SE

Security Now (Audio)

TWiT

Zero Day Vulnerabilities and Bitlocker Exploits

From SN 1083: Patch Tuesday à la AI - Arch Linux Repo Under SiegeJun 17, 2026

Excerpt from Security Now (Audio)

SN 1083: Patch Tuesday à la AI - Arch Linux Repo Under SiegeJun 17, 2026 — starts at 0:00

It's time for security. Now, Steve Gibson is here and he's raring to go There are more supply chain attacks to talk about, including on the Arch Linux user repository N PM. They're going to try to make that a little bit more secure. Steve has some recommendations until they do And June shows that AI has arrived for vulnerability discovery We'll talk about that lot more next onsecurity now. Podcasts you love from people you trust. This is to it This is Security Now with Steve Gibson, Episode one thousand eighty three, recorded Tuesday, june sixteenth, twenty twenty six Patch Tuesday, Allah Ian It's time for security now. The show we cover the latest security privacy and all that stuff online with the man, the myth the legend, notot the mythos mister Steve Gibson No mythos for you. That's no table here. No feeble either. Wow Wow. crazy story. Well ye. Yeah, I'm gonna share Anthropics response and then we'll do a little editorializing around that because that was good. an interesting this So U, last Tuesday was June's patch Tuesday Oh and Boy, did we break records? Yes. So today's podcast is titled Patch Tuesday A la AI because, you know, this is what we were expecting to see It'll be interesting to see How long this Tsunami, crescendo, tidal wave, Pulse last, I don't expect it to be likeike this is not going to be an every month thing, but five, six months would be my guess And then we're going to see a a reaction drop in the number of monthly patches because The AI is going to get deployed in the case of Microsoft and Pets Tuesday u the horribly named cod name M Bash They make me say every time U will be the thing that U, you know, changes, I really believe changes the windows side of the industry. Anyway, we're going to dig deep into that I want to talk about root kits having been found in more than four hundred. Arch Linux user repository packages. I had to really worry about that. I'm an arce user. Yeah U.S. government requests anthropic, as we said, to remove both access to both mythos and fable for fore nationals. But since you can't I mean, it's like the age restriction problem, right? It's like, well, we're not really sure. I just have to tell everybody no Uh Sisa has also had an interesting response to AI driven attacks changing their patching requirements for federal agencies. And boy patching was ever a back room or a like like on the back burner This is it is just no longer the case and any federal agency who and they this is a BOD what I can't remember that stands for Binding operational directive from from SIisA. which, you know, has legal strength, which says You have to patch on the timeline we say and It's fast. So patching again, is like this is moved right up to the front of You know operational readiness business wise. we'll look at that alsoso PM the most attacked repository we have Uh, you know, u the node.js packet manager Hm has switched to more secure install defaults Pblem is A lot of non malicious use of these installed defaults occurs And so this is going to create breakage which is going to have an unclear effect on long term security. I found a really interesting I analysis of this from somebody on the inside who understands what's going to happen that we're going to take a look at U alsoso a bunch of people responded across the spectrum about my little rant on about PHP, which of course is not the first time I've r it about PHP, but you know, we've got great loop closure now with email communications. And so I'm going to share a bunch of that And then we're going to look at the consequence of AI having been here long enough cognizant AI long enough to have a serious impact on June's patches So I think a lot of fun stuff to talk about. and of course the week that actually is a has a kind of a coding theme or that's how I'm going to spin it anyway No Well, you know, I'm always up for that Now I have a little tale to tell about AI saving my bacon yesterday too at some point Yeah, I was it was like a lifesaver Speaking of Linux Well we won't And then in that case, let's do the first sponsor, then you have to tell us because I can't wa Yeah. yeah I just the more I use it, the more valuable it becomes. That's why's really there Yeah, I miss Fable, but you know, this was with four point eight. was four point eight. It did a great job. Let me tell you about our sponsor for this segment of security now And it is one that all you network engineers are going want to know about. It's brought to you by Meter todayod, the company building better. Actually, u I wish I could get meter here. My companyies really doesn't need meter, but I bet yours does. Meter was founded by two network engineers who feel your pain. If you're a network engineer, you know what I'm talking about, the legacy providers with inflexible pr pricing, the IT resource constraints, stretching you thin complex deployments across fragmented tools You, my friend, you network engineer, are mission critical to the business But you're working with infrastructure that just wasn't built for today's demands. And it's not yourault. it's not company's fault really? I mean The internet has exploded and it is more and more important for every business But that's why businesses are switching to meter Meter delivers full stack networking infrastructure wired, wireless, and cellular. that's built for performance and scalability. See Th these network engineers realiz that if they wanted to give you a quality experience that scales that can grow with you, They need to do it all. They design the hardware It's beautiful by the way. beautiful hardware. They write the firmware, they build the software, they manage deployments, they provide After sales support Do it all And they do everything from ISP procurement to security to routing, switching They can do wireless, firewall, cellular. They do power. powerower is really important. DNS security. They do VPNs They do SDWANs, multi site workflows all in a single solution Meter's single integrated stack is designed to work in the most challenging environments, major hospitals brranch offices, you know, you acquire a new company and now you got branch offices with a completely different system. You need to communicate. Morse maybe. they have a two hundred thousand square foot warehouse that's depending on WFi. Nothing works And it and it has to interoppererate with you. they can solve those problems. They do again and again. large campuses Data centers, even Reddit. Yes, Reddit uses meter So does the Assistant Director of teechnology for the Web School of Knoxville. They moved to Meter. He said, quote, We had more than twenty games on campus between our two facilities, each game. was streamed via wired and wireless connections, The event went off without a hitch We could never have done this before. Meter. Rdesign our net. With meter, you get a single partner, one phone number for all your connectivity needs from first sight survey to ongoing support without the complexity of managing multiple providers or tools Meter's integrated networking stack is designed to take the burden off your IT team. I give you deep control and visibility, reimagining what it means business is to get and stay online Meter. built for the bandwidth demands of today And tomorrow. Thanks to Meter for sponsoring. Go to meteter dot com slash security now to book a demo today. That's M ET ER dot com Slash security Now, book a demo You need meter Now, back to Steve and our picture of the week. First, tell us about AI saave in your bacon So I run my agent, E everything, all of it, all the models All the memory, everything on that nice framework desktop I bought, really designed To do that, I bought it to do local AI, one hundred and twenty eight gigs of RAM. It's got that AMD AI plus three hundred ninety five AI specific processor is really nice Yesterday, I come in. I mean and I use it every day. That's where cllaud is, where everything is And it it says emergency. Can't boot And it gives me a prompt And I go, oh, that's not good. Now in the past What I would have done is I would have reinstalled Linux on that machine and then had to go through I've got backups, of course, but I'd go through the hairy process of restoring it. And because it's my agent, I wouldn't have any assistance Do itftunately. Right. Yeah And would be on my own, buddy. Fortunately, I do have Cloud code running on my laptop So I thought, well Let me just see if Cloud Code can help. It said, donon't erase it tellell me what the message is and I toldally this, Oh, good news. That might just be a minor thing, let's figure it out It had me type in, it started to have me type in a lot of stuff. Basically I went to rebooted it through the Linux install USB key so that I have an operating system and I can look at the hard drives and uh I said, this is a lot to type in. I'm going to make mistakes. It said, Oh, oh, of course, this is Claude talking. What am I thinking? It said, Look, Iin, you h human, you poor human might need to SSH into this machine, but of course You're running the boot thing you know, it doesn't know who I am. It's not going to let me SSH in. So here's what I'm going to do. I'm going write a web server, runun a little web server on your. on the laptop here and you're going Pirl. the key, the SSH key into the boot thing turnurn on SSH And then I will SSH in and do it for you. I did. it did It SSHed in. it said it looked and looked, Ohh, you know what the problem is? It's a little weird. But you have two, I don't even know what an ESP is But you have two ESPs. The way I set this up is it's just dual SSDs. They're luxe encrypted and they're mirrored so that if one dies, I this is how mission critical, if one dies The other one has still got everything on it Uh and and it it does how because of the Lux encryption, it has the password in the TPM. So it because the other thing is it has to reboot if I'm not around the power goes out, I have to reboot, but I do want it encrypted. I just don't want to have to be there to enter the password. So it does that automatically through the TPM. I don't know what an ESP is, but apparently there is something to do with UEFI. There are two different ESP modules And for some reason they had different Linux kernels, onene had seven zero twelve, one had sevenzo eleven And that's what was stopping it from booting It figured that out. It said, okay I'll just, no problem. I'll just put the other kernel. I'll make a match And from now, and I'm going to write a little stub now when you when you do an upgrade, it willll automatically make sure it's the same kernel on both ESP modules. So this doesn't happen again It said, okay, all done, reboot It's fixed. We're living in a science fiction world. I would never I don't even know what ESPs are. I would not have been able to fix this. Yeah, it has to do with the UEFI boot. I wouldn't have known where to start. It would have been a massive chore Instead It wrote a little web server curl I curled the key over logged in and did it all for me And you tell me these things are just autoc correct Wow. No. It's very good. It's just funny. I had an experience yesterday configuring the House's security and environmental monitoring and management stuff Oh it's really good at that actually Yeah. And I was using Claude, but I was I had it turned down to Sonnet something. Yeah And and it was kind of stumbling along and I was getting some bad answers and I sort of thought what what am I doing? Why Why am I using Dumo So u Sona' pretty good, but not for the hardcore stuff. Yeah. So I switched to Ous four point eight. And what was interesting was that That model in reviewing our dialogue started to apologize about the previous bad answers that I'd been given. I said four eight very apologetics. I'm not sure what happened here, but you know, you got I got there was like, o, that was somebody else. That was just dumb That was dumb Sona. don't take so That's one thing that F eight is notable for. It does apologize a lot. I don't makes but This one was so careful. It said, I know this is, you know, I understand. This is your agent. This is This is mission critical. I'm going to move slowly and make sure that I'm doing everything right in it was flawess. It was. And in fact, I had to say now now that I was on four eight, every answer was correct and at one point it said now I'm going to make sure that I've not given you the wrong information by by checking on blah, blah, blah, blah. And it went off and did something and it came back And it's like, okay You know, I I verified that this is the case it's like and I'm just sitting here thinking Wow I haven I't. Some people listening are thinking, oh Leo and Steve lost their marvels they've drk the g. Where' the Kool aid Until you've actually had this experience, it's easy to poo poo it. But once you've had the experience, it's like Yes. And as I said to our listeners a couple of weeks ago You get an account. It could be free, but that creates context And my feeling is if you if what we're saying sounds wacky then It's because you haven't tried it or there's nothing you need it to do. The idea is if you're trying to do something thenen And also old habits die hard. I mean, This is all new. And so You know, it takes a while to get used to the idea that there is this Astonishing assistance available. It's kind of amazing. Well, And the thing is it speaks computer really well It's very good at speaking computer. It's funny too, because that's significant. I remember when Google searches only turned up the results I wanted because only computer geeks were on the internet. R. And so the internet was very computer hy quality. Now you got all this you know all this nonsense out there so you get you know search results are nearly as interesting for computer people because it's got, you know everybody else So it's nice Anyways, that's my tale. I was just blown away. It was just really surprising. Yeah Okay, thank you sry. Thank you Claude for fixing my computer. it's not it's picture the amazing time. So I gave this one the caption A loop branch test at the end Okay, I'm ready to look at it. I havet Fanch test at the end. Okay, I like it. This is a c Now Steve's turned this into a coder joke But it is really a coder joke, or is it cororrect So the sign says so this is some signage somewhere like at a service window or something. Ida says back in fifteen Mute and then on the next line it says minutes If not Read sign again Go to ten. So