Risky Business #841 -- Microsoft gets owned and 0day'd - Risky Business

Summary11 min read

Risky Business #841 – Microsoft Gets Owned and 0day’d

Date: June 10, 2026
Hosts/Guests:

Patrick Gray (Host, Risky Business)
James Wilson (Risky Business)
Chris Wade (CTO, Cellebrite; Founder, Corellium)

Overview

This episode covers a tumultuous week in cybersecurity, with Microsoft taking major hits through compromised GitHub repos, freshly dropped 0days, and the larger “AI bugpocalypse.” The conversation delves into the nuanced implications of modern AI tools for attackers and defenders, the shifting effectiveness of basic security controls, and broader industry responses—including notable stories around Apple, Meta/Instagram, and advanced persistent threats. Chris Wade joins to provide expert insight, especially on exploit development, enterprise security, and Cellebrite’s AI forensics efforts.

Key Discussion Points & Insights

1. Microsoft’s GitHub Repos Compromised – Two Times Over

[00:55–03:19]

Microsoft had 70+ GitHub repos compromised, involving malware being pushed and even repeat compromise for specific repos (notably “Durable Task”).
Microsoft’s unusual response: Rather than restoring known good versions, they entirely removed repo access—leading to speculation that remediation didn’t address the root cause.
- James: “If your repo’s been popped once and you think you’ve remediated it and they’ve come back again ... what did we miss in the remediation?” [02:15]

2. 0days and the “GitHub Stealing” Exploit

[04:00–06:00]

A 0day exploit was published that allowed for theft of GitHub personal access tokens by abusing the cloud-based VS Code (github.dev) integration.
The exploit came from creative use of keyboard shortcut handling in iframes, eventually leading to programmatic installation of malicious packages and token theft.
- James: “They’re able to basically keyboard shortcut their way into installing a malicious arbitrary package without user intervention ... Your account is owned at that point.” [05:21]
On top of this, “Nightmare Eclipse” dropped another 0day for Windows Defender privilege escalation (race condition).

3. Microsoft Security Team’s Odd Outreach & Researcher Relations

[06:50–08:52]

Microsoft’s security response team (MSRC) has been reaching out—sometimes via AI-generated emails—to researchers presenting at conferences, asking if they're dropping 0day.
- Chris Wade: “I don't think this promotes open dialogue, especially given that it was an automated request.” [07:35]
- Patrick Gray: “Do you really think tasking your open claw to go and hassle people automatically is a good use of time?” [08:03]
General consensus: Microsoft is increasing its own pain by alienating researchers during a time when close collaboration would be most valuable.

4. AI-Fueled Patch-tsunamis & "Infinite Vulnerabilities"

[08:52–09:50]

The AI-enabled discovery of vulnerabilities causes enormous spikes in disclosed bugs (206 CVEs in the latest Patch Tuesday).
Discussion on the impossibility of patching our way out, referencing a recent (absurd) paper claiming C programs have "infinite" vulnerabilities.

5. WhatsApp, NSO Group & The Eternal Spyware Saga

[09:50–10:38]

WhatsApp alleges NSO Group resumed spear-phishing attacks, despite ongoing court injunctions.
- Chris Wade: “After everything, they're still there. Honestly, I'm shocked that they still have vulnerabilities ... but they're chugging along, it appears.” [10:20]

6. Instagram AI Account Recovery Disaster

[10:38–13:32]

Over 20,000 Instagram accounts were hijacked due to attackers social engineering AI support agents to reset passwords en masse.
Meta’s reliance on an AI process—without clear, deterministic policies—for account recovery proved disastrous.
- James Wilson: “The moment there's any sort of subjectivity or human decision making... and if you’re then allowing an AI to also operate in that space ... it's just not going to work out.” [11:14]
Paid “Meta Premium” surfaced as a partial mitigation, but overall, Meta’s processes were lambasted as “a dog's breakfast.”

7. Apple’s LLM Agent to Auto-Replace Breached Passwords

[13:32–16:32]

Apple’s new feature: Auto-detect and autonomously change compromised passwords for online services using an agent.
- James: “If an agent crawls through there and suddenly goes and reactivates, like, decades of accounts that I've let just go inactive, I am going to have a real bad time.” [14:49]
- Chris: “I'd be really annoyed if... all my old passwords were changed... would break a bunch of other systems that aren't Apple-based.” [16:04]
Net positive, but cautious optimism: Success depends on guardrails, careful defaults, and opt-in mechanisms.

8. Apple Removes Russian “Max Messenger” – A Blow to Kremlin (and Security Researchers)

[16:32–19:36]

Apple removed Russia’s Max Messenger (“Kremlin Telegram”) from the App Store and cut off push notifications—degrading the app for 20 million Russian iPhone users.
The underlying motivations: Sanctions compliance and/or concerns about state surveillance, with Apple remaining vague.
- Chris: “It would explain why scammers always want Apple gift cards.” [19:25]

9. AI for Patch Reversal: “Mythos” & Supply Chain Paranoia

[19:36–23:10]

Anthropic’s Mythos and Fable LLMs can now reverse engineer security patches into exploits cheaply and rapidly—sometimes in as little as 31 minutes, at ~$2K in API credits per exploit.
- Chris Wade: “It’s definitely lowering the cost ... There’s going to be people who only care about quick and dirty ... but for government players, they need reliable exploits.” [21:13]
Discussion about expenditure, value, and limits (reliability still low for high-end attack needs).
- James: “For myself … the best use [of LLMs] is actually take a step back and explain the broader context ... and iteratively step through each step ... But yeah, it's not cheap and it uses tokens aplenty.” [22:24]

10. Anthropic’s Fable 5 – Overzealous Guardrails

[23:10–24:27]

Anthropic’s Fable 5 model is so heavily guardrailed that it blocks even standard security reviews.
- James: “It must be like maybe a five-line if statement ... It triggers on pretty much anything that could be/should be/would be cybersecurity.”
AI models’ utility for defenders is being heavily neutered in the name of “AI safety.”

11. OpenAI Agents Easily Phished; “Lockdown Mode” – Secure but Useless

[24:27–27:47]

Varonis research: OpenAI agents fall for basic phishing attacks, clicking links and exposing data.
- Chris: “Now AI is just clicking on every link it can and being enthusiastic about it.” [25:47]
OpenAI’s “Lockdown Mode” disables nearly all practical features to be “secure”—making the agent barely usable, echoing Microsoft’s earlier recommendations for boxed-in AI.
- Patrick: “They make the agent completely useless… if something bad happens, they could say, ‘but you weren’t using lockdown mode.’” [26:07]
- James: “It’s just, it’s going to ruin the experience and the utility of anyone doing anything at all.” [27:47]

12. Microsoft’s “Intelligent Terminal” – PowerShell Glued to LLMs

[27:47–29:13]

Microsoft’s solution: Embed an agent-powered tutorial/chat at the bottom of your Windows terminal.
- James: “The reality is this is what everyone’s doing anyway … just removing the copy and paste error.” [28:23]

13. Cellebrite’s AI Genesis: AI Forensic Analysis that “Solves Cold Cases”

[29:13–34:49]

Chris Wade details Cellebrite’s newly released “AI Genesis” product for digital forensics. By correlating data from phones, PCs, IoT, and more, it accelerates investigations and has already solved cold cases by surfacing evidence missed by humans.
- Chris: “We had cases solved that were open for years in a matter of like 15 minutes.” [30:19]
Efficacy for both prosecution and exoneration; designed for cross-verification, not black-box output.
- Chris: “...it’s always like trust but verify ... It shows the reasoning how it got to this point.” [32:03]
Restricted to US, with internal ethics board and monitoring for misuse (including free licenses for NGOs and journalists).

14. Targeted Ransomware: In-Person Social Engineering at Law Firms

[36:00–38:32]

New ransomware groups target law firms for high-stakes data, sometimes sending physical “password inspectors” to plug in USBs if remote attacks fail.
- James: “Physical security … in a lot of the places I’ve worked at has been very, very relaxed … this plays into the fact that physical security and catching employees off guard is clearly working.” [37:04]

15. Legacy VPNs Lead to Checkpoint 0day Exploits

[38:32–40:00]

Checkpoint VPNs with IKEv1 exposed are being exploited by ransomware groups; while exposure should be rare, legacy configurations remain widespread, often at major companies.
- James: “Surely that’s three devices. But no, it is a lot more than that.” [39:15]

16. ServiceNow – Critical Auth Bypass, PR-Speak Masterclass

[40:15–41:25]

Misconfiguration allowed unauthenticated access to sensitive ServiceNow endpoints; their public disclosure heavily coated in corporate obfuscation.
- James: “If you are looking for a masterclass in corporate speak to bundle your actual dumb bug in a whole lot of fluff, this is the article to go and read ... ‘the API granting an unauthenticated user a higher degree of privilege than was expected.’” [40:45]

17. “Living Off the Ocean”: Credit Card Theft through Whitelisted Tag Managers

[41:25–43:44]

Attackers embed payment skimmers in e-commerce sites using Google Tag Manager and Stripe, leveraging universally whitelisted infrastructure.
- Patrick: "I’m going to call this living off the ocean ... good luck spotting this, unless you’re really like expert mode, IR mode, you know." [41:25]

18. Security Vendors’ Boom: Back to Basics

[43:44–44:41]

CrowdStrike, Palo Alto, and basic asset discovery solutions like RunZero are seeing unexpected growth—not “AI magic,” but due to organizations scrambling for sound fundamentals as AI heightens threat perception.

