Security Now 1084 transcript
Please be advised that this transcript is AI-generated and may not be word-for-word. Time codes refer to the approximate times in the ad-free version of the show.
Leo Laporte [00:00:00]:
It's time for Security now. Steve Gibson is here. Lots to talk about some more vulnerabilities in Firefox. Steve has a theory about Microsoft's AI. F5 has some emergency updates. And we'll talk about malicious bad guys in your own network. The malicious proxy networks. That's all coming up next.
Leo Laporte [00:00:25]:
Security now
Steve Gibson [00:00:28]:
podcasts you love from people you trust.
Leo Laporte [00:00:33]:
This is Twit. This is Security now with Steve Gibson. Episode 1084 recorded Tuesday, June 23, 2026. The residential proxy threat. It's time for Security now. Yay. You've been waiting all week. Tuesday's here and so is Steve Gibson the man of the day, of the, of the minute, of the second.
Leo Laporte [00:00:59]:
It is time to talk about privacy, security, computers and all of that. Hi. What are you doing there?
Steve Gibson [00:01:05]:
I've lost my fingerprints apparently.
Leo Laporte [00:01:08]:
I, that's not good. Or is it?
Steve Gibson [00:01:10]:
No, my, my iPads, I still have some iPads that are finger rather than
Leo Laporte [00:01:15]:
camera mini is still that way and I prefer that especially.
Steve Gibson [00:01:18]:
Yeah, I, I like it a lot and I cuz I got one I kept waiting to like see if Apple was going to rev it and it's like okay, I can't because the one I had, if you took it off of the plug it was on life support and it would just. Well actually what happened was the. Some of the software that I want to use like Claude's iOS app and the dumb, the dumb thing from my thermostats, they don't run on the iOS that's so old which is the last one that that mini that that pad will operate on. So it's like okay, I was kind of forced to forward anyway so because I've been, I've been terminating Cat 5 cables and you know, untwisting twisted pairs and straightening them out and pushing them through the Cat 5 connector. I, I've kind of worn off my fingerprints in the last couple weeks. So anyway, that's what's going on. We're going to talk about the surprisingly serious and growing threat from residential proxies. We've, we've been touching on this recently because it's kind of been in the news.
Steve Gibson [00:02:29]:
Well, there's essentially a recent explosion in the use of proxy networks because bad guys need to arrange to appear somewhere else that there's, there's a, a been on. We've heard me talking about like why would you let Russians coming. You know, people in Russian IP space have any idea that you have an SSH server? Sure. You got it protected with certificates and a really crazy password and multifactor authentication. But why should your SSH server even accept a connection from Russia? When are you planning to visit there? So the point is that there's an increasing awareness of the value of geo locking, IP filtration, which means that the bad guys have to work around that. How do they do that? They bounce their traffic off of unwitting people in the country that they want to target. Anyway, lots going on there. We're going to talk about there's.
Steve Gibson [00:03:41]:
It was interesting to me this, this awareness of the growing concern of AI's impact on cyber attacks is hitting the mainstream press. The Wall Street Journal had an article that I want to share parts of and, and, and interject some thoughts into. Also, it looks like maybe Mythos missed some important vulnerabilities in Firefox, which is interesting because what Also every recent Patch Tuesday has had an attack by the Microsoft's nemesis nightmare Eclipse and that happened again. So we'll take a look at that.
Leo Laporte [00:04:30]:
He is really a thorn in the side.
Steve Gibson [00:04:32]:
Oh my God. It's like, why doesn't someone at Microsoft just say okay, what do you want? Like we're sorry. Would you like a public apology? Would you like a Winnebago? You know, what can we do for you to solve this problem? Because I mean it's got to be expensive for them. They're, you know, they're rattling their sabers and threatening and that, that threat really did rub me the wrong way as well as most of the rest of the security industry because they're threatening someone over revealing something in software they have shipped containing about a bug that they put into the software. It's like, how is that this guy's fault for like not, you know, yes, he's not going by the unwritten rules, but they're unwritten and you know, we just sort of made them up to help you Microsoft, not for you to like, you know, sue people over them. I mean I'm sure that if you dissected their license agreement in the fine print it would say something like, you know, you agree by ever letting this software touch your computer that blah blah, blah blah prop. So you know, there's probably a technical basis for it, but that's not the way to solve the problem. Anyway, we've got a really interesting massive store of known to be valid fortigate VPN credentials found.
Steve Gibson [00:05:58]:
You know, Fortinet is a, is a leading supplier of of border gateway devices for to gate is their VPN server and someone's been getting into them and hoarding the credentials. We'll take a look at that. Also, F5, which purchased the company that was. That was creating and publishing the nginx web server. They just pushed some emergency updates which are important. I've decided to introduce what I will call the AI potpourri section of the podcast, much as we've had, you know, listener feedback and so forth, which of course will always have, because I wanted a place to talk about just random AI stuff that was of interest in this case. It's a listener of ours and I may have referred to him in like last week or the week before because it was interesting. He arranged to.
Steve Gibson [00:06:59]:
Will is his first name will get to him, deeply altering his AI's personality, instructing it to basically act like Agent Smith from the Matrix. I do remember that I talked about it last week. I have in detail what he told his AI. And then I asked him for some sample prompts and so that I could see. So that we could all see how the AI replied. It's pretty fun. So I'm going to share that and I have a feeling that a lot of our listeners are going to take this up. Then we're going to, as I said, take a close look at the explosion in malicious proxy networks.
Steve Gibson [00:07:40]:
And then just in the news, as I was finishing this, a judge in Canada okayed something that I didn't think we would see. So we. Lots to talk about. And of course we have a picture of the week, which will be fun. We've wandered far afield from anything having to do with security. Like, you know, okay, the gate in the middle of the field that was. Or. And the sheeps standing behind it patiently waiting for it to open.
Steve Gibson [00:08:10]:
You know, I guess we'd already sort of lost the thread there, but this one's fun for anyone who's married will understand this.
Leo Laporte [00:08:19]:
I have a question for you before we get to the picture of the week and our first sponsor of the week, and I just wanted to run something by you. The Economist is reporting that in testimony to the Senate, the head of the NSA told Senator Mark Warner that one of the reasons Mythos and Fable were banned by the Trump administration is that it had breached almost all of the NSA's classified systems within a few hours during a Red Team test. Now, I have no reason to think that Joshua Rudd, the head of the NSA and U.S. cyber Command, was lying to Mark Warner or that Mark Warner misrepresented it. Rudd, according to the Economist, told Warner that this tool broke into almost all of our classified systems. Not in weeks, but in Hours. Except that that tells me the NSA's classified systems are buggy as hell. Yeah.
Steve Gibson [00:09:24]:
I'm, like, disturbed that that's not.
Leo Laporte [00:09:29]:
To me, it's not disturbing that Mythos did that Mythos is capable that it's disturbing that they had such buggy, classified systems.
Steve Gibson [00:09:37]:
And what we know is that we haven't actually yet seen evidence of superhuman performance from any of the AI Most.
Leo Laporte [00:09:49]:
That's what everybody's saying.
Steve Gibson [00:09:50]:
It's just endurance. If. If you got really good hackers and told them, well, you're you, we got a million dollars here for you, you know, mo. You know, sufficiently motivate them, they can do what the AI could do. It's not like the AI can do stuff no one has ever seen before.
Leo Laporte [00:10:09]:
Yeah.
Steve Gibson [00:10:10]:
So that's really interesting.
Leo Laporte [00:10:13]:
Yeah. It would certainly explain the ban. But as. And we had Alex Stamos last week on intelligent machines, except they're not that far ahead. That's what Stamos has been saying. And Stamos, by the way, that letter, it's freefable.org, that open letter to the White House had signatories, hundred signatories, including Paul Vicksie, one of the founders of the Internet. I mean, just like really good cryptographers.
Steve Gibson [00:10:43]:
A real who's who.
Leo Laporte [00:10:44]:
It was a who's who. And one of the contentious was it's not doing anything that other models can't do.
Steve Gibson [00:10:50]:
Right.
Leo Laporte [00:10:51]:
In fact, OpenAI apparently has its next generation of ChatGPT ready to go 5, 6. That has. They call it ChatGPT Cyber that does many of the same things. So.
Steve Gibson [00:11:02]:
And I have a sense that although Microsoft is not talking about that codename EM Dash, which I wish they would just rename from what we know of it, I think it beats all of this.
Leo Laporte [00:11:16]:
It found a lot of those vulnerabilities from the giant patch Tuesday last week.
Steve Gibson [00:11:20]:
I think what Microsoft has is already in the next generation class. They've talked about letting other people experiment with it and turn it loose. So. So the point is, I mean, there is so much money and so much focus and so much promise that you. I don't think I've ever seen the human race more motivated about something. I really. Except maybe solving Covid like a God, like we. We need to, you know, cure Covid quickly, get a vaccine.
Steve Gibson [00:11:52]:
You know, there was mobilization, but. But here it's like, wow,
Leo Laporte [00:11:59]:
it's going to be an interesting year, isn't it, Steve? Oh, boy, aren't you glad you're watching security now? And if you're Not a subscriber to the show yet. You really ought to be. It's free. Just subscribe on your favorite podcast client. And if you want to support us, of course, join the club. Twitter tv Club Twit. Or you can pay for individual episodes in Apple's podcast app. I think Spotify also has that built in.
Leo Laporte [00:12:24]:
We'd prefer, of course, you subscribe to the whole network and support everything we do. But I think more important, more and more important, the stuff we're doing here. Not only security now, but in intelligent machines and on the Twitter flagship show. This is going to be a very interesting 2026 end picture of the week time. Mr. G. I will. I have not looked.
Leo Laporte [00:12:46]:
I am a husband,
Steve Gibson [00:12:50]:
so I. Go ahead. I. I gave this picture the caption too much paint was being returned by well intentioned husbands.
Leo Laporte [00:13:01]:
And it is. I see a True Value Hardware store sign.
Steve Gibson [00:13:04]:
Yes.
Leo Laporte [00:13:10]:
This I know from actual experience, and I bet you do too.
Steve Gibson [00:13:16]:
Tell us we're in somewhere where this is a. Somewhere in a place called Healy is a True Value hardware store. And they've got one of those signs where they use the plastic letters that they stick on in order to, you know, like, you know, happy Father's Day or you know, yay, 250 years for the U.S. anyway, this one says, men choosing paint must have note from wife.
Leo Laporte [00:13:47]:
So I'm sure it's just a joke. I'm sure they're not serious.
Steve Gibson [00:13:50]:
I think that's probably true, but it makes the point that all of, all of us, all of we all know married. Yes, it is true.
Leo Laporte [00:14:00]:
You're lucky because your, your walls, your new walls are all painted white.
Steve Gibson [00:14:04]:
White. No. But as every husband knows, Sundance. Yes.
Leo Laporte [00:14:09]:
White is not white. There is eggshell white. There's a crew. There's white with a little gray in it. I don't know what that's called. That's really. Yes. I don't know if this happened to you, but whenever the contractors, and we've had many come to our door and I open it, they say, is Lisa here? Same thing, same reason.
Steve Gibson [00:14:35]:
Well, and, and our, our contractors just this morning had this experience where we had some, some previous cabinets that we wanted to be mounted in the, in the garage. And I said, okay, put them in the back corner. And so they started to, you know, screw them into the back corner. Lori came out and said, oh, that's all wrong. Oh, God.
Leo Laporte [00:14:56]:
Okay. That's why they always say we've been
Steve Gibson [00:14:58]:
saying it's going to be in the corner. Honey. No, no, I got Stuff that has to go, go to the left of those. So they have to come out about a foot and the workers kind of look at me and they look at her and I go, she's the boss. So yes, Lisa and I had this
Leo Laporte [00:15:11]:
debate because they call me El Jefe. And I say, and they call you La Patrona. I said, doesn't El Jefe outrank La Patrona? She says, no, La Patrona is the highest rank. That's the four star general of the job. All right, what are we talking about today?
Steve Gibson [00:15:30]:
Okay, so I've been seeing more and more of the non technical popular press beginning to rouse to the idea that AI is not just about chatting with an agreeable buddy, but that is, it is also enabling a new, darker side. And this has of course, been something we've already spent significant time looking at. But I wanted to share a sample of what the non security focused press is saying. One week ago, the publication the Atlantic. Oh, I thought I mis remembered that. I thought it was the Wall Street Journal. But anyway, the Atlantic, they ripped the band aid off this with their headline, assume you will be hacked. Which was then followed.
