Security Now 1078: DigiCert Breach Response, 21-Year-Old FreeBSD Vulnerability, and AI Model Repository Risks

This episode of Security Now covers several critical cybersecurity developments, starting with a discussion about how major organizations handle security breaches. The hosts highlight DigiCert, a leading certificate authority, as an example of doing things right after a recent breach. Unlike many companies that downplay or delay disclosing incidents, DigiCert promptly reported the issue, took responsibility, and outlined clear steps to mitigate risks. This approach is praised as a model for transparency in the industry, especially given the sensitive nature of certificate authorities, which underpin secure communications across the internet. The hosts emphasize that trust in these entities is essential, and DigiCert's response reinforces confidence in their operations. The conversation underscores the importance of accountability in cybersecurity, where even minor oversights can have widespread consequences. Another key topic is the discovery of a 21-year-old critical vulnerability in FreeBSD, one of the most secure Unix-based operating systems. The flaw, found using AI-driven analysis, allows remote code execution through the DHCP client, meaning an attacker on the same network could take control of a FreeBSD system simply by sending a malicious DHCP response. This vulnerability highlights how even well-audited, long-standing codebases can harbor hidden risks, especially when components are borrowed from other projects (in this case, OpenBSD). The hosts explain that DHCP, or Dynamic Host Configuration Protocol, is a fundamental networking tool that automatically assigns IP addresses to devices, making it a prime target for exploitation. The practical implication is stark: any FreeBSD system using DHCP—whether a server, router, or even a PlayStation—could be compromised if connected to an untrusted network. The episode stresses the growing role of AI in identifying such flaws, which are often missed by traditional security audits. The podcast also delves into the risks of AI model repositories, particularly Hugging Face and OpenClaw's skill registry, which have become hotspots for malicious activity. Hugging Face, a platform hosting over a million machine learning models, has been found to contain hundreds of models with hidden backdoors that execute arbitrary code when loaded. Similarly, OpenClaw's skill registry, where AI agents fetch tools to perform tasks, has been infiltrated by attackers planting malicious skills that steal credentials or hijack systems. The hosts break down how these attacks work: in Hugging Face's case, attackers exploit Python's Pickle format to embed malicious code, while in OpenClaw, skills can inherit the permissions of the AI agent, granting attackers access to sensitive data. The episode warns that the ease of uploading and downloading models makes these repositories attractive targets, and users must exercise extreme caution. The real-world application here is clear: developers and organizations using AI tools must vet models and skills rigorously, as even a single compromised component can lead to a full system breach. The discussion then shifts to a concerning flaw in Microsoft Edge's password management. The browser stores all saved passwords in plaintext, meaning anyone with access to the system—including malware—can extract them without additional permissions. The hosts demonstrate how trivial it is to dump these passwords using basic tools like Task Manager and the "strings" command, which searches for readable text in memory dumps. This revelation is particularly alarming because Edge employs "security theater" by requiring biometric authentication to view passwords in the browser, while the actual data remains unencrypted and easily accessible. The hosts compare this to past issues with Chrome, which has since improved its password security, and urge users to avoid storing sensitive credentials in Edge. The practical takeaway is that users should rely on dedicated password managers with strong encryption rather than browser-based solutions. Finally, the episode touches on regulatory updates, including the FCC's reversal of its ban on firmware updates for certain routers. Initially, the FCC had blocked updates for routers from specific manufacturers, citing security concerns, but this policy was criticized for leaving devices vulnerable to unpatched flaws. The new waiver allows updates until 2029, though the hosts argue the policy still doesn't address the core issue: firmware control is all that's needed to turn a router into a malicious tool. The episode also mentions the reauthorization of the Cybersecurity Information Sharing Act (CISA), which allows private companies to share threat intelligence with the government without fear of legal repercussions. This is framed as a positive step for collaboration in cybersecurity, though the hosts note that broader regulatory challenges remain.