19. US Military Uses GPS Network for Key Distribution

[44:41–47:38]

Researchers discovered the US military uses GPS satellite payloads to distribute cryptographic key material—a creative and stealthy method with impressive technical sleuthing.
- Chris: “I was actually impressed. I thought it was very clever ... I think we need more creative thinkers in the government.” [45:29]

20. HTTP/2 DoS: Simple Bugs, Big Crashes

[47:38–49:26]

A new bug combining header compression and connection handling in HTTP/2 can lead to massive, rapid memory exhaustion and server crashes; affects major web servers, underscoring the risks in binary protocol complexity.

21. Layoffs at Google Threat Intelligence Group and Mandiant

[49:26–49:51]

Noted that many infosec pros impacted by recent Google layoffs; message of solidarity and encouragement to listeners.

Sponsor Interview: H.D. Moore (Run Zero): The Security “Vibe Shift”

[50:11–61:52]

The Modern Reality: Everything Is “More Important” Now

“You’re going to get compromised. No way to really stop someone from getting into anything you’ve got exposed. It’s just a matter of knowing what you have, being prepared for it, understanding where someone can get to once they get into that first point.” (HD Moore, [50:51])
The “blast radius” and lateral movement matter more than ever as AI-empowered attackers move swiftly.

Asset Discovery, Segmentation, & Layered Defense

Layered asset discovery (inside and out) is critical; many exposures and EDR gaps are invisible until properly scanned.
Once risky assets are found, real-world best practice is segmentation/isolation—but perfect segmentation is rare in practice, making continuous network mapping essential.

The “Shadow Era” of Security

Vulnerabilities are now being exploited within minutes or hours of code landing, even before CVEs are assigned.
Attackers use LLMs to rapidly analyze obscure software in target environments—meaning attackers can craft tailored, hard-to-detect attacks for “weird” or neglected assets, and these 0days may never enter public lists.

The Limits of Vendor Security and Importance of Internal Auditing

Organizations must move beyond vendor threat intelligence—doing their own proactive vulnerability discovery, auditing their own commits and those of obscure dependencies.
- HD Moore: “The whole idea of risk being likelihood times impact—we now know what likelihood looks like.” [61:52]

Notable Quotes & Moments

On Microsoft’s Response:
“It’s a very strange response from Microsoft ... just to shut down these repos ... it really does make you wonder, what did we miss in the remediation?”
— James Wilson [02:15]
On the pace of AI flaw discovery:
“We're not going to patch our way to glory here.”
— Patrick Gray [09:07]
On open source supply chain friction:
“Damned if you do, damned if you don’t ... 31-minute patch-to-exploit pipelines seem like a pretty bad, dire thing for enterprise security.”
— Patrick Gray [20:55]
On Cellebrite’s AI forensics:
“We've had cases solved that were open for years in a matter of like 15 minutes.”
— Chris Wade [30:19]
On OpenAI’s ‘Lockdown Mode’:
“They make the agent completely useless ... if something bad happens, they could say, 'but you weren’t using lockdown mode.'”
— Patrick Gray [26:07]

Timestamps for Major Segments

| Topic | Timestamp | |---------------------------------------------------|---------------| | Microsoft GitHub Repo Breach & Response | 00:55–03:19 | | VS Code GitHub Oday Exploit | 04:00–05:50 | | Microsoft’s Security Team & Researcher Outreach | 06:50–08:52 | | AI-Driven Vulnerability Discovery | 08:52–09:50 | | WhatsApp v. NSO Group | 09:50–10:38 | | Instagram AI Support Fiasco | 10:38–13:32 | | Apple’s Agentic Password Feature | 13:32–16:32 | | Max Messenger Banned: Apple/Russia | 16:32–19:36 | | LLMs for Patch-to-Exploit (Mythos Anthropic) | 19:36–23:10 | | Fable 5 & Guardrail Woes | 23:10–24:27 | | OpenAI Agent Phishing & Lockdown Mode | 24:27–27:47 | | Microsoft Intelligent Terminal | 27:47–29:13 | | Cellebrite’s AI Genesis Forensics | 29:13–34:49 | | Law Firm Ransomware – Physical Social Engineering | 36:00–38:32 | | Checkpoint VPN/Zero-Day | 38:32–40:00 | | ServiceNow Auth Bypass | 40:15–41:25 | | Tag Manager – Card Theft “Living off the Ocean” | 41:25–43:44 | | Security Vendor Boom / Asset Discovery | 43:44–44:41 | | Military Uses GPS for Key Distribution | 44:41–47:38 | | HTTP/2 DoS Bug | 47:38–49:26 | | Google/Mandiant Layoffs | 49:26–49:51 | | Sponsor Interview: H.D. Moore (Run Zero) | 50:11–61:52 |

Tone & Final Thoughts

The tone remains fast-paced, critical, and good-humored, combining technical rigor with a pragmatic, sometimes sardonic take on industry missteps. The episode highlights how “back to basics” controls—rigorous asset management, real segmentation, and human vigilance—are more vital than ever, even as attackers and defenders alike struggle to keep pace with the accelerating power of AI.

Summary for Security Pros:

Microsoft’s security woes exemplify broader failings.
AI is dramatically lowering the cost and raising the speed of both offensive and defensive cyber operations.
Basic, preventative security controls (asset discovery, segmentation, credential hygiene) have renewed relevance.
“AI magic” is double-edged; be wary of both its current utility and inherent risks.
The new threat landscape is unforgivingly fast—assume every system is vulnerable.
Organizations must go beyond vendor intelligence and take active, in-house responsibility for their own long-tail risks.

If you missed the episode, this summary gives you a firm grasp of the hot topics, expert opinions, and the practical lessons—minus the waffle.