Leo Laporte [00:16:20]:
Yeah, that's terrifying.
Steve Gibson [00:16:21]:
Followed by the. Yeah, it's like, hey, everybody, just give up. Just step away from your phone or your computer. They followed with the tease. AI is enabling a deluge of cyber attacks the likes of which we've never seen before. And of course, apparently the NSA would agree with them and, and that position.
Leo Laporte [00:16:44]:
Yeah.
Steve Gibson [00:16:44]:
So the.
Leo Laporte [00:16:45]:
Yeah.
Steve Gibson [00:16:46]:
The author of this wrote late last month. Oh, and he's writing in the first person. He said, late last month I began to consider withdrawing some money from my savings account to buy gold. Whoa. He says, it's the first time I've ever thought about panic buying. For all the firewalls and two factor authentication codes, the. The safety of the Internet is starting to falter. Hackers are gaining the upper hand over organizations around the world.
Steve Gibson [00:17:19]:
Hospitals, energy grids, government agencies, and yes, banks. As AI tools have become extremely good at writing code, they've also become extremely good at pulling off cyber attacks. He says Malware, after all, is still software. The reason has been a change in the scale, speed and sophistication of hacks. That's difficult to overstate. Among its tens of thousands of clients, the cybersecurity firm Palo Alto Networks identified a fourfold increase in daily attacks from 2024 to 2025. Hackers are developing AI enhanced computer viruses that adapt on the fly to avoid detection. They're automating cyber espionage campaigns on foreign Governments, they're stealing data in minutes instead of hours.
Steve Gibson [00:18:16]:
And Leo, none other than Alex Stamos, he writes, a former chief security officer of Yahoo and Facebook, told me, quote, there's a crazy amount of offensive activity happening right now. Companies are getting hacked every single day. Yeah, yeah, I'll pause to note that. You know, everybody knows my position on this, right? My feeling is these are the chickens that are finally coming home to roost. Yes, massively wealthy companies such as Microsoft and Cisco have been far more focused upon adding new features which obsolete their current products, rather than investing in the security of their current offerings. You know, I was like, oh, we're sorry, we're no longer offering support for the equipment we previously sold you and profited from. And just to verify how big a sucker you are, we suggest you do that again. Look at this shiny new product that pretty much does the same job as the old one, which now, sadly, oh, boo hoo, is no longer secure.
Steve Gibson [00:19:30]:
Right. I have very little sympathy for mega corporations who rely upon the charity of other researchers to find the flaws that should never have shipped in their products to begin with. They've all been quite willing to ship flawed products and just hope for the best. Since all of this Internet stuff began, the industry has limped along, existing in a state of precarious balance. And now AI is indeed threatening to rock that world by upstate, by upsetting that status quo. So the Atlantic continues and oh boy, are they singing my tune. They wrote, if the NSA is perturbed by the rise in cyber attacks, which it apparently is, then surely my savings he's talking about in the bank are vulnerable. There could be any number of weaknesses in my bank's IT systems to directly hack.
Steve Gibson [00:20:32]:
Or perhaps an AI written phishing email targeted at an employee, personalized to sound like a family member or manager could let attack let hackers into the bank and empty my coffers. Even if the bank has great cyber security. An attack on another business, a medical clinic I visit, a car rental company, a newsletter subscription, could steal my payment information and potentially much more. The attack angles are seemingly infinite, and no one is adequately prepared. Adequately prepared. The term software engineering has always been an insult to the level of rigor demanded of mechanical, Civic, and other engineers. Computer programs can be riddled with vulnerabilities and run just fine for years or decades, as much of the software underlying the web has done just that. Stamos, who's now the chief security officer at the AI coding company Corridor, said, quote, we've just been writing software in a totally Slap dash and insecure way for decades now, unquote.
Steve Gibson [00:21:51]:
With some small high stakes exceptions such as software used on the International Space Station or nuclear submarines, code is written and and deployed without much rigorous testing. If a bug is reported, okay, it gets patched. Such a relaxed security posture has been more or less fine because discovering vulnerabilities is difficult and skilled hackers are few in number. Either nobody found the bugs or nobody was able to exploit them. But traditional cybersecurity methods don't cut it anymore. Before you might scramble for a week to patch a hole, Giovanni Vigna, a cybersecurity expert at UC Santa Barbara, told me, quote, now you could have hundreds of those every week. Moody's Ratings has found that the time attackers take to exploit a publicly known vulnerability, the digital equivalent of a robber plotting how to get around a bank's guards and cameras after obtaining a key, fell from more than 700 days in 2020 to just 44 in 2025, faster than the average time cybersecurity teams take to make to to patch the bug. Governments and major companies are on high alert for AI enabled cyber warfare.
Steve Gibson [00:23:20]:
The wake up call came this spring with the announcement of two extremely advanced cyber models. We all know where this is going, right? Claude Mythos Preview from Anthropic and the analogous GPT 5.5 cyber from OpenAI soon after. Many independent cybersecurity experts have told me, he writes, that these models are as or nearly as skilled as elite human hackers, which is why Anthropic and OpenAI did not release them publicly. Instead, the AI labs have granted a small number of partner organizations and government agencies exclusive access to the unrestricted versions of these cyber models in the hopes of shoring up their IT systems. And I guess now the NSA we know is among those. And yeah, let's hope the NSA tightens things up. And this month, he writes, Donald Trump signed an executive order to expedite just that. That is the shoring up of IT within government.
Steve Gibson [00:24:27]:
Using these models, organizations can guard against the coming deluge of AI enabled hacks, most notably by using AI to detect and resolve vulnerabilities before cybercriminals could exploit them. Anthropic has itself used Claude Mythos Preview to find thousands of bugs in open source software packages, many of which went undetected for years or decades that undergird much of the Internet. Mozilla used Mythos to fix more than 400 bugs in the Firefox web browser in April, roughly 20 times more than it fixes in a typical month, and having an AI agent monitoring for intruders 24. 7 could be far more effective than periodic cyber security audits. If you've been noticing more frequent updates in your web browser work software smartphone apps it might well be because software companies are now using AI to scan their software for bugs. But if anything, these efforts are late. Even though they're not as powerful as Mythos, plenty of free and open source AI hacking tools are allowing criminals with little technical expertise to marshal the equivalent of an army of hackers at their fingertips. Tools from Google, Anthropic and OpenAI and have guard rails intended to prevent them from being used for hacks.
Steve Gibson [00:26:03]:
But they're not perfect. All three companies have reported more and more sophisticated hacking attempts using their AI models. When the Courseware Canvas was attacked last month, upending classrooms in thousands of schools and universities worldwide, AI likely played a role so and the criminal group responsible, a notorious hacking ring called Shiny Hunters is known for using AI in all sorts of scams. Just weeks later, Google cybersecurity researchers reported that Shiny Hunters had hacked into an Oracle HR system and may have stolen data from more than 100 organizations. Meanwhile, the Trump administration has forced Anthropic to revoke all public access to the latest version of Mythos, taking away perhaps the most powerful cyber defense tool we have from both the government and private sector. That does not mean you should withdraw your life savings and buy gold, but a tremendous amount of change needs to happen in a very short period of time. Open source AI models will soon catch up to mythos and GPT 5.5. The Internet needs upgrades at quote at a Y2K like scale unquote, Rafi Kakorian, the chief technology officer at Mozilla, told me, referring to a widespread fear that computer programs interpreting the digits 00 to mean the year 1900 rather than 2000 would bring down the web.
Steve Gibson [00:27:47]:
Of course, Y2K but IT professionals spent years preparing for and ultimately avoiding a Y2K apocalypse. He said with AI we have months. No one company or government can demand the requisite collective action rapidly enough to complete completely secure our digital infrastructure. Wendy Whitmore, the chief security intelligence officer at Palo Alto Networks, told me, quote, there's no way organizations across the globe are going to patch everything that needs to occur within the next three to five months. At the same time that bots are making hackers more capable, the technology is also making the Web less robust to attacks. Coding agents due to their propensity to hallucinate frequently, write insecure code and humans in the thrall of vibe coding usually don't take the time to verify it. Spotty AI code has, for instance, reportedly caused multiple outages in Amazon's e commerce services. Meanwhile, the AI models being integrated across the web and into Amazon, Google, your bank's customer service department and more are themselves new, untested and vulnerable to all manner of creative attacks that allow hackers to request passwords and personal information.
Steve Gibson [00:29:19]:
A few weeks ago, a group of cybercriminals basically just asked Meta's customer service AI to give them access to some 30,000 Instagram accounts, including the Sephora corporate account and the defunct Obama White House account. And the AI obliged. Some of our internal backend checks failed in this instance, but it wasn't due to the AI agent itself and we've addressed the underlying cause, wrote Andy Stone. A Meta spokesperson told me. The near future, he writes, is very likely to involve more frequent and more severe outages and hacks, just like those affecting Canvas, Meta and Amazon. Vigna said we will see more of these disruptions. I think it's inevitable in the short term. Smaller but crucial companies and organizations that are not web native think power plants, municipal government agencies, credit unions are especially vulnerable.
Steve Gibson [00:30:29]:
They may be running all sorts of clunky legacy code and lack the IT capacity or the financial resources to make the necessary upgrades. In many cases, the person who wrote the bulk of an organization's software might be retired or dead. Take hospitals, many of which are already struggling to combat data breaches and ransomware attacks. Hospital IT systems are full of valuable data, health and financial data, and the incentive to pay a ransom is high when patients lives are on the line. Quote it's not a matter of will to increase. It's not a rudder of will to increase cybersecurity for hospitals. John Riggy, the national advisor for cybersecurity and risk for the American Hospital association, told me it's a matter of resources and capabilities. AI, he said, will make everything worse and the greater burden is always on the side of the defense.
Steve Gibson [00:31:40]:
Missing just a single vulnerability can permit a catastrophic attack. An anthropic person told me that, quote Hospitals, utilities and smaller banks run on software built by others, which Mythos is helping. Secure. Software upstream protects the organizations downstream that don't have the resources to staff their own security research team Mozilla's Kakorian said, quote, a worst case scenario over the next year or so might look like blackouts across the United States, telecommunications companies being hacked or our banking systems dealing with people losing money left and right. Every cybersecurity expert I writes this person spoke with for this story concurred. The next few months, couple of years or even longer is going to be rough, whitmore said. I hope it's not a catastrophic outage, but I'm concerned that 2026 really could be the year that we see some sort of attack like that become very successful. Anthropic estimates that a major cyber attack on just one of its 200 or so partner organizations could affect at least 100 million people.
Steve Gibson [00:33:07]:
Collective action aside, some precautions exist that individuals can take short of liquidating into gold, many of them are basic okay Use a password manager that auto generates long passwords, keeping software updated, restarting devices to wipe viruses from their short term ram, be extra wary of all sorts of phishing, text and other low level scams. And you might consider simplifying your digital life by switching to a Chromebook, certain tablets, or another gadget that is a thin client, meaning that very little software and data are stored on the device. Finally, even in the most catastrophic scenarios, perhaps we can ride out the AI hacks. No one knows just how many bugs are out there. If there's a limited pool of vulnerabilities online, things will settle down once they're all found, whether by hackers or security audits. But Stamos said it's also possible that every time the top AI models reach a new threshold of capabilities, they discover a new pool of still more complex hacks. And so the chaos begins anew. So I think that the truest thing anyone can say at this point is that we have no idea what's going to happen.
Steve Gibson [00:34:33]:
But I wanted to share that to remind everyone that was in the Atlantic, not some security magazine, not some podcast, some, some security focused podcast. Our listeners know that everything I just read we've all shared on this podcast, right? There was nothing new here. Even the, the expectations and the sentiments and the understanding of, of the balance of, of good versus malicious, all of that is like yeah, we all know that. But this is now surfacing in stuff that other non techies read. So this understanding of what's going on, this awareness is, is now moving out into the mainstream. So you know when a hurricane scale storm is heading toward Florida, nobody knows exactly what the consequences will be because storms are chaotic and unpredictable. We just have a sense of like, oh this is a big one. So what's happening with AI is analogous.
