New Episode of Security Now: Security Now 1064

In this episode of Security Now, Steve Gibson and Leo Laporte discuss a variety of topics related to cybersecurity, privacy, and emerging technologies, including artificial intelligence (AI). Here is a detailed summary of the key points discussed. The episode begins with a discussion on the security of an application called Open Claw. Steve Gibson highlights that there is practically no security built into this application, raising immediate concerns. Leo Laporte shares a personal anecdote where he installed Open Claw and felt so uneasy that he decided to uninstall it. This conversation underscores how quickly new technologies can pose security risks, even for savvy users. Another major topic addressed is the use of AI for coding applications. Steve mentions that he has received emails from IT security professionals in corporate environments questioning the security implications of AI generating code. Although AI does not create classic vulnerabilities like buffer overflows, it might not account for all the subtleties that attackers could exploit. Steve and Leo discuss the need to remain vigilant against this ever-evolving technology. The podcast then explores the process of collecting fines related to the General Data Protection Regulation (GDPR) in Europe. Steve reveals surprising figures: out of the €4.04 billion in fines imposed by the Irish Data Protection Commission (DPC) over the past six years, only €20 million has actually been paid. Most of the fines are either under appeal or being contested in court, preventing their collection. This situation shows that unpaid fines remain more of a threat than a financial reality for companies. Another important theme is the increasing adoption of offensive cyber operations by Western democracies. Steve explains that countries like Denmark, Germany, Finland, France, and others are updating their legal frameworks to allow for offensive cyber actions. These changes are driven by the need to respond to increasing cyberattacks and influence operations, particularly due to the war in Ukraine. Steve notes that the United States, although it has already conducted many offensive cyber operations, is also considering expanding its capabilities in this area. Steve and Leo then discuss Operation Midnight Hammer, a U.S. military action combining airstrikes and cyberattacks against Iranian nuclear facilities. According to exclusive reports, a targeted cyberattack by the U.S. Cyber Command prevented Iran from launching its surface-to-air missiles against American aircraft. This operation demonstrates the growing integration of cyber capabilities into conventional military operations. Steve expresses his relief that the United States has effective offensive cyber capabilities to protect its military forces. The podcast also addresses the dangers of using AI as an emotional companion. Steve shares a TechCrunch article describing users' reactions to OpenAI's decision to retire the ChatGPT-4.0 model. Many users expressed a sense of loss, comparing the deactivation of this model to losing a friend or partner. Steve highlights the risks of emotional dependence and the potentially dangerous consequences for vulnerable individuals. Finally, Steve discusses a binding operational directive (BOD) issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). This directive requires federal agencies to disconnect end-of-support (EOS) devices connected to public networks. CISA warns of the high risks of these devices being exploited by malicious actors. Steve emphasizes the importance of this directive in reducing the risks of cyberattacks against critical infrastructure. In conclusion, this episode of Security Now provides an overview of the current challenges and developments in cybersecurity, privacy, and the use of AI. The discussions highlight the importance of staying informed and vigilant against new threats and technologies.