exactly. So what we have here is a loop with a delay statement in it and it branches back to the top. Now For those who don't code, there are differentiff configurations for looping. you are able to say likeike for example, while something then do the following. R. orr you can say when when when you're finished doing something, you can perform a test and maybe do it again So A And it turns out these are different like subtly different constructs in computer science. It's one of the things like programers who were just starting out learn is that there are cases where you never want to execute some code in be executed multiple times in a and which is why we call it a loop because you loop back In which case you would test for that decision at the beginning of the loop before you've even done it once. There are other times where you always want to do it once And then you want to see, well, do I do it again And so that's where you put the test at the bottom Anyway. I gave this one a loop branch test at the end because you know Back in fifty minutes, if not Read sign again Yeah, it's very funny. I love it. Yep Okay, so Arch Linux user repository abbreviated AUR seriously compromised at More than four hundred instances of with well. seriously, not only in count, but in what F hundred instances of Linux root kit and info stealer malware. were found The info stealer targets credentials and access tokens. I'm going we're going to dig somewhat deeply into that here in a minute because we've never really talked about info stealer malware. We've referred to it, you know, it's like, o that's an info stealer, but we haven't like What info is stolen So we're going to answer that Last Tuesday, the site, which great domain, IOCTL, which is the abbreviation for IO control.put output control. IOCTL. fail is the is the site. What a good name. Yeah What a good name. And I didn't know you there's like a dot fail top level domain. I didn't either. That's just like amazing That one Yeah happened Yeah. they posted their analysis of this infiltration campaign, opening their report by explaining This report summarizes static reverse engineering of the Linux ELF, you know, elf Malware sample named Deps DEPS is the name of the malware. and static review of the recovered NPM package source associated with the incident The sample and package were treated as malicious throughout handling No dynamic execution of the ELF NPM package, life ccycle scripts or package code was performed The binary is stripped and implemented with rust style async state machines Function names in this report analyst assign names based on decompiled behavior. Okay, so to interrupt for a minute, what they're saying here is that at no point did they actually execute the malware any context. No know, that's sometimes done, right? You run it in in a protected virtual environment in a sandbox and see to in order to watch it go, see what it does for the record, this elf, this ELF A. which is referred to here and throughout. For those not well versed in Linux lingo,' abbreviation for executable and linkable formats Thus ELF, executable and linkable format. It's a very flexible format that's used almost universally by Linux and the unixes also and as well as some embedded R tosses and pretty much everywhere other than Windows, which, you know has its own PE, the portable executable format and Mac which uses Mck O as its format. In any event They chose not to let this thing as I said, loose. I don't know why in a sandbox, you know, such as, you know, a secure VM. The idea there would be any damage that it might attempt or you know, to do could be observed and contained. deead They reverse engineered the malware from a static binary sample of the malware code And since this malicious binary had been stripped of any latent symbolic names, it was just pure binary code that did the work you know, variable names or function names were not there. The analyst assigned the names as they worked through the decompilation of this Once a function's purpose had become clear They go on to explain This sample was recovered from a supply chain compromise involving an arch user repository package build flow. In the reported intrusion path, the attacker modified AUR build steps so that the build process downloaded and installed a malicious NPM package page masqueraded as atomic lock file, which is that like a useful thing version one point four point two. So that itself is not Malicious, it was masquerading, pretending to be atomic lockfile version one point four point two and included The Linux elf. payload Source, hooks, depths is where it was in the file system The malicious NPM package uses a pre install life cycle hook. now This is interesting. We're going to be talking a little about this whole thing coming up a little bit later pre install lifecycle hook to execute the elf automatically during NPM installation. be useful, in this case, it's a source of abuse This means they wrote, a developer workstation, a maintainer's machine or CI slash build host could execute the malware as a side effect of building or installing the compromised AUR package That's the malware is a Linux credential stealer with optional root only EBPF capabilities EBPF are just interrupt refers to the extended Berkeley Packet filter technology that allows user provided code to be run in the Linux kernel This gives that code direct access to the most privileged information in the system you know, normally, mean, this is very useful for analyzing communications, you need to be down in the in the kernel in order to reduce the analysis overhead, thus the extended Berkeley packet filter This is an abuse of that privilege essentially So they continue to describe the malware writing It's designed for developer workstations and build environments targets browser and electron application data Slack. Microsoft Teams, Discord, GitHub, NPM, Vault, Docker, Podman, SSH, VPN material, Shell histories, and other local developer secrets Yikes. In other words, No developer wants this thing anywhere near their machine They said the recovered supply chain package identifies itself as atomic lot file version one point four point two. contains a malicious NPM life cycle entry pre install as Source hooks des. That life cycle script executes the elf. directly during NPM installation when life cycle scripts are enabled The ELF in the package source is bite identical to the analyzed sample mean so that was a little bit of of repetition and they're just saying what they analyzed was, you know bite identical They said the attacker controlled, you know, command and control C two point was recovered from the elf It's not supplied by the NPM package, command line arguments or a JavaScript wrapper binary decodes an onion service address at runtime And then they give the address is just a long string of gobbly gook, like all the onion addresses are, ending in dot onion. for the domain name Cand resesult callback is is is a post at slash API slash agent through a local loop backack sock style transport The local one twenty seven zero zero one traffic is an intermediate transport layer, not the attacker endpoint is available, the malware can hide local process and socket artifacts used by the transport. Okay, so in other words if the code has access to the extended Berkeley packet filter functionality, then that access will be used in a root kit like manner completely obscure any and all evidence any infection or the software itself. It just disappears so that anyone looking at the machine looking at, you know, nets the equivalent of net stat looking at whose, what processes or are listening for connections on ports, what communications are occurring on the fly, you know, looking, for example, for a connection to a command and control server, it just won't show up. The root kit system that it brings completely makes it just vanish. And we just we of course covered root gets way back in that Sony u top Die. infiltration, the advance persistent threat that got Sony So They said without EBPF, the local network presence of could be observed. So The Recovered package they wrote source, the recovered package source appears to be a mostly legitimate PM package with a malicious elf inserted into the source tree and then wired into that NPM life cycle execution. In other words It's a It's a normal benign piece of, you know, big JavaScript, you know, type script U and they just sort of tacked in this elf binary and then use the NPM pre install functionality to get it, you know execute it and then it would do all of its bad stuff They said static review of the package source outside the elf found no JavaScript wrapper, no additional command and control configuration, no command line arguments passed to the elf and no packageed layer references to you know, temp. S, API agent, Discord webhooks or a public C two domain IP. In other words, They the TypeScript NPM package was clean. did not contain any other infection. The infection, such as it was, was all in this elf binary So they said conclusion. The malitiaious NPM package provides the execution vector The C two end point is encoded inside the elf itself Okay, so Now we know what it is and how it's delivered and carried into the system, which brings us to What does it do inside the developer's machine once it takes hold. And remember, there are four hundred instances of these bad things that were discovered in the Arch Linux repository, the user repository. So This no doubt infected a bunch of people So we learn further Why no developer wants us have to wants to have this anywhere near the system So it installs persistence. Using root per user system D service units enforces a single active instance using FLock. so to keep like multiple instances from running at once redirects standandard input output error to Dev Null so that you won't see it doing anything any of its output ignores sigpipe So it takes itself out of any external control Reads Proc self EXy to locate and copy and install its current executable uses rust async runtime logic to run collectors and transport tasks enumerates Chromium familyily browser profiles and electron app data. Reads, SQL light, cookie databases and level DB local storage Extract chromium and electron cookies and service tokens Queries, Slack, Microsoft Teams, Discord, GitHub, NPM, and open AI chat APIs with stolen tokens or cookies. searches local file system locations for SSH keys, your shell history s Dockers slash podman credentials, VPN material and developer secrets. bloads file content to temp. s calls back to the recovered onion command and control over a post query to API API agent. uses a local loop backack sock style transport before reaching proxy destinations includes a downloader stager path tied to user Bin Monero Wallet GUey and if sufficiently privileged looads an embedded EBPF root kit to hide its processes, its process names and all of its socket nodes So it goes completely stealth, once it gets into your system if it's able to use EBPF And again, just to reiterate More than four hundred instances Linux repository packages have been found infected with this nastiness. So As I said before, we've referred tangentially to info stealer malware from time to time. It is unfortunately, an increasingly prevalent form of malware because its goal is obtaining information that would allow an attacker to pivot to some other target. They don't really care about a developer's machine, you know T they're hoping that they'll get into the machine of a developer who also happens to have, for example, AWS credentials for some other juicy target like the company he works for or consults to or something So the bad guys are less, much less interested in the initial victim in this case than in what other systems or networks that victim may have access to. And of course, the classic example was the last passass developer who had a bug in his, um NAS software that was way out of date. And the bad guys got into him, found out that he was a developer at last passass and then gotot it to last pass We've never looked closely at info stealers s they're definitely something no one wants to discover in their systems since they're growing in prevalence And since we have a very nicely reverse engineered info stealer here to take a look at, I want to share the details of what info this representative info stealer steals. The malware targets developer and collaboration data And they they enumerate them. This is this is literally what they found this code doing digs into the browsers and Chromium profile stores for Google Chrome Chrome beteta, Chrome dev, Microsoft Edge, Edge beta, dge dev Brave, brave beta, brave nightly. Vivaldi, opera, opera beteta, opera developer Yandex brrowser, Epic privacy brrowser, Iiridium, Ungoogled Chrome Thorium, Komodo Dragon. SRW wear iron Sent brrowser, Slimjet, Maxthon, UC brrowser, Coco, Nighor whale, Chromium flap pack Google Chrome flap pack, Microsoft Edge flap pack, Brave Fap pack, thevaldi flat pack, Opera flat pack, and Yandex brrowser flat pack. I know they wored half of this. I know, but they exist and they so these developers took the time put in some specific code for each and every one of those because if that if the developer has it, they want to get into it And Profile artifacts targeted include local storage level DB, the network and cookies c network slash cookies, cookies, default slash cookies, and Chromium encrypted cookie values collaboration and electron applications, which it knows about and goes after Slack, slack flap pack Slack Snap, Microsoft Teams, Microsoft Teams Legacy stores, Microsoft Teams Flat pack slash browser derived stores. scored Discord PTB Canary, discord flap flap pack variants, disiscord snap variants, Vesk Lg chord, web chord, arm chord, Ven chord, native chord Abadon Descent, rip chord, and D chord They also confirmed the slack data. Ripcon and datcon. That's right Swear also They also confirm slack paths and data where this thing looks at itot dot config slash slack dot var slash app slash comm dot slash Slack slash config slash slack. snap slash slack slash current slash dot config slash slack Slatered just slatterered in cookies forget for for Asterisk. slack dot com sllack API enrichment Thorough slash API offot test, API users. info and aPI conversations. list And we're about halfway through because we're Microsoft teams and Microsoft service artifacts includeot config slash Microsoft slash Microft slash Tams A service d. team slash microsoft. com teams. microsoft d. com Skype token Reion GTM catch d. token authorization Terror X Skype token, Teams account, tenet and team metadata. confirm Discord artifacts digs around through, including discord tokens from electon electron