April 2024 Patch Tuesday [and Some Spicy Meatballs]

Episode 6   Published April 9, 202426 minute watch

Episode Summary

In this episode, the Automox security team discusses recent security vulnerabilities and patches from Microsoft's Patch Tuesday, focusing on Windows DNS server remote code execution and MacOS memory safety issues. They stress the importance of timely patching, implementing multi-layered defense strategies, and staying informed on security vulnerabilities. They also cover topics on open source software vulnerabilities and the recent XZ outbreak, emphasizing the need to monitor security in lesser-known systems like Mac, especially as they become more popular.

Read the Episode Transcript

Tom Bowyer: Happy Fix Tuesday everyone. April 9th we made it to April. You know the eclipse was nice. Always good to not burn my retinas with cheap eclipse glasses so that is always a solid win. Thanks for tuning in. We got a full house today here at Automox.

Tom Bowyer: and we appreciate you, your continued support. You know, we've kind of crossed 5,000 downloads here at Automox, which is pretty cool for us, being that we're just mostly rambling about security stuff between all of us. So yeah, you know, Tom Bowyer here, and I'm the Director of Security at Automox. And today I'm joined by Cody, Seth, and Henry. They're all on the security team. You all wanna just give some quick introductions.

Henry Smith: Heck yeah.

Cody Dietz: Sure. I'm Cody. I'm a team lead of Security Engineering.

Henry Smith: I'm Henry, Application Security Engineer

Seth Hoyt: and Seth Hoyt, a Security Engineer

Tom Bowyer: Awesome. Thank you all for joining So, you know, there's some, there's some real spicy meatballs and, you know, this is kind of patch Tuesday and really this April has been real spicy. It has been a spicy month already.

As many of us know, you know, we'll probably talk about the XZ stuff later on in the show, but yeah, the, uh, even the macOS stuff that came out earlier this or last month has been, it's still like, it continues on that trend of like, hey, if you process an image in macOS, like prepare for an RCE, which in my mind is just absolute insanity, but right. It's memory safety, maybe one day.

Some other spicy ones came up and the release notes, you know, 2024-26224 which is a Windows DNS server, remote code execution vulnerability.

And, you know, this one was really interesting too. Not a lot of information in the patch notes, but you know, it basically says, right, if you have network access and you can query the DNS server, then you can potentially execute it, you know, as system or execute privilege commands, which in my mind is like, yeah, wow, that that's a hard barrier to get, right? Like, come on, man.

Henry Smith: catastrophic.

Tom Bowyer: it's pretty simple to get into an internal network these days, right? Like that, the secondary access mechanisms and stuff like that are very common. And, you know, this impacts Windows Server specifically, lots of versions of it. So it's, I feel like it's such a juicy target of like lateral movement type. Attacks and you know, Seth, you know, I'm curious your take on these kind of things from, from a defender standpoint.

Seth Hoyt: Yeah, just like you said with the lateral movement, it makes that so easy. So, they use something like this kind of zero day to get in. It makes that hard to block. So it's really important to have other systems in play to be watching for these things, making sure your logging's on point, whatever your SIEM is going to be, Rapid7, Splunk, whatever. Having those networking logs

being ingested so you can, and then, you know, create alerting around those. So you're, you're kind of constantly monitoring those things. So, you know, somebody does get in with one of these things, you at least have a few backups to kind of alert you that somebody's in.

Tom Bowyer: Yeah. And it... Right? Hehe

Henry Smith: Defense in depth, right? Yeah, I think, I really think this was one of those vulnerabilities that really goes to show like, you have defense in depth, you know, it's really important here.

Seth Hoyt: Absolutely.

Tom Bowyer: Yeah. And I expect once like a, a POC drop somewhere, then this will be one of those ones where you'll see in the CTF land or the "Hack-the-Boxes" or, you know, the OSCPs of the world where it's like, you know, enumeration find that the server's listening on DNS and fire payload, you know, with Metasploit or something. And then, you know, it's just feels very much like that kind of attack Avenue.

So another one, you know, that you keep it updated. I know DNS is everyone's favorite nightmare. So a lot of people don't want to update it, right? Like don't touch the DNS server. It's going to break everything. But just...