Loading summary

Transcript132 lines

[00:00]
A
Foreign. And welcome to Risky Business. My name is Patrick Gray. This week's show is brought to you by Run Zero. And we'll be hearing from Run Zero's founder, H.D. moore, later on in this week's sponsor interview. And we'll be talking about the vibe shift underway, thanks to AI making everyone a little bit jumpy, you know, simple controls, things like discovery, products like Run Zero, they're becoming very cool again. There's. There's definitely been a vibe shift. And yeah, he's going to join us and chat all about that a little bit later on. Adam Barlow is not with us this week. He's going to be back in the show next week. So we've got a guest co host this week in addition to James Wilson, my colleague, who joins me now. But yes, Chris Wade joins us now. These days he serves as the CTO of cellbrite, but he's probably best known as the founder of Corellium, which allows you to virtualize iOS. This is very useful in exploit development. So useful, in fact, that Corellium was sued by Apple for offering this product. A lawsuit that actually went Chris's way and the rest is history. So, Chris Wade, welcome. Thanks for joining us.
[01:13]
B
Thanks for having me on, Patrick.
[01:14]
C
It's good to be here.
[01:15]
A
Now, I should mention too, Chris is also based not too far from me, splits his time between the United States and Australia. He is actually from a town in Australia called Muwillumbah, which is about an hour's drive for me and happens to be on my way to the Gold coast, where I have to go for various things every now and then. So I do stop by Chris's pub, actually, because like any good Australian who made it big overseas, he returned to Australia and bought his local pub. Very nice spot. If you're in Moolumbah, do stop by. Grab yourself a schnitzel and a schooner. But, guys, let's get into this week's news now. And James, the first story we're going to talk about this week is a bunch of Microsoft repos, GitHub repos got owned, right? And like, we're pushing malware. This seems not great. And I believe, like, one of them, it was like the second time it got owned. So now they've like, they haven't just, like, rolled back to a previous version of the Repos. They've like, just completely blocked those repos from showing anything at all. Is that about it?
[02:16]
D
That's about it. It's a very strange response from Microsoft to literally just shut down these repos and amusingly if you go to the repos, it actually says this repo's been cancelled because it violated our terms of service. It's like, okay, but the sort of backstory that's interesting here is that we're talking about 70 repos and you're right, one of the repos, it was compromised for a second time. And that's this thing called Durable Task. It's a Microsoft framework for basically describing a task you want done, you know, multi turn agent kind of stuff. And it goes and reliably gets it done. But the thread that's sort of been pulled on here is that that was compromised first by team pcp, then you know, supposedly remediated and everything's fix but somehow it along with these other 70 odd repos got compromised again. And I think it's telling that Microsoft's response is not just rollback to a known good version of the repo and lock it down, but just to pull them entirely. Because you know, if your repo's been popped once and you think you've remediated it and they've come back again for a second time, it really does make you wonder, okay, what did we miss in the, in the remediation?
[03:19]
A
First time they thought they evicted them and then there was like this happened and it's a mystery. That's what it says to me, right? Like we don't know how this happened 100%.
[03:28]
D
And one thing to be mind is that the git can really muddy the waters here. There's ways you can go deep into the git internals through API access and actually forge a lot of the details. So the article does actually point out that it could well be that it wasn't that account either the first time or the second time it was compromised, but someone might have made it look like it was. So we don't quite know.
[03:47]
A
Yeah, and Microsoft is just having an absolute shocker of a week. Just as we were preparing last week's show, someone published this like GitHub stealing exploit and they published it as oday. You actually did a teardown on this bug and you like?
[04:04]
D
Yeah, I did. I love the research behind it. So let's start with the premise. If you're on GitHub.com and you're viewing a repo, turns out you can actually just change that URL to be GitHub.dev or use the little dropdown in the UI and that spawns a cloud hosted version of VS code, which is of course the reality when it's an Electron app and so it can easily be a website as well. But here's the interesting thing GitHub does. They mint a person personal access token for you. Very helpful. So that that cloud version of VS code can do all things that it might need to do in GitHub including raise pull requests. But they mint the token not scoped to the repo that you're looking at, but essentially scoped to any repo that you have access to on your account. So the the researcher realized this and then basically sat down and went how can I get that token out? Through some really nifty way. And what they discovered is, and they do call this out, that the VS code implementation is quite good in the way it uses iframes and in the app separate web views to create those security boundaries. And there's some good use of like no content source, et cetera. But to have a good user experience, you need those iframes to be able to talk to each other for things like handling keyboard shortcuts.
[05:16]
A
Right?
[05:16]
D
Imagine if my keyboard shortcuts only worked if I was clicking on the keyboard shortcut bar. It wouldn't work.
[05:21]
C
Right.
[05:22]
D
So they found that the plumbing for keyboard shortcuts goes between all these iframes and bubbles up to the core process. And then this is the bit I loved. Using a series of built in as well as deploying their own keyboard shortcuts programmatically, they're able to basically keyboard shortcut their way into installing a malicious arbitrary package without user intervention. That package runs some JavaScript, pops out that GitHub token and that's it. Your account is owned at that point.
[05:50]
A
Yeah, I mean it's just nifty hacks, right? Like it's nifty. And look, this isn't the only Odo to get dropped on them. Just breaking just before we hit record or in it like an hour before we're recording. This is Nightmare Eclipse. The, you know, researcher Persona known as Nightmare Eclipse has dropped Oday lp. The grants system privileges on Windows machines running Defender. That's a race condition. Like it's a bad bug and it's ok. And I just am glad I don't work on the teams at Microsoft who are responsible for maintaining this product because that's a tough thing to explain to your customers who are running Defender, that they just keep getting odaid over and over and over and over again. And you know, this comes just some wider context here. Microsoft has just dropped its biggest ever patch Tuesday. That's 206 volumes, no doubt fueled by AI discovery of security vulnerabilities. Excuse me. And you know, they're just, it's just a bad time to be Microsoft, basically. But you feel, you get the impression they're actually bringing a bunch of this on themselves. Right. And I think a good example of that is they are at the moment reaching out. Like MSRC is like reaching out to researchers who are scheduled to speak at conferences and asking them if they're planning on dropping O Day, which is like, who are you to be sending that email in the first place? Chris, I want to bring you into this because you've been around exploit development, vulnerability research for a long time. You must see this and get. I'm guessing you have the same reaction as me, right? Which is. There's two reactions here. First of all, like, this is just insane from Microsoft. And second of all, what year is this?
[07:35]
B
Apple was doing this as well. They would email researchers and say, hey, can we give you feedback on your presentation before you give it at Black Hat? I think there's an interesting kind of side effect to this in that a lot of people don't really get along with Microsoft's security team. And I don't think this promotes open dialogue, especially given that it was an automated request. Right. Like he'd used AI to send these requests.
[08:03]
A
Yeah, it actually says so in the email. It's like I used AI to send this to automate it and whatever. Really, if you work at MSRC doing researcher outreach, do you really think tasking your open claw to go and hassle people automatically is a good use of time? What are you doing?
[08:20]
B
Yeah, I'm sure that's going to make researchers really want to talk to you more. Right?
[08:24]
A
Yeah. So, James, any thoughts on this one?
[08:27]
D
No. Look, like you said, it's a bad time to be Microsoft, but also Microsoft is making it a bad time to be Microsoft. Like right now with the AI bugpocalypse, you should be wanting the most. Open arms, open mind, sort of relationship with the community out there to just try to get any sort of heads up on all these bugs that are coming out, but instead they just seem to be dug so far in and making themselves thoroughly unpleasant to work with.
[08:52]
A
Yeah. Now I should mention also it's not just Microsoft that's smashing records with its, with its patch Tuesdays. Like I've seen similar headlines around Google in the last week, I think it was. And you know, we already saw Firefox patching hundreds of bugs recently. Interestingly enough, James, like someone actually wrote in with a link to a paper that they claimed proved that C programs all contain unlimited vulnerabilities because they managed to create a C program that would contain unlimited vulnerabilities. And I think the stretch in the paper was that that means that all software contains infinite vulnerabilities or something. But anyway, we're not going to patch our way to glory here, I think is the. Is the idea. Now look, moving on to a different topic and a big news story this week is WhatsApp says that NSO Group is back up and running and targeting WhatsApp users with spear phishing attacks. They have a court injunction that says NSO is not supposed to be doing. Doing this. Obviously this is going to go to court and these allegations will be tested. But like, I guess while we got someone who's from this rough, you know, ecosystem here, Chris, you know, not that I'm saying you're affiliated in any way with nso, but, you know, you, you do have customers in that space. I mean, I'm kind of surprised NSO is still around. Do we hear much about them these days, like, or, you know, do you, do you know anything about what, what they're up to? Like, is there anything to say here?
[10:20]
B
No, honestly, the lawsuit updates are the only thing I've heard about NSO recently. They do appear to be still in business, but I'm just as shocked as you is. After everything, they're still there. Honestly, I'm shocked that they still have vulnerabilities because I imagine that a lot of their staff left, but they're chugging along, it appears.
[10:39]
A
Now last week we spoke about how Instagram accounts were getting owned with. Instagram accounts were getting owned because people were targeting the chat support agent to do password research. And we thought, gee, that's really dumb. Like, ha, ha ha. We got the headline this week that that impacted over 20,000 accounts, which I got to admit, I was like, that's a lot of accounts, right? That is really a lot. And you would hope that a company like Meta might notice after, say, I don't know, a thousand accounts got earned that way. You would think there would be some signals that would enable them to stop this. James, what do you even say here?
