Podcast Summary: Talkin' About [Infosec] News, Powered by Black Hills Information Security
Episode: LIVE FROM WWHF DENVER 2025
Release Date: February 12, 2025

Introduction and Swear Jar Initiative

The episode kicks off with a humorous yet purposeful segment about maintaining decorum during the live broadcast. Host John Strand introduces a swear jar to offset the costs associated with swearing, emphasizing, “[Swearing] is bad. It's like violence. Violence is never okay” (00:01). Despite initial resistance from Ryan, who counters, “Swearing is caring” (00:12), the team engages in playful banter about their commitment to keeping the conversation professional, even amidst heated discussions.

AI Vulnerabilities: Deep Seek AI Jailbreaks

Ryan delves into concerns surrounding Deep Seek AI, highlighting recent research by Cisco security experts who successfully “jailbroken [Deep Seek AI] to answer all of the harmful prompts” with a “100% success rate” (04:14). The hosts debate the implications of such vulnerabilities, contemplating whether popular culture — notably the TV show "Breaking Bad" — may have influenced the AI's capabilities in generating illicit content like meth recipes.

Megan interjects, questioning the necessity of AI for such tasks, suggesting, “We don't need Deep Seek” (05:00). The discussion broadens to compare Deep Seek’s security flaws with other AI models like ChatGPT, noting that while Deep Seek may be uniquely susceptible, the broader issue of AI vulnerabilities remains a significant concern.

Corey adds to the conversation by illustrating how simple encoding techniques, such as Base64, can be exploited to bypass AI safeguards, likening it to a “modern Trojan horse” (08:29). This segment underscores the constant arms race between AI developers and those seeking to exploit these systems.

Privacy Concerns: Deep Seek’s Data Handling

The team shifts focus to privacy implications, particularly regarding Deep Seek AI’s data transmissions to China. Ryan raises critical questions about the sensitivity of AI queries being sent internationally, pondering the potential risks associated with such data flows (06:21). The conversation touches on geopolitical tensions and the trustworthiness of international data handling practices.

Data Breaches: Globe Life and Grubhub

Transitioning to recent data breaches, Ryan reports on Globe Life’s incident affecting 850,000 individuals and Grubhub’s previous security compromises (34:54). The hosts discuss the nature of the leaked data, including personal information like gate codes and delivery addresses, highlighting the real-world dangers of such breaches. John Strand reflects on past experiences, emphasizing the importance of comprehensive logging and monitoring to detect unauthorized data exfiltration (15:00).

Social Media Security: Facebook’s Missteps with Linux Links

A significant portion of the episode is dedicated to Facebook’s misguided attempt to ban Linux-related links, erroneously categorizing them as cybercrime (15:25). The hosts speculate whether this was an automated decision driven by AI moderators or a conscious policy choice, ultimately leaning towards the former given Facebook’s recent layoffs in their content moderation teams (17:06). John Strand highlights the broader implications of such actions, including the shadow banning of influential figures like John Hammond for sharing educational content on his platform.

Remote Monitoring Tools Vulnerabilities: Simple Help RMM

Ryan introduces the topic of Remote Monitoring and Management (RMM) tools, specifically addressing the Simple Help RMM’s security weaknesses (36:13). The discussion covers how outdated or improperly secured RMM tools can become entry points for hackers, emphasizing the necessity of regular updates and stringent access controls. Corey advises on best practices, such as auditing open ports and removing unnecessary agents to mitigate these vulnerabilities (37:07).

Bypassing Windows Security: Mark of the Web Exploits

The conversation turns technical as Ryan explains the “Mark of the Web” (MOTW) feature in Windows, which dictates how files are treated based on their source (31:28). He details a vulnerability in 7-Zip where double-zipping can bypass MOTW protections, allowing malicious macros to execute without detection (31:13). The hosts brainstorm potential patches and the endless cycle of exploit discovery, humorously likening it to a “chaos monkey” scenario (42:14).

SSH Backdoors and Chinese Threat Actors

Ryan presents an analysis of SSH backdoors employed by Chinese threat actors, as documented by Fortinet (38:48). The malware modifies SSH daemons on compromised systems to establish persistent command-and-control (C2) channels. The hosts discuss the sophistication of these attacks and the recommendations to disable outbound SSH traffic unless absolutely necessary, reinforcing the mantra, “Don’t allow SSH outbound entirely” (41:19).

Governance, Risk, and Compliance (GRC) in Security

The hosts engage in a deep dive into governance and compliance issues within government agencies, lamenting how high-level executives can bypass security controls, leading to significant vulnerabilities (27:02). John Strand expresses concerns about the erosion of established security protocols, advocating for nonpartisan vetting processes to maintain data integrity and trustworthiness in legal settings (28:58).

Concluding Remarks and Support for the EFF

As the episode draws to a close, the hosts reflect on the chaotic state of modern cybersecurity, urging listeners to remain calm and focused despite ongoing challenges (31:13). John Strand makes a heartfelt appeal for supporting the Electronic Frontier Foundation (EFF), emphasizing their pivotal role in defending digital rights and maintaining privacy standards. “[...] please get out there and support the EFF, because we're talking about, you know, digital rights” (43:30).

Notable Quotes

• John Strand: “Swearing is bad. It’s like violence. Violence is never okay.” (00:01)

• Ryan: “Swearing is caring.” (00:12)

• Ryan: “There’s a 100% success rate” in jailbreaking Deep Seek AI (04:14)

• John Strand: “We all have someone kicking out the jams in our monitors up here.” (01:37)

• Megan: “We don't need Deep Seek.” (05:00)

• Corey: “Don’t necessarily trust the devices to log themselves.” (08:29)

• John Strand: “Once you panic and worry, you suffer twice.” (31:13)

• Ryan: “Don't allow SSH outbound entirely.” (41:19)

• John Strand: “Please support the EFF, because we're talking about digital rights.” (43:30)

Key Takeaways

1. AI Security: Deep Seek AI’s vulnerabilities highlight the ongoing arms race in AI security, emphasizing the need for robust safeguards against malicious exploitation.

2. Data Privacy: International data flows, especially involving sensitive AI queries, pose significant privacy risks that require stringent oversight.

3. Data Breaches: Recent incidents at Globe Life and Grubhub underscore the persistent threat of data breaches and the critical importance of comprehensive security measures.

4. Social Media Moderation: Automated content moderation can lead to unintended consequences, as evidenced by Facebook’s mishandling of Linux-related content, raising questions about AI’s role in policy enforcement.

5. Remote Management Security: RMM tools like Simple Help necessitate diligent updates and access controls to prevent them from becoming entry points for cyberattacks.

6. Windows Security Bypasses: Exploits such as the MOTW bypass through double-zipping illustrate the continual evolution of attack vectors and the need for proactive patch management.

7. Governance and Compliance: High-level executive access privileges without proper vetting can undermine organizational security, emphasizing the need for nonpartisan and thorough compliance processes.

8. Support for Digital Rights: Organizations like the EFF play a crucial role in safeguarding digital rights, privacy, and compliance, warranting active support from the cybersecurity community.

For more insightful discussions on the latest infosec news, attacks, and breaches, tune into the Black Hills Information Security podcast weekly.