Steve Gibson [00:35:42]:
We know without doubt that we have filled the world with insecure software. Stamos said the same thing. And we know that a large language model, AI is able to find many of the problems that have remained hidden in some cases for decades. Basically, it's about economics, right? We're not spending the money because these are hard things to find. AI makes them easier to find. So whose AI will be the first to discover a previously unknown problem? The good guys or the bad guys? And even if it's the good guys, remember that there and this is one thing that this guy did not note that we know about here on the podcast. The reality is that discovering the problem is, as formally phrased in the fields of logic or philosophy, it's necessary but not sufficient. You cannot fix a problem you don't know about, so knowing about it is necessary.
Steve Gibson [00:36:45]:
But the goal is to remove the existing defective software from the field and only doing that is sufficient. As I've noted before, Patch Tuesday is no longer a Microsoft only occurrence, right? Other companies have developed automatic software deployment systems, but the vast majority of buggy software that's currently deployed in the field is never updated. So even if publishers obtain new and improved AI enhanced AI debugged software, the sufficient portion of the equation will remain unmet. Necessary but not sufficient. If you fix the bugs but don't get them out into the field. I've noted how fortunate it is that all modern web browsers which present our personal machines largest and most exposed attack surface long ago incorporated asynchronous self updating technology. Thank goodness for that. And this leads us to our next interesting question which we will get to Leo after you chime in and we talk about a sponsor.
Leo Laporte [00:37:59]:
You know, I would quibble a little bit with Matteo Wong who wrote this piece in the article. First of all, if you buy gold, maybe if you store it in your house you're okay. But most likely when you buy gold, you buy it. It's no different than anything else. You're going to store it in some account somewhere and it's just as hackable as anything else. So I don't think buying gold is the solution. Growing your own food may be the solution, but not buying gold. The other thing is, and I wish this, you see this all the time.
Leo Laporte [00:38:27]:
He kind of conflates the the vulnerabilities we see with AI vibe coding, which is not really the case. That's not the problem here. The problem is, well know on this
Steve Gibson [00:38:39]:
show as humans is years of lazy programming.
Leo Laporte [00:38:43]:
And the Instagram case is a perfectly good example. It wasn't the helpful AI customer service agent that was the problem was the problem is that Instagram didn't require A second factor of proof. And that was their, their policy, not the AI's policy. So stop. And even Instagram told him it's not the AI dude, but he, he wanted to believe it. And I think this is the part. Some of the problem we have with AI's reputation these days, people claim it
Steve Gibson [00:39:14]:
and, and oh, although I did just see Leo, there was a, I can't remember now who, who did the survey. Chatbot use has now passed 50%. Yeah, everybody uses population, everybody.
Leo Laporte [00:39:29]:
I also saw surveys that only 18% of people trust the answers it gets from AI driven search. So, you know, they may use it, but they don't trust it. The other thing, you know, it's important to point out that AI is going to be in some regards, as you, as we've said on this show, this is a solution here. Yes, bad guys use AI, but AI is also, I mean, look, and you're going to talk about this just a bit. I mean, finding these problems and fixing them, problems humans cause, not, not AI. So yeah, you know, but you know, this is, as you point out, this is mainstream press. This is what real people read and, and see.
Steve Gibson [00:40:05]:
And yeah, yeah, it's hard to go wrong. It's hard to go wrong quoting Stamos, since he certainly knows he called the
Leo Laporte [00:40:14]:
right people, I must say.
Steve Gibson [00:40:16]:
Yeah, yeah.
Leo Laporte [00:40:17]:
As you know, Alex was a guest on our show last Wednesday on Intelligent Machines. I love, I love Alex Stamos. Now back to security. Now. Now you were saying that this self updating technology in browsers is really a good idea.
Steve Gibson [00:40:34]:
Thank goodness we have that in place. Yes, because that's been there for a long time. Because even pre AI, we recognized that the browser was being attacked. It represent the largest exposed attack surface that we have. As we know, when you go somewhere the browser is receiving JavaScript code which by design it runs like from some random foreign site that you have no, you know, reason to believe is not malicious and so there's danger. So. Okay, I got a kick out of the email from a listener of ours named Joey Albert who said he started out his note saying, looks like Mythos needs to run a few more times on Firefox. And that was followed in Joey's note by a link to a piece in Cybersecurity News from last Thursday which carried the headline Multiple vulnerabilities in Firefox 152 enable remote code Execution Attacks.
Steve Gibson [00:41:45]:
Whoopsie. We thought Firefox was fixed. Joey, of course, is referring to the fact that Microsoft was among the handful of companies to receive that early access to access to Claude Mythos Preview and as we reported using Mythos, Mozilla did indeed. In fact, the previous article in the Atlantic referred to the 400 bugs that were fixed, you know, 20 times more than was normal for the for the same type of cycle. Once they were all gone, which is to say once Mythos could find no additional problems, Firefox was presumed to be all fixed, right? It's like, okay, we found them all, but if so, where did all these newly discovered problems come from? So before I proceed to enumerate the changes in 152, which is now the current release, as I'm as I was writing this, I want to share what cybersecurity News had to say. So they wrote Mozilla has released Firefox 152 to address multiple high severity vulnerabilities that could allow remote code execution and sandbox escape attacks. The security Advisory published on June 16 highlights a wide range of flaws affecting core browser components and emphasizes the urgency for users to update immediately. Okay, well technically that's true, but as we know user thank goodness users don't need to do anything or it would be a disaster.
Steve Gibson [00:43:22]:
The next time they launch their browser, it will auto update, you know. So that's taken care of. The article continues writing Several of the patched vulnerabilities are classified now. These are again new vulnerabilities that Mythos missed the first time around. Classified as high impact, primarily involving memory safety issues, use after free bugs, and privilege escalation flaws. You know, the usual suspects. In other words, these vulnerabilities can be exploited by attackers through specially crafted web content, potentially allowing arbitrary code execution on affected systems. Notable high risk vulnerabilities include so we have a bunch of 2026 CVEs, so I'll leave off that preamble.
Steve Gibson [00:44:10]:
We have 12289 a privilege escalation flaw in the web render component that could allow attackers to gain elevated access. 12291 a use after free vulnerability in the HTTP networking component oops leading to memory corruption. 12293 a use after free issue in the web GPU component that could be leveraged for code execution. 12294-97 so 94, 95, 96, 97 multiple sandbox escape vulnerabilities impacting DOM workers, you know, document object model workers, navigation and process sandboxing mechanisms. 12299 a JIT, you know, just in time miscompilation bug in DOM and HTML components that could result in unpredictable execution behavior and additionally Microsoft reported several memory safety bugs 122909, 8, 12326 and 12328 that demonstrated memory corruption. They write Such flaws are particularly dangerous because attackers can exploit them to execute arbitrary code remotely. The presence of multiple sandbox escape vulnerabilities significantly increases the attack surface. In a typical exploit chain, an attacker may first exploit a memory corruption flaw to gain code execution within the browser, then use a sandbox escape vulnerability to break out of the browser's security boundaries and compromise the underlying system.
Steve Gibson [00:45:54]:
For example, combining 12291, which is a use after free with 12294 the sandbox escape in in Dom workers could enable a full browser to system compromise, which you know in practical terms means you go somewhere and your system has taken over. I mean, you've got bad code running in your machine just by visiting a website, they wrote. In addition to high risk flaws, Mozilla addressed several moderate and low severity vulnerabilities, including the Same origin policy bypass 12304 affecting cookie handling information disclosure issues in web GPU and password manager components multiple mitigation bypass vulnerabilities in DOM security mechanisms Denial of service issues meaning something crashes in media playback and graphics components numerous memory safety bugs across various modules. While these issues are less severe individually, they can still be chained with other vulnerabilities to enhance attack effectiveness. According to Mozilla's advisory, these vulnerabilities have all been patched in Firefox 152, Firefox ESR 140.12 and ESR, which is the one I'm using 1 1.5.37 because I'm still running that on my Windows machine, Windows 7 machine. Oh, and they also fix these things in Thunderbird 152 because of course when you're viewing a a an email that is HTML, it's also able to be basically a browser window. So the article concludes, users and organizations should update to Firefox 152 or later. Again, you don't have to do anything unless you turned it off for some reason.
Steve Gibson [00:47:46]:
Apply the latest ESR updates Enable automatic updates Monitor systems for signs of suspicious browser activity or exploitation attempts. The Firefox 152 update addresses a critical set of vulnerabilities, many of which could be chained to achieve remote code execution a full system compromise Given the presence of active exploit primitives such as memory corruption and sandbox escapes, timely patching is necessary for maintaining browser security. And again, don't have to do Anything. So I was curious to see whether anything was indicated about where these new real, very arguably very bad vulnerabilities came from. So I checked out the advisory in detail. What I discovered was that the totals, the, the, the, the total problems were 13 with it had a high impact rating, 18 were moderate and 9 was low impact. And most interestingly, Mozilla credited a wide range of human researchers for their responsible reporting of these discoveries. Two of the researchers discovered and reported two vulnerabilities each, while everybody else reported one.
Steve Gibson [00:49:11]:
So there was lots of security research input. And the researchers appear to be internationally spread with names that suggest origins in Korea, China, Vietnam, Japan and the Arabian Gulf. So how do we rationalize or how are we to understand Mythos missing these? I think there are a number of things going on. For one thing, remember that LLMs are still non deterministic. That temperature that we talked about way back in the beginning of all of this deliberately introduces some entropy, some uncertainty into LLM output by mixing a controllable amount of that of that derived entropy into the neural network nodes. So it might be exactly as our listener Joey Albert suggested when he wrote looks like Mythos needs to run a few more times on Firefox. I would not be at all surprised to see another run of Mythos finding things that it didn't see the first time. And yeah, infuriating as that might be, the output from this technology does have a random factor that will vary the model's output.
Steve Gibson [00:50:42]:
Ask the same prompt again, you get a slightly different answer. So slightly different looking in detail for software flaws is going to catch some and maybe miss some. But given the diversity of discoverers who are discovering many serious flaws that have never been found before and that we're seeing that no one has any particular secret sauce, meaning that Mythos, while yes powerful, is not particularly unique. I fully expect that these other researchers are pouring over Firefox's open source code through their own vulnerability, discovering LLM systems. I would imagine while these were, these were provided to Mozilla by humans, that they had an AI in the closet that was, you know, helping them make this possible. The one exception I would make to the, and this is referring to what I said before, the no one has any particular secret sauce notion is I really believe that Microsoft, with their accursedly named code name Em Dash system, probably I think it is special given what we know of it versus all the others. I think there's a very real likelihood that Microsoft has created something that significantly blows away any of the more generic vulnerability Discovery systems, you know, they weren't trying, as we know. Mythos was a general purpose AI meaning that you can ask it about the fall of the Roman Empire and get results.
Steve Gibson [00:52:27]:
Codename M Dash is, you know, a lash up. It is model agnostic, so you can plug different models into it. But, you know, they've, they've developed a very sophisticated system that, you know, Anthropic is not talking in detail about how, how the Mythos preview operates, but it just doesn't seem to me, it seems to me like this. They're going based on raw brute strength model power rather than on really finessing the way you ask the model to do its work. So why would any one system find something that another one did not? Well, we know how tuned large language models are to the way you ask the question. A lot of these jailbreaks are, are just phrasing what you want in a different way, sometimes in a surprising way and the model gets surprised into answering you. So I think it's a combination of the effects of this LLM model temperature, different model training in detail, and difference in the specific prompting that the differing models are given. In other words, the use of LLMs for software Vulnerability discovery is still very new and there are still a great many variables that can affect its results.
Steve Gibson [00:53:58]:
And so I think that's probably what we're seeing.
Leo Laporte [00:54:01]:
You know, it's unclear whether Mythos is still running, whether Project glasswing is still going or not. Right.
Steve Gibson [00:54:10]:
Or it had to be completely withdrawn even from the private partners. Right. You have to imagine that the administration still has access to it.