Henry Smith: Well, this vulnerability is a lot worse than what would happen if you, you know, temporarily take your DNS server down. Imagine this being exploited on your DNS server is so much worse.

Tom Bowyer: Yeah, no kidding. I feel like it's just the never ending quest to keep things updated, right? Like you just gotta stay on top of it. There's no other way. There's no magic fix, especially for this kind of stuff. Like gotta have a maintenance window for your DNS server. Gotta have a maintenance window for AD because it's gonna get outdated and the longer you wait, the worse off it's gonna get. And you know, the more difficult it becomes to update because

Henry Smith: Oh yeah.

Tom Bowyer: Applying a patch here or there is, you know, it might be a little difficult, but rolling full versions is a nightmare scenario with lots of outreach potentials. So definitely things to keep in mind. Moving on, you know, this secure boot one, I feel like it impacts literally everything in Windows, in Windows land, right? Like.

I think every major version is listed in the patch notes. So it's a, that's another spicy meatball. And Cody, I'm just curious what your thoughts are on this one.

Cody Dietz: Oh, yeah.

We're never going to get rid of these apparently. We've had what? I mean, we have like a good 30 of them right now, right? Just this year. And we're just never going to get rid of this vulnerability, but it's something that's just causing headaches everywhere.

Tom Bowyer: Hahaha. Yeah, I think so.

Yeah. Every time I think about like these types of attacks, I think about, you know, the joke, the running joke always was back, you know, 10, 15 years ago, the, uh, at least a lot of the places I worked at, we would have like a screwdriver and on the screwdriver, it was labeled like anti-virus bypass, right? Cause if you had access to the system, you could like open it up and, you know, before encryption and secure boot and those protections were kind of.

in place in the enterprise, right? You could just go grab the hard drive and go about your business. Right. And this, you know, I feel like it opens up and reminds me to kind of back to that time, right, where those protections were just kind of whatever, and a screwdriver will get you what you need.

Cody Dietz: I'm just waiting to see like some sort of UEFI malware that's just taking advantage of all of them this year.

Tom Bowyer: Yeah, true. I don't think I've read much about any of those low level attacks. Right. I, I feel like the, uh, the CPU, the side channel attacks really like exploded and, you know, prior to that, there haven't, um, there hasn't been much, there hasn't been much, you know, for those, those hardware attacks or like the, those low level firmware attacks. I haven't seen much, but.

I guess much like academically, there's been a lot of stuff. I think we talked about the, the hard drive one that we were, we were looking at the other day where using a specifically designed microphone, you could listen to the platters, right? Like, I feel like it's such a, it, those types of attacks are just so like obtuse, right? They don't really make it to the enterprise communications.

You know, there's this kind of fringe, right?

Cody Dietz: That one, that one for sure. Yeah, there was the, there was one, oh, is it last year? There was some sort of UEFI malware and it was, it was using a secure boot bypass to get onto the preload system. And then it would infect all USBs for transmission later. I forget what that was.

Tom Bowyer: Yeah.

Cody Dietz: Yeah, I'd have to go look at it again. But, um, or Black Lotus. Yeah, it was, it was Black Lotus that was doing it.

Tom Bowyer: have to look that up again. No, I don't. I don't. I will have to look that up again, because that sounds like another one of those like, you know, I'm in the data center. I need continued access. I got my microphone set up on the outside of my van, you know, like James Bond stuff going on. Yeah.

Cody Dietz: I don't know if you remember that or not, but... Yeah.

Henry Smith: Right.

Seth Hoyt: Haha

Henry Smith: For real.

Cody Dietz: Oh yeah, that was always the CIA lasers, right? That thing, that was a big one.

Tom Bowyer: And I remember one from like 5 or 6 years ago where they could, you know, you could implant malware into the, you would implant malware. It would cause the, like the hard drive light to flash and, and they would, they flew a drone up to the side of the window and they were able to do data exfil over like a blinking led and a data center and I'm like, yeah. Yeah.

Cody Dietz: Yeah, yeah.

Henry Smith: What? Oh my god. Wow.

Cody Dietz: Yeah.

That was a cool one, yeah.

Seth Hoyt: .

Tom Bowyer: A lot of it's academic, right? Like how, you know, they have these air gap systems, right? All the academic stuff we see, you know.