[11:15]
D
Yeah, what do you even say? You know, look, boss, here's the dashboard showing our new support agents doing Great. It's done 20,000 account recovery so far. It's like, yeah, look, I was thinking about this after we talked about it last week. And I think the thing that this comes down to for me is it's the scale of the problem that they're trying to solve. That makes it a tempting thing to do with AI. Like when I was at Apple, sort of 2014 era, when a new iPhone drops, the support center would be seeing 700,000 plus account recovery attempts per day from people that have unboxed their phone and can't remember their icloud passwords. So the scale of the problem is huge. It's expensive to deal with when those requests are getting to humans. So of course, what do you try to do? You try to get AI. But the difference between Apple's process and Meta's is that Apple's is very deterministic and it's policy based as to how you can and if you can even recover an account. But when you and I were chatting, Pat, it sounds like Meta's process is, to be fair, very, very subjective. And the moment there's any sort of subjectivity or human decision making involved in an account recovery process, that's bad. And if you're then allowing an AI to also operate in that space that is non deterministic by nature, it's just, it's not going to work out so well.
[12:32]
A
That's the thing, right? They just took all of the problems that they had because I've described this situation as like a dog's breakfast, you know, prior to AI even being a thing, you know, the way Meta handles accounts, particularly Instagram accounts, is just insane. And they've just taken like a really bad process that was human driven and make it, made it a really bad process that's AI driven and you're like, of course it's going to be a disaster.
[12:53]
D
Yeah. So now it's at a larger scale. Good job.
[12:56]
A
Exactly. Turbocharged. The fail. But I mean, this is why I, you know, when Twitter sort of imploded, right? And Musk took it over and like a bunch of people left. This is why I never went to Threads, this is why I had never done a single post on Threads, is because like you could build up an account there, you're going to lose it. Now obviously Meta now offers some of these services I, you know, Meta Premium or whatever, where you can pay a fee to not get owned as easily, I think is like kind of how it works, which I think is actually not a bad idea. But yeah, I just think they really need to get it together here because it is just, yeah, it is just nuts and the processes are bad. And you know this, I guess I got a front row seat to a bunch of these because I did know someone whose account got taken over. And I did take it to Meta pr. Not because I'm trying to like do a favor for a mate, but because I was really like, okay, here's an opportunity to find out more about like what's going on in this incident. And the answers that came back to me were just crazy, right? Just absolutely crazy. When you find out how people are actually taking over these accounts and the fact that Meta's processes for dealing with the exceptions when someone really has had their account stolen are just woefully inadequate. So yeah, no surprises on this one at all. Now look, this piece about Instagram dovetails really nicely with this next one that we're going to be talking about, James, which is about this new Apple feature, which I think is very, very interesting. The idea is it's going to determine. So a lot of browsers can already tell when you're using a like exposed or out of date password or a weak password. But what Apple's going to do is take it one step further and agentically automatically go and change your password if you are using an exposed or weak password with some sort of online service. I think this seems like a terrific idea that's probably going to be a net benefit, but then you think, unless they make a mistake here, in which case this is going to be an absolute disaster. I think Apple seems to do stuff pretty carefully. I mean, you worked there for a long time, so I'm guessing you're going to have an opinion here. You know, what do you think here?
[14:49]
D
Yeah, look, it's. I agree with the base premise that this is a, this is a good feature, right? I mean we've had the passwords app for a while, it lists your known compromised passwords, but I just don't think people do anything with that at that point. And I'm assuming this is going to be LLM based agent sort of thing and it's going to sort of look at the sign in flow, find the change password or I forgot my password, go through that. Maybe it looks at your inbox and it can see the verification link. So look, it feels like the ingredients here in this problem space are ripe for something to be automated here. When I saw this though, I thought about my own use of iCloud keychain. I mean I've been using that as my password manager since forever. So if an agent crawls through there and suddenly goes and reactivates like decades of accounts that I've let just go inactive, I am going to have a real bad time. So yeah, hopefully it's opt in and off by default. But I think, yeah, net positive for users in general.
[15:47]
A
I reckon they'll probably rig it up so that it just applies to creds as you use them, you know, I mean that's the way a lot of these features tend to use. But you don't know. Right? Like that's the thing we don't know. Done something crazy. Chris, do you got any thoughts on this? I mean, I think it feels like a positive, but there's definitely potential for stuff to go wrong.
[16:05]
B
I don't know, it depends on what sort of guardrails that Apple has. I don't know how this works, but I'd be interested to see what protections are in place for this not to be hijacked or abused. I know that I agree with you, it needs to be off by default because I'd be really annoyed if suddenly all my old passwords were changed and broke. A bunch of other systems that aren't Apple based. But yeah, it'll be interesting to see how it goes in the beta. I'm going to give it a shot over the next few weeks and see how it goes.
[16:33]
A
Now we've got an interesting bit of news where Apple staying with Apple, they've actually removed Max messenger from the App Store. So Max messenger is the government messaging client that's kind of like Kremlin Telegram. Right. So the idea is it's like they're trying to come up with their own sort of WeChat thing. So this makes it very friendly, it's very surveillance friendly. Right. So the Russian government can look at everyone's messages and all of that. It's also extremely vulnerable technology. You know, it being banned from the store I think is really bad news for the Ukrainians who seem to love Max messenger because. And they want as many high ranking Russians using it as possible because it's apparently a cakewalk to get access to it. But I guess the interesting thing is here, the interesting thing is here that Apple, I'm sorry, has not just kicked it out of the store, but they're also suspending the delivery of notifications for Macs which effectively renders it a dead app on the phones of people who already have it installed. Which according to the digital Development minister In Russia, that's 20 million Russians who are apparently using iPhones with this messenger installed. I mean this, this is really a setback for the Kremlin.
[17:44]
D
Yeah. And it's, I mean there's multiple sort of layers of interesting information that comes to light when you look into this, of course, you know, 20 million iPhones in a region where iPhones are not sold is quite incredible. There's also all sorts of restrictions around how you can use the app Store. Even if you do manage to get one of the iPhones in Russia, like, for example, you can't fund a balance on there from a credit card. So it's already obviously an area that Apple heavily restricts and sees as one of their key levers that they can pull when they're not happy about something. Now, they've been, as Apple would be. They've been cageous to why they did this. I think they just cited because sanctions.
[18:21]
A
Yeah. And then the press are like, which sanctions? And they're like, look over there, squirrel. And run away in a puff of dust.
[18:26]
C
Right.
[18:27]
D
I mean, it is funny also the blocking of the push notifications, because presumably that means that you can still launch the app and you can still see your messages, but this is heavily degrading the overall utility, I guess, of a messaging application when you're not getting push notifications.
[18:40]
A
Yeah. They haven't killed it, they've just made it dead, Right?
[18:42]
D
Yeah, exactly.
[18:44]
A
Yeah. So this is an interesting thing, and it does turn out that, you know, even though Apple has suspended the sale of iPhones in Russia, there's like this huge gray market for them where they get trans shipped from third countries and whatever. And, you know, we were looking into it, you and I both were looking into, well, hang on. How were people buying stuff on the app store? And it turned out Apple actually in April this year suspended the ability of people to buy things on their store. And you're thinking, well, hang on. There was already no visa and MasterCard access. So how are they doing that? Previously, we're thinking probably there's like itunes gift cards in a gray market, or maybe, you know, like Visa, you know, prepaid Visa or whatever. Chris, have you ever looked into this sort of whole ecosystem of gray market iPhones in Russia?
[19:26]
B
No, but it would explain why scammers always want Apple gift cards, like itunes gift cards.
[19:30]
C
Right.
[19:30]
B
That's where I always wondered why, like, they always want you to put money on Apple gift cards. I wonder where they went. Maybe they're ending up in Russia.
[19:36]
A
Yeah, that's actually, you know, I guess that's possible. All right, now look, here's one that I want to talk to you about, Chris, which is some work out of Mythos. Sorry, some work out of anthropic, where they've said that Mythos is now reversing patches to back into exploits within a few hours. And like, you know, you drop $2,000 on tokens and you get like a functioning Windows kernel bug based on, based on a patch. This is a big deal because, you know, previously we've thought, oh, okay, you know, there can be, you know, you got a bit of time before you need to patch a bug before someone's going to be able to reverse it from the patch and to be able to exploit that. Now it looks like we're with contemporary LLMs. People could just dump the patch into a model and get an exploit out the other side. This obviously changes things. I mean, we're talking about this news in the same week that Ruby Gems introduced a dependency cooldown feature so that you don't automatically bring the latest dependencies in because that's dangerous because of supply chain attacks. Right. So I kind of feel like we're being squeezed into a damned if you do, damned if you don't situation. But, you know, 31 minute patch to exploit pipelines seems like it's going to be a pretty bad, dire thing for enterprise security. Like, what's your take there, Guy?
[20:55]
B
It's interesting. The thing that jumps out is the cost to me, right? I think it was it $2,000 in tokens?
[21:01]
A
Yeah. Yeah. I think they spent 15,700 in API credits and it generated a whole bunch of stuff across 18 security patches. They wound up with eight functioning exploits for that spend. So about $2,000 per exploit.
[21:14]
B
