@screaminggoat @buherator you saw current models are affected? Or just that the old one never got fixed.

@screaminggoat not my find. I just saw the expo I’ll being used.

OpenAI Scans for Honeypots. Artificially Malicious? Actions gone wild? @openai https://isc.sans.edu/diary/31196

The world is 16+ hours into what looks like the biggest IT outage in history, triggered by a defective update for Crowdstrike endpoint security software for Windows machines.

https://www.helpnetsecurity.com/2024/07/19/crowdstrike-it-outage-update/

#Cybersecurity #Crowdstrike #outage #EDR

@jullrich @malwarejake @brianhonan

@heatsink will do next time. Thanks!

This happened exactly 40 years ago.

via: https://www.talisman.org/

Due to the June 19th holiday and travel, there will be no podcast for Wednesday and Thursday.

Good weekend with some good dog walks. Need more of it.

The mini PCs for #SANSFIRE arrived. We will give them away during our honeypot workshop and possibly for other raffles.

OS Command Injection. It doesn't get much more severe than that regarding web application/API vulnerabilities. Still, these issues keep coming up in security devices. https://isc.sans.edu/j/osinjection

Interested in joining me at #SANSFIRE? We have some great special events planned. Honeypot Fest, ISC Keynote, great classes, and more. I will be teaching SEC522.. see https://www.youtube.com/watch?v=S81x1I6Ti5c

@Marco Interesting that Europe does it better. I think they also do not allow luggage to be stored under the exit row seat.

I have traveled quite a bit over the years (less recently). Usually, I try to get an exit seat. In probably 100+ flights with different airlines, I remember only ONE instance where a flight attendant did a thorough exit row briefing. She explained how to open the door, what to watch out for, to wait for signals from the cabin crew before opening, and a couple of other things.

Usually, they do the “verbal yes” to acknowledge that you are in an exit row.

Yesterday, the flight attendant didn’t even do that and only made some jokes about the Delta credit card… no wonder most people look at their phones instead of the emergency briefing. :(

@jesterchen will try to cover this in the next episode. thanks for the pointer.

@railmeat @adamshostack Agree. A win for open source and thanks to Andres for finding, and immediately reporting the issue.

A quick note about the xz-utils backdoor:
1 - luckily, no mainstream distros are affected.
2 - most run xz-utils 5.2/5.4. 5.6 is vulnerable
3 - quick check: `xz -V`
4 - This makes you wonder what else is happening. Thanks to people who paid attention
https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094

@kohan @jullrich yes. Typo. But 404 URLs do help to get them to try multiple ways to connect and use real browsers / drop VPNs