Cody Dietz: that we see, right?

Henry Smith: God.

Cody Dietz: Oh, what's actually what's that company? There was a company that took over the ice boxes or whatever. I forgot the name of them, but they used to have those rooms that you'd have to go in to read confidential documents in government and for like spies and stuff.

Henry Smith: Oh, like with no windows or anything like that?

Cody Dietz: Yeah. And there's a company that just started a new series of like "WeWorks for Spies." Yeah. And they have a bunch of these anti-vibrations, like there's all this tech around it to make sure that like light doesn't get out, you know, they've got like neutral, like, uh, it's like built into the building, I guess there's neutral density filters, so you can't see anything come out, like they're trying to block all, all sorts of like wavelengths and everything and sound.

Henry Smith: Right.

Tom Bowyer: Hahaha

Seth Hoyt: a Faraday cage.

Cody Dietz: Crazy, we're out of engineering.

Tom Bowyer: Yeah, I mean, that's just stuff you don't think about, right? Like, it's such a deep, you're deep in it now. You're deep in it now. You deep in the water, right? Like that is some deep cut freaking spy stuff going Moving on from Windows, you know, there was a.

Henry Smith: Yeah.

Tom Bowyer: You know, macOS came out with 14.4.1 for Sonoma. And I think a couple others were listed in their patch notes, right? But still the continued like, right? Memory safety issues, you know, CVE 2024-1580 coming out of Google's Project Zero, which is processing. I feel like I've read this every time we do this. Processing an image may lead to arbitrary code execution, which, you know, I don't know how many times we have to talk about Rust internally, but right. Like, I don't know if this, if Rust is the answer here or memory safety is the answer here.

If maybe, you know, the Biden administration needs to write another memo about like memory safety, but man, I feel like Mac is just like the last 10 or 15 updates, this exact thing and you know, like WebRTC or some other mechanism in here. There's like, if you process an image, you're going to get an RCE and it's like operation triangulation all over again, you know.

Cody Dietz: Yeah, so many of these are like, oh, you can input some big arbitrary video and then it just overflows and then you're running it. Yeah, it's weird.

Henry Smith: We just trust user input way too much in our software. And it's just, we're never.

Tom Bowyer: Yeah.

Cody Dietz: Well, it's weird. Yeah, it's weird too, because it's constantly always around media with Mac. And it's just like there's so many of these edge cases lying around everywhere.

Tom Bowyer: Great. Yeah, no, it is very media focused, right? Which is, it's really quite interesting because, like I said before on the show, many a times, I feel like the research into Mac and how it's doing a lot of the, how it's handling a lot of things, media, networking, like I feel like it's just been heavily researched the last 2 or 3 years. And, you know, true.

Cody Dietz: And at the same time, not like, you know, if you look around at the industry, a lot of people, I was reading a Reddit post yesterday actually, where somebody asked about macOS pen testing and, you know, how is that for a career? And the overwhelming response seemed to be either nobody does it or a couple of people arguing that Mac is hardened right out the gate and you don't have to do anything. And I was just like,

Tom Bowyer: Thanks for watching! Mmm.

Henry Smith: Love that argument.

Seth Hoyt: about that.

Cody Dietz: Yeah, so, yeah, that probably needs more pen testing and love.

Tom Bowyer: and we still. Yeah, like are we still living in that commercial, you know, the Mac vs. Windows commercial from like the late nineties, wasn't it? Or the early 2000's, you know, it's like, we don't get viruses.

Seth Hoyt: Yeah. Yes.

Tom Bowyer: Maybe.

Henry Smith: I also think it's kind of ironic, you know, well, first of all, Project Zero just never ceases to amaze me. Like the folks that participate in that competition, just insanely intelligent. Um, but I also think it's kind of ironic that a Google sponsored event is finding vulnerabilities and, uh, if someone you consider a competitor of them. That's always fun.

Tom Bowyer: Yeah.

Yeah. I mean, it's just like, they're probably all thinking the same thing, you know, Mac's got some weird media stuff going on here. Let me just keep digging in and seeing what I can find. It's just, it has a lot of rings to the ImageMagick stuff from.

Henry Smith: Right.