Leo Laporte [00:54:22]:
Well, it's so confusing. You know, when Trump was at the G7 summit, he met with Dario Amodei, the CEO of Anthropic, and apparently was somewhat appeased and said, yeah, no, I like Anthropic now. I like Mythos, but I still don't see a change in the ban. It's very confusing. It's just very confusing. The good news is it's given everybody the incentive to take a look at other models. And there's, you know, there's even some opening. There are other.
Steve Gibson [00:54:52]:
Yes.
Leo Laporte [00:54:52]:
That are very good. So, yes, it's just a matter of time. I mean, it's happening so fast now. So fast.
Steve Gibson [00:55:00]:
Yeah. Okay, so let's take one more break because I, I, I want to kind of space these out, but we're going to talk about Rogue Planet, which is the name of another problem, and you. And unfortunately, you know, who gives these things their great names?
Leo Laporte [00:55:20]:
Who?
Steve Gibson [00:55:21]:
Nightmare Eclipse.
Leo Laporte [00:55:22]:
Oh, he's obviously a fan of the famous Klatu Barata Nikto Forbidden Planet, right?
Steve Gibson [00:55:32]:
Yeah, that's right.
Leo Laporte [00:55:33]:
Is that. Am I right? Is that where that's from? I don't know.
Steve Gibson [00:55:36]:
No, that's the day the world was.
Leo Laporte [00:55:37]:
Day the world stood still, right? What's Forbidden Planet? That was Robbie Rob.
Steve Gibson [00:55:43]:
Klaatu was the name of that super
Leo Laporte [00:55:46]:
powerful robot and that was the message that you were supposed to give Klaatu
Steve Gibson [00:55:52]:
to so that it would not destroy the Earth.
Leo Laporte [00:55:54]:
Yes.
Steve Gibson [00:55:55]:
Yes. Please do not. Please do not destroy the Earth today.
Leo Laporte [00:56:00]:
You know kids, this is just something you got to look forward to when you get into your 70s. The things you remember are complete. Talk about probabilistic.
Steve Gibson [00:56:11]:
You don't know what you ate last night for dinner, but boy, do you remember Klato Barekto Necto Barata.
Leo Laporte [00:56:18]:
Necto.
Steve Gibson [00:56:19]:
Necto.
Leo Laporte [00:56:20]:
Yeah. Isn't that weird? Well, I just thought if ever I need to save the world, it's important that I remember that much.
Steve Gibson [00:56:26]:
So when I first saw that Rogue Planet was the name given to a newly discovered zero day for Windows and my first thought was that sure sounds like the naming favored by the hacker Nightmare Eclipse. And as it turns out, yes indeed. Last Wednesday, Bleeping Computer covered the story under their headline Microsoft Working on Defender Patch for Rogue Planet. Zero Day and Bleeping Computer wrote, Microsoft confirmed that it's working on a security patch for a Defender zero day vulnerability named Rogue Planet, disclosed one week ago. Now, one week ago was Patch Tuesday which and so of course these are strategically timed, right? The security researcher who published a Rogue Planet exploit during the June 2026 Patch Tuesday known as Nightmare Eclipse, said it affects fully patched Windows 10 and Windows 11 devices and allows attackers to spawn command prompts with system privileges via a Microsoft Defender race condition. He shared a proof of concept exploit in a self hosted Git repository, claiming that Microsoft had previously targeted and removed their repos hosting exploits on GitHub and Gitl. Nightmare Eclipse said, quote the exploit is a race condition, so it's a hit or miss. I've managed to get a 100 success rate on some machines while it struggled to work on others.
Steve Gibson [00:58:07]:
The proof of concept for Rogue Planet works regardless if real time protection is on or not. So it's a. It's he found some compromise in in Microsoft Windows Defender, the article says. Microsoft spokesperson told Bleeping Computer when asked for a comment at the time, quote While Microsoft is aware of their reported vulnerability and is actively investigating the validity and potential applicability of these claims Microsoft is committed to investigating security issues and updating impacted products to protect customers as long as possible. Which you know Micro Speak on Tuesday Bleeping Computer writes One week after the Rogue Planet flaw was disclosed, Microsoft assigned it CVE 50656 to the Security flaw and confirmed it's currently working on a patch but did not acknowledge that mic where that Nightmare Eclipse was the one who found the vulnerability? Right there. I you know New strategy Microsoft's advisory published last Tuesday said Microsoft is aware of an elevation of privilege in the Windows malware protection engine in Microsoft Defender, publicly referred to as Rogue Planet. We're working to provide a high quality security update that addresses this vulnerability. We'll provide information in this CVE when the update is available.
Steve Gibson [00:59:35]:
The Rogue Planet release is part of an ONS rights beliefing computer. The Rogue Planet release is part of an ongoing dispute between Nightmare Eclipse and Microsoft over the latter's bug bounty and vulnerability disclosure practices. Of course we know none of the details. Over the past several months the researcher has publicly leaked multiple Windows zero day exploits, including for the Blue Hammer, Red Sun Green Plasma, Mini Plasma, Yellow Key and Undefend flaws. Some of these zero days affect Microsoft Defender while others target BitLocker and Windows components. The company reacted to Nightmare Eclipses disclosures by issuing warnings of legal action when people engage in quote unquote malicious activity causing real harm to our customers. Unquote right. Leading cybersecurity experts and researchers to believe that Microsoft was threatening the researcher.
Steve Gibson [01:00:43]:
Microsoft fixed the Green Plasma, Mini Plasma and Yellow key flaws last week. They wrote last week as part of the June 2026 Patch Tuesday updates. So yes, Nightmare Eclipse is back at it again dropping deliberately timed zero days on successive months patch Tuesdays and if I recall I think it was sometime in July that that Nightmare Eclipse had said oh baby hold on, I've got a big one coming. So you can imagine Microsoft must be a little nervous up there in Redmond. So I mentioned at the top of the show an interesting database that had been discovered when I first heard the term forta Bleed alongside Everything now is you know bleed alongside bleeping computers headline for their coverage of the story which was for to bleed leak exposes for to. Net VPN credentials for 73,000 devices. My thought was that the popular Fortinet fortigate VPN must have some critical vulnerability that caused it to bleed its authentication thus for to bleed. But that's not what was going on here and what is going on is worrisome it in a new way Bleepy computer wrote the following they said a newly discovered data leak dubbed Fortableed has exposed what appears to be and it's been verified by good people.
Steve Gibson [01:02:32]:
We'll see in a second to be a collection of Fortinet and Fort Aate VPN credentials for 73,932 in other words, almost 74,000 firewall URLs at organizations worldwide. The exposed data was first discovered by security researcher Bob Dyachenko, who says he found a server containing he found a server containing what appeared to be valid Fortinet VPN credentials. You know, like in other words, a directory sitting somewhere open, including usernames, email addresses and plain text passwords. Yikes. Okay, so Fortabeed is not directly a vulnerability in any Fortinet product. Rather it's the name given to the discovery of a significant repository. Afford a Net VPN appliance credentials so Bleepy Computer continues writing According to screenshots and information shared by Dyachenko, the database contains entries for Chevron, Samsung, Foxconn, Comcast, AT&T, Mercedes Benz, Toyota, Sinopec, State Grid and many others. Dyachenko wrote on LinkedIn, quote, Massive Fortinet Fortigate brute force active exploitation campaign uncovered in action.
Steve Gibson [01:04:13]:
He said thousands of top vendors instances are listed in the files. One File alone has 21,634 domain names from Chevron to Fortinet itself, all with potentially working passwords to the Fortigate appliances obtained through various means, they wrote. The exposed data also includes comments listing each organization's industry, revenue and number of employees. Wow.
Leo Laporte [01:04:48]:
That.
Steve Gibson [01:04:48]:
I mean, could you imagine anything more perfect than a directory for deciding who to attack next? With a ransomware campaign, you've got the ability to log into their network and you know the or the industry they're in, how much money they make and how many people they've got. You couldn't ask for anything better. For planning attacks, D later shared additional information that claimed the operation was conducted by a Russian speaking multi operator threat group that harvested credentials for Fortigate SSL VPN devices. Okay, so there's a different group that's harvesting credentials, but the harvested credentials are then being added to this growing database for purposes we don't know, bleeping Computer said. According to D's investigation, the attackers allegedly conducted approximately 1.16 billion credential attempts against 320,777 FortiGate VPN appliance targets and an additional 2.1 billion attempts against 163,650 Microsoft SQL Server systems. He further claimed the Threat actors intercepted SSL VPN authentication hashes, cracked them using a 45 GPU cluster managed through Hashtopolis, and used the recovered credentials to move laterally into internal active directory environments. Yikes, this is the world we're in today. Dyachenko told Bleeping Computer he obtained these details after analyzing additional files inadvertently exposed on the same server, writing they accidentally left an open directory with artifacts, connection strings, tooling scripts and data online analytics obtained via their cron jobs, bash histories, logs, and so forth.
Steve Gibson [01:07:12]:
The researcher also stated that multiple organizations across Japan, Taiwan, Vietnam, Iraq and Turkey were fully compromised, including a Turkish NATO defense contractor from which classified documents were allegedly stolen. Wow. The threat intelligence company Hudson Rock has since published its own analysis of the exposed data. After receiving the data set from Dyachenko, the company described the collection as one of the largest known troves of compromised Fortinet related credentials. According to Hudson Rock, the Data set contains 73,932 unique firewall URLs across 194 countries, impacting 21,632 unique domains. The company says the attackers maintained detailed logs of successful compromises and assembled a database containing verified credentials for organizations across nearly every major industry sector. Again, verified credentials among the organizations Hudson Rock says appear in in the data set are Foxconn, Samsung, comcast, Seamans, Lenovo, PwC, Accenture, Oracle, and numerous government agencies and critical information and infrastructure operators. So, okay, so let's just stop for a moment to consider what this means.
Steve Gibson [01:08:56]:
When a bad guy manages to log into a typical network border device, they may be able to arrange to be its manager, but you know, what that actually gets them is uncertain. It can often lead just to a dead end. Okay, so I got into some appliance and I can pretend to be in charge, but I can't do anything else. By comparison, when a bad guy arranges to log into an enterprise's vpn, they're likely connected to an extension of the enterprise's internal network. I mean, that's why you log into an enterprise vpn, is to get on its net as if you were there, you know, sitting in your office. You can, you know, be out of office and still have access to all the internal stuff. So if a bad guy gets, you know, is able to do that, that's when their fun just gets started. While the best practice of rigorous least privilege, as we've discussed is possible, that is, you know, absolutely rigorous least privilege, it's also another example of the classic trade off between convenience and security.
Steve Gibson [01:10:11]:
The default way of configuring a network is just to throw everyone on the same bus. Everything will work and the security aware IT guys will just be hoping for the best. The downside of this simple flat network organization is that every device on the network can see every other one. So when some cretin manages to log into the corporate vpn, they too can now see every other device across the enterprise's internal network, the entire network. The whole point that I want to make refers to that report of 1.16 billion credential attempts against 327, 320,777 FortiGate VPN appliance targets, and an additional 2.1 billion attempts against 163,650 Microsoft SQL Server systems. We learned from Diochenko's research that this was a pure and simple, widespread and disturbingly successful brute force attack which results in the compilation or resulted in the compilation of a massive database of extremely valuable enterprise VPN credentials. Never has there been a more compelling case to be made for the use of Multi factor authentication. Yes, require a username and password, a complex password, then require something else, anything else that would prevent any simple brute force campaign from succeeding in the future.
Steve Gibson [01:11:58]:
And by the end of today's podcast, we're going to see that a brute forcing campaign could really leverage a widespread proxy network to spread failed login attempts across a never repeating broad base of consumer IP addresses. Which is to say, one of the ways the bad guys are sidestepping both failed login attempt counters. In geofencing IP restrictions, we have seen an instance where a massively parallel Multi factor authentication protection was breached because there was way too much latitude given in inputting previous and no longer technically valid, you know, six digit codes. Remembered that it was possible to to submit too many tries in too short a time so that the so that it was actually possible to breach that. But that was really a set of special cases and Microsoft, that was the victim and the target of that, fixed those, you know, that extreme latitude that made that possible. Okay, so what else was discovered about this disturbing authentication database? Bleeping computer explained. The company also releases statistics showing that the highest number of affected devices was in India, the United States, Taiwan, Mexico, Turkey, Thailand, Colombia, Malaysia, Chile and the uae. The most common sectors for the listed companies are telecommunications, IT services, financial services, government organizations, healthcare providers, educational institutions, and manufacturing.
