Paul's Security Weekly (Audio) Lasagna DoS, AI Slop, Hacker Ultimatums - PSW #890
Sep 4, 2025
Dive into the chaotic world of cybersecurity as the hosts discuss surprising attacks on legacy IoT devices and the implications of unpatched routers. Learn about a bizarre Lasagna DoS incident that led to server failures and the consequences of outdated firmware. Explore the challenges posed by critical tools maintained by a single developer and the risks of Flipper Zero exploits used in vehicle thefts. Finally, they critique CISA's staffing and transparency issues, advocating for resilient security architectures.
AI Snips
Chapters
Transcript
Episode notes
Prioritize End-Of-Life Device Management
- Track and replace end-of-life devices across your fleet proactively.
- Automate discovery and get machine-readable EOL data from vendors to prioritize replacements.
Legacy Gear Is An Attacker Haven
- Attackers habitually dwell in neglected, unmonitored legacy gear because they offer persistent, unfixed vulnerabilities.
- Lack of visibility and absent patching make IoT and small-business routers high-value attacker targets.
Use Central AAA Instead Of Local Passwords
- Centralize device authentication with TACACS+/RADIUS to avoid storing local credential hashes on devices.
- Remove local passwords from routers so attackers can't dump config files and crack hashes.