Tom Bowyer: a few years ago, right? Remember where it's like, everyone was worried about ImageMagick. And if you uploaded an image, there was Insta RCE type, all those amazing attack vectors in ImageMagick, right? And it's kind of par for the course cause I feel like everyone trust images. Right. Like what can you really do with an image? And turns out, you know, you could probably overflow and do some kind of arbitrary code execution. Which is just...

Henry Smith: out

Tom Bowyer: And I think we talked about it last episode, but, you know, we were discussing like some of these subsystems probably really haven't been touched very much in the last 10, 15, 20 years. They've just kind of been maintained and, you know, pushed along and left to, you know, give it to the guy that knows C in the back corner, right? While we're over here writing.

Henry Smith: Ha ha ha.

Tom Bowyer: You know the new cool stuff so

Cody Dietz: Definitely need more people looking at Mac. In fact, actually, ThoughtCon last year, we had a lot of really good talks like around Gatekeeper and everything. So we see a lot of research in the community, but yet it's like pales in comparison because everybody thinks Linux and Windows for enterprise. But as Mac starts to get more market share, that's gonna quickly start to hurt us.

Tom Bowyer: Yeah. Like Windows runs the users and Linux runs to servers, right? Like there's, I can see why lots of research is kind of pointed in those directions because it's so, it's so impactful, especially like the core of the internet, you know, it really runs on Linux. So

Cody Dietz: Yeah.

Tom Bowyer: Fun times. I know right. Anyway. Yeah. Racks and racks of Mac minis, you know.

Cody Dietz: One day we'll have all those Mac servers.

Axe of Mac minis. I worked somewhere that we had that, so...

Henry Smith: When you said ImageMagick, I feel like I see that in every other CTF.

Tom Bowyer: Isn't it right? That's such a common thing is the ImageMagick stuff, right? It's like, Speaking of Linux, man, it's been a spicy couple weeks for, for open source and in the, the Linux community with, with XZ, the XZ outbreak, whatever we're, whatever we're calling it, CVE 2024-3094.

Seth Hoyt: Yep.

Henry Smith: Yeah. Yeah

Seth Hoyt: Nah.

Tom Bowyer: I'm sure everyone that's listening has heard about it, but, um, you know, essentially what's happened is XZ, which is kind of a collection of open source utilities was basically backdoored. And, you know, the, the developers of the package, right? Like, and, you know, Cody, I'm really curious your take on this, but, you know, in my mind, it's like open source, you know, everyone's thoughts on it have always been.

The more eyes, the better, right? But truly in this case, that's 1 or 2 developers. They're tired. They're probably working full time. They don't want to maintain it. You know, they don't, or they, you know, initially enjoyed doing it and now they don't because it's underfunded. No one wants to contribute. They have a whole bunch of bugs to deal with. So someone comes along a couple, you know, 2, 3 years and.

starts making changes to it, makes performance improvements, and you start to kind of relinquish control to them. And in this case, it turns out that was a really horrible mistake.

Cody Dietz: Yep, yep, yeah, just building up that rapport over time. And we see it in a few, we found a few other ones that are currently being analyzed too. So this may be spread out more than just XZ but and not necessarily by the name Jia or Jia Tan actor. But yeah, I know it was very interesting that they did this very long, slow play

Tom Bowyer: Mm-hmm.

Cody Dietz: actively contributing and then slowly putting in back doors and giving interesting justifications for a lot of these, right? Especially one of the other ones that's under analysis is Libarchive. This was actually by Jia Tan where they moved to an insecure version of printf, I think was what it was. And it allows for

Tom Bowyer: Great. Hehehe

Cody Dietz: arbitrary control sequences to be ran. So when they're, you know, when they're unzipping an archive, you can now potentially embed control sequences and have that run in the terminal.

But at the same time, it was also interesting to see that right as everything got pushed in, you know, so they finally got a working exploit or this working backdoor in the code. It was interesting that for all of the carefulness that they did, they suddenly went to creating a lot of these fake accounts everywhere. As we found the one that I think was Hans Jensen, it was one of the first ones we saw. And, you know.

Tom Bowyer: Yeah.