Yeah. So it's definitely lowering the cost for exploits. I don't think in the $2,000 they didn't get a reliable exploit. Right. So that's a very different thing, actually building reliable exploits versus quick and easy. So for sure there's going to be people who only care about quick and dirty. Right. They can spend $2,000, get an exploit, they can exploit a bunch of machines, it doesn't matter if it crashes 10 out of 100 machines. But for government players, they're going to need reliable exploits. So I think people are really quick to say AI can build exploits, and I'm specifically talking about mobile here for a second. But it's a very different thing to go from building an exploit faster and cheaper to building reliable exploits. And I don't think we're there even close to that with, with Bithos and Fable yet.
[22:09]
A
Now, speaking of the money, James, you and I were talking about this and you were saying that like $2,000, actually that's quite a lot of tokens. So from the perspective of getting a functioning exploit, that's A bargain. But you were like, damn, that's also a lot of tokens that they're burning there. Where do you think those tokens went?
[22:24]
D
Yeah, well, it does say that I think they were taking 5.7 hours for the longest exploit to be found. So that's a lot of time, a lot of tokens. And you've got to imagine that that's not. Not human going back and forth, but it's a harness, it's some sort of loop that is either systematically stepping through the code bases, maybe it's sort of a layered approach. For myself at the moment, I find both with Codex and Claude that the best use of them is not, hey, can we go develop this one shot thing or hey, go do this. It's actually take a step back and explain the broader context of what you want to do and then set it up and say, okay, now I want you to iteratively step through every single step at the end of each, each step, do your reviews, etc. And it gets a much higher quality result. But yeah, it's not cheap and it uses the tokens aplenty.
[23:11]
A
Now, Chris just mentioned this, but the latest anthropic model is out Fable. So we're seeing a bit of a theme here. Mythos and fable and what's next, you know, tall tale, legend, Furfy, fib. But yes, they have released their latest model. It is Fable 5 and it is guardrailed up the absolute wazoo. You know, Chris, you were saying you've seen some people bypassing it, but James, you actually tried this morning to get it to actually just do like a security review of a pull request. And it was like, whoa, Blocked hacker. Hacker alert. Whoop.
[23:45]
D
Yeah, the guardrails. It must be like maybe a five line if statement, I think, because it triggers on pretty much anything that could be, would be, should be smells or even vaguely resemble cybersecurity and also chemical and biological. And interestingly, another thing that the guardrail specifically gets tripped up on is any attempt to extract the reasoning. So they're obviously very concerned about the distillation aspect of this as well. But yeah, I fired it up this morning. I was excited. I've got a PR that makes me a bit nervous about some of the security implications. And I said this is potentially one of our riskiest features yet. Can you take a look at this PR and conduct an in depth security and architecture review? No, this request was blocked. We will not do. Would you like to use Opus 4.8 instead?
[24:28]
A
You're a dangerous hacker. Dangerous hacker. Asking those sort of questions. These are forbidden questions. Meanwhile, we've got, what is it? Some research out of Veronis that's shown that Open Claw agents fall for phishing attacks. Right. So they basically conducted four types of lures through four types of lures at, at OpenClaw. And it was like, you know what was there was like a fake gift card that you could redeem and the openclaw agent's like, oh, fake gift card, awesome. And what's funny here is like that was one of them. Then there's a team lead asking for access to a. A staging environment, fake gift card, customer data extract for remote presentation, and a fake OAuth app disguised as a timesheet app. And you know, it just, it did appallingly against all of this stuff. What's funny here is Varonis remediation advice I think is actually quite bad because it's recommended that agents should be explicitly required to verify sender identities, be prevented from emailing new external recipients without approval, and have limited access to internal data. That sounds like a bunch of like non deterministic statements that you would put in some sort of like conf file, not actually a hard control. So I don't know that that's going to help here. Really.
[25:39]
D
No. You may as well have just a system prompt that says please don't fall for phishing.
[25:44]
A
Exactly. Please don't get phished.
[25:46]
D
Yes, exactly.
[25:48]
B
I think it's pretty funny that we've been telling users not to click on links for years and years. Staff everybody accidentally clicking on phishing links and now AI is just clicking on every link it can and being enthusiastic about it.
[26:04]
A
We got machines to click on links for us now.
[26:07]
B
Yeah, exactly.
[26:08]
A
Basically a link clicking machine. But OpenAI has a solution. Good news everyone. OpenAI has a solution which is they have lockdown mode and they've cracked this problem because they've got a lockdown mode. And essentially what lockdown mode does. Are you ready? It's very clever, it's very subtle. What they basically do is they make the model or they make the agent completely useless. James, walk us through OpenAI's lockdown mode here because this is like, I feel like this is a way for OpenAI to cover their ass, right? So that they can like if something bad happens, they could say, but you weren't using lockdown mode, which nobody's going to use. Right? Like that's the vibe here, I think.
[26:48]
D
Yeah. So let's, let's walk through this incredible feature set here. So lockdown mode will disable live web browsing, so you can't browse the web. The retrieval and display of images from the web, but you can still generate images. Deep research, totally gone, don't need it. And agent mode. So listen, I think what they've done here is they essentially took the advisory that we saw from Microsoft a couple of weeks ago about the safe use of AI, which was similar sort of advice of the safest way to do this is to put them in a box and don't connect it to anything. And they've just, just disabled anything that could be potentially useful for an agent to do. I mean, this is more like they're rolling you straight back to ChatGPT 3.0 level features where it used to say, I'm sorry, my corpus of Data ends in September 2022 and I don't have any fresh data because that's about all you're going to get out of this. It's just, it's going to ruin the experience and the utility of anyone doing anything at all.
[27:47]
A
But I mean, this is fundamentally the issue with these sort of agents, right, is that they need to have deep privileged access to be useful. And that's the temptation. That's why we keep getting ourselves into these hilarious situations with these models. Speaking of which too, Microsoft is releasing something they're calling Intelligent Terminal, which is an AI powered Windows terminal. So it's like, what if you got PowerShell and glued it to an LLM, you know, like, that's gonna, that's gonna work out great. But then when you look at it, it turns out like really what they're doing is they're just, just putting everything in one window that everybody's doing already, which is using LLMs to actually craft commands and whatever.
[28:23]
D
Yeah, sometimes we get a story that we laugh about and joke about and sort of make all these assumptions about what it's going to really like and then you look at the article and you find out, oh my God, it is like that. Because the first reaction we had was, oh, is this seriously going to be like PowerShell with AI? And then I open up the article to read it deeply this morning and sure enough, there's a screenshot of, of the top pane is PowerShell and the lower pane is an agent chat interface. But jokes aside of how dystopic that is, the reality is this is what everyone's doing anyway. It's just that they've got two separate windows open and they're copying and pasting the error that they're getting out of the shell or PowerShell into the AI and saying, I just got this error. What do I do now? Oh, run this command, copy, paste that in. And so, sure, remove the copy and paste error is about all that this, this overall net achieves, I think.
[29:13]
A
Now we. While we've got you here, Chris, we should also ask you to tell us a little bit about some of the stuff that CellBrite's doing around AI. Because it is. I mean, you know, it's like. It makes me feel a little uncomfy, if I'm honest. But it's also extremely cool. Where, of course, you know, cellbrite, being a forensics company that extracts data off cell phones, you know, using AI, lets you go to that next level of actually analyzing a bunch of the information that's been seized from the. From devices. Yeah, walk us through that. Because you've actually got a product release like today around that, right?
[29:45]
B
Yeah. We're launching our AI Genesis product today. So we've been baitering it for some time, and I was really impressed with the results, especially on cold cases. Right. And cases with large data sets bringing in data from not just mobile, but other platforms as well, like desktops and even things like drones, IoT devices, routers, and having all of that data accessible to AI. It's incredible. We've had cases solved that were open for years in a matter of like 15 minutes. Yeah.
[30:19]
A
So it's like crunches the data and just goes, it was that guy. And then you look into it, you're like, oh, my God, it was that guy. Is it kind of like that?
[30:27]
D
Yeah.
[30:27]
B
I mean, if you think about how much evidence is on a phone, it's displayed in such a way we actually output it in this ufdr. It's big PDF, basically, with all of the details. Investigators, they go through it, but they don't always have a great system to correlate different data sources, like if they have two different phones or. So the AI has been amazing at taking like 50 devices, like in RICO cases or like terrorism cases, where there's a lot of devices and then analyzing all that data and tracking it back to a location. We had one where it found a video of the terrorist planning to make the bomb, and they used the metadata to track it back to where the training facility was, and it was missed by humans. They didn't, I guess, for whatever reason, didn't look at the metadata on the file. And, you know, AI found it within minutes. So there's a lot of really great use cases surrounding fraud and stolen property. Things that like maybe let's say it's only a few thousand dollars item stolen and it's not super high priority. But now the police can just punch in the data and AI can give them a summary and it's always like trust but verify kind of thing. Like it's AI does me.
[31:46]
A
Well, this is going to be my next question which is, you know, I'm sure there's people listening to this who are freaking out because they're thinking I'm going to get arrested because like some crap LLM made some weird non deterministic call because of some odd artifact on my phone and now I'm in jail for murder. But I mean that's not quite how this is supposed to work, right?
[32:03]
B
Actually one of the cases that it solved, one of the initial cases Jensta solved was exoneration. So the way that we display the data is very much here is the data source and here's a link to and it shows the reasoning how it got to this point. So it's designed in such a way that an investigator can look at the data, verify that it's correct and then move to the next step. So I'm hoping that we've put enough guardrails in place that we don't have any issues like that. We haven't seen any yet, but we launch it today. I'm very hopeful. Cellebrite is used on over 1.5 million cases a year and I always wonder about how many of those cases they don't go to the next level because the investigator didn't have all the tools he needed. So I think it's a really great use of AI. I'm interested to see long term in the next 5 years what the solve rate for AI is versus cases solved without it.