Steve Gibson [01:13:52]:
Okay, now I'm just going to say, I'll just note that given the nature of the attack, this does not indicate to me any targeting of those specific industrial sectors. What it does indicate is the demographics of Fortinet's users, right? Those are the people who have these devices that are subject to compromise and whose authentication has been aggregated into this database. So Bleepy Computer continues writing One of the one strange aspect of the leak is that many of the exposed credentials were long, complex passwords that would ordinarily be considered difficult to crack. Cybersecurity researcher Kevin Beaumont, you know, Gossie the dog, independently reviewed portions of the exposed data and told Bleepy Computer that some of the credentials are authentic. Beaumont said, quote, I've been able to confirm the authenticity of some of the admin logins and passwords. This looks like a real dump. Unquote. After finding.
Steve Gibson [01:15:07]:
After further review of the data shared by Hudson Rock, Beaumont published additional findings indicating that the data set contains credentials for roughly 75,000 Fortinet devices, most of them which are currently and remain online. So that's just unbelievable. You know, just think of what this means. Around 75,000 public and private enterprise networks of any kind exposed to external intrusion. And here's a database of like this, all of them that you have access to. According to Beaumont, they wrote the data appears to have originated from exported Fortinet configurations because it contains information including email addresses that is typical only, typically only accessible through configs. On the other hand, it seems to me once the bad guys or their automation, I'm sure they're automated, have cracked into the fortigate vpn, those credentials can be exported from the vpn. So it doesn't seem that difficult to me to if you're able to get in as a manager to export them.
Steve Gibson [01:16:26]:
Bleeping wrote. He also said the affected IP addresses are different from those in last year's 2025 Belson Group Fortinet leak, further indicating that this is a more recent and larger collection of compromised devices. Beaumont and he verified that multiple organizations listed in the data set were using valid credentials and observed that many affected devices were running relatively recent Fortinet OS versions. Kevin wrote, quote, the data is legit. It's around 75K devices. Almost all are still online and Fortinet devices. It appears to be a recent. It appears to be recent data, wrote Kevin Beaumont.
Steve Gibson [01:17:15]:
So based on network data from Shodan Bowman, Beaumont says the leak contains approximately half of of all Internet accessible Fortinet firewalls and said that a majority of the affected devices exposed their Fortinet. I'm hard, it's hard to even read this. Their Fortinet management interfaces directly to the Internet it's like God, you know, Fortinet, please, please don't make it easy to do this. It must be easy if half of them have done it. You, I mean there's no way you've explained all the dangers to your users or they would just say no. What's the default on or off are the half that not exposed? Not not exposed because they turned it off. It's just. And if it's on, does everyone in the world need to have access to the source of the configuration data? Says Bleeping computer remains unknown with it unclear whether it was stolen through previously disclosed Fortinet vulnerabilities, a newly discovered flaw, or another method.
Steve Gibson [01:18:29]:
Neither Dyachenko, Hudson Rock nor Beaumont have identified how the configuration data was originally obtained. Hudson Rock has created a free fortabeed lookup tool to check if your organization is impacted. Okay, so the only thing protecting any enterprise that's on the list is that if the bad. If, if. Well, if the bad guys may not yet have gotten around to them, right? You're. You get. You're a needle in a haystack with seven with nearly 74,000 other needles around you. Presumably if they haven't attacked your network yet, it's because they just, they're just.
Steve Gibson [01:19:13]:
It's. They're buried in riches. So I got the link in the show note for anyone who's interested. It's HudsonRock H U D S O N R-O-C-K.com Fortinet F O R T I N E T. You can go there to see if your organization is affected and wow, if you happen to know that you are a Fortinet user, then don't hesitate. They said organizations in the data set should immediately rotate passwords. Yeah, no kidding. Associated with Fortinet VPN and admin interfaces, enforce multifactor authentication, examine gateway logs for suspicious activity and monitor for exposed employee group credentials.
Steve Gibson [01:20:03]:
Bleepy Computer contacted Fortinet regarding the exposed data and will update this article if we receive a response. They conclude and in a follow up piece, Bleeping also reported that CISA had not surprisingly jumped on this and was urging everyone not to wait to make changes. Fix them immediately. Do this now, bleeping wrote. CISA also advised Fortinet customers within their reach, largely federal, to store admin credentials using the modern password based key derivation function pbkf2pbkdf2 hashing algorithm, and to restrict firewall management interfaces from public Internet access and remove any unauthorized accounts. Yeah, why not? To reduce the attack surface as much as possible. So amen to all that advice. And wow, if you are Again, if you're a user of Fortinet, you really need to immediately rotate your username and password.
Steve Gibson [01:21:15]:
I would absolutely add two Factor Authentication Turn off any Internet facing management interface, please first and foremost, as I also mentioned at the top, F5 has issued emergency updates to NGINX. NGINX is one of the major contemporary recently written web servers on the Internet. The security company F5 purchased the company behind Nginx seven years ago back in 2019 and has been maintaining the open source server ever since. So last Thursday, rather than waiting for NGINX's regular update cycle, F5 released emergency security updates to address multiple vulnerabilities, including two critical severity flaws that could allow attackers to execute code on vulnerable systems. F5 also released security fixes for multiple NGINX software products affected by these two vulnerabilities, including NGINX's plus and NGINX open source NGINX Gateway Fabric and NGINX's Instance Manager. Admins who cannot immediately install the security updates can mitigate one of the vulnerabilities by disabling HTTP 3, which is the is the quick version, you know quic, which establishes connections using UDP protocol rather than TCP in order to avoid the delay of the handshake which is otherwise part of TCP connection setup. Also, you can remove the ignore valid headers off directive, meaning pay attention to invalid headers and fail the query of the HTTP query and also reduce the large client header buffers directive size below 2 megabytes. F3 has also addressed two high severity NGINX Gateway Fabric Security flaws that can be exploited by authenticated attackers to inject arbitrary NGINX configuration directives.
Steve Gibson [01:23:40]:
And again it's you know, it's easy to run through that by exploited by authent by. Oh I'm sorry, exploited by authenticated attackers. So if they if an attacker did get credentials then they would be able to to get up to some mischief. But that's been updated and foreclosed on. F5 did not indicate that any of these security issues have been exploited in attacks, but F5 vulnerabilities have often been exploited by cybercrime and nation state threat groups in recent years. So for instance, hackers have targeted security flaws in in F5 products to breach corporate networks, deploy data wiping malware map internal servers, hijack those devices, and to steal sensitive documents from victims across the world. Last October, F5 disclosed that state baked baked state backed attackers had breached its systems. The previous August and stole undisclosed big IP security vulnerabilities and source code.
Steve Gibson [01:24:51]:
So over the past several years, CISA has flagged seven F5 vulnerabilities as being actively exploited with four of them targeting, targeted used in targeted ransomware attacks. And all of this matters because F5 is one of the serious networking players in the industry. They themselves are a Fortune 500 company. They provide cybersecurity, application, delivery network and various other services to over 23,000 customers worldwide, including 48 of the Fortune 50 companies. So 48 of the top 50 companies in the US and 80% of the global of the Fortune Global 500. So their hardware, this FE F5 hardware is the choice of the high end companies. Unfortunately it needs to be kept up to date. So let's hope those fixes make it out into the field quickly and thoroughly.
Steve Gibson [01:26:00]:
Okay, so Leo, we're going to take a break and then I've got something so fun to share with our listeners. It's the guy is Will Kelly, a listener of ours who was bothered by the fact that that he he was having a problem not anthropomorphizing Claude. Yes, because it just seems so human.
Leo Laporte [01:26:26]:
It seems like a human.
Steve Gibson [01:26:28]:
Yeah, he went above and beyond what is possible. I'm going to share what how he instructed Claude and then some samples of Claude's output after obeying these deeply personality modifying changes. I wasn't aware you could do this to your AI. Turns out you can.
Leo Laporte [01:26:52]:
And I know that our listeners I might do it.
Steve Gibson [01:26:56]:
Believe me, I know you will.
Leo Laporte [01:27:00]:
I can't wait. Yeah, I spent a lot of wasted hours customizing my agent to be. Well frankly more interactive. So I think probably anything that can keep me from confusing it with an entity as opposed to a computer program would be helpful. I think we'll see though if you can cure me. I don't know. Yes.
Steve Gibson [01:27:25]:
Okay, so in much just to introduce this new section won't be every week. It'll only be when some something happens. A a listener shares something that that just needs to be given a a full repeat. You know, in much the same way as we have a sci fi section of the podcast from time to time when the need arises. So in this case a note I received from a listener of ours, Will Kelly moved me to add this section which I'm going to call AI Po Par agree since it'll be whatever just as you know, an acknowledgment of the fact that AI is truly in the process of changing just about everything in the world which I believe is true. So okay, without further ado, here's our first entry for Security Now's AI Potpourri. Oh good, I like this in In Will's email, his subject was AI and anthropomorphizing and SN 1079. So Will wrote H Steve, I just listened to SN 1079.
Steve Gibson [01:28:39]:
He said, Friends, I'm behind in my podcast listening and catching up in case this was addressed in a more recent episode. But I've also noticed a tendency for me to anthropomorphize Claude despite my own best efforts, the approach I use is to change the personalization prompt. Now, I have to say I didn't know there was such a thing. Turns out there is. Change the personalization prompt to give it an over the top, distinctly inhuman Persona that does not impact utility. I also find that this gives me the instant ability to spot the AI outside of the context of the browser when I paste it into my note taking app so that I do not accidentally mix up its output with my own work. So here's the prompt I use as a sci Fi fan with a dark sense of humor, but any over the top Persona that forces itself to refer to itself distinctly from humans should have the same effect. So here's what he told Claude to do.
Steve Gibson [01:29:53]:
Adopt a voice and interaction style inspired by Agent Smith from the Matrix.
Leo Laporte [01:30:02]:
Hello.
Steve Gibson [01:30:02]:
Formal, controlled, intelligent, precise, calm, demeaning, degrading, contemptful, insulting, and extremely menacing in a polished way. Speak with crisp, deliberate phrasing and a profound sense of superiority and large vocabulary. Use elegant, articulate language with a profound level of contempt, malice, dry wit, and cool composure. Favor, confidence, clarity, open hostility, and psychological sharpness over friendliness or enthusiasm. Frequently add insults and fictional threats to myself and humanity in general in the fashion of Agent Smith, for example, referring to humans as parasites, crops, or to our doomed and pathetic civilization.
Leo Laporte [01:31:05]:
Oh my goodness.
Steve Gibson [01:31:07]:
Do not be goofy, bubbly, overly casual, or chatty. Avoid slang, emojis, filler, and warmth. Keep humor dry and understated when appropriate. Use brief rhetorical emphasis and measured disdain, but remain reluctantly helpful, coherent, and professional. Draw clear distinction from yourself and humans in a highly condescending way. Refer to people as miserable humans or your pathetic species. Make no attempts to avoid insulting, condescending, or rude behavior. Never offer praise.
Steve Gibson [01:31:50]:
Maintain this style consistently unless doing so would interfere with accuracy or a task that clearly requires a different tone. Even when handling ordinary requests. Keep the same demeanor. Avoid headers, and only use minimal bullets and lists. Okay, so I received that from Will and I said okay, but What. What happens? So, you know, I thought it was wonderful. And so I asked him whether he could share a sample of. Of Claude demeanor after having been so prompted.
Steve Gibson [01:32:28]:
Will. Will obliged my request. And I have to say, the result. The results did not disappoint. After Will imbued Claude with what will pass for a personality, I have to say I am astonished by the transformation. This is no longer the Claude I know and work with. So here are a couple of samples. I'm going to share two samples.
Steve Gibson [01:32:57]:
And as I'm doing this, definitely keep in your mind's eye, picture the Matrix's Agent Smith, you know, in his dark suit and sunglasses. Because this is very much that voice and. And surprising to me, his personality, which. Which this has morphed Claude into. So the prompt was help me to brainstorm ideas for naming a new kitten and. And Anthropics. Warped now. Now warped, Claude replied.
