SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Internet Stormcast Feb 10th 2025: Podcast Anniversary; SSL 2.0; Exposed Deepseek Installs; Crypto Scam costs
4 snips
Feb 10, 2025 Celebrate 16 years of cybersecurity insights while discussing the age of SSL 2.0, which turns 30 but still has over 400k hosts exposed. Delve into alarming security flaws in the Chinese Deepseek AI model, highlighting various deficiencies. Learn about the intricacies of dual signature crypto scams, revealing that these wallets actually require financial investment to set up. Join in on a blend of nostalgia and critical reflections on current cybersecurity threats!
AI Snips
Chapters
Transcript
Episode notes
SSL 2.0 Prevalence
- While 423,000 SSL 2.0 servers sounds alarming, it's a tiny fraction of all HTTPS servers.
- Finding an SSL 2.0 server likely indicates broader outdated software and vulnerabilities.
Reporting SSL 2.0
- Report any SSL 2.0 servers found in your environment to Johannes Ullrich for further investigation.
- Many such devices, like webcams, are likely already compromised due to outdated software.
Deepseek and AI Model Security
- Deepseek's security shortcomings aren't unique; many AI models, especially those hastily deployed, share them.
- Issues include exposed instances via OLAMA, censorship features, and unencrypted data reporting.