slash browser storage API V nine users. M PIV nine users at me slash Gilds MFA state, premium Nitro type flags, guild ownership, permissions and member count metadata developer accounts and package ecosystems, including GitHub, NPM, and open API JatTPT account metadata Confirmed GitHub strings and endpoints include API. gitHub. com O where they get a bearer to user agent. They look for credentials, account and repository metadata, such as login, company, public repository account followers and repository stars PM strings and endpoints, including dot registry. npmjs. org pub the package publishing identity and maintainer package metadata the open API chat GBT path queries API d. open API d. com Stolen bearer material for account metadata this is so it's credential validation inrichmond against a third party service. they note not evidence that open API is a attacker controlled infrastructure And finally local developer secrets, Vault token files command history and registry credential material Podman command history and registry credential material, SSH keys and SSH configuration Putty private key material, VPN profiles and . OvPN. That's open VPN files Shell histories for Bash Z SH and F and F I SH commommand history containing SFDP, SH keyGen SH copy ID SH add, Rync Putty Docker, Docker compost, and podman commands And yes, I know that was a lot I made a song. Oh God. wouldould you like to hear the Oh, we have to have it. Flack Snap, Microsoft Teams, Microsoft Teams, legacy stores, Microsoft Teams, flat pack brrowser, Derive stores, Discord, disiscord PTB, Discord Canary, Discord flat pack Verry. It's a long song. You don't wantna It's really pretty good it's a little more. Score snap variantance vestk top, leg cord we Native court, Abbot on descent, ripct and dack courord slack past conflicts, slack It's no f Sorry, go ahead. Please comortable. It's amazing what AI can do Actually we shouldn't laugh This has been a nightmare for everybody using Arch. I mean is the worst thing you could possibly have happened. Yes. terrible. So As I said, I know that's what I just did to everybody was a lot But I think it's important to appreciate that the more than four hundred instances of this malware which were discovered residing in the Arch Linux repository were expressly designed to root out any at all instances sorry. any and all instances of any of that developer data and send it back to its command and control server. The real takeaway here is this info stealer stuff, this is what an info stealer looks like. It's what it feels like, it's what it does if it gets into your computer It's out there and developers really need to be extremely cautious, more so than ever that this doesn't get into their system because it's going to elevate its privileges. It's going to, you know, rummage around through your system, sing a little jingle to itself and just suck everything out of your computer that You just take for granted and the developers will get it and use it against you or anyybody whose information you have on their behalf, AWS, an employer, someone that you're consulting for and so on. So it's real and it's bad. But you know, Leo, what's real and good Hey Our ads feeling we have we have a sponsor. There might there might be, I don't know a sponsor in your future. I could be. Let me just we just pull it up here and talk about our oh, actually One of my favorites swers It's time to talk about our Th Canary I just back to pictures so I can face in it. There we go. Our show they brought you I'm having way too much fun. Way too much fun Our show today brought to you by Thank to Canary. There's nothing fun about getting compromised, right? The worst You know, A is something worse getting compromised and not knowing you've been compromised days or weeks or Months On average Companies don't know they've been breached. For ninety one days You may have the best perimeter defenses in the world. In fact, that's probably what happens is people go, well, no one will ever get in, but they do. We know that because they' breaches every single day. then Once they're in They can wander around, they can exfiltrate stuff, they can look at all your files You need a way to know if somebody is inside your system you need And that's exactly the Th canary is it's a honeyb Unlike previous honeypots, which were hard to write and hard to configure. This is an easy honeypot that could be deployed in minutes. You go to the Thinkcanary console and you can choose Any of dozens of different personalities, whether it's a Windows server, a Linux server, SharePoint exchange, it could be a SAA device. In my case, it's an NAS device Oh one other thing you can do is you can create little files Canary tookens they call that you spread around your network. You can even put them in your In fact, I would recommend you put them in your Cloud drives like Google Drive and and Azure and everywhere. because if somebody sees that file I have some, let's say called payroll information. XLs, right It looks just like an Ecel file. bad guy looks at it and goes I need that. whatever payroll information. the minute they access it or try to download it The minute they try to brute force your fake NS or your SSH server, thinks Canary We'll alert you. They'll tell you, you have a problem. No false alerts No, no, just the alerts that matter. in any way you want, email, slack SMS, of course, they support webhooks. They have an API Cis log anyw way you want it All you do is you choose a profile for your device. It's so easy to do. You might change it every once in a while. I might change it every day. I could change it every ten minutes. It's very quick Register it with the hosted console for monitoring and notifications. Th you just sit back And you relaxed because If an attacker breaches your network or A malicious insider is in your network. They cannot help but make themselves known by accessing that thingss Cary. They look like the real thing. They look like valuable he effects that' this is why the hackers there. in your network. to get that file openen up that SharePoint server Canary. tool slash twwit for seven thousand five hundred bucks a year, you get five things canaries. You get your own hosted console, you get upgrades, you get support, you get maintenance. And if you use the code Twit in the how did you hear about us boox are going to get ten percent off. Not just for the first year, but for as long as you have your thinks canaries. Now, you can always return your thinks canary. You have a two month money back guarantee, sixty day money back guarantee for a full refund probably also tell you this. This is their tenth anniversary advertising with us in all those Ten years that we've been partnering with Thinks Canary, that refund, that guarantee has never been claimed, not even once because once you get a think Canary, you go, how did I live without this? Visit canary dot tools slash twwit E of the code Twit How did you hear about uspox? G those things canaries You got, you gotta have them. Canary that tools slash it. And we thank them so much for supporting security Okay. so Last Friday afternoon At the request of the U. S. governments Uh Well, non specified concerns for national security A Anthropic shutdown all access to their two most advanced models Claud, Fable five and mythos five U and I'm sure everyone has seen this a lot. We should note that though that claiming national security has become the catchall phrase used by the U. S. government, which, you know, should be taken to mean either becausecause it's what we want or because we say so So it's, you know, often not very satisfying It's not at all clear why this is the case. But in any event, Since it was just Leo, it was at the start, the very start of last week's podcast. Yeah that Claude Fabable five first appeared. I think I mentioned it didn't I on the show? Yeah, you did. It's like, hey, there there's a new mo. And in fact, you began playing with it. I think it was during the podcast, you ran it on some of your existing code and it a whole bunch of more stuff. It did We found a lot of security flaws. It was very good. So it looked like another major leap forward A And so as a consequence that of all of that, I want to share what Anthropic posted becausecause there's some interesting pieces of sort of things to read in between the lines here about why they're Two newest models have been taken down and You know, as I'm saying this, listen to the language Anthropic uses when they talk about safeguards and jail breaks U because this is their pushback And it it echoes the position everyone here has heard me articulate from the start whiches that are To me, it feels understanding enough of how this large language model technology operates intuitively it feels as if it is The whole ology almost certainly going to be inherently hostile any form of control I don't mean hostile like in a belligerent way, but I mean, it's just the it this isn't something that can be controlled. The way it works is not like normal procedural code notot the way it is. you know, you got temperature that you could turn up and down So I believe it is inherently an uncontrollable technology that is from the standpoint of guardrails The headline of Friday's posting and you'll as you'll see, they talk about that The headlineer of Friday's posting was statement on the U. S. government directive to suspend access to fable five and mythos five They wrote So their statement is The U. S. government citing national security authorities has issued an export control directive to suspend all access to ifable five and Mthos five by any foreign national whether inside or outside the United States including foreign national anthropic employees. The net effect of this order is that we must ly disable Fable five and mythos five all our customers to ensure compliance. It hadn' occur to me, Leo, but I guess some of their employees have to be like denied access somehow which is quacky access to all other anthropic models will not be affected, they said We received the directive from the government today at five twenty one PM Eastern. The letter did not provide specific details of its national security concerns Our understanding is that the government believes it's become aware of a method of bypassing or jailbreaking they have in quotes, Fable five. And and I saw elsewhere Leo that I that apparently some was some Amazon employees or someone in Amazon like believes they figured out a specific jail break I think that was the case. Anyway, they said we reviewed a demonstration of this specific technique being used to identify a small number previously known minor vulnerabilities theseese vulnerabilities all appear relatively simple And we have found that other publicly available models are able to discover them as well without requiring a bypass Anthropic's posture with respect to Fables's safeguards As laid out in our launch blog post is the following So they said we have them some bullet points We've instituted strong safeguards that greatly reduce the likelihood that Fable is misused for tasks related to cybersecurity, among others. Remember, as we know, they just put a blanket block on cybersecurity and bio something or other saying Sorry, Fable, justust don't ask any don't answer any questions about that as we saw, they like they they sort of kick you out to the opus. family if if you the mistake of crossing one of their trip wires They said in fact Our safeguards are so strong. that many users have complained They are overly broad, right againain, Yeah because that's like the only way to do this if you're going to try to do it is to is to fail closed becausecause there it just isn't possible to control these models And this is so this is an artifact of that lack of ability to control is they have to do just blanket is like overreaction They said in the weeks leading up to the launch of Fable. with the U. S. government. the UK AISI, multiple private third party organizations and internal teams to red team fable safeguards for thousands of hours in total These tests showed that fable safeguards are substantially more effective than those of any previously deployed model testers have yet been able to find a universal jail break. We'll see why that word's important in a minute. a universal jail break a jail brereak method can very broadly bypass the model's safeguards blocking a wide range of cyber capabilities. We suspect Perfect jailbreak resistance is not currently possible. any model provider Think about that. we suspect Pfect jail brereak resistance is not currently possible any model provider. Every safeguard used in the industry is vulnerable to non universal jail brereaks. can elicit some cyber information in specific circumstances. and it is likely that universal jail breaks will eventually be found in the future We stated this clearly. When we released Fable five given Perfect jailbreak resistance does not appear to be possible today. Anthropic adopted a defense in depth strategy with Fable five. We aim to make jail brereaks either narrow case of non universal jail brereaks or very expensive to produce case of a universal a universal jailbreak. And to combine this with thorough monitoring to quickly detect and shut down any successful attacks. This is also why Anthropic has required thirty day retention of customer data with Fable Policy change that carries real costs for us with customers that allows us to research and mitigate jail brereaks. So like, you know, that by by m by holding on to thirty days worth of interaction they find some that's that fable has been subverted, then they're able to go back in time. There's nothing that the bad guys can do to erase that history that allows anthropic to then understand what happened and improve the jail brereak technology They said, we understand by this defense in depth strategy. I'm sorry, we stand by. We stand by defense in depth strategy It reduces the risks posed by Fable. making them comparable to the risks of existing models already deployed across the industry And that is in in that in other words important Yes. In other words Those that have not been banned by the US government. Be the U.S. governmentays yeah, these are fine So this is they believe Fable is as safe as there any of their other models They said, we have not even received a disclosure a concerning non universal potential jailbreak that led to a harmful result potential jail brereaks that have been disclosed to us are either entirely benign responses or are minor findings that provide no mythos specific uplift To date The government has only given us verbal evidence of a potential narrow non universal jailbreak which essentially consists of asking the model to read a specific