Cody Dietz: They tried to shroud it, right? So they created this new accounts and then they, they tried to go to a bunch of places and have them push for this upgrade to one, what was it, .6.1 I think was, or .6.0 and .6.1. And, but then they would try to shroud it with a commit history by going and taking old commits of other projects and then just randomly updating them.

Tom Bowyer: Mm-hmm. Yeah.

Cody Dietz: And I think we spent like that entire last weekend going through. I don't even know. Probably like 50 commits. Cause each of these commits had, you know, a good 2,000 to  Some of them had like 15,000 lines of code. And, um, yeah. And in all of those cases, it's like they, they tried to not do anything in these, you know, and just try to build up that credibility, uh, in other places.

Tom Bowyer: Right.

Cody Dietz: Uh...

Tom Bowyer: Yeah, like those commit, those commit sizes are always like, you know, I always feel bad when I see commits that large, because it's just like, no one's actually going to read all that. Like, let's be honest, no one's going to go line from line for any of that. Like you might see a principal dev or something dig in a little bit, but they're mostly just going to be like, do a 15 second scroll up and down real quick and be like, looks good to me.

Henry Smith: right, and maybe run some kind of analysis tool if you're lucky.

Cody Dietz: Uh, and think about that too, you know, one of the reasons it was even caught was due to Valgrind and a bunch of Valgrind failures. And they actually had 3 or 4 devs, um, which I don't think that they were complicit, I think it was just that they were able to convince them that these Valgrind issues were an issue with Valgrind. And I saw that like they were trying to get these, uh, push through, through other good developers.

uh, you know, saying, Hey, it's okay. You know, we're seeing the same thing and this seems to be a bug and whatever. Um, yeah, this whole very interesting affair.

Tom Bowyer: scale. Yeah.

Henry Smith: not to mention too, you know, they also became contributors of OSS fuzz to try and disable, I think it was like ifunk to prevent OSS fuzz from picking up on it. That is, that was crazy.

Tom Bowyer: Right. Yeah.

Cody Dietz: Oh yeah.

Oh, and the meme commit where they removed all the information and security, the security mark and then they were like, Hey, you know, privately, privately let us know and it'll take like 90 days or something. And it was just trying to maximize their, you know, time on the market. I think they hit what? 30? Yeah. I think they hit 34 days, right? Yeah.

Tom Bowyer: Oh yeah, I did see that too.

Henry Smith: Yes.

Tom Bowyer: their window of opportunity. Yeah.

Henry Smith: Yeah, their patience was incredible for sure.

Cody Dietz: Yeah, up until that last bit though, like I said, I think that's where they failed. If they didn't have so many people, like if they didn't take a bunch of these accounts that were either, you know, stolen or paid for, which had like zero commit history in a long time, but that had commit history, so they were trying to use it as social credit, or just creating one of these fake accounts, I think that this would have lasted a lot longer. Or, you know, maybe they could have continued.

Tom Bowyer: Yeah.

Cody Dietz: trying to make little arguments against some of these things, like with Valgrind or for the, I saw one of the mailing lists right off the bat where, you know, they, they reverse engineered some of the shell code and they might've been able to keep it, keep it down. Cause I think, I think, uh, GitHub, right? GitHub brought it down and Salsa brought it down because of all of these other fake accounts. So that's what I wonder, like,

Tom Bowyer: Mm-hmm. Yeah.

Cody Dietz: If this was just a very siloed event, would they have brought all of this down? And what their remotes have brought down the, you know, the affected tarballs.

Tom Bowyer: Yeah. I mean, I assume so because it's just the abuse potential and right. Like I assume GitHub doesn't want to be associated with it at all. Right. Like they try to do a good job of cleaning up all the, the nefarious stuff, right. But like, I mean, there's plenty of tools hosted out there, like PowerShell empire and stuff, right. Mimikatz and the like where it's like for.

Seth Hoyt: Good.

Cody Dietz: Oh yeah. No, I just want-

Henry Smith: Yeah. Oh, it's just research. Right, yeah.

Cody Dietz: Yeah.

Tom Bowyer: educational purposes only quote unquote and it's like in everybody's exploit kit ever on the on anything you know

Seth Hoyt: Yeah.

Henry Smith: Yeah.

Cody Dietz: Oh yeah, no