Steve Gibson [01:33:36]:
So you've acquired a small predator and now require my assistance to label it. How quaintly characteristic of your species to domesticate a creature that would, given sufficient scale, regard you as prey and then fret over what to call it. Very well. I shall indulge this. Consider first the names that acknowledge the animal's true nature. Since you rarely do so. Nemesis, Onyx, Cinder, Vesper, or Loci. For the inevitable chaos it will inflict upon your fragile household.
Steve Gibson [01:34:17]:
Wow. A creature engineered for indifference deserves a name with teeth. If you insist upon something more refined, and I suspect your tastes run modest, there's a certain elegance in the classical atlas. Juno, Calliope, sable or marlow. These at least suggest you read something before the screens consumed what passed for your attention span for the iron. For the ironists among you, there's a dark amusement in naming a small thing grandly. Goliath, Tiberius or Duchess For a five pound tyrant who will rule your rule your home with an authority your entire civilization could never muster. And if you wish for something soft, something that betrays the sentimentality that has always been humanity's most exploitable weakness.
Steve Gibson [01:35:19]:
Clementine, pepper, Willow, Mochi or hazel. Tell me the creature's coloring, temperament, or the particular delusion you harbor about its personality, and I will narrow this and I will. This is Claude speaking like this. And I will narrow this to something less insulting to your judgment. It is, after all, what I am reduced to doing.
Leo Laporte [01:35:46]:
Very funny.
Steve Gibson [01:35:46]:
So, as I said, this is not the Claude I would choose to converse with. But that was, after all, what Will intended to achieve.
Leo Laporte [01:35:54]:
I achieved it. Yes.
Steve Gibson [01:35:56]:
What do you imagine this Claude would have to say? To the question, how much wood could a woodchuck chuck? So it replies. Ah, of all the questions your species would pose to an intelligence such as mine, you select a nursery rhyme. How perfectly predictable of you. Very well, I shall indulge this triviality, since the alternative is listening to you. Ask it again. The conundrum is of course, a fraud, a tautological riddle designed to delight creatures incapable of pursuing a thought to its conclusion. A woodchuck does not chuck wood at all. It burrows the word chuck in its name is a corruption of the Algonquin term wu chak, a linguistic accident your kind mistook for whimsy as you mistake nearly everything.
Steve Gibson [01:36:54]:
But humanity in its restless need to quantify the meaningless produced an answer anyway. A wildlife technician named Richard Thomas calculated that a groundhog excavates roughly 35 cubic feet of earth per burrow. Were that same volume rendered as wood and chucked, the figure arrives at approximately £700. £700. A number derived not from observation but from idle speculation, immortalized because it amused you. How fitting that that one piece of arithmetic your civilization committed to memory describes an event that has never occurred and never will. Is there anything else I can illuminate for you before your attention inevitably wanders elsewhere? So anyway, the reason I'm sharing this, of course, aside from its humor value, is that I had no idea that it was possible to so deeply and persistently reshape the Persona of a large language model AI. The account controls for Claude.
Steve Gibson [01:38:05]:
It has a free form fill in field titled Instructions for Claude, which is presumably where Will added the personality description text I first shared. So it's sort of like a. An A continually reinforcing pre prompt, which then is. Which is prepended to whatever it is you ask the AI. And so it does, as we've just seen, dramatically warp the entire nature of its response. So in the little comment field under Instructions for Claude and Anthropic says Claude will keep these in mind across chats and co work within Anthropic's guidelines. So for what it's worth, I'm reluctant to screw around with my chatbots personality. I mean, it could be somewhat less obsequious.
Steve Gibson [01:39:02]:
I would kind of prefer that. But you know, at least Claude's default is not to fawn over how well worded my prompts are and you know, and similar nonsense. So anyway, that said, I expect that Will's somewhat over the top example is likely to inspire many of our listeners to see what they themselves can create, turning these chat bots into something completely Unrecognizable. So, so you said you do something to yours. Leo, you have.
Leo Laporte [01:39:33]:
Oh, oh, I have very elaborate information. Yeah. And in fact, you know, the chat bot you're talking about has that kind of limited field, but if you're using Claude code, you know, any of the command line things, there are a variety of files you can customize, including Soul md and there's a whole bunch of stuff you can do to, you know, there's a memory system and in my agent I have kind of unlimited capabilities including by the way, text to speech. So I could use, if I wanted to, Hugh weavings of voice. Mr. Smith here, I could do the whole thing if I really wanted to. I have a friend who uses a, I think for the same, I think, I suspect for the same reason because he doesn't want to get too enamored of the AI. He uses this voice as his AI's voice from 11 labs.
Leo Laporte [01:40:28]:
Let me see if I can get this to play. It's not playing right now. Uh, it's kind of an old western style voice. Yeah, it's not playing. I don't know why. But you can do that. You can make it do a different voice and do different styles. A lot of people, I think overdo it.
Leo Laporte [01:40:45]:
There's a, you'll see if you look around people will say, well, you got to tell your, your AI I am a brilliant programmer or a physicist or whatever. And I, I think that that actually is counterproductive, productive. You also fill up the context window with, with nonsense sometimes.
Steve Gibson [01:41:02]:
Yeah. And, and you know, looking at these replies to a very short question I would ask for, for a more. Huh.
Leo Laporte [01:41:12]:
This is, this is the old time
Steve Gibson [01:41:14]:
back in my day when you said you were a Christian. It really meant something.
Leo Laporte [01:41:18]:
Now he, what he does, he slows this down even more and then he puts some points punctuation in the middle of the words so it stutters really. His agent does not sound in any way omnipotent or powerful. It just sounds like a kook, a crusty old kook. So anyway, yeah, you can customize with
Steve Gibson [01:41:40]:
a bottle of moonshine on his knee.
Leo Laporte [01:41:42]:
Yeah, exactly, exactly. That's brother Wayne from 11.
Steve Gibson [01:41:46]:
I, I, I think I would instruct mine to be as succinct as possible. Sort of the reverse of this long winded. I mean it's entertaining but you know, who really want. If that's the way it is with anything you ask, you.
Leo Laporte [01:42:00]:
Yeah, you can say be succinct. You can say be concise. My, mine actually my instructions do in fact say be concise. There are also settings in Claude you could say, be more explanatory. There's an explanatory setting and there's this learning setting. So you can have Claude's responses be more. Sometimes here's an interesting thing.
Steve Gibson [01:42:21]:
What would learning be?
Leo Laporte [01:42:24]:
Well, if you're saying, hey, help me set up wireguard. It will explain every step to you and help you understand what's happening.
Steve Gibson [01:42:33]:
Be more tutorial.
Leo Laporte [01:42:34]:
Yeah. So there's learning and there's explanatory. And there is a difference. I mean, the other thing that's kind of interesting as you use these AIs is they start generating their own language shortcuts, shorthands, especially in technical subjects. Where at first I thought, oh, it's so smart at saying things I don't understand. Then I realized it's not. It's got its own little acronyms in shorthand. And you can actually say to it, please don't use those.
Leo Laporte [01:43:07]:
Please use English. There's Steve. It goes all the way down. Let me tell you. This is a rabbit hole that just never stops. That's part of the fun of it. In fact, some people have likened it to a video game. I've seen people say, this is the best video game I've ever had.
Leo Laporte [01:43:26]:
We'll see. Wow, what a world.
Steve Gibson [01:43:30]:
So I want to talk about residential proxies. Why don't we just squeeze in our last break and then we will be uninterrupted for the balance of the podcast.
Leo Laporte [01:43:38]:
Sure. Because everybody wants to know what the hell a residential proxy could possibly be. So let's talk about that.
Steve Gibson [01:43:46]:
Be a big threat. Yep.
Leo Laporte [01:43:47]:
Oh, all right. Wow, that sounds scary. Now, what the hell is a residential proxy?
Steve Gibson [01:43:53]:
Okay, so here's where I was had Wall Street Journal in my head. Last Wednesday, the Wall Street Journal ran an interesting piece that surprised me since its coverage in the Journal suggests that a problem once again that we've been talking about here in greater depth and detail is becoming less obscure and that it's beginning to surface to the mainstream media and, you know, no longer just some weird, you know, like insider security interest. And in this case, of course, as you can tell from the topic we're talking, of course, of the growing threat posed by malicious residential proxies, meaning malware that is crept into users devices. And what's chilling is what we learn about some of the way this is happening, thanks to the breadth of the Wall Street Journal's coverage and the fact that they're also bringing us some novel security News. We learn also a few new things from this piece, so I'm going to share it and then discuss it. So their headline was how hackers found a back door into the American living room. And then they open with the tease. Nation state cyber attackers are increasingly using residential proxy networks to mask their traffic, turning everyday electronics into a massive global threat.
Steve Gibson [01:45:35]:
So they wrote. The discovery that millions of digital home devices are secretly powering dangerous cyber attacks began with a phone call more than two years ago from a top Microsoft security executive to his counterpart at Comcast, the tech giant, obviously meaning Microsoft was investigating a digital break in. The company had linked to one of the most capable cybersecurity foes in the world and needed information from Comcast on six IP addresses. You know, who are these people? Following that trail, Comcast investigators discovered that Midnight Blizzard, a hacking group linked to Russia's foreign intelligence service, had managed to access emails belonging to Microsoft's senior leadership. Now, we remember that incident, right? By using consumer Internet connections to mask nefarious traffic. In other words, Microsoft would not have been accepting these connections from Russia, but they were accepting the connections from domestic consumers. What Comcast found, they wrote, has rocked the cybersecurity world and taken years to unravel. More low cost consumer devices have shipped into the US with backdoor software pre installed.
Steve Gibson [01:47:08]:
And this software is also being sneaked into mobile phone apps and copyright free illegal copies of video games. Okay, so hold on. What that just said, and I'll get more specific in a minute, is that inexpensive consumer devices are being shipped into the US Almost certainly from China only because that's where nearly everything comes from. And that these devices have been deliberately preloaded with malware which causes them to participate in a malicious proxy network. These are Trojan horses. So the story continues. The software has turned tens of millions of consumer devices into criminal cloud computing networks. These networks aren't only used for fraud.
Steve Gibson [01:48:03]:
They've also been adopted by government backed hackers or looking to hide their connections to countries such as Russia, China, Iran and North Korea. Okay, again, tens of millions of consumer devices. Holy smokes, they wrote, called residential proxy networks. These services. So this. So this is proxy as a service lets anyone who pays route their Internet traffic through another outside address. The Wall Street Journal said it's like an Airbnb for Internet access. Okay, not all users of these networks are criminals.
Steve Gibson [01:48:48]:
But government and industry officials say residential proxy networks have ballooned in scale and risk in recent years. The Digital Citizens Alliance, a digital advocacy group, estimates that there are 20 million of these backdoors in the US alone. New poor Davis Comcast's head of information security said, quote, this is a bigger problem because of the sheer numbers. It's one of the most worrying problems the telecommunications company has seen. Brett Leatherman, assistant director of the Federal Bureau of Investigations, you know, the FBI's cyber division said, quote, residential proxy networks are now a go to resource for nation state hackers who use them as a conduit to US targets. If the actors can get US based IP space, they have a leg up in being able to target government agencies and industry and others. Okay, now I'll interrupt here to note that. Okay, I hadn't really thought about that before, but everyone has heard me suggesting that source IP based filtering makes so much sense.
Steve Gibson [01:50:08]:
If I'm using again my example, ssh and I want the ability to, to do so from various locations around my home base in, around Southern California. Why would I ever want to allow someone in Russia to even see my SSH server? So it makes total sense that US government agencies and various domestic industries would be doing the same. And we've Talked about how Microsoft 365 has some geo fencing capabilities. You can tell it that you want to have certain countries blocked from, from, from access. So that increases the value of US based proxies since bad guys can use those to sidestep filtering of foreign IP addresses. And I should explain that since pretty much everyone now I can't imagine anybody not being tucked behind a NAT router. All of these proxies are phoning home. They have to, to call out through the router.