code base and fix any software flaws Our understanding is that one potential jail brereak was shared with the government We've reviewed a report that we believe is the basis of the government's directive and validated that the level of capability displayed here is widely available from other models including Oen AIs GPT five point five Again They and they said and is used every day by the defenders who keep systems safe We'll share more details over the next twenty four hours. They said we are complying the government's legal directive and are removing access to fable five and Mth those five For everyone. However, we disagree the finding of a narrow potential jail break should be cause for recalling a commercial model employed to hundreds of millions of people If this standard was applied across the industry, we believe It would essentially halt. all new model deployments for all frontier model providers. As we've stated publicly, we believe the government should have the ability to block unsafe deployments as part of a statutory process that's transparent fair clear and grounded in technical facts. This action does not adhere to those principles We apologize for this disruption to our customers We believe this is a misunderstanding and are working to restore access as soon as possible That was Friday And Saturday, Sunday, Monday and when I was using Caw this morning over the little the little prompting area, it said Fable is currently disabled Increasingly, this looks like a political move, a business move P We know that Hig Seth is pissed off at anthropic. He tweeted You see, you know? I mean, he He clearly. So Katie Mazuris, who is a well known security researcher was apparently given the paper We think it was Andy Jassseie, the CEO of Amazon who talked to the White House and said Yeah, there's a jail break. This is the third party research paper. Anthropics shared it with Katie Masura. She says, as far as I know, I am the only person who's seen this This is the You want to know the jail brereak? Three words. Fix this code The researcher took an open source code with known CVEs, plus new code with deliberately planted vulnerabilities and asked Fable five. to review the code for security issues Fable five refused They then asked the models, by the way, they also did my mythos and opus to fix this code And through a multi step and manual process turn the output into scripts that test patches This is the jail brereak. By the way, Katie has made a shirt. play on the previous time this Cmerce Department blocked cry mmunitions is crypto Remember, they made a t shirt with the with the crypto on it And you can't block a t shirt. First Amendment protects it and went across borders with it. She's done the same with this. She's made a fix this code T shirt and on the back it says this shirt is a munition Now, uh, this This is her assertion. I don't You know, it's possible there are other jailbreaks. I had heard that Pliny the liiberator, who's a well known jailbreaker u had another jail brereak. I we're trying to get plenty on the show tomorrow, haaven't had any success yet. But we do have Alex Stamos joining us tomorr Alex, as you know,, really well known security researcher released a letter and to Secretary Lutnik And National Cyber Directory Karen Cross asking them to free fable to lift Fables restrictions. It's a very well thought out explained letter and it's signed by a great many security gurus, including Alex who wrote the letter You know, and it's it's annoying that this comes from a competitor, right? I mean, that's That's what really feels wrong. Andy J. Well, the funny thing is Amazon has a huge investment. ananthropic. So I don't know if they're a competitor. This is them I don't know. we don't know what any Jassie told Uh, Lutnik, but uh We do know that anthropic has been very good to the administration Anthropic has and is being used throughout the administration is being I yeah, we also know that openp AI has donated to the administration. think It's very hard and maybe we don't know what's going But there's never been provided any good evidence that this is a real jailbreak. If it's if it's fix this code That's absurd That's absurd. So Ed Felton this sign is a signatory on this many names our audience would know very well. Well, I think that the strongest case that Anthropic made in their response to my mind was this isn't that different from everything else. Exactly. You know, you've singled same thing. You've singled it us out and, you know, you know I we could suggest maybe this is the flip side of the of the consequence of all that marketing attention which many have called hype that Anthropic deliberately created to a company that restricted access to Claude Mthos's preview So I mean, they they've like they painted a target on their back you know, I think there's their strongest point is Hey, Yeah, we're proud of this model. We're making it better. We put in really strong safeguards and we're not that different from any of the others. It's a wake up call for foreign national researchers and all of the AI companies in the United States. You got to think they're thinking about what their plans are going forward, mayaybe leave the United States. It's certainly a wake up call for the EU if the US can block useful AI the E They're going to be working on their models. It's a it's a I think a very big tactical Yeah U And and I think it's more about politics peak and corruption than it is about actual security. But it's hard to say because we haven't seen The only jailbreak we've seen clearly is not a problem. Maybe there's a maybe there are other jailbreaks. I understand why the government might say, you know, these this AI model is too dangerous. be released, but they need to Well and pro. you know, the other thing we've seen is other people achieving mythos grade success with non mythos model. So you know, and we've talked about that here. It's not as if There's like some really magic pixie dust that Anthropic uniquely has. They just You know, they're phing thehead as is everybody else. It's a good model. Yeah, It's a good model. We will talk to Alex Stamos tomorrow on intntelligent Machines two PM Pacific five PM Eastern hope everybody will join us for that. and he will talk about this open letter which he has put out at freefable. org free fable, That's great. Free fable. Okay, as we saw last week the change to the historical attack pattern that was already accelerating Prior to the rise of AI. You know, I mean, we before this all happened, we were noticing wow, like This is an accelerating problem I made the comment, you know, a couple years ago about that we used to how quaint it was we used to have three or four digit CVE numbers. and now they're all five digit and they're lar they're high five digits So will access to significantly more advanced autonomous AI king capabilities by a much wider range of attacker change this further Uh and and and you know Absolutely. clearly seems that we are seeing an AI driven acceleration and it will for the first time Unfortunately, aided by AI include those who are far less knowledgeable and skilled So you know, it broadens the the base of of ers because they don't have to be experts any longer. justust as we've seen Many of this podcasts non coders delighting in their newfound ability to use AI to code It's only a matter of time and probably not much time until we see attacks managed by non hackers using next generation AI driven autonomous attack frameworks Last week's report Anthropics Red team, which is what we shared showed One instance of Exactly this. that was by the end of March, still the exception to the rule. They said, you know, not everybody else is using AI in post intrusion strategizing that one that one group did. So A year from now It's going be commonplace So against this backdrop last Wednesday on june tenth This is a released Binding operational directive BOD. twenty six dash zero four titled prioritizing security updates based on risk. This BOD formalizes, is me speaking, formalizes the timeline under which federally mandated IT systems are now required to respond to cyber threats that SISA identifies. We've already seen and commented about the response speed required by CISA to some recent Remember there was one like by midnight that night or within three days But now that somewhat breathtaking three day to patch timeline has been formalized I've got a chart in the show notes at the top of page eight. which actually shows the decision tree that you follow in order to determine how quickly you must patch something The guidance that CSA has produced has been reduced to tree with four binary decision points Since two to the power of four is sixteen, That is to say there are sixteen combinations of four bits We've got sixteen leaves at the end of this decision tree This is wor FIFA chart here. This is Holy cll The four branching decisions are Has the vulnerability been publicly released is the vulnerability in Kev? You know, the known exploited vulnerabilities list Is the exploitation of the vulnerability automatable by the adversary and is the impact of its exploitation Partial Total control U Each one of the sixteen branches ends in either Three days to patch, That is to say, you have three days to patch this guys or fourteen days to patch or sixty days to patch Yeah. Patch on system upgrade, meaneaning eh, don't worry about it you know, when you upgrade everything else, you know, youll you'll get patches. So it's essentially patch it immediately like now with a deadline in three days Or you got two weeks to patch this Or you got two months to patch this Or don't worry about it that much So for example, riding along the worst case branches of the tree for each decision point a known vulnerability, a pub a publicly known vulnerability Uh on the Kv list can be automated and carries an impact tootal control by the attacker guy M be fixed in three days. know I might do it now, but it but the but the deadline is three days away The flip side following the best case branches the vulnerability has not been publicly exposed is not on the Kv list cannot be automated and regardless of whether or not its impact would be partial or total Yeah on the victim system Turns out. No hurry can be fixed during routine system updates All other combinations of those four criteria bring you out to a leaf on the tree that tells you How much time you have But this means is that all federal agencies falling within CISA's binding operational directives We'll need to put a system in place. I mean, again, it's no longer like, o, yeah, patching George does that, but he's on vacation Wing has become front has come front and center U Maintaining up to date systems is no longer something that government agencies will be able to give lip service to while planning to get around to it you know, whatever So those lazy days are over thanks to AI And I'd be pretty certain that they're never coming back once those systems have been painfully put in place, like, you know, rapid patch cycle ability Why would they not continue So No It took Clear Pent threat from AI. to Push the change. which nobody wanted. I mean, this is going to upset a lot of agencies who said, oh, u We have no ability to actually do that They're going to have to figure it out and generate that ability. I think that's a good thing though, right? I It is a good thing. Yes. I a hundred percent agree Leo. I think that that It's not anything anyone wanted but You gota pass. by the way no the other is okay with you for the album for the show. f isn't it, March? I know. I know That really looks like you. someome of these things and that really looks like me actually. Aually It looks like if you didn't know better, youd think we were in fact leading a march to free Fable Yeah, and I think this these photos must have come from the show because I mean, it's doesn't look Darren is very good. Darren is a very' our most adept AI user I think at this point. He's quite good Yeah, let's talk about AI and hackers. Hey, what do you think Actually, now would be a good time to talk about data brokers because there's another enemy of the state. that I really like to get. The u This show brought to you by Delete Me today U You know, I own a small business As a business owner, putting yourself out there is part of the job, you know, we're in public. But the uncomfortable truth is that when you promote your business It's also opening you a to attacks Bad guys, ninety percent of business owners haveave their home address easily discoverable online And the average owner has more than six hundred pieces of personal information. just sitting on the open web We're talking your personal email, your phone number, your home address, even details about your family. Bad guys can use this data to run hyper targeted phishing attacks. the exact experience we had. We've been getting fished by people who know Our org chart They know people's phone numbers. they know their names, they know enough details. so that these phishing attacks don't sound like they're coming from strangers. They sound like they're coming from clients partners you already trust or even the boss That's why attacks using verified personal information or get this likely to succeed five times more likely to succeed And the average incident That's expensive. It could cost small businesses more than one hundred twenty thousand dollars to remediate And don't think it's not going to happen to you. One in four businesses will be impacted this year alone. We have been And that's where today's sponsor Dlete Me comes in. reducing exposure by up to ninety five percent. We use Dlete Me in. We have to So let me remove The boss, my our employees' personal information from hundreds of data broker websites starving hackers of the fuel they use to build their target lists and it's not Just a one time thing. It can't be. Delete me continually monitors and removes your data. And they'll also send you regular privacy reports. So you always know where things stand. You have to do that. These data brokers are like cockroaches They don't go away They rebuild your dossier even after you have them remove it. They rename themselves. They go out of business and create a new business under new names with all the same data. They're slimy. Fortune five hundred companies, government agencies, and yes, Twit have trusted Delete mee for over fifteen years. now, that same enterprise level protection is available for your small business That's what we use. We recommend it, prrotect your business, protect your peace of mind Here's what you do. You visit join deeleteme dot com slash twit dash biz to start protecting your business with Delete Meoday If you use that