Hello and welcome to the Monday, February 10th, 2025
edition of the SANS Internet Storm Center's Stormcast. My
name is Johannes Ullrich and today I'm recording from
Jacksonville, Florida. Today as I'm recording this, it's
also the 16th anniversary of this podcast. Started all
February 9th, 2005. Didn't actually realize it's already
that long running. Hope you'll enjoy it. Actually, thanks for
some of the feedback that I've gotten based on my request on
Friday. But well, it's not just the podcast that's having
its birthday today. So does SSL version 2. And Jan on
Friday took a closer look at how many SSL version 2 servers
are still connected to the Internet. The absolute number
may surprise people. It's 423 ,000 IP addresses according to
Shodan. Well, however, it is really only a very miniscule
percentage of all the HGP servers exposed to the
Internet in total. So I think this 400,000 number sounds a
bit more scary than it actually is. However, one
thing that Jan points out is if you are finding a web
server that still supports SSL version 2 in your environment.
We're talking about SSL version 2, not SSL version 3.
Chances are that this web server is overall running very
out of date software. The protocol SSL version 3 started
to be deprecated 14 years ago in 2011. So that essentially
means that this particular device, this particular
software has not really received any major updates for
at least a decade. With that in mind, if you do find any of
these devices, let me actually know what you find. I have to
take a closer look at the Shodan data. I suspect a lot
of things like webcams and such that are probably
compromised already anyway or other sort of IoT style
devices. And as so often, probably they're just waiting
for the patch via Power Search. And yes, we still have
to talk about DeepSeek. There's still a lot of
DeepSeek news that has come up in the last few days. Now,
before I dive into some of the issues here, I want to pre
-phrase this a little bit in that these issues are
affecting a lot of AI models. In particular, if they're
installed in a hurry by hobbyists or pretty much
without sufficient controls around these models. So with
that, just a couple of the issues here. Number one, that
apparently there are several thousand of DeepSeek instances
that are exposed to the internet via OLAMA. OLAMA is a
framework that can be used to easily run these kind of AI
models. Basically provide an easy-to-use GUI for it. You
can do the same with open AI models and such. So this is
not something that's specific to DeepSeek and probably
should not be done without specific controls around it
for any model like this. Also, there are still a lot of
analysis of the model itself and what features it may have
when it comes to, for example, censorship and the like. Well,
most models have some kind of parameters around what answers
they will or will not provide. Of course, that often depends
on what the model is being built for. We have on the one
end some of the models, specifically, for example,
designed for creating malware that don't have a lot of
controls around it. With the DeepSeek model, of course, a
lot of the controls are based on some of the political
constraint around it coming from China. The last thing is
also that the model is, of course, reporting home and
also sending data unencrypted. Again, this is not that
terribly unusual if you are using a web application in
order to interact with a model. That web application
usually does extensive logging. It often has a lot of
JavaScript that will, for example, collect keystrokes in
order to interact with the model's APIs. With that being
said, well, it comes back down to a supply chain issue. As
always, you have to trust your supply chain. So if you don't
trust the entity the model comes from, you definitely
shouldn't use it. There's also been some new work with
HackingFace, for example, that there are a lot of models in
HackingFace that are either just vulnerable or outright
include things like backdoors or malicious content. And
there's always a very fine line between vulnerability and
the backdoor. We always have talked about backdoors if it's
an official kind of support password or a password that
was sort of added without telling the user about it. But
sometimes the real backdoors aren't really that easy to
spot. They're really just built as an authentication
bypass that could plausibly be attributed to just bad coding
versus actual malicious intent. And then a quick
follow-up to the dual signature crypto wallet issue
that I talked about last week. Well, did he now actually try
to set up a wallet like this? It turns out you actually have
to pay $23 to the drone network in order to configure
a wallet like that. That sort of supports these dual
signatures. Also, if you check out the podcast episode on
YouTube, just by using the respective keywords, it
attracted some additional spam, scam comments to that
particular YouTube video. I left them up on purpose just
to show basically what's coming in there. Doubt anybody
will fall for it given that I'm talking in that episode
about just that scam. Not sure if YouTube will eventually
remove them. I'll only sort of try to keep sort of one of
each type alive, not too many of them. Well, that's it for
today. Thanks for listening and talk to you again
tomorrow. Bye.
