4h • General discussion
Security Now episode #1078 Key Points
Security Now! #1078 — Key Points
=================================
FCC ROUTER WAIVER EXTENDED TO 2029
Reversal of earlier policy that would have blocked firmware updates for
foreign-made routers after March 2027. Already-authorized devices can now
receive security/firmware updates through Jan 1, 2029. Steve's view: the
restriction never made sense — if you don't trust the manufacturer, a
one-year window doesn't help; if you do, no restriction is needed. Netgear
separately got a full conditional pass.
21-YEAR-OLD FREEBSD RCE FOUND BY AI (CVE-2026-42511)
AISLE's AI source-analysis pipeline found a wormable remote command
execution flaw in dhclient, imported from OpenBSD in FreeBSD 6.0 (2005).
Malicious DHCP reply -> root on any FreeBSD machine joining the network
(laptops at coffee shops, PlayStation, etc.). AISLE took a swipe at
Anthropic's Mythos hype ("not model mythology").
LET'S ENCRYPT BRIEF OUTAGE
Gen Y (YE/YR) cross-certified intermediates were issued without the
required serverAuth EKU extension (mandatory for CCADB since June 2025).
They voluntarily halted issuance, fixed config, resumed. Textbook CA
behavior.
MALICIOUS AI MODELS — SUPPLY CHAIN COMPROMISE AT SCALE
HuggingFace: ~352,000 unsafe issues across 51,700 models. "nullifAI"
technique abuses pickle deserialization + 7z compression to bypass
scanners. ClawHub (OpenClaw skill registry): 341 malicious skills out of
2,857, 335 from one coordinated "ClawHavoc" campaign. Snyk found ~36% of
skills have security flaws.
Related recent compromises:
- LiteLLM (PyPI, ~500K creds exposed)
- Bitwarden CLI on npm (90 min, targeted Claude Code/Cursor/Codex/Aider)
- PyTorch Lightning (42 min)
Core issue: AI models execute on load, consumers are automated agents,
attack windows measured in minutes.
CISA 2015 REAUTHORIZATION ON TRACK
Long-term renewal expected before September expiration. Restores
liability shield for private-sector threat-intel sharing.
EDGE STORES ALL SAVED PASSWORDS IN CLEARTEXT IN RAM
Open Edge -> Task Manager -> create memory dump of the browser process ->
strings -n 8 msedge.DMP | find "comhttps"
Returns every saved credential in <url><protocol><userid><password>
format. Meanwhile the UI demands biometrics to view the same creds.
Microsoft: "intended behaviour." Any malware running as that user can
harvest the lot.
LISTENER FEEDBACK WORTH FLAGGING
Rival Security on Mythos: the FreeBSD flaw it found closely matches
CVE-2007-3999 (MIT Kerberos RPCSEC_GSS) — same pattern, same fix shape.
Likely pattern-matching against training data rather than first-principles
reasoning. Steve's take: still a real find, still worrying, just for
different reasons.
Todd Whittaker (CS educator): "AI makes code cheaper while making
judgment more valuable." Supervising AI-generated code still requires
deep mental models (state, abstractions, protocols, concurrency,
parsing/memory -> security).
Randy Krum: cloud LLMs reviewing closed-source code creates exposure
risk; local models (LM Studio, etc.) are the path for proprietary work.
DIGICERT BREACH — MODEL INCIDENT RESPONSE
What happened:
April 2, 2026, threat actor sent ZIP disguised as screenshot through
support chat. CrowdStrike blocked 4 attempts on ENDPOINT1, missed the
5th (prevention setting below standard). ENDPOINT2 had no CrowdStrike
sensor at all (machine predates 3-year log retention, root cause
unknown), compromise went undetected 10 days. Attacker used support
portal's "proxy into customer account" function to harvest
initialization codes for pending EV code-signing orders. Combined with
the approved order, those codes are sufficient to obtain certificates.
Damage:
60 EV code-signing certs revoked. 27 confirmed used by threat actor (11
reported by community, 16 found internally), 33 revoked precautionarily.
Used to sign "Zhong Stealer" malware impersonating Lenovo, Kingston,
Shuttle, Palit (attributed to GoldenEyeDog / APT-Q-27).
Four contributing factors DigiCert documented:
1. Inconsistent EDR coverage (CrowdStrike misconfigured/missing)
2. Insufficient privilege minimization in support portal (proxy
function not classified as privileged access, init codes not
masked)
3. Initialization codes not treated as bearer credentials despite
functioning as such
4. Overly permissive file attachment handling on customer-facing
channels
Why it's the model response:
Full disclosure, fast revocation within CA/Browser Forum timelines,
named what went well + what didn't + where they got lucky, 21 concrete
action items, no rolling minimization. Steve's repeated point: no CA is
expected to be perfect, only to behave responsibly when things break.
DigiCert did.
MICROSOFT DEFENDER FUMBLED THE DIGICERT RESPONSE
When adding DigiCert's revoked code-signing cert thumbprints to
Defender's deny list, Microsoft somehow flagged and removed DigiCert's
root certificates from the Windows trust store as
Trojan:Win32/Cerdigent.A!dha — instantly invalidating every app ever
signed under those roots. Some users reinstalled Windows. Fixed in
Defender signature 1.449.430.0, which also restored removed roots.
Microsoft's statement was non-apologetic and unsatisfying.
1
1 comment
Security Now episode #1078 Key Points
powered by
skool.com/ai-for-life-3967
Practical AI training for work and life. Hands-on lessons with Claude,
ChatGPT, and automation tools. Built for people ready to use AI.
Suggested communities
Powered by