[32:57]
A
No, I mean you and I were, you know, sort of first discussed the theory of this a while ago actually when I was visiting your pub. Right. So we sat down, had a beer and we're actually chatting about this. And it is fascinating, but I also understand that there's going to be, there are going to be people out there for whom. This sounds really creepy. I mean, what are you doing, you know, are you putting some, you know, access restrictions around this sort of technology? Because I'm guessing that it is the type of stuff that, you know, you would not want certain governments using it to chase down, you know, political activities and dissidents and things like that.
[33:35]
B
Yeah, I mean we have an ethics board. We are very careful about who we sell this technology to. Currently it's restricted to the US Only. And we're aware that there's potential abuse for AI so we have been very careful about how we roll this out.
[33:49]
A
I should mention too, that I think, you know, how do I put this? There are people out there who perhaps don't realize the extent to which companies like yours actually cooperate as well with people who are investigating human rights abuses. I believe, like, for example, Corellium provides free licenses and support to Amnesty International. Right. To help them identify human rights abuses. That's probably something that we could.
[34:14]
B
We could say here for sure, 100%. We also provide free accounts to journalists.
[34:20]
C
Right.
[34:20]
B
We do our best to try and help. If we get reports of abuse, whether it's Cellebrite or Corellium, we always investigate it and accounts are cut off or locked. I'm glad to say we haven't had, you know, there has been cases for sure, but we're pretty diligent about where we sell and who we sell to. And I mean, that came up in the lawsuit. That was one of the remarks that the judge made that we do have processes in place and we've been very diligent about the kind of customers we have. And I'm proud of that.
[34:49]
A
Yeah, yeah. I believe also that you have offered other organizations like Citizen Lab. You have offered them information on things like resellers who might be trying to obtain technologies like Corellium to pass them on to not so great regimes. You've offered to pass on intelligence on those and also free licenses to organizations like Citizen Lab, but they don't seem too keen on taking you up on the offer.
[35:12]
B
Yeah, I think, you know, they've in the past, they've put articles out, whether it's Citizen Labs or others that name Corellium or, you know, like, point out that we have customers outside the US I am always happy to give out free accounts to causes like Citizen Labs. In terms of the intelligence. We get contacted by government agencies all the time that work with us reporting, you know, potential resellers who are trying to obtain our product. It happens fairly regularly, so we're always happy to share that with them. But so far they haven't taken us up on the offer.
[35:49]
A
Well, let's move on to the next story now, a bit more bread and butter security stuff. And we actually. This story was out last week, James. We were going to talk about it in last week's show, but then, I mean, there just wasn't that much detail in it. But now Mandiant dropped a report. So last week there was An FBI alert about this ransomware crew who were doing a lot of social engineering and whatever. But the thing that makes it really, really interesting. Few angles, right? First angle is that they're targeting high end law firms because they're doing data extortion. And what they've discovered is a lot of companies, you steal their data, they won't care, they won't pay to have it deleted. Whereas these high end law firms, they absolutely will because that data being leaked is a disaster for their clients. So they will absolutely do that. The other thing that's interesting is the way that they escalate. So what happens here is the, if they can't remotely socially engineer these firms, what they wind up doing is actually sending someone to the firm with a USB drive to say, hi, I'm the password inspector, or whatever. And then they get in, plug in, download a whole bunch of data and off they go. So, I mean, this is a nightmare. I guess if you are a CISO now you got to worry about in person social engineering to do this sort of thing. Like what a. Yeah.
[37:04]
D
And you know, maybe I've worked in the wrong sort of places, but the physical security in a lot of the places I've worked at has been very, very relaxed. You know, it's, it's. Yes, there might be swipe cards, but everyone will hold the door open for you to let you in. And you know, there's, there's very little sort of, I guess discerning qualities as to who is actually working in IT and would legitimately come up to you and say, hey, sorry, I'm from it. I've got this urgent update I need to install. Can I see your laptop? And it's just this really plays into the fact that, that physical security and I guess catching employees off guard is, is clearly working. I mean, I think the interesting thing about this is that most ransomware and extortion groups, they give up once that the cyber security aspect and the social engineering and the phishing fails. But I think it is very cluey that this group has realized that the trade off of potentially getting caught in person is worth it, given just the sheer dollar value that can be extracted, as you say, from companies that are willing to pay. It also reminds me of one of my favorite between two Nerds episodes where Tom and the grand were talking about the three first principles of a cyber attack. There's got to be a human involved. So there's that, that weakness or exploitability of a human being involved. There's got to be data that's able to be taken and there's got to be an economy behind it. And I think what's super interesting here is what we're seeing is the data from certain organizations is so valuable that it's worth the potential risk there of someone physically getting snapped in person.
[38:33]
A
Yeah, I mean, I hate that he's been right in his prediction because a couple of years ago he predicted this big pivot to data extortion. And I'm thinking people aren't going to pay, they're just not going to pay. And what they've been able to do is identify categories of victims who do pay. So Grok was right, I was wrong. It's very annoying. Moving on. And checkpoints. He's apparently like warning about a zero day bug that is being used, like targeted by ransomware affiliate. And this is a bug in people who are using their checkpoint with IKEV1 enabled raw dog on the Internet. And you just think, what did you think was going to happen? Like there's always going to be an ODE in that. Like, was that your take here as well?
[39:16]
D
Yes, I mean like on multiple levels. You know, like last week we were like, it's Wednesday so there's a bug in Fortinet. This week it's like, it's Wednesday so there's a checkpoint and then you read through and you're like, okay, not only is it a checkpoint zero day, but it's in a VPN that allows you to connect without authentication. Great. And how does that happen? It only happens on devices that are configured to use ikev1. And so you think, all right, listen, that's got to be a vanishingly small population on the Internet. But of course it's not. And these are getting actively exploited. And some of the post exploitation tradecraft points to the Quillen ransomware group as well. So there you go. It's just like you read through and you go, surely that's three devices. But no, it is a lot more than that.
[40:01]
A
Yeah. And they belong to like, you know, Fortune 50 companies or whatever. Like it's always the way, right? Like who is crazy enough to do that? It's like, yeah, it's there for legacy reasons because of something. Something.
[40:10]
D
Well, it's there because the account manager had a really great relationship with the CISO. That's always how it goes.
[40:16]
A
Now ServiceNow has just disclosed some security incident details are still, you know, coming to light. But they applied a patch on 5 June to hosted instances saying that they fixed the configuration of an endpoint to require authentication to which my response is blink come, come again. So yes, apparently there was some endpoint that didn't require authentication that was causing. Yeah. ServiceNow instances at customers to get owned. Like what?
[40:46]
D
What? Well, I mean the, the dual use purpose of this article also is if you are looking for a masterclass in corporate speak to bundle your actual dumb bug in a whole lot of fluff, this is the article to go and read because I loved lines like this may have resulted in the API granting an unauthenticated user a higher degree of privilege than was expected. It's like you said, they were unauthenticated. What would be my expectation?
[41:16]
A
Well, when you can arbitrarily just like pop shell, I guess that is like, you know, giving someone more privilege.
[41:22]
D
It's unexpected. It was very unexpected.
[41:25]
A
I mean, I'm surprised. Yeah, yeah, 100%. Now this next one, I actually found it actually a very interesting story. There's this credit card theft campaign targeting E commerce sites. But what's interesting is all of the bad stuff is hosted on Google Tag Manager and like Stripe. So it's all like allow listed like domains that look squeaky clean. I'm going to coin a term for this, right? Because we know what living off the land looks like with using LOL bins and whatever. I'm going to call this living off the ocean. Living off the sea. Right. But it's, it's like, I mean it's, it's cool. I love it when you see people do this. It's sort of like how spammers are getting DocuSign to send their spam. I mean this is about getting, you know, legitimate services to host. I mean, not even your payload. It's like bits of your payload, right? In this case, yeah, it is.
[42:16]
D
It's just continuing that trend of why make a hacky version of something when there's a legitimate version there that you can abuse to. To go do your bidding for you. And in this case, two very legitimate services. Google Tag Manager, which is the easy way to drop various chunks of JavaScript onto your website without changing your website. Maybe you're dropping your analytics from Sentry to something else and you want to just a quick and easy way to say drop in this tag, don't drop in that tag. And the thing that is a little bit unclear about Google Tag managers use here in particular is it doesn't say how that that malicious tag, I assume has made its way into Google Tag Manager and someone has enabled it on the site. But there's probably heaps of ways Typo squatter tag or a malicious phishing email saying, hey, please update this tag with this version. But either way it gets in there. And what's deployed in that tag is, yeah, like you said, it's fragments of the malware that essentially goes and hijacks the payment pages in these e commerce sites and funnels the payment data off to Stripe Hype to go and, you know, handle payments on behalf from that stolen payment method again through a completely legitimate. And more importantly, like, the other aspect of this is it's not just that these are legitimate services, but they are the kind of things that just get whitelisted everywhere in a particular.
[43:33]
A
Well, they're the kind of services you expect to see on those sorts of sites. Right. Which is what makes it so cool. Like, good luck spotting this. Like, unless you really like expert mode, IR mode, you know.