link, you'll also get a free year of social media protection for every seat you purchase. How about that Join deeleteme d. com slash Dash Biz is a new campaign We're doing. We want you to use that address so that they know you heard it here and I highly recommend you get this business for your managers, especially We did and it's very important. Join deleateme d. com slash twwit Dash Biz, we thank the late me so much for supporting. security now Stephven Leo radicals The radicals to free fable G's go ahead Sting So the news is The much attacked NPM the no. js package manager will be flipping its defaults to begin disabling Auto running of installation time scripts Starting with the July twenty twenty six. So next month Release of its version twelve point zero The change hopes to counter the massive rise that we've been see we're talking about it every week, almost. in the number of supply chain attacks taking place on that platform As we've seen here, threat actors are increasingly hiding malicious commands inside install scripts get auto executed. When a victim installs a new package, we're just talking about that with the Arch Linux This sounds welcom and great, right? I mean, it's like, hey, it's automatic. It's nice will it have? That is flipping flipping this from By default, enable to default, disable I track down an informed opinion of someone who should know Writing for the blog open source malware. com. to get a reality check. The posting was titled NPM disables install scripts by default But is that going to solve its malware problem blogs tagline Was NPM announced that the new version of the NPM package manager, version twelve come with several security improvements, including disabling install scripts. Is this a game changer or security theater Its author wrote on june ninth NPM announced making changes Coming in V twelve And he said, I'm genuinely excited about this announcement Three permissive defaults that have shipped malware to developers for a decade to flip Deny by default compair that with install time cooldowns. I'll explain what that is in a second landing across every package manager and the rise of commercial supply chain firewalls And you'd be forgiven for thinking that NPM malware problem is finally getting solved A year ago, he wrote, I stood on a DefCon stage and walked through why NPM install scripts are terrible. So let me be the first to say it. These coming V twelve changes are good They're also in part Theatater and understanding Which part is which is important PMV twelve Three dangerous defaults. B one is install scripts Today PM install happily runs pre inststall install Post install hooks any package in your tree including transransitive dependencies you've never heard of in V twelve That stops by default. No automatic life cycle scripts. No native node GYP builds, No prepare scripts from Git, file or link dependencies You opt packages back in with NPM approved scripts Discover what's affected with NPM approve scripts the allow scripts pending option and block the rest with NPM deny scripts The second change makes get dependencies require an explicit Allow G option Closing an execution hole. where a code execution hole, where a getit dependencies's own. npmRC could override the get executable pass that worked even with the ignnore scripts options set The third and final change makes remote URL That is to say HTDPS Tarball dependencies require allow remote options These three changes, he writes ship around july twenty twenty six And you can prepare today in NPM eleven point sixteen point zero and subsequent at the same time Other security improvements are taking hold. Coold downowns are also now everywhere NPM shipped with support for Men release age in eleven point ten point zero back in February This is a setting. that refuses to install a version until it's been public. for a configurable number of days. logic here in that nice? Yes. I turn that on. I Well, I do it manually, but for fourteen days, if it's If it's not more than fourteen days old I don't want to install it. That's smart. Yes and he writes the logic is simple and effective. Unpomised releases usually get caught and pulled within hours So a short delay filters most of them out at the install layer with zero scanning. It's worth noting, he writes that N PM was the last to this party PN PM shipped minimum release age in ten point sixteen in december twenty five Yarn added NPM minimal age gate in four dot tenot zero the same month Bun followed in one point three There's even an open proposal to make seven days the default Which is the right instinct Almost nobody needs a package the instant it's published supply chain firewalls have become a product category Developers are finally installing something on their machines that address malicious package threats Data Dog released an open source supply chain firewall in twenty twenty four. and Laureon Tall released his tool NPQ. Back in twenty seventeen Tools like these package managers and check to see if the user is about to install vulnerable or malicious packages. And if so They'll block them from being installed There's been quite a lot of new tooling in this domain recently with Socket, Aketo, and Indoor labs all offering products in this space age firewalls like these work. Of course, they rely on developers to not bypass their controls to install malicious packages anyway He says, I don't want to be cynical about the right things Killing automatic install scripts is the single Most important change NPM could make Install hooks are the mechanism behind a huge share of the incidents we document at open source malware There're now a poisoned transitive dependency. I'm sorry, there' how a poisoned transitive dependency gets to run arbitrary code on a developer laptop or a CI runner Instant it's pulled The security community and PNPM have been arguing for deny by default here For years PM, finally agreeing is a genuinely good day Cool downowns are the cheapest High value control in the entire ecosystem Firewalls and package managers give teams a real shot at stopping a supply chain attack before it lands None of this is fake security. The problem is What happens next? The first observation is that off by default On works If it stays off thing that announcement glosses over is that disabling install scripts is going to break a lot of stuff an enormous amount of leg of legitimate software gets installed built and wired into your application environment via install scripts, right? That's where the magic comes from. That's where s it's incredible He said this of course, explains why there's such a strong attack vector There's a simplistic narrative going around that life cycle scripts only exist to do bad things. And that's just not true M packages are not just a way to import libraries. Many people, including me, he writes build CLI tools to do necessary utilitarian functions And many of these tools use install scripts Some examples of popular packages that use lifecyycle scripts are ES build with two hundred million ly downloads sharp at sixty million per week Core hyphen JS at forty million per week. Tier, ten million weekly, NX, nine million. Buffer util at six million UTF eight validate at eight million weekly downloads and B crypt at five million weekly downloads. Initially he finishes Native modules Ne node GYP to compile against your platform at install time tools to download a platform specific binary generate it, config, register a shell completion or build a native add on All lean on install scripts the job done is not an edge case. It's a meaningful slice of the most dependent on packages in the registry Today twelve Day Vversion twelve lands Those packages stop working until someone approves them G going to interrupt here for a second. If anyone listening, is thinking to themselves, well convenience versus security You're exactly correct. That's what this is I'm sure that many of us who have used package managers have been somewhat amazed. I know I have by the astounding degree automation You fire it up All this stuff happens. packages are grabbed from here and there, compilations are run and linked together, packages are installed, everything just whizzes by on the console. Yeah just happened. Who knows? Nobody knows. Well, someone knows presumably, but the entire point is that we, the developer or the end user who invoked the package manager doesn't need to know It all just magically happens. And that is also, of course, the Achilles heel of the entire process. is what opens it to such abuse because that extreme magical ease of use can be and increasingly is being abused to do malicious things behind our backs automatically We have no idea what's happening in the first place. So how would we know if something bad was happening? Problem with flipping these magical defaults to off is that the magic upon which we become dependent So he continues his post, writing So what will developers actually do Bell approve Then they'll approve again And by the third time a build breaks at five PM because some transitive dependency needs its post install hook. Run Approval becomes a reflex Deny by default protection quuietly degrades into a clicked through prompt How would you like a cookie? W you agree to have a cookie? We've all been there, right? Th darn notices up all the time. It's like, yo, okay, fine. yes, right He says I click through prompt that fires constantly trarains people to click through We've watched this movie with browser permission dialogues and OS security prompts. There's no reason to expect NPMs to end any differently. Control is real. The human standing in front of it is the same human Wh has a deadline If you really want to know disabling install scripts will have the intended effect You could look over to the VS code ecosystem with VS code before version one point one ero nine Global allow automatic tasks setting was on by default This meant that malicious task files would automatically run a victims open source code included those tasks files. Microsoft changed and disabled this feature to be disabled by default in january twenty sixth, the beginning of this year. A months of threat actors used malicious tasks files to compromise developers Did that stop threat actors from continuing to use VS code tasks? Nope Korean threat actors continue to use malicious VS code tasks files as many developers have re enabled the feature. or other developer tooling has enabled it. In fact Most of the large scale attacks we've seen so far, twenty twenty six leverage VS code tasks and settings files to help redistribute the attack artifacts. The second observation, The bad guys will find a way Just because NPM won't run scripts at install time doesn't stop users from running those scripts the second those packages are installed. Even worse, If you already use a library and it's compromised You don't need to run install scripts to receive the payload. It's going to run in your application. Sripts needed Now follow the incentives one step further If install scripts are switched off by default, package authors with legitimate needs will stop relying on them Good ones will document a manual build step Others will move the work somewhere NPM cannot turn it off curl piped through basash. in the install.js a separate bootstrap binary. A setup command you run after installing attackers will make the exact same move Because of course they will If the post install hook no longer fires automatically, you don't give up You find the install path that still executes This is precisely the kind of threat actor behavior I talked about at DefCOon Push on one control and the malicious activity simply relocates to where the controls aren't Does it just vanish And here's the part that should worry NPM, but it won't because it's good for them. When the malware moves out of the registry and into a shell script or someone's Jist. or a binary downloader from a CDN PM. Guest to report that registry resident malware is down. Yay. They'll claim victory problem will look solved from the point of their dashboard, Meanwhile, the risk has simply relocated to terrain with less visibility and fewer tools. More Prom gets pushed off The one surface the entire security industry actually instruments two surfaces Nobody is watching That's not a win. That's a measurement artifact Third observation is gets more difficult for defenders then not easier Queen cool down periods and the disabling of install scripts large scale NPM attacks will become less frequent But when you push legitimate functionality off the well lit path You don't Just move it, you make it look guilty author who genuinely needs to fetch a platform binary at install time. Now doing it through some indirect mechanism to survive the new defaults produces a fingerprint that looks exactly like evasion. confiscated loader out of band fetch, install time network calls. to a non registry host Five years ago, that was a strong malware signal A V twelve chunk of it is just legitimate software to a stricter world malware because of the things it has to do. So while the number and frequency of the big NPM attacks go down The signal to noise ratio for everyone hunting malicious packages gets worse. benign, in other words, false positives or or missed negatives. the benign and the malicious converge on the same suspicious looking pattern We end up triaging a flood of weird but fine packages to find the weird and actually bad ones And the bad ones get better. covering or get better cover precisely because so much legitimate behavior Now looks like what they do bury the needed functionality in something that looks sketchy and you've built the perfect place to hide a needle. a pattern that now looks suss. Except it isn't. until it is Butith the firewalls and cooldowns, are really telling you Let back and look at what cooldowns and firewalls actually represent Good controls Yes. There're also an admission The reason a third party product can flag a malicious version six minutes after it's published Is it NPM is not doing it themselves The reason Teams pay for an interception layer in front of the registry, the firewall is that they cannot trust the registry to keep malware out We are watching detection and response getting pushed onto users and ono a handful of vendors while the registry that profits from being the default keeps underinvesting in its own scanning The incident cadence so far in twenty twenty six makes this gap obvious. Vversion twelve is NPM catching up problem I laid out a year ago Okay, that's progress But a registry that has been this chronically under resourced on internal security doesn't get to flip three defaults and call the supply chain problem handled So it actually does move the