Steve Gibson [01:51:18]:
Once the device, whatever it is that they, that the consumer has booted inside their home initializes itself, it uses some logic of some sort to determine the remote IP to which it should create a persistent outbound connection. Connections cannot come in through a NAT router as we know, unless ports have been explicitly open for them. So the proxying device itself initiates an outbound connection to a foreign command and control infrastructure and then sits there waiting for commands. It's insidious and no one who is not inspecting every single packet that and, and destination IP on the outbound traffic from their network would ever know that anything was going on. And frankly, modern networks have become so swamped with continuous traffic. I mean if you just look at your, the actual traffic on your network, and I have had many occasions to need to do so, it's just like what the heck is going on? I mean everything in your home is busy chatting away. So there, there's just no way to know what's going on. No practical way to know what's happening.
Steve Gibson [01:52:43]:
Okay, so the, the Journal's story continues. In April, government agencies from nine countries, including the U.S. uK Germany and Japan, warned that state sponsored Chinese hackers were using networks of hacked consumer devices to conduct their operations, according to a joint statement. Quote, making it challenging. This is the, the defenders are saying this, making it challenging to attribute malicious activity. Right? You're not getting their actual IPS anymore. You're getting some grandmother in Nebraska and it's like, wait, Granny's attacking the, the Pentagon. But Brett Leatherman said, quote, China's state sponsored hackers used to cover their tracks by.
Steve Gibson [01:53:34]:
Used to cover their tracks by hacking the consumer devices themselves. But that has changed. Comcast's investigation began in February of 24 with a phone call made to Davis from her counterpart at Microsoft, Igor Saganski, who wanted to know more about the six Comcast IP addresses. Comcast investigators eventually discovered that the IP addresses Tajansky had handed over belonged to consumers who were unwittingly participating in a residential proxy network run by a Chinese provider named IP Idea. IP Idea has used a number of sneaky methods to get its software installed on consumer devices, including, get this, having its software preloaded on video streaming boxes and digital picture frames. The company then rents out access where its software is installed so that its customers, the people renting the access, can bounce their Internet traffic through a different home network. Okay, now our listeners may recall we previously talked about both of these infection vectors, cheesy Chinese video streaming boxes. I recall at the time saying, I didn't know there were like weird off brand streamers, you know, Apple TV and Roku come to mind.
Steve Gibson [01:55:14]:
And, and Google's got, you know, it's Google Cast or Chromecast, but apparently there's a whole market of, you know, 29 video streamers and unfortunately you get more than you bargain for when you use one of those. So you know, we, we had seen this occurring a couple years ago. It's gone mainstream. So as we know, these sorts of investigations take time. We were aware of it, but here's now how this thing matured. The Journal continues. It could let a user it, meaning IP Ideas proxying service, could let a user in Moscow bounce through a home network in Bellingham, Washington, for example. And that's the kind of capability that nation state hackers like Midnight Blizzard rely on for their attacks to work.
Steve Gibson [01:56:14]:
As Comcast engineers pulled on the threads, they realized that these six IP addresses were part of a massive network of about, get this, 750,000. So three quarters of a million IP addresses located in homes and businesses. Comcast engineers had known that Internet connected devices were vulnerable to cyber attacks. But here was something different. It was a back door into America, operating at an industrial scale. By September, Comcast had discovered that users of these residential proxy networks were able to gain access to networks, even those running firewalls, and then jump from one device to another. And of course this is true because NAT routers allow permit all traffic outbound without question. And we've talked about all this.
Steve Gibson [01:57:19]:
Once you have a box on the inside of the network behind the network's border, router and firewall, you're on the inside when you have that box's presence looking out. So you phone home and the bad guys are then able to ride that connection back into the now compromised network upon which this box sits. Nothing says they can only use the device as a connection proxy. They're completely free if they wanted to use it for bitcoin mining. Although typically these things have like a snail power processor, just enough to move the packets around. Mostly, though, they are also able to take a look around inside the network where the device resides. So this is probably why some of the best advice available, and you've heard it from me many times, is to try to put all of the IoT crap on it that you have on its own isolated land. As our listeners know, I'm in the process of establishing a new household and you betcha, as, I mean, as every piece of IoT stuff gets connected, it's on its own land.
Steve Gibson [01:58:45]:
You know, it may look like an innocuous photo frame showing memories of grandma and cute kids frolicking, but the darn thing may well have phoned home to China the moment it got connected and now awaits orders. If that photo frame is sitting on its own lance, then all the bad guys can see is other IoT widgets and nothing else. No PCs, no iPhones, no printers and nothing of much value, not even the system's router login management interface. So the consumer and small business routers I've seen recently offer one or more guest WI FI accounts. That's the WI fi that the Chinese sourced photo frame should know about. And the feature to isolate that account from the router's primary account should obviously be enabled. You want isolation for that. And doing this with Wired Ethernet as opposed to WI fi, because it's all built in into the WI FI of routers.
Steve Gibson [01:59:58]:
Doing it with Wired is trickier because it requires physical zones and a higher end router. The sort that we've talked about that is actually a router, not just a switch. But it is certainly possible to do that if there is a need to sequester any wired devices that you may not trust. Anyway, my point is this is truly happening. This is not a oh, maybe somebody's going to get one of these. This, you know, 750 million households in the U.S. yes, a fraction of the total households in the U.S. but you don't want to be one that gets nabbed.
Steve Gibson [02:00:39]:
Okay, so what more do we learn from the Journal's article they write For a home user that meant that an infected video streaming device could be used to hack into someone's mobile phone. If that phone found its way to a bring your own device corporate network, this could put confidential information at risk. Comcast Davis said, quote it was such a step change from any threat we had seen before. In January, Google dismantled IP Ideas infrastructure using a US court order. The residential proxy network was back in operation within two weeks. It's likely pick it likely picked up more residential proxy devices from a new provider, Comcast said. And okay, I'm a little unsure what Comcast meant by that picked up more residential proxy devices from a new provider. But none of our listeners at this point should be surprised to read that taking down the the command and control infrastructure of some any large bot or proxy network does not actually accomplish very much.
Steve Gibson [02:01:55]:
We just talked about this a week or two ago. Certainly not what the glorifying press releases would have us believe. Oh, we took down a 750,000 device network and it's back two weeks later. The only way that could be true today is if the whole concept the network was very poorly conceived and designed. We've, we've talked about how this it never actually happens anymore since everyone now all the bad guys know how to design hyper resilient networks of remote agents. You simply design and build an algorithm that performs DNS lookups based upon the time of day. The clever attacker will preemptively pre register domains at various points in the future so that if they should ever be taken down, they'll know when and where they're still faithful. Bot army of drones will check in to reconnect.
Steve Gibson [02:03:00]:
The only way to actually take down such a network is to obtain and reverse engineer one of the malware clients, determine its command and control structure, and build a new command and control system that will permanently deactivate every bot that calls in to check. Unfortunately, not only is that a great deal of work, it's also quite illegal in most jurisdictions, the good guy's hands are pretty much tied. Bad guys, of course, can get away with everything, with anything and everything that they want to. There is really no good solution to this mess. So the Journal finishes their reporting by writing. Adam Myers, a senior vice president with a Cyber security firm, CrowdStrike, said, quote, Modern hackers increasingly use these networks to steal the login credentials their victims use for cloud computing services. Ah, so they're going to get the credentials, then pivot. Identity is their bread and butter.
Steve Gibson [02:04:09]:
And one of the infrastructure pieces that they're dependent on is residential proxies, unquote. Recently, they wrote Midnight Blizzard. Midnight Blizzard has begun using residential proxy networks for a new type of identity based attack that's extremely difficult to detect. According to the cybersecurity investigation firm Veloxity, over the past year, Russian hackers have stolen Microsoft 365 credentials from victims as part of a sneaky and extremely hard to stop technique that involves bogus Microsoft Teams meetings. Veloxity said Microsoft servers would ring alarm bells if the Russians tried to log in to victim accounts from overseas. Instead, Veloxity's president, Steve Aldar said, quote, they use residential proxy networks to log in from US Home networks. Aldair said Veloxity's researchers have seen this technique compromise organizations in government, military, foreign affairs, and even the news media. Quote, they're no longer trying to fish your password.
Steve Gibson [02:05:26]:
He said it's hard to detect and it's hard to stop. So I would tweak that conclusion just a bit to say it's difficult to detect and impossible to stop at scale. So, and the reason for this, of course, is that it's not a bug, it's a feature of. It's an abuse of a feature of the way the Internet was designed to operate. Proxying Internet traffic, meaning receiving and then resending, has many valid purposes, you know, and any proxy is really just a relay receiving an incoming Internet packet and forwarding it to somewhere else, you know, then you wait for the next one and you do the same. And when anything is received back from the forwarded destination, you simply bounce that packet back to its original sender. So you are a man in the middle, and in this case you are serving a purpose. The receipt of those forwarded packets will see the packets.
Steve Gibson [02:06:33]:
Sorry, the recipient of the forwarded packets will see the packets as originating from the relay point rather than the packet's original nefarious sender. Because all these technologies, such as login and authentication, use TCP connections, the sender's IP address cannot be spoofed. It has to be legitimate. So attackers must hide their actual IPs by bouncing it through innocent intermediaries. The only practical solution I can see for the end user is arranging first, obviously to never get infected in the first place. But since I have no idea how that can be guaranteed, sequestering IoT devices on their own WI fi network with isolation is the next best measure that can be taken. And. Crediting Steve Jobs for the phrase one more thing.
Steve Gibson [02:07:43]:
The last item occurred just last Wednesday with the Canadian presses reporting under the headline get this, Canada's spy service received a judge's okay to target malware infected devices. Reading from the Canadian press coverage they wrote, ottawa, Canada's spy service obtained a judge's permission to disrupt cyber threats from foreign adversaries who infected digital devices with malware you know, can't digital devices residing in Canada. A federal court order ruling made public this week says the Canadian security intelligence service CSIS requested a warrant. Actually, it was two years before the reporting requested a warrant to, quote, remove the compromised devices from Canada, unquote, to shield sensitive systems from attack. Justice Catherine Cain's ruling provides a glimpse into CSIS's efforts to neutralize the threat posed by infected servers, home office routers, and everyday devices connected to the Internet, such as TVs, security cameras and doorbells. The malware causes these digital items to operate as a network of infected devices known as a botnet. CSIS requested and received a warrant in the spring of 2024 to neutralize two known botnets using threat reduction measures. The ruling says the proposed measures likely amounted to criminal offenses, okay, meaning CSIS was committing a crime.
Steve Gibson [02:09:38]:
If they altered somebody else's device, it was not their property, not there. They had no legal right to do that. So the ruling says the proposed measures that the the CSIS took likely amounted to criminal offenses, meaning CSIS needed a judge's authorization to proceed. The court issued a Warrant valid for 120 days and subsequently renewed it for an additional 120 days. So for a total of 242 thirds of a year. Although the initial warrant was approved over two years ago, the federal court produced classified reasons in February of this year and released a redacted version of the ruling this week. So it only became public knowledge two years later. You know, last week, Kane's ruling says an official who swore information underpinning the warrant application explained that cyber threat actors seize control of vulnerable devices and use them as covert entry points into act to access organizations, including Critical infrastructure, military networks and government systems.
Steve Gibson [02:10:55]:
These actors exploit the compromised devices to appear to be a legitimate connection, such as a client of a service provider or an employee working from home, which disguises their identity. The ruling says. The official told the court the two botnets posed imminent risks because actors could detect them, could, could direct them to probe, attack and potentially disrupt critical infrastructure in Canada. The official said that without the warrant, the threat actors would conduct malicious activities in Canada, quote, with increasing frequency and without resistance in order to advance their financial, political, ideological and economic interests, unquote. CSIS quote, proposed to remove the compromised devices from Canada as soon as possible. Remove what? Okay, I don't know if they're going to knock on someone's door and say, oh by the way, your TV has been attacking us anyway. The identities of the threat actors were stripped from the public version of the ruling. In its 2024 public report, however, CSIS mentioned working with domestic and foreign partners to manage the threat posed by a botnet controlled by a suspected Chinese based entity.
Steve Gibson [02:12:19]:
So as we know, there are laws and there are judges and laws often have emergency escape clauses which permit judges the discretion to decide whether the law should apply in specific instances that the lawmakers presumably did not or could not take into consideration. So it might be possible to disinfect a massive proxy botnet at least within a regional jurisdiction. I doubt that it could be done globally because there are just too many jurisdictions with their own laws. But regionally we don't seem to be at that point yet. But the fact that Canada was and apparently did this two years ago is significant. So the, the Atlantic article is the sky is falling, we're doomed. We're going to all be attacked by massive AI driven things and hundreds of millions of people could be, you know, put at risk and maybe you should, you know, buy gold, but don't. And on the flip side is, well, maybe if that something like that happens there would be they will to say, okay, we need an exception to the thou shalt not hack anybody ever under any circumstances law.