[43:43]
D
Yeah, 100%.
[43:44]
A
Yeah. Just real quick, I wanted to mention this one. There's a story from Cybersecurity Dive that says that CrowdStrike and Palo Alto Networks are like defying estimates and business is great for them at the moment because of AI. Look, I would just say that the funny thing I've noticed is that people who are making basic controls, people who are making stuff like, you know, like Run zero, doing, you know, asset discovery and stuff like that, Knock knock is going berserk. Stuff like airlock, right? All of your sort of basic security controls, they're doing great because everybody's absolutely terrified that AI is coming to eat them alive. So whereas the. The really heavy AI products and stuff, I think the market's still trying to work out how best to use them. So while you might be seeing AI enabled features on something like, you know, the sublime email security platform where they've done a really good job of integrating AI, it's not really why people are buying a high quality email security platform. It's just nice that they're using AI appropriately. So I just find this is an interesting thing where we're seeing a lot of spending in like traditional security controls as a result of stuff like Mythos terrifying everyone. So, yeah, that's cool. Now, Chris, I wanted to bring you in on this one because I want to. I want to know what you think about it. But it turns out that it looks like the US military is using the GPS satellite network to distribute key material. And look, I mean, there's so many jokes you could make here about pki, right? And about how PKI key distribution is difficult. And I guess where I landed on this one is I can't figure out if using the GPS system to distribute your key material is doing it in hard mode or easy mode. Basically that's what I can't figure out. But were you surprised, Chris, to see this? And were you impressed? I think is the question.
[45:29]
B
Yeah, I was going to say I was actually impressed. I thought it was very clever. I'd like to know what the actual use case for it is, which systems are actually using this data. And take the guy out for a beer who came up with the idea. I think we need more creative thinkers in the government. So I love when I see creative stuff from tech people in the government.
[45:52]
D
Yeah, it's cool. And it's the kind of story I love because this was this researcher, Stephen Murdoch, I think it was a decade ago, was working on, just happened to be coding up a decoder of GPS data for completely unrelated reasons. And when he was doing that, he noticed that there's this thing called subframe 4, page 17. I mean, my heart goes out to him for what the specification must have been like if there's a subframe for page 17 in this protocol spec. But what he found was there's this like 176 bit message in there that's not very well explained. And when he gathered a few samples, it just looked random. And you know, for those that work in networking, random is interesting because random doesn't happen naturally. Right. That it's rare to not have some sort of structure in your data, especially in networks. But then he came back to it a couple of years later and teamed up with another researcher and they found that there's actually an archive of all these GPS signals that go back to, I think 2007 or so. He stitched all those together and found a huge payload of 3,994 unique 176 bit messages that were in this GPS signal. And this is a bit that was really cool. They then compared those different message fragments and could find little differences. And those differences happened at certain times. It's like they were like a sentinel message. And that just happened to line up with when certain new military networks were getting commissioned by virtue of corroborating that with publicly available information. So it's good sleuthing.
[47:23]
A
Yeah, it's great sleuthing. And it's like, as I say, does having access to the GPS network make your key distribution easier or harder? And I don't have an answer for that.
[47:33]
D
Well, can you imagine this guy's like data centers in space? I mean, doing that for a while.
[47:38]
A
Exactly right. That's old news. Now we got a bug here that I just think is worth mentioning. There's this DOS attack that crashes a whole bunch of web servers in under a minute. It's like a memory exhaustion thing and it works in servers that are serving stuff up through HTTP 2 because there's like a whole bunch of weird features in that that are not. Not appropriately. QA'd basically is the long story short here, right, James?
[48:02]
D
Yes, inappropriately QA'd. Let's come back to that and recalibrate the bar on this. When I talk through the first aspect of this, which is it is two bugs combined. It is a bug in the compression in headers and it is a bug in essentially holding onto sessions for a long time. You combine those two and if you're able to seemingly decompress a whole bunch of data and hold onto that in the server's memory, of course, course it's going to run out of memory and it's going to crash. But to your point about not specifically qa, the compression works like this. Basically you can say, here is my compressed data and when it's decompressed, it's actually sort of a structured reference and you essentially say decompress this. And then actually what's decompressed out there has a self referential sort of reference and it keeps decompressing over and over again to the extent where one byte in can turn into tens of thousands of kilobytes of memory being expanded over and over again. And so it's like there is no compression method that should work legitimately with one byte in and tens of thousands of bytes out. And yet this is present in Apache Envoy, all the popular things. And frankly it is astounding that this hasn't caused mass mayhem. But that also seems to be kind of the way these bugs go at the moment. It's like oh, big scary.
[49:16]
A
And then, yeah, no crickets, right? Yeah, HTTP too. Like let's make HTTP but like binary.
[49:23]
D
Yeah, but like that'd be cool. More stuff.
[49:25]
B
Yeah.
[49:26]
A
What could go wrong? Just quickly wanted to mention it. Shout out to all the people at Google Cloud and Google Threat Intelligence Group who've lost their jobs. This sucks. So there's a bunch of mandiant people got cut loose and Google Threat Intelligence Group people got cut loose. I'm guessing a few of them listen to this. So I want you all to know, we see you, you'll be fine, you're going to pick up other jobs. But we're sorry, this must suck. And we're going to wrap it up.
[49:49]
B
Celebrate.
[49:49]
C
Tiring. They could.
[49:50]
B
They could definitely apply to Celebrate.
[49:52]
A
There you go. Contact Chris Wade at Celebrate. They would love to hire you. All right, we're going to wrap it up there. James Wilson, Chris Wade, thank you so much for joining me to talk through this week's news. A pleasure to chat to you both.
[50:04]
D
Thanks, Pat. This was a lot of fun, as always.
[50:07]
B
Thanks, Pat.
[50:12]
A
That was James Wilson and Chris Wade there with a check of the week's security news news. Big thanks to them for that. It is time for this week's sponsor interview, and we are chatting with HD Moore, who is the founder of Run Zero, and we're chatting to him this week about the vibe shift out there, where basically a whole bunch of, you know, sensible security technology is all of a sudden red hot again because everybody's scared that Mythos is coming for him. Oh, Mythos is going to come and get you. Right? So you got to go and do your asset discovery and put in some sensible controls. So, yeah, look, that's really simply where I started off in this interview with HD is asking him, you know, has there been a vibe shift? And here's what he had to say.
[50:52]
C
I mean, you go back a year ago, and everyone was saying, well, we'll buy more defensive solutions, we'll do an AI Soc, we'll do all this stuff, and that'll somehow prevent us from getting compromised. And reality is, no, you're going to get compromised. Now, there's no way to really stop someone from getting into anything you've got exposed. It's just a matter of knowing what you have, being prepared for it, understanding where someone can get to once they get into that first point.
[51:13]
A
Yeah, it's funny, I had a chat with. So I talked to people who are in the preventative control business, right? And they say, well, AI Stuff has shown us that we need preventative controls, you know, and detection response is not going to suit us in the AI Era. But then I chatted with Ed Wu, who does AI Sock stuff, and he made a really good point, which is that, like, in the AI Era, you're not going to stop people from getting a presence on the network. So detection and response is really much more important as well. So I think where I've landed is, like, everything is all of a sudden more important, right?
[51:43]
C
Yeah. And blast radius matters more, too. It used to be, okay, can someone get into my dmz? Can someone get into my server? Now it's more of like, great, let's assume they get into this Part of the network. Where else could they have gotten? Like, how far do we have to look for the traces of this particular impact? Where previously you could say, well, maybe they got into my F5 or something like that, but they wouldn't necessarily assume. They already got your domain controller in the first hour after popping your. Your perimeter.
[52:04]
A
Yeah, and now it's that lateral movement is a lot easier for attackers who are using AI because it's, I mean, I guess that makes sense, right? Because lateral movement through something like, you know, a typical enterprise network is pretty well understood and documented, which means that all of that knowledge has been, you know, ingested, I guess, by a lot of these chatbots. And now they can just do it for you.
[52:23]
C
Absolutely. I mean, you've done some great interviews with folks who do kind of the AI pen testing side and you know, they just went out and said it. Most of what we do is lateral movement. That most of the AI pen testing world is dump a cred. User cred, repeat.
[52:34]
A
Yeah, right. So how does run zero actually help you there? Because as far as I understand it. Okay, so let me, you know, have a stab at it. Right, so you've got the external attack surface measurement piece, right. Which is, I think, very important. You want to know what's hanging out there on the Internet that people are going to be able to pop shell on. Right. As a, as a first step, managing your external exposure is going to be very important. You want to be using something like run zero internally as well to have a look around from the point of view of like, okay, well, if someone lands at this point in the network, what are the internal exposures that make lateral movement that little bit too easy? Is that kind of where you're coming from with that?
[53:12]
C
Yeah, there's two parts. I mean, one thing we do that's really interesting is we find external exposures from internal only scans. So we'll fingerprint everything you have internally by only scanning internal, and from there we can tell whether any of that stuff internally is exposed externally by just doing a hash look up of the unique id. And so that lets us say, okay, we had no idea this IP range of this cellular network had anything to do with your company. But because we see the hash here and the hash there, we know it's yours. So you find exposures that you can't really do attribution against otherwise by doing that internal scan. The second part is a lot of times you say, okay, great, I've got my edr, I've got my controls scattered around my Internal network. But then we come back and say, well here's the other 50% of assets you didn't realize you had. And also half of those are missing your crowds for.