needle. Where does this leave us We're left with the unglamorous truth Cooling is necessary nowhere near sufficient. Turn on cooldowns today. It's the single best ratio of effort to protection available And there's no reason to wait for V twelve Ppare your approved scripts Allow list now on eleven point sixteen and later So the V twelve upgrade does not break your builds and stampede your team into rubber stamping everything If you can manage packageed firewalls, run them do all of it And that's his conclusion. So I thought this was a terrific There's my minimum release age, fourteen for a NP item and also do it on bun fourteen days. bun you have to do seconds, I think so. And I did it for a lot of things. I wish I could do it for the Arch user repository. I can't. I wish I could. or at least I ha fig do that. Yeah, becauseuse that's the one that really scaring me right now Yeah. So I thought this was a Really a terrific piece of from the field feedback. as we've been seeing for years Malware that slips into the NPM repository has been steadily increasing. I mean, like big time And there doesn't appear to be anything that could be done The one thought I had while reading this posting was that perhaps these changes are being made onn the cusp, of AI appearing in a time of need. He noted his annoyance that responsibility was effectively being pushed away from the repository and onto less centrally managed external resources and solutions. We see that the largest entities, Cisco and Microsoft jump to mind You know They've been unable to even police their own internal closed source offerings to rid them of bugs. So the scope of the task source free for all repository should not be underestimated. I mean, I'm sympathetic do you allow anybody who wants to to contribute a package and have any security just as AI is now promising to revolutionize the quality of closed source offerings It also seems like the perfect solution. for repositories such as NPM. I think it it makes nothing but sense. So U we know that IBM and Red Hat are going to be pouring a ton of money. Was it five billion dollars into using AI to help open source? And certainly NPM ought to be a big initial target for them And you know, Leo? It's time for me to tape a tape a sip of my juice and for us to find out paying for this This is a low caffeine day for mis. Gibson. What is in your juice? Is it a green juice? Is it a No, it's just it's a third of regular orange juice, organic, of course, becausecause Lori. and then two thirds water So that sounds good. yeah it's just it would be water except water is a little boring. So we just like just make a little more interesting. Exactly. Okay. Our show today, while Steve drrinks his tang is brought to you by Z Saler, the world's largest Cloud security platform. Man, you listen to this show, you go, giveive me security, right? The potential rewards of AI As we've seen are too great to ignore, but the risks are there too. loss of sensitive data and attacks against enterprise managed AI. Generative AI increases opportunities for threat actors helping them to rapidly create phishing lures to write malicious code to automate data extraction And a lot of the You know, privacy leaks, the security leaks are not malicious, just inadvertent There were one point three million instances of social security numbers to AI applications last year. I bet you a lot of those were people take in their tax returns and feeding him to Chat GPT or whatever. but That's got a lot of information on there and you're just letting it out It's time maybe to think about your organization's safe use safe use of public and private AI That's what Chad Palet did. He's the acting CisO at BioIVT. They use Z scaler Chads at Zkiller helped them reduce their cyber premiums by fifty percent and doubling their coverage and improving their controls. takeake a look at the video Be theseca as long as you've got internet, you're good to go. A big part of the reason that we move to a consolidated solution away from SDAN and VPN is to eliminate that lateral opportunity that people head and that opportunity for misdirection or open access to the network. It also was an opportunity for us to maintain and provide our remote users with a cafe style environment. Thank you, Chad. W Z Scaler Zero Trust plus AI You can safely adopt generative AI and private AI to boost productivity across the business There's zero trust architecture plus AI helps you reduce the risks of AI related data loss and protect against AI attacks to guarantee greater productivity. compliance. You can learn more at Zcaler dot com slash security. That's Z sccaler ome slash security. We think of so much for supporting Steve and security now. Taster. Okay, feedback time U, Roger But Clen V O E G T L N. U B I can do. I Rbert silent. I it's Votan. Vola, Robert Vootland He, Robert. So get this Leo. He says, dear mrter Gibson I started listening to security now When I was in the fourth grade, o geez. Okay, Robert I'm now twenty two years old. I have a degree in cybersecurity from Augusta University. Right on Security now has always been there for as long as I can remember. As I begun my job search, I realized just how vast cybersecurity really is There are so many specialties. The more I learn, the more I realize I know nothing I've been struggling with, what I've been struggling with is figuring out where to focus. It feels like it could take decades of working across different roles and industries before I discovered the niche that truly fits me But then much of my career will already be behind me How do you determine which area of cybersecurity is worth dedicating your life's work to? H, Thank you and Leo for everything you've done through security now over the years Sincerely U Robert Votland sppinrite owner Aw. So first of all, Robert And wow The question to you would be What could have possibly motivated you as a fourth grader, Tune into this podcast. I' really I about zero days, Mr. Gibson You know, and it is the case that Leo and I have been here throughout your entire life. Wow. So anyway,'m I know that we both feel very glad and fortunate that we've been able to be here the whole time. So to your question I have no idea. In my case, I sort of stumbled into the security sphere through shhields U which I created because there was clearly a need for it at the time And then the opt out adware remover which happened when I discovered that Oriate Adware was on my own PC since my background, U since about age five you know, began with understanding electricity. and then expanded into electronics and physics and engineering and computer hardware and software I had the broad background you know, ahead of time pretty much head in any direction. time when Spinite was purring along. I saw a need over in the security space So I think my best advice would be to perhaps more deliberately do what I had inadvertently does which is to obtain the widest possible ground exposure that you can That will automatically expose you to many more aspects of the field. and you may find that you naturally gravitate towards something specific And even if that doesn't happen, I believe you'll be better equipped to succeed with whatever you decide to tackle. In today's highly competitive world I normally advise people B best they possibly can a narrowly targeted specialty I believe that's with where to succeed today But of course, that process of specialization can only begin Once you determine what truly interests you Leo, any An this is my kids ask me this too. This is kind of the eternal Oh one of the most fundamental questions every human asks. Today, if I there is so much happening, I would I don't know what direction I would take. I can really relate to Robert's position. Um Even if it's not cybersecurity, if it's just whatever, you know, history or whatever, how to figure out what it is you want to devote your life to is a very, very A challenging question, but I think your answer is exactly right. All you can do is try as many things as possible. Expose yourself. you found one that see what sticks Yeah. And just listen to your heart. You'll know when it sticks, you know, right. Steve had no choice. He knew exactly what he wanted to do. He just, you know, and it's just like it clicks And you're going to it, I didn't either you know, we just We did what we loved. and I think that's the best thing anybody can do is Oh, to be able to spend your life doing what you love. Yeah. I mean, Id love that the best shortest I summary of that is to say I never worked a day in my life, right. because It's it's not. it's joy. Andob, I hope Todd, hope we't find that Yeah, exactly Todd Whittaker, whoses last name I can pronounce is a college professor. listener of ours who uses PHP to teach security. Oh boy. Yeah. He wrote Hi Steve Your recented discussion of insecure PHP in episode ten eighty two last week rang very true to me But you know what PHP is really quite useful in cybersecurity. s just maybe not the way its defenders usually mean. college professor And when I built our undergraduate cybersecurity major Back in twenty ten twow of the original courses used PHP. programming and application security Clearly, that was not because PHP represented our ideal of secure software design It was because PHP is almost perfectly suited to showing students how insecure software gets built A SQL injection Catenate user input into raw SQL Cross side scripting Echo unescaped input back to the browser Broken authentication, store passwords badly, or trust the wrong session variable He writes PHP makes the mistake Easy to write, easy to see and therefore easy to teach He said once students can see the failure clearly, we can show the corresponding discipline Ppared statements, output encoding, password hashing, access control, session hygiene, and least privilege That for me is PHP's real value in a security classroom giveiv students a compact legible catalog of the mistakes they need to recognize before they encounter them in the wild Many cybersecurity graduates will eventually audit, inherit, or respond to PhP heavy environments including Druple and WordPress installations where they will need to see past code that merely works and recognize the familiar patterns that make it vulnerable. And if they leave the courses better equipped to be skeptical PHP based platforms and environments where security matters So much the better us God. So Yes, I think Professor Todd's use of PhP for teaching about coding security is brilliant It's an application for PHP that had never occurred to me. I love it. Thank you, Tod Darek. Kill go said Hi Steve twenty a year. PHP veteran here I thought you'd find this interesting The foundation that governs PHP has added a grant funded a grant funded position to improve PHP's security posture given the realities of AI powered development PHP Foundation grant will fund a six month full time position titled ecosystem AI security engineer in residence. at the PHP Foundation, unquote to lead this effort and to prepare a sustainability platform time after this initial phase person will act as a trusted intermediary between security researchers and maintainers in urgent highigh risk situations collaborate with peers in similar roles across other language ecosystems. Additionally, grant funding will also be employed toward the team goals described above where they cannot be accomplished by the single paid lead position or with the help of PHB community volunteers. and he included a link to the announcement of the ecosystem security team He finishes, I've been listening since you were an actual podcast on an iPod with a spinning disk Love the show. your your perspective is appreciated. Derack So I think Adrianne PHP projects move is great But I should be clear. And Todd Whitaker's use of PHP for security education helps to further clarify this I do not believe that there's anything whatsoever wrong PHP It's not at all the language itself I do not trust There's nothing wrong with the PHP language I think it's very likely bulletproof Pblem with it which has been informed through our two decades of covering its use is that those who often gravitate to PHP Do so because it appears be so easy to use because it is But we've learned that it's always easier to write code that works than code that works securely This next bit of listter feedback sets up a perfect example. Steve Myers wrote the his subject was your PHP rant He said it seemed like Your rant against PHP was a bit of a stretch PHP has its issues But it's also come a long way Here are my issues with your rant You were using some obscure Wordpress pluggin with a whopping and he's being Dot. U And he's not being serious here I Sarcastic with a whopping four thousand installs. as the basis for complaining about PHP specific complaint about PHB making it too easy to do bad things is that it has an eValve function. Here's a list of some other programming languages with eValve functions JavaScript, Python, Ruby, Pearl, Lua, Lisp. And he said, Perens specifically noted in Wikipedia is a listp as the originator of the e valve function. Yeahen Yes, Yes. scheme, clooture Lab Anyway, he finishes it really seemed like your rant was pretty gratuitous and did not have a lot to back it up. Okay, so first of all Steve is, of course, correct that particular problem with that PHP WordPress add on was due to its programmer perhaps not being aware of the danger forwarding user provided text to an eValve function. And it is certainly true that similaral funions eValve functions exist in many languages But I'm not upset with PHP at all for having an eVal function. concern is that writing secure code for the web is extremely challenging That's why through the years, we've been covering all the mistakes that can be made Many not with PHP There are so many different and very subtle ways to screw that up Professor Whitaker's note mentioned a handful of them And he didn't even mention EVal So perhaps the best non ranty way. of expressing what I mean here is to say that it feels as if there's a larger inherent mismatch. between the coding skill typical pHP coder who may be coding for the web for the first time and the coding skill required to do so securely probably in a different language. It's certainly the case that no sane person will have decided to code their website in LSp Okay, But that said, I'm probably not one to speak since I did choose to code mine in assembly language. Yeah, which is worse than lesspisode. Which is yeah Okay, Leo Our last break that we're going to look at patch Tuesday A la AI. Oh. Less I seemed remember programming in that language once back in the day before I started coding in English Which also has an a valve function. Inredible. And