rce.rb Sonicwall Exploited An older command injection vulnerability is now exploited on Sonicwall devices after initially gaining access by brute-forcing credentials. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022 Unpatched Vulnerability in Bubble.io An unpatched vulnerability in the no-code platform bubble.io can be used to access any project hosted on the site. https://github.com/demon-i386/pop_n_bubble
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
RedTail: Remnux and Malware Management A description showing how to set up a malware analysis in the cloud with Remnux and Kasm. RedTail is a sample to illustrate how the environment can be used. https://isc.sans.edu/diary/RedTail%2C%20Remnux%20and%20Malware%20Management%20%5BGuest%20Diary%5D/31868 Critical Erlang/OTP SSH Vulnerability Researchers identified a critical vulnerability in the Erlang/OTP SSH library. Due to this vulnerability, SSH servers written in Erlang/OTP allow arbitrary remote code execution without prior authentication https://www.openwall.com/lists/oss-security/2025/04/16/2 Brickstorm Analysis An analysis of a recent instance of the Brickstorm backdoor. This backdoor used to be more known for infecting Linux systems, but now it also infects Windows. https://www.nviso.eu/blog/nviso-analyzes-brickstorm-espionage-backdoor https://blog.nviso.eu/wp-content/uploads/2025/04/NVISO-BRICKSTORM-Report.pdf OpenAI GPT 4.1 Controversy OpenAI released its latest model, GPT 4.1, without a safety report and guardrails to prevent malware creation. https://opentools.ai/news/openai-stirs-controversy-with-gpt-41-release-lacking-safety-report
We should improve libzfs somewhat, Accurate Effective Storage Performance Benchmark, Debugging aids for pf firewall rules on FreeBSD, OpenBSD and Thunderbolt issue on ThinkPad T480s, Signing Git Commits with an SSH key, Pgrep, LibreOffice downloads on the rise, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines We should improve libzfs somewhat (https://despairlabs.com/blog/posts/2025-03-12-we-should-improve-libzfs-somewhat/) Accurate Effective Storage Performance Benchmark (https://klarasystems.com/articles/accurate-effective-storage-performance-benchmark/?utm_source=BSD%20Now&utm_medium=Podcast) News Roundup Debugging aids for pf firewall rules on FreeBSD (https://dan.langille.org/2025/02/24/debugging-aids-for-pf-firewall-rules-on-freebsd/) OpenBSD and Thunderbolt issue on ThinkPad T480s (https://www.tumfatig.net/2025/openbsd-and-thunderbolt-issue-on-thinkpad-t480s/) Signing Git Commits with an SSH key (https://jpmens.net/2025/02/26/signing-git-commits-with-an-ssh-key/) Pgrep (https://www.c0t0d0s0.org/blog/pgrep-z-r.html) LibreOffice downloads on the rise as users look to avoid subscription costs (https://www.computerworld.com/article/3840480/libreoffice-downloads-on-the-rise-as-users-look-to-avoid-subscription-costs.html) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Felix - Bhyve and NVME (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/607/feedback/Felix%20-%20bhyve%20and%20nvme.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
New SSH Username Report A new ssh/telnet username reports makes it easier to identify new usernames attackers are using against our telnet and ssh honeypots https://isc.sans.edu/diary/New%20SSH%20Username%20Report/31830 Quickshell Sharing is Caring: About an RCE Attack Chain on Quick Share The Google Quick Share protocol is susceptible to several vulnerabilities that have not yet been fully patched, allowing for some file overwrite issues that could lead to the accidental execution of malicious code. https://www.blackhat.com/asia-25/briefings/schedule/index.html#quickshell-sharing-is-caring-about-an-rce-attack-chain-on-quick-share-43874 Apache Traffic Director Request Smuggling Vulnerability https://www.openwall.com/lists/oss-security/2025/04/02/4
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
A Tale of Two Phishing Sties Two phishing sites may use very different backends, even if the site itself appears to be visually very similar. Phishing kits are often copied and modified, leading to sites using similar visual tricks on the user facing site, but very different backends to host the sites and reporting data to the miscreant. https://isc.sans.edu/diary/A%20Tale%20of%20Two%20Phishing%20Sites/31810 A Phihsing Tale of DOH and DNS MX Abuse Infoblox discovered a new variant of the Meerkat phishing kit that uses DoH in Javascript to discover MX records, and generate better customized phishing pages. https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/ Using OpenID Connect for SSH Cloudflare opensourced it's OPKSSH too. It integrates SSO systems supporting OpenID connect with SSH. https://github.com/openpubkey/opkssh/
In this Soap Box edition of Risky Business host Patrick Gray talks to Knocknoc CEO Adam Pointon about how to easily rein in attack surface by glueing your single sign-on service to your network controls. Do your Palo Alto and Fortinet devices really need to be discoverable by ransomware crews? Does your file transfer appliance need to be open to the whole world? What about your SSH and RDP? Your Citrix? Your (gasp) Exchange Online servers?? You can do a lot with IP allowlisting and simple Identity Aware Proxies (IAPs) to minimise your exposure. Knocknoc is a bit of a “Risky Business special”, too. Pat helped Knocknoc to raise a seed round through Decibel Partners where he's a founder advisor. He also serves on Knocknoc's board of directors. This episode is also available on Youtube. Show notes