[53:50]
A
Yeah. Which is extremely not great as you would say. So I mean look, that's really nice in terms of finding those like EDR install gaps and stuff exposed that it shouldn't. There are certain bits of enterprise tech though that just are never safe. Right. Like you can't just configure them to make them safe. What are people doing about that? And obviously I'm interested in that in you know, perspective of, you know, being involved with a company that does the access control bit. But I'm wondering what other people are doing to deal with that. Like what happens when they find something on the edge of the network work that is risky. How are people dealing with that? Because it's great to find this stuff with Run Zero, but what are they actually doing to reduce the risk once they've discovered the exposures?
[54:36]
C
Yeah, the short version is the number one control people have for security is segmentation. So if you find something you don't like, whether it's a bmc, whether it's a OT device, a device you can't patch and all the support appliance, what you do is you put it in its own little network, you isolate it, you say okay, great, I can't talk to anything else else. The problem though is you put all of those devices into the same networks. You have all your BMCs of all your servers on the same management network. Now all it takes is popping one of those to get into everything else. So what we've been really showing with Run zero, especially with the last release, is we're able to identify the segmentation gaps across the entire enterprise. So you have an idea of what your network should look like in your head. We show you what it actually looks like in terms of being able to bounce around, go around your firewalls, go through connections you didn't realize you had. Find multi home machines. That's really been a little terrifying for folks because they realize that the controls they thought they can place don't actually matter.
[55:20]
A
Now you've been doing a presentation lately. It is called, forgive me, the Shadow Era. Give the listeners the basic pitch of the Shadow Era because it really connects to what we've been talking about.
[55:32]
C
Absolutely. So back in the 90s, no one had any idea what was exploitable. And this small group of 20 to 30 people could walk their way into any network on the planet that's just how it was. So it didn't matter what secret tools you had. We're all in the dark all the time. You move on to 2000s, 2000s. And we started getting to this kind of patch exploit, patch exploit cycle where a patch would come out, an exploit would come out, and the presence of an exploit was what triggered everyone to go patch. And then we started getting into a cycle in the last couple of years that's much faster, where the exploits came out. First everyone's getting mass owned and then you identify the patch, then months later the vendor says, hey, we had a problem, here's a patch for it. So you're already now months to weeks behind the ball in terms of exploitation. The challenge we're in right now is that there's been so many vulnerabilities discovered that don't even have a CVE yet just in the last three months that we don't even know how many vulnerabilities we don't know about yet. We've gone from knowing there's a few hundred in the queue for Chrome or Firefox, now having thousands and thousands and thousands of unknown bugs. And the kind of scary part about this is an attacker doesn't have to go after OpenSL or Apache or OpenSH. They find that one little corner of your network, that one device that no one's looked at in 10 years, they throw the latest AI model at it and bam. They've got shells and everything.
[56:35]
A
So, you know, it's funny that you say that. Sorry to cut you off there, but I had an interesting chat with someone who's a recently departed Intellig community guy about exactly that, which is where is the value for intelligence community, the intelligence community when it comes to that sort of exploit development? Because you know, Mythos came along, right? And all sorts of bugs started falling out of mainstream software. They're kind of useless for the IC because those bugs are all public. If you can discover them with a one shot prompt, they're essentially public vulnerabilities. And they're not really enduring, durable or that use useful. But where it becomes really interesting is exactly what you said, where they might scope an environment and find some bit of esoteric gear or esoteric software there. And then they can use the LLMs to just automate the process of doing the vulnerability discovery and the exploit development. Hey, this weird, you know, Japanese web application over here that's used for something odd in this environment, please pop shell. And the AI goes okay, you know, so that is, that is A new thing, isn't it? And I guess we've seen that, that too with pen testers. I know over the last 20 years have had great success moving laterally through quite secure environments by finding oday in all of the really crappy enterprise software that people tend to use in enterprises. So I guess that that is just ubiquitous now, isn't it? This, there's no, you know, obscurity is not going to save you really this time.
[57:58]
C
I'd say the difference though, like, you know, I'm one of those pen testers who used to love breaking into like the tape library or the weird esoteric thing in the corner. But after the pen test, you report to the vendor, you get it fixed, everybody gets an update, off you go. More recently, we've been using the known exploited vulnerabilities list to be a list of what to go fix. But these vulnerabilities are being exploited per target. They're never going to be coven kept. No one's going to know about it because they're going to be used once, maybe twice. Unless you get really, really, really lucky and happen to catch it the first time it's used, it'll never come to light. So that's what's kind of the shadow part about it. It's like it's not that the exploit gets used once, then a month later everyone else finds out about it. It, it's that you're literally going to get hit with an exploit that is only used specifically for your environment.
[58:37]
A
I mean, this is funny, right? Because I asked Nicholas Carlini from Anthropic about this when we did an interview recently. I don't know if you caught that one, but I did ask him. I'm like, hey, maybe it's an idea if you can get the models to detect when they're crapping out an oda and that you could report that to the vendor. And his answer was like, oh no. We take our user privacy so seriously. And I'm just thinking, I'm rubbing my temples thinking, man, like, you know, you should probably think about that a little harder.
[59:01]
C
I mean, something that I think we often mistake when we talk about AI is we like to think that the large frontier models are the gatekeepers to technology and they haven't been for a long time, right? You can get very close to frontier level models just by having more harnesses running locally on your MacBook, right? So the cat's out of the bag.
[59:17]
A
We had a big interview with Nils Provost talking all about exactly that. But I guess my point There is that like even the frontier people are just like not really thinking about things. Yes. And it's. And it's. And it's going to be an issue indeed. We were speaking about nist, Kev. Sorry, not nist, the CVE program falling behind on the, what do they call it, the NVD enrichment. And then, you know, Kev's kind of turning into a little bit of a dog's breakfast as well. So, you know, where does that leave us? Right, I guess you're going to say you should manage your exposure and you should use tools like Run zero to do it.
[59:46]
C
I mean, you go back to the 90s, right? You don't know what you're going to get hit with. All you can do is do layer defense. All you can do is try to have a really good map of what's out there. And we're kind of back into the, I don't want to say the fun mode again, but it's not like you can go through a checklist and be secure. Right. You actually have to try again. You have to actually know what you have. You have to actually look for the exposures, you have to actually look for the attacks. You can't assume that offender or threat intelligence is going to tell you about it before you get hit with it.
[60:08]
A
I guess what you're saying is we just really have to assume that there's a bug in absolutely everything. Minimize exposure, minimize blast radius and kind of treat it that way.
[60:17]
C
It's worse than that. So my take is folks are now auditing every commit to every project and finding a vulnerability and exploiting it before people even know it's vulnerable in the first place. So if you talk to like Heather Atkins, for example, at Google, they've got a program where they're auditing every single commit for a security bug, whether it's been shipped yet or not. And the idea is that you actually want to know whether something's vulnerable before it even gets released in the first place. And you have to assume that people are doing that for all the repos, for all the tools out there. So someone may commit something that creates a vulnerability and someone's already taken on an exploit for three or four months before someone realizes there's even a bug there.
[60:46]
A
So what, we're just doomed?
[60:48]
C
We're kind of back to the basics? I have to say the one thing that people can do that for the last 10 years or so we've depended on our security vendors giving us kind of spoon feeding us threat intelligence and tooling can't depend on them anymore, right? You have to do your own work. You have to have your own internal vulnerability operations team. You have to proactively audit your own commits before they get shipped. You really have to be auditing your own long tail suppliers, not waiting for some security vendor to tell you that there's a vulnerability in some esoteric dependency. We have to be very proactive about it if you want to supply, right?
[61:19]
A
Look, if I'm honest though, that sounds like a approach that's out of reach of most organizations. I mean, if you're bank of America maybe, right? But like what, what are the normal folks supposed to do about this, right? Like just give up.
[61:32]
C
The good news is the tokens are getting cheaper, hardware's getting cheaper, so you can start proactively auditing all of your long chain supply stuff. You can start looking for what's the one library that is weird, that hasn't updated in five years, that no one else in our industry uses. Go audit that. Like you're gonna find something that's really important, really scary, really quick. And again, the whole idea of like risk being likelihood times impact. We now know what likelihood looks like.
[61:52]
A
All right, H.D. moore, always fabulous to see you. Everyone should go and get Run Zero and have a look to see what their exposure is like. I really do honestly, hand on heart, recommend that people do that because you never know what's hanging out there on the edge of your network in particular. I mean, that's the first place you want to look. And then, you know, as HD was explaining earlier, you really want to do have that inside out view as well. But great to see you my friend. I look forward to chatting to you again soon.
[62:18]
C
Oh, my pleasure. Thank you.
[62:21]
A
That was HD More there from Run Zero in this week's sponsor interview. Big thanks to him for that. And yeah, you can find Run0. Just google Run01 word and you are going to find it. It's an excellent tool and I highly recommend you go and play with it. But that is it for this week's show. I do hope you enjoyed it. I'll be back soon with more security news and analysis, but until then I've been Patrick Gray, thanks for listening.