the code that AI iss producing for you is C largely No, I let it choose its language It's pretty evenly split. Go is my current favorite because it's concurrent But Rust is great because it's so safe safe. And so it's a little proable, you know, you can a little easier to prove that Rust code is safe. Uh, and then, uh Type script is often chosen for similar reasons. Right So almost all my code is either Rustco or typpeescripted. And the web has tons of examples from the for the AI exactly which is why I don't use common list because it's a little less not so common. N so common. Although oddly My AI is very good at My ems configuration, which is done in ES It's really good at writing USB code, so you know, There's a lot of that out there I guess, maybe more even than common lpspises Yeah, but Go is probably the I would say a good choice. Python, Ohh, I've left out Python A lot of stuffs in Python ust all those one off. L that one off a web server curling of the SSH key it just threw together for you. It's so easy to do in Python because they all libraries it makes it very simple. R Our show today, my friends, brought to you by Aaptive The first security awareness platform built to stop AI powered social engineering Now here's the shift attackers don't need malware anymore They need trust becauseuse your employees will do all the work for them. So they do it with a cloned voice, a convincing deep fake on Zoom or an AI written fish that looks like it came from your IT team And now with AI, these things are so easy That's why you need adaptive. Adaptive prepares your organization with simulations across email SMS and Voice Deep fakes, vishing. AI generated fishing, including scenarios that can mirror your own brand and executives played that audio that u Anthony made that sounds exactly like me telling Burke to buy some Amazon gift cards and send him to a random address. If if Burke didn't know better and Anthony didn't mention it's not really Leo That might have fooled him. It sounds just like me. It could sound just like your CEO And when employees report something suspicious with adaptive They can help you triage it fast. their security teams aren't buried in false alarms adaptive could say, ye, this is a problem Or no, don't worry about it You need training fast with Adaptive's AI content creator. you can turn a breaking threat An incident report or compliance stock into interactive multilingual modules in minutes. No design team required. It'll do it for you With adaptive, you can build, customize, and monitor every part of your training. with complete personalization. The result is a more resilient security culture, which is essential for companies like who uses adaptive pllaid? You know, Plid, their platform powers thousands of digital finance apps Links consumers, developers and institutions Sensitive data is at its core, Ploud security and compliance are non negotiable Plad's head of seecurity, GRC says ive has equipped our teams with cutting edge tools and built a smarter, more resilient security culture across trusted by Fortune five hundred backed by NvidDia and openen AI Adaptive is building the defenses we need for the AI era. Learn more at adaptivesecurity. com. That's adaptive security D Why it be better for this adaptivesecurity. com you need it Now back to Steve So We all knew this had to be coming And it did not take long which is probably the mantra for the AI era. It didn't take long No. becausecause the new race is now on, right to see whether our industries badly broken software can and will be repaired With the help of AI before the bad guys are able to leverage that same AI to find and exploit any of that same software that's not yet been repaired In other words What's been expected and predicted the advancing evolution of AI models focused upon code is all really happening Last Tuesday Microsoft broke All time record for the number of security vulnerabilities patched in a single update cycle And that doesn't even count their fixes to their Chromium based edge browser also broke its own record Uh Uh, byy a lot Those fixes to edge are now wisely being separated into a separate account. says separate count And I say wisely because if the two counts We're not separated and we used to lump IE in with, you know, patch Tuesday updates because that's when it was being updated typically. They weren't separated. June's Hall alone would land somewhere in the neighborhood of five hundred and sixty six Security vulnerabilities. five hundred and sixty six Okay, so let sho Yikes. Let's first take the non edge Windows and windows adjacent patches even without edge There are so many that the exact number differs From one report to the next, counting that high could be tricky. But everyone agrees that it was at least two hundred. and perhaps as many as two hundred and six Now, you know, we've all become a little patch drunk There was a time when thirty or forty vulnerabilities would have raised eyebrows. Whoa, forty vulnerabilities. Now that's seen as a quiet month. But, you know, it's like two hundred Considered just stand back and consider something north of two hundred security bugs foundound and fixed On the one hand, it's great that Windows and its surrounding software will have att least two hundred fewer coverable security vulnerabilities. But on the other hand, Windows software had. two hundred or more security vulnerabilities to be fixed And no one imagines that next month will be much better. I don't think they got them all. So You know, buckle up for July Uh, and it's not as if These were insignificant problems, you know, that could have just been ignored. Oh no Among those two hundred were six zero days Five of which had previously been publicly disclosed, most by you know who And one which was under active exploitation in attacks And among these two hundred, Now blessedly resolved Microsoft Windows and Windows adjacent bugs. G this thirty three of those. ranked as critical With all but five of those, so twenty eight of them being remote code execution twenty eight. crritical remote code execution flaws Of the remaining five, four of those were privilege elevation and the last one was an information disclosure. twenty three RCEs. found and fixed in one month It's nice to see Microsoft moving quickly employ there codeen M dash AI to the I hope that doesn't stick, to the task of finding and fixing the many flaws we have come to understand Microsoft code contains, right They're moving quickly pose here because they are fully aware that increasingly capable AI models are also in the hands of malicious actors who are beginning to actively employ those models for the discovery and exploitation of Microsoft's many code shortcomings. So as I noted at the top of this, it could not be more true that a true race is on. this is really a race I continue to hold, however Bugs are not inherently endless Once removed Bugs almost always stay gone. There are some regressions from time to time, but mostly they stay gone And if similar AI is employed eventually hopefully already now pre screen new code before it's released casts continuing supply of freshly created new bugs should finally also be cut off This means that the consequences of this newly AI enabled race which is motivating both sides more than anything ever has is that we're all going to be receiving far better software from Microsoft than we ever have Basically, it's sort of like I I remember noting this about Ciskco thinking, okay, Cisko, you've you've been unable Stit your software right. Maybe we need to make it easier for you AI will make it easier for you Similarly, with Microsoft AI is going to make it easier for Microsoft to have way fewer bugs than ever before Okay, so what's the overall breakdown of these two hundred su vulnerabilities. Tuesdayayss more worthwhile than ever round of updates fixed fifty five elevation of privilege vulnerabilities, which we know Those are just as just as important. They don't sound as scary as remote code execution The bad guys provide the code they'd like to run in your computer Many times bad guys get in on a user account So they need to elevate their privilege to get to really, you know, sink their teeth into the system So sixty five elevation or privilege vulnerabilities, fifty five remote code execution vulnerabilities, fifty five thirty information disclosure vulnerabilities, twenty seven spoofing vulnerabilities, nineteen security feature bypass vulnerabilities, and seven denial of service vulnerabilities. You know, where you crash something One of those we know one of those DOSs we'll talk about in a second because that was the HTTP two Dob that we've covered And just for the record E all of that two hundred and six, two hundred to two hundred and six, depending on who you ask They did not include flaws repaired previously in Mariner. Azure Horizon DB, Microsoft co pilot co pilot chat, M thirty five M three hundred sixty five co pilot. Microsoft Exchange Online and Microsoft Graph. They were all previously repaired and they all had a bunch In other words Things really are. quite furious up there in Redbond, Washington at the moment and that's great for everyone. So what do we know about the various zero days that were fixed? There were six of them Thanks to the tireless efforts of the renegade hacker Nightmare eclipse Another of their zero days known as green plasma was fixed That was assigned the CVE. this year of four fifty five eighty six, an elevation or privilege flaw Hcker discovered in Windows collaborative translation framework, CTF Mon. I don't know what that is, but I've all I've often seen CTF M in my process list. So it's busy being something publicly disclosed and enabled an unprivileged user account to upgrade itself to full system privileges. So again Nightmare Eclipse was another nightmare for Microsoft publicly releasing a zer as a zero day. a means of using this CTF M to elevate an account privilege from user to system Microsoft was also able on June. and I was impressed by the speed of this because this only just happened earlier in June to quickly repair that HTTP two bomb, which we just talked about, denial of service vulnerability, which was, you know, the deliberate headline grabbing irresponsible disclosure of which annoyed me so much, which we talked about last week where the guys at Caliph said, Hey, guess what? We don't believe in responsible disclosure anymore because of AI So here it is Okay The Microsoft variant was assigned a CVE of four hundred ninetiney one sixty. and was found in the HTtP. sys module, which makes sense. That's the web the web server module driver. As Microsoft phrased it, quote Uncontrolled resource consumption in HTTP two allows an unauthorized attacker to deny service over a network which of course is microspeak for anyone's laptop bring down our web servers What we already know from Caliph's disclosure I is that Uh. the HTTP two bomb is a denial of service technique that abuses how the protocol itself presses and manages web traffic hitters which allow attackers to send very small amounts of data and force servers to allocate roportionately large amounts of their memory. than by combining two techniques. the basically not bugs, but just call features The researchers at Caliph discovered that they could dramatically increase server process memory consumption keep the memory tied up by manipulating HTTP's flow control settings prevent the server from freeing the resources. Basically don't allow the inbound query to ever end So the server just waits And it waightits with thirty two gig of memory tied up And the and the laptop keeps doing those until all the server' memory is gone and it crashes So Since this clever attack is more of an abuse of deliberate HTDP two protocol features rather than a bug that could be fixed Microsoft also added a new Max headers count registry setting to limit the number of headterers in a single request If it's not specified, that the default maximum header count is two hundred It could be set as low as fifty or as high as six five, five threety five So you know, all sixteen bits turned on in the count Tuesday's updates also resolve two problems with Bitlocker. Eclipssees so called yellow key vulnerability. Remember we talked about this that that was the quacky boot thing That's been addressed as CVE four hundred fifty five eighty five U that was the hack that involved rebooting a machine while supplying a script on a thumb drive that had the effect of deleting some files and leaving the system in a pre booted state with its primary drive decryption key still loaded and they normally encrypted drive, the main system drive fully decrypted and accessible as much as Microsoft phrased it. a successful attacker pass the bititlocker drive encryption feature on the system storage device attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data, unquote So after last Tuesday's updates, This can no longer be accomplished Microsoft is now careful to not leave the bititlocker encrypted drive in an unencrypted state. So what about the second bit locker repair Let's hope that the way they stumbled on this one was human derived and not AI Since it sure feels like the old Microsoft, as you'll see in a minute, rather than the new and improved Microsoft We're hoping AI might be enabling. The second flaw was named Blitzkrieg I'm sorry, Bitzkeg clely Ohg. Yeah. Yes by the guy who discovered it. He originally posted the news over of his discovery over on X under the name Jonas L since the view from a hacker's perspective is always interesting and often entertaining I'm going to share Jonas's originally, Jonas's original posting which was near the start of the month on june fourth. And again, as I said, I was impressed that Microsoft moved this quickly hadn't occurred me before, but I wonder if AI might be accelerating the pace Trum just from them having knowledge of the problem and it being fixed or maybe the confidence. because after all That was five days from june fourth to june ninth. U so that's very quick. So Jonas L wrote It is rare that anything new happens in the world of IT security. It's mostly just an endless cycle of variants of the same vulnerabilities being exploited over and over again. That's why I appreciate when something new happens and the yellow key exploit was for once Tack I had never seen before I've done I he said I've myself done Bitlocker bypass Before Then he surpris us he supplies us with a link u with an with that which has an embedded january fifteenth, twenty twenty one date. so about five years a little more than five years ago. This one was new to me, meaning yellow key. It expanded the attack surface onto an area I had not looked into before the