Podcast Detail

SANS Internet Stormcast Feb 10th 2025: Podcast Anniversary; SSL 2.0; Exposed Deepseek Installs; Crypto Scam costs

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9316.mp3

previous
next
Podcast Logo
Podcast Anniversary; SSL 2.0; Exposed Deepseek Installs; Crypto Scam costs
00:00

SSL 2.0 Turns 30 This Sunday
SSL was created in February 1995. However, back in 2005, only a year later, SSL 3.0 was released, and as of 2011, SSL 2.0 was deprecated, and support was removed from many crypto libraries. However, over 400k hosts are still exposed via SSL 2.0.
https://isc.sans.edu/diary/SSL%202.0%20turns%2030%20this%20Sunday...%20Perhaps%20the%20time%20has%20come%20to%20let%20it%20die%3F/31664

Deepseek News
Many articles cover various security shortcomings in the Chinese Deepseek AI model. Remember that some of these issues are not unique to Deepseek.
https://www.upguard.com/blog/deepseek-adoption
https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
https://www.nowsecure.com/blog/2025/02/06/nowsecure-uncovers-multiple-security-and-privacy-flaws-in-deepseek-ios-mobile-app/

Crypto Wallet Scam Not For Free
Didier looked closer at the recent dual signature crypto scams. These wallets are not free; attackers must spend money to set them up.
https://isc.sans.edu/diary/Crypto+Wallet+Scam+Not+For+Free/31666