SANS Internet Stormcast Feb 10th 2025: Podcast Anniversary; SSL 2.0; Exposed Deepseek Installs; Crypto Scam costs

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9316.mp3

previous

next

Podcast Anniversary; SSL 2.0; Exposed Deepseek Installs; Crypto Scam costs

00:00

iTunes

MP3 Download

RSS Feed

Google

Podbean

Amazon Echo

YouTube

Spreaker

Spotify

Discussion

Login here to join the discussion.

Podcast Transcript

 Hello and welcome to the Monday, February 10th, 2025
 edition of the SANS Internet Storm Center's Stormcast. My
 name is Johannes Ullrich and today I'm recording from
 Jacksonville, Florida. Today as I'm recording this, it's
 also the 16th anniversary of this podcast. Started all
 February 9th, 2005. Didn't actually realize it's already
 that long running. Hope you'll enjoy it. Actually, thanks for
 some of the feedback that I've gotten based on my request on
 Friday. But well, it's not just the podcast that's having
 its birthday today. So does SSL version 2. And Jan on
 Friday took a closer look at how many SSL version 2 servers
 are still connected to the Internet. The absolute number
 may surprise people. It's 423 ,000 IP addresses according to
 Shodan. Well, however, it is really only a very miniscule
 percentage of all the HGP servers exposed to the
 Internet in total. So I think this 400,000 number sounds a
 bit more scary than it actually is. However, one
 thing that Jan points out is if you are finding a web
 server that still supports SSL version 2 in your environment.
 We're talking about SSL version 2, not SSL version 3.
 Chances are that this web server is overall running very
 out of date software. The protocol SSL version 3 started
 to be deprecated 14 years ago in 2011. So that essentially
 means that this particular device, this particular
 software has not really received any major updates for
 at least a decade. With that in mind, if you do find any of
 these devices, let me actually know what you find. I have to
 take a closer look at the Shodan data. I suspect a lot
 of things like webcams and such that are probably
 compromised already anyway or other sort of IoT style
 devices. And as so often, probably they're just waiting
 for the patch via Power Search. And yes, we still have
 to talk about DeepSeek. There's still a lot of
 DeepSeek news that has come up in the last few days. Now,
 before I dive into some of the issues here, I want to pre
 -phrase this a little bit in that these issues are
 affecting a lot of AI models. In particular, if they're
 installed in a hurry by hobbyists or pretty much
 without sufficient controls around these models. So with
 that, just a couple of the issues here. Number one, that
 apparently there are several thousand of DeepSeek instances
 that are exposed to the internet via OLAMA. OLAMA is a
 framework that can be used to easily run these kind of AI
 models. Basically provide an easy-to-use GUI for it. You
 can do the same with open AI models and such. So this is
 not something that's specific to DeepSeek and probably
 should not be done without specific controls around it
 for any model like this. Also, there are still a lot of
 analysis of the model itself and what features it may have
 when it comes to, for example, censorship and the like. Well,
 most models have some kind of parameters around what answers
 they will or will not provide. Of course, that often depends
 on what the model is being built for. We have on the one
 end some of the models, specifically, for example,
 designed for creating malware that don't have a lot of
 controls around it. With the DeepSeek model, of course, a
 lot of the controls are based on some of the political
 constraint around it coming from China. The last thing is
 also that the model is, of course, reporting home and
 also sending data unencrypted. Again, this is not that
 terribly unusual if you are using a web application in
 order to interact with a model. That web application
 usually does extensive logging. It often has a lot of
 JavaScript that will, for example, collect keystrokes in
 order to interact with the model's APIs. With that being
 said, well, it comes back down to a supply chain issue. As
 always, you have to trust your supply chain. So if you don't
 trust the entity the model comes from, you definitely
 shouldn't use it. There's also been some new work with
 HackingFace, for example, that there are a lot of models in
 HackingFace that are either just vulnerable or outright
 include things like backdoors or malicious content. And
 there's always a very fine line between vulnerability and
 the backdoor. We always have talked about backdoors if it's
 an official kind of support password or a password that
 was sort of added without telling the user about it. But
 sometimes the real backdoors aren't really that easy to
 spot. They're really just built as an authentication
 bypass that could plausibly be attributed to just bad coding
 versus actual malicious intent. And then a quick
 follow-up to the dual signature crypto wallet issue
 that I talked about last week. Well, did he now actually try
 to set up a wallet like this? It turns out you actually have
 to pay $23 to the drone network in order to configure
 a wallet like that. That sort of supports these dual
 signatures. Also, if you check out the podcast episode on
 YouTube, just by using the respective keywords, it
 attracted some additional spam, scam comments to that
 particular YouTube video. I left them up on purpose just
 to show basically what's coming in there. Doubt anybody
 will fall for it given that I'm talking in that episode
 about just that scam. Not sure if YouTube will eventually
 remove them. I'll only sort of try to keep sort of one of
 each type alive, not too many of them. Well, that's it for
 today. Thanks for listening and talk to you again
 tomorrow. Bye.