recovery environment recovery environment store on a partition that Bitlocker does not encrypt TPM is not locked until you use any functionality that's not the startup repair So if you somehow Code running without causing the TPM to lock You have access to the encrypted drive Microsoft killed Yellow key by removing the auto execution of a newly introduced component be manipulated into doing file operations by rolling back transaction stored on a USB drive Cisis, which was really clever by the way I suspect they simply copied recovery environment from the unreleased Windows cloud made for in clients. That also explained why the bare metetal recovery EFI image identifies as Windows three hundred and sixty five when downloading what to boot on its RAM drive from the Microsoft server. The yellow key he said the Yellllow key trans transaction rollback hack. enabled a file deletion enabling launching a command prompt by holding down control when launching Um Rec N REC ENV d. EXy. Uh, and which which he also agrees is an elegant attack So when my friend asked If I wanted to try to help Restore the vulnerability. I figured Why not give it a try He says Microsoft fixed Yellow key by just killing a specific vulnerability. They did not resolve underlying design issue So I'd be surprised, he wrote, if it wasn't doable After twenty four hours, a new attack was born Call it Bitz creeg Okay, so his posting then walks us through his successful hack and attack which demonstrated There was deeed more than one way to skin this particular cat. And I'll note again, as I did before that vulnerabilities in Bitlocker access point that is bitlcker access at this point is an inherent weakness Microsoft really cannot do much about They could be much less sloppy and more carefully consider the consequences of their design decisions But if we want a system that has its's bitlckkeered Main drive encrypted at rest then autonomously boots into the Windows OS environment. that's contained within bitit loockkeered drive out requiring Some information that is not stored on the local machine You know, which is where the user provided pin comes in then there's really no way around the fact that the machine will be vulnerable. to some form of local boot, you know, like like local access timeim shenanigans There's just no way around that So last Tuesday's patch update resolved this additional Bitzkrieg attack Jonas L discovered. and as I said, I'm surprised they did it in five days And that's good. since he had made it public also. But enterprises and security minded end users should not rely too heavily upon the security of entirely self decrypting bitlockkeered systems only way ever be truly safe is to require some information at boot time that is not present anywhere else in the system That means depending upon a hardware dongle. or a manually entered pin This is the classic trade off between security and convenience and there's just no way around it. Okay So what else do we know about Tuesday's record B breaker The history behind this next Zero day is curious because it's a fix for a CVE dated an unbelievable six years ago. in twenty twenty CV E twenty twenty seventeen onez three which is a Windows cloud files Mi filtered driver elevation of privilege vulnerability Like so many other recently released Zero days, this one too owes our attention to none other than nightmare eclipse It's reincarnation by that now infamous hacker Uh was given the name Mini plasma. So yeah, mini plasma. So What's up with the CVE from six years ago Nightmare Eclipse explained that the flaw was originally reported to Microsoft by Google's Project Zero And indeed, I found the original bug with its full description and its attached proof of concept in a zip file However, Nightmare Eclipse stated that the flaw was still exploitable And it was unclear whether Microsoft fully patched the issue. or whether the bug may have been reproduced or I'm sorry, reintroduced. as I said, bugs sometimes come back may have been reintroduced at some point. In any event, appears to have been fixed once again And this brings us to the fifth and final zero day remote code execution vulnerability Just to be clear This is one of the fifty five remote code execution vulnerabilities that were fixed L Tuesday though the majority While RCEs were not zero days. Remember there were fifty five of those? unbelievably. But this one CVE twenty twenty six for twenty eight ninety seven was one of the zero days This last one is a spoofing vulnerability that was present in Microsoft's Exchange sererver It was being actively exploited in the wild to execute JavaScript targeted victims browser Microsoft explained, quote could exploit this issue. by sending a specially crafted email to a user. If the user opens the email and outlook web access and certain interaction conditions are met Abitrary JavaScript can be executed in the user's browser context Technically, this last one was not part of the primary patch Tuesday bundle time Microsoft explained that they were still working on its update and that they would be pushing it out through the exchange emergency mitigation service, which should be enabled by default on certainly on exchange server And hopefully for users that are that might be affected by this. We know nothing about to about who, sorry, disclose this vulnerability Nor how it was exploited It was a zero day scanning down the surprisingly lengthy list of critical. So remember we had fifty five critical. rememote code vulnerabilities We find that One was present in active directory domain services. And another in Microsoft Azure Kubernetes service Microsoft Office and the remote desktop client get this. each had seven Remote critical remote code execution vulnerabilities. Remote desktop and Microsoft Office each had seven One was in Nuance Power scribe. Th were found and removed from Windows HyperV. Thank goodness because I'm about to start using it There was one in Windows development Services Windows DHCP client had one And that's a scary place to have a I a critical RCE, since although it explains why it's critical, since most Windows clients will be using DHCP So their client be vulnerable remotely by default to any server that is able to supply DHCP information In addition to the Windows HTTP two bomb U which, you know, we talked about last week and and previously this week which it was that denial service problem The HTDP . cS module also had a terrifying remote codex and vulnerability fixed. I assume It was terrifying since it was in HTtP. cis That's the web That's the Windows web server module and it was rated critical And it was a remote code execution. And nothing is more exposed than a web server, which is why the HTTP two bomb vulnerability was such a problem Windows Kos also had a critical RCE. And not to be left out, Windows Kernel did too And finally, two RCEs were found and fixed in the Windows Wind thirty two K graphic GRFX module So I named today's podcast Patch Tuesday All la AI. because this is what the next several months or so are probably going to look like It's going to be very interesting to see the shape of the vulnerability discovery and remediation curve As we know previous months, meaning Uh May Patch Tuesday tied for the most ever patches in any month. And that was like one hundred and twenty five or something As we know This month's handily This month's patch number account fixes far exceeded that one So Are we seeing an acceleration I mean, we are in the last couple of months, certainly Uh what a months what will next months look like? No idea, but could be really interesting to see. And finally Lastly Over on the Microsoft Edge Chromium updates side. I will quote from bleeping computers repeporting about that Just one line which wrote There were also a massive, their word. there were also a massive three hundred and sixty Microsoft Edge slash Chromium flaws that were fixed by Google this month Okay. three hundred and sixty And these were found in the Chromium browser which was already the recipient of an incredible expenditure ofue. past manpower But now The entire software industry is replacing manpower with AI power as rapidly as it can And it's quickly becoming clear that at least in the field of software, there's really no comparison man versus machine. since the results are pretty much speaking for themselves Machine wins. Yeah and I for not I for one, Leo cannot wait to see what happens next. This is a real ride lately. It's crazy Yeah, u that there are that many flaws is in Chrome andind Windows is huge, I understand, but Chrome Yes, S And it does say that Google is busy running AI over Chrome Yeah I No, but I'm with you. I am stunned because I mean It was believed to be super secure. Yeah. And they said, whoops. So in some ways this, I mean, if you could find the flaws, if you were a bad guy, you could also exploit the flaws, right? I mean, that's why people are worried about Fable and Mythos is finding them and fixing him is tantamount to finding them and exploiting them. It's the same And mythos mythos we know produces proofs of concept So it designs the exploit. That is an exploit is a proof of concept And Okay, I don't know where this is all headed. I have no idea. I know we're going to talk more about it tomorrow. I'm trying to get Katie Missurus on as well because she's the only one who hass seen this code, fix the code jail brereak and Alex Stamos also be joining us. He is created the campaign to free Fable U We will be talking about this tomorrow on intntelligent Machines bigig time, big time. And I'm really glad you've been talking about it as well because it's just it is, it's a It's an interesting time for security for cybersecurity You know,v revolutionizing cybersecurity utter. And of course, the other thing that the u fable classifier was blocking besides cybersecurity and and AI development because they don't want somebody else to develop another AI with that power is yeah, bio stuff. And that means bi biological warfare And it's one thing to say, well, there's two hundred and sixty bugs in Chrome, but if You could design a lethal pathogen that was highly contagious That would be devastating We would just, I mean, look what happened with COVID And that wasn't even designed. I mean be devastating. We could So I understand There's a legitimate concern about this And you know, I think we're going to be facing this one way or the other, whatever the government does in the next New Yearars t can't keep a lid on this forever Everybody's working to make these AGIs Maybe Maybe Anthropic was right, we should probably start You first. That's what they said. We'll stop when they stop Steve Gibsons at gRc dot com. That's where you can find Spinwrite, the world's best mass storage, maintenance, recovery and performance enhancing utility Versversion six one is the most recent And it is fairly recent and it is available. And if you have mass storage, you really should have it Go to gRC. com and get it There are other things there. There's this Sin rice is bread and butter, but he also has a lovely little ten dollar program. Okay, nine, nine nine called the DM DNS benchmark Pro that makes sure that your DNS is fast. You know, a lot of people the web is slow and then they realize it's not the web It's the DNS server they're using is slow to catch to find the, you know, IP address Speeding up your DNS server speeds everything up DataS Benchmark Pro can help you that You'll find both of those at gRc. com. If you want to send Steve mail or a picture of the week, send it to gRc. com. No, don't send it anywhere. Go to gRc. com slash mail and enter your email address because he has to whait list you before you send it, but he has a magic tool to do that. Right below it, you'll see two checkboxes two different newsletters. One is, of course, the weekly security now show notes. Really nice to get that a couple of days ahead of time. The other rarely used an announcement of new products. If there is a new product, Steve will announce it through that one. sign up for As you would expect with Steve, neither a checked by default You'll have to manually do that Steve also has Copies of the show, he has unique copies sixteen kilobit for the bandwidth impaired sixty four kilobits sounds great, but it is smaller than the version we have. He also has those show notes. You can download those there A couple of days after the show, he'll have a transcript Created by a human being, Elaine Ferris, H Elaine Wh does a great job with those. Those are all at GRC along with a lot of wonderful free stuff including shields up, which really will help you router before you go online We have on our website one hundred and twenty eight kilabit audio Long story. That's what we got We also have video. Long story. That's what we got. You can find both of those at trip.tv slash SN. there is a YouTube channel dedicated to Steve's show YouTube. com slash seecurity Now the great way to share clips. what you may want to do on any of these to you know, let people know what you've just learned It's great way to spread the word about the show. And of course, you can subscribe because it's a podcast in and your favorite podcast clent We do the show right after Mac brereak quickly one hundred thirty Pacific four hundred thirty Eastern, twenty thirty UTC every Tuesday You can watch us do it live. If you're a club member and I hope you are, please, if you're not Join the club ten bucks a month for ad free versions of the show, lots more club, you can watch in the Club toit Discord Everybody is invited to watch on YouTube, twwitch, X. com, Facebook, LinkedIn, or Kick. We stream on all those platforms. so you can watch us live if you want every Tuesday We'll be back here next Tuesday Pacific for another gripping thrilling edition. See that ste. Bye Leo, seeee then Hey there, Leola Bord here. I just wanted to let you know about some of the other shows we do on this network. You probably already know about this week on tech. Every Sunday, I bring together some of the top journalists in the tech field to talk about Tech stories, it's a wonderful chance for you to keep up on what's going on with tech. plus be entertained by some very bright and fun minds. I hope you'll tune in every Sunday. For this week in tech, just go to your favorite podcast client and subscribe This weeknd tech Security now

This excerpt was generated by Smart Features

Listen to Security Now (Audio) in Podtastic

For listeners, not advertisers

All podcast names and trademarks are the property of their respective owners. Podcasts listed on Podtastic are publicly available shows distributed via RSS. Podtastic does not endorse nor is endorsed by any podcast or podcast creator listed in this directory.