Hello and welcome to the Tuesday, January 6, 2026
edition of the SANS Internet Storm Center's Stormcast. My
name is Johannes Ullrich, recording today from
Jacksonville, Florida. And this episode is brought to you
by the SANS.edu gradutate certificate program in
cybersecurity engineering. And just thought about a little
sort of contest for the beginning of the year. Let's
see how often I'll say 2025 in the introduction. I avoided it
today, but we'll sort of revive something I've done in
the past. If you do find a mistake in the podcast, as
simple as me mentioning the wrong year, I'll actually give
away some Internet Storm Center stickers. Just send me
an email or a message via the Internet Storm Center contact
form, and I'll set you up with a claim code for a sticker.
And the diary today was about something that I've observed
more and more in recent months, and that's people
deploying nano KVMs. Nano KVMs, they have become popular
last year. I think beginning last year is when they sort of
first became available. And it's a very handy device in
that it allows you remote access to a machine via the
web browser. That's equivalent to having physical access to
the machine, including doing things like reboots, but
definitely sort of getting a keyboard and the mouse and the
screen access to the remote machine. So real handy device.
What's the problem? Well, the problem is sort of your
typical IoT problem that these devices, of course, are now
starting
sort of around $35. Some of the older devices like the Pi
KVM will set you back almost 10 times as much, sort of in
the $200 range to get that fully set up. Never mind
things like Dell, DRack cards and things like that, that of
course provide much more sophisticated access to
specific servers. So the problem here is that since
these devices are meant to give you sort of emergency
access to your devices, they're often exposed to the
internet. And that's like with all IoT devices where the
problems start. So summarized a couple tips here in how to
better secure them. Probably the most useful thing here.
And luckily the Nano KVM and some of the competitors like
Pi KVM and such also support it. And that's TailScale.
That's a VPN solution that's specifically designed sort of
for home systems and systems with dynamic IP addresses to
give you easy and straightforward access to
those remote systems in a reasonably secure manner.
Anyway, if you have one of these devices, if you have any
other feedback, let me know. There has also been quite a
bit of talk about the overall security of the software stack
in these devices and whether or not there may be some
hidden back doors. I don't really think there are any
intentional back doors, but I think at this point this is
really sort of a matter of opinion. And if you do give
any device like this, this very direct physical access to
your systems, well, you better trust it. And that's really a
decision that you have to make yourself. I linked to some of
the other works of looking at the secure of these devices in
the diary. And since I just mentioned TailScale, I also
ran today into an interesting GitHub project, TailSnitch.
The purpose of TailSnitch is to audit your TailScale
configuration. So if you're relying on TailScale to secure
access to your resources, then that's definitely a script
that you probably should take a quick look at and see if
anything within your TailScale setup is misconfigured. There
are a couple of issues that you can run into, like things,
for example, systems configured as routers or such
that may give access to the rest of your network. Not 100%
sure yet. I still have to run it to see what TailSnitch is
exactly looking for here. But they're saying they're
checking for about 50 different configuration issues
within TailScale. Let me have a vulnerability that I've
actually not really seen covered much. And that's a
vulnerability in the SNMP trap demon. That's a very commonly
used piece of open source software that is collecting
information from SNMP traps. Sadly, it suffers from a
buffer overflow that then can lead to a remote code
execution. It has a CVSS score of 9.8. So definitely
something that you should address. As I say so often,
this should not be really exposed to the outside of your
network. But even internally, a vulnerability like this can
often cause quite substantial damage because this SNMP trap
demon is often running also on basically network monitoring
systems and such. So it may actually give an attacker
access to a more valuable system that they can then
abuse to, for example, get additional SNMP configurations
and passwords and such that allow them to then actually
affect the rest of your network. So certainly think
that this is something that you need to pay attention to.
And thanks to the listener who actually alerted me of this
vulnerability. I would not have seen it otherwise. Well,
and that's it for today. So thanks for listening. Thanks
for liking and recommending this podcast and talk to you
again tomorrow. Bye.