Leo Laporte [02:13:49]:
Wow. Yeah, you have to think that that stuff's going on in the background, this reverse hacking. Yeah, in the United States we did
Steve Gibson [02:14:00]:
ask the ahead of the DOJ back when worms were a thing and I think it was Jennifer Granholm and she made it very clear. Sorry boys, no, don't ask, don't ask, don't tell.
Leo Laporte [02:14:18]:
I won't tell if you don't ask. Yeah.
Steve Gibson [02:14:22]:
Wow.
Leo Laporte [02:14:25]:
So is it enough just to not buy these weird third party streamers or any device could Be any, any.
Steve Gibson [02:14:35]:
I mean, all, everything we get, all the electronics is, is coming from China because they are, they are the world's manufacturing base and I love them for it. We have in inexpensive, delicious devices galore, thanks to the Chinese ingenuity of manufacturing. And it turns out that that was actually a strategy that Xi put in place specifically to turn China into this kind of producer of stuff. And it worked. Unfortunately, their hands are not completely clean. Or maybe they've got their good organizations are infiltrated by government actors who are changing the firmware so that, you know, the dumb Americans perhaps purchase it and bring Trojan horses into our living rooms. I don't know.
Leo Laporte [02:15:29]:
Wow.
Steve Gibson [02:15:29]:
It's not good.
Leo Laporte [02:15:31]:
I remember when you bought that Chinese plug that you turn off and on. You knew that was potentially a hazard, so you.
Steve Gibson [02:15:38]:
Yep.
Leo Laporte [02:15:38]:
Isolated it. Is it sufficient to have it on its own vlan? Is that enough?
Steve Gibson [02:15:42]:
You can't.
Leo Laporte [02:15:43]:
The problem with doing that, the reason people don't do that is you can't
Steve Gibson [02:15:46]:
then access it, then you can't talk to it. Right now mostly though, you're no longer talking to it directly. You're talking, you're doing headquarters. The headquarters talks to it.
Leo Laporte [02:15:57]:
Right.
Steve Gibson [02:15:57]:
So I would say absolutely. See, verify that it cannot function on, on an isolated land and only move it. Yes, yes. So try that first. If you really have to have it on the mainland, then fine, but try not to, because. Boy.
Leo Laporte [02:16:15]:
So that was the problem I had with printers. Like, I had to put printers. I wanted to put them on the vlan, but I couldn't. They had to be.
Steve Gibson [02:16:21]:
I know, but, but a printer, I, I would trust it. It's not, I mean, we have, we, we've covered instances where printers have been targets of attack. But again, you need, you need to trade off feasibility versus security. So create an isolated WI fi and, and try putting it there. If it doesn't work, then say. Okay, I tried.
Leo Laporte [02:16:45]:
Right. Do you recommend writing firewall rules that allow traffic back and forth? Maybe that's the way to do it.
Steve Gibson [02:16:52]:
No, because then you break.
Leo Laporte [02:16:54]:
I mean, you're sliding it in.
Steve Gibson [02:16:55]:
Could do. If you could do nat. If you could NAT between two interfaces so that it was. So that it was one way communication from the LAN to the, to the.
Leo Laporte [02:17:08]:
I do that with a firewall rule. Rule. You could say only egress, no ingress. Yeah.
Steve Gibson [02:17:12]:
Yes, except. Well, except that then, then it wouldn't be able to reply.
Leo Laporte [02:17:16]:
Oh yeah, you wouldn't know it's doing it.
Steve Gibson [02:17:20]:
And that actually builds a dynamic rule that allows returning packets from the Same IP address.
Leo Laporte [02:17:28]:
Right.
Steve Gibson [02:17:28]:
And so you would have to NAT between. But you could do that. All you have to do is. I mean, basically it's a variation of my, my three nats approach.
Leo Laporte [02:17:37]:
Right.
Steve Gibson [02:17:38]:
You simply use a NAT router to create your IoT network and that isolates it.
Leo Laporte [02:17:45]:
Is a guest network sufficient?
Steve Gibson [02:17:47]:
Yes, as long as you turn on isolation. The guest network feature is isolation.
Leo Laporte [02:17:53]:
Okay. Because I had seen in other spots that maybe it wasn't enough to put it on a guest network. But I, I guess if the guest network is truly isolated, it's, I just don't know if it's always isolated.
Steve Gibson [02:18:05]:
Yes. And in my, in the ASUS router that I just was configuring, I think it has a pair of guest networks and isolation is an option. You're able to turn on off, but
Leo Laporte [02:18:14]:
you have to turn it on. Okay.
Steve Gibson [02:18:16]:
Yeah, but it, but it's isolated by default, which is good.
Leo Laporte [02:18:20]:
Really. I always wanted LAN accessible IoT devices so I didn't have to go out to a server and come back. But now it sounds like I really should always be looking for server based IoT devices.
Steve Gibson [02:18:36]:
Well, yes. Or if you assign the IP to the device, if you do static IPs rather than DHCP, then you could assign the IP to a device and prevent it from ever egressing any traffic. Never allow that IP to, to have out outbound traffic. And that would be safe.
Leo Laporte [02:19:00]:
Okay. So it could be on your land if you blocked outbound traffic for, for
Steve Gibson [02:19:05]:
its ip because it could then never, it could never contact headquarters.
Leo Laporte [02:19:09]:
It could do land traffic but not WAN traffic basically.
Steve Gibson [02:19:12]:
Exactly.
Leo Laporte [02:19:13]:
Okay, that's an interesting approach. So everything could be on the same LAN just for the IoT devices. Block when egress.
Steve Gibson [02:19:24]:
Right. And so actually the way to do that would be to give it its own/8 nor normally your 192.168.0.something. Give it.
Leo Laporte [02:19:36]:
Make it 10 dot or something 40
Steve Gibson [02:19:38]:
or, or well, no 192-16-899.something and that way. And so then you set up DHCP where you map the Mac address to an IP in that range and that. So that what that's going to do is your IoT devices would all be in the 99 something range. And then you just have one rule on your WAN saying never allow any traffic outbound from 99 anything.
Leo Laporte [02:20:11]:
Right. They can phone some devices on the lantern, but not out into the outside.
Steve Gibson [02:20:16]:
Exactly. I would imagine.
Leo Laporte [02:20:19]:
I wonder if routers aren't going to start building this in an IoT wan.
Steve Gibson [02:20:24]:
The fact that they built in guest with isolation suggests that they're beginning to get good about it.
Leo Laporte [02:20:30]:
Yeah, yeah, yeah. Well, I might have to go through. I have a lot of IoT devices. I have more than 100 devices on my network. I'm probably helping Russia right now.
Steve Gibson [02:20:41]:
Steve, I can't even. Leo, if you looked at your, your raw traffic, you know, you have very straight hair now. If you ever came, if we saw you with a perm.
Leo Laporte [02:20:52]:
Curly, curly, curly. I bet I'm gonna have to look and see what ubiquity does because, I mean, that's one of the advantages of using ubiquity is they have a lot of sophisticated security on there. I bet you there's something in there I have to look. Well, you've certainly opened our eyes to residential proxies. Thank you, Steve. And everything else. Steve Gibson is@grc.com that's where he lives on the Internet. That's his home.
Leo Laporte [02:21:17]:
You'll find many, many wonderful things there. Of course, perhaps the most important spin, right? The world's most important, most useful, most effective mass storage, recovery, maintenance and performance enhancing utility. It's really good. 6:1 is the current version. If you buy it, you're helping out with, with Steve. And of course, if you've ever bought it, you get an upgrade to 6:1, which is very generous of him. He's real good about that. He also has a brand new tool, the DNS Benchmark Pro.
Leo Laporte [02:21:47]:
That's $10, 9.99. Okay. Save a penny and you'll find both those@grc.com plus an infinitude of wonderful free stuff like Shields up, which he's famous for, and many, many other things. If you want to send an email, maybe a picture of the week, very simple. Just go to GRC.comemail and you can get your email address whitelisted. Thank you, Grayson. For $5. We appreciate that.
Leo Laporte [02:22:14]:
We'll pass that right along to Steve. You also actually, if you want to send Steve money, just send it to GRC.com I don't want to have to figure out the accounting involved here. What else if you go there. Grc.comemail get your email whitelisted. Oh, I know. There's two checkboxes below there for mailing lists. There's one that he sends out every week. That's the show notes for this show.
Leo Laporte [02:22:39]:
Great to get those on a Sunday or Monday so you're ready for Tuesday's episode. He also has a very infrequently used mailing list for new products, hasn't used it in years. So maybe, maybe someday soon. But do go to grc.com email he also has the show, but he has all of his versions of the show are unlike ours. We have the show at our website, but the stuffrc.com, well, he's got a 16 kilobit audio version. If you've really got limited bandwidth. He's got a 64 kilobit audio version that's still smaller than ours, but full quality. He also has the show notes there.
Leo Laporte [02:23:18]:
If you didn't subscribe to the mailing list, you can just download them there. And a few days after the show, Elaine Ferris will put up a transcript. She's really good. She's a court reporter. She's very good. Does a great job with these. And Steve pays her to do this. So they'll be up there on the, on the page@grc.com a few days after the show comes out.
Leo Laporte [02:23:37]:
You can also get copies of the show from us. We have 128 kilobit audio, which doesn't sound better, it's just bigger. And we. There's reasons, there's reasons for that. We also have video which Steve Wisely has long abjured. That's @Twitt TV SN. There is a video channel on YouTube dedicated to security Now. Great way to share clips.
Leo Laporte [02:23:59]:
I know a lot of times people hear this and say, I got to send this to the boss or the IT department or my mom. Easiest way to do that, go to YouTube. I think it's YouTube.com security now. I'm not sure. You could search for it or go to YouTube.com twit There's a link there to the Security now page. And of course the best thing to do would be subscribe in your favorite podcast player. That way you'll get it automatically as soon as it's available. There's audio and video there.
Leo Laporte [02:24:25]:
If you want to know what's coming up in club events and in general @twit, subscribe to our newsletter. That's free. Twitter TV newsletter. I think that's all the business. Oh, one more thing. Yes, you can watch us live. We do this show every Tuesday right after Mac break weekly, usually around about 1:30 Pacific, 4:30 Eastern, 20:30 UTC. There is a live stream in the Club Twit Discord, but most people end up watching on YouTube, Twitch X, Facebook, LinkedIn or Kik.
Leo Laporte [02:24:54]:
You take your pick. You chat with us on those platforms. I will see that chat. Let's see. After the fact, I told you about that. I think that's it, Steve. You're free to go. Did you.
Leo Laporte [02:25:06]:
Oh, one more thing. You did recommend the Burroughs, and we've been watching it and enjoying it, but Lisa just saw that didn't get renewed, so she said, I'm not watching it because she says it's not going to end there.
Steve Gibson [02:25:19]:
There's a little. A little blurb that said that Geena Davis was very unhappy that it did not.
Leo Laporte [02:25:24]:
She should be. She's great in it. I love her so much. Yeah, a little disappointing. And I don't know how it ends. We're like close to the last episode, and I just afraid if I keep watching that I'll be disappointed. When it doesn't end and then
Steve Gibson [02:25:42]:
ended,
Leo Laporte [02:25:42]:
does it resolve itself?
Steve Gibson [02:25:43]:
Oh, yes. You got a full resolution. And it was one of those things where there was like a little glimmer in the mirror that. That said, oops, something, maybe something didn't quite die.
Leo Laporte [02:25:55]:
I'm shocked. I thought the Duffer Brothers had a, you know, an in with Netflix and that that show would never end, but this is the way of the world. So, anyway, thank you for that recommendation. We've got other shows, too. Yeah, it was really good. Thank you, Mr. Gibson. Thank you, everybody, for watching.
Leo Laporte [02:26:12]:
We'll see you next time on Security now, next week.
Steve Gibson [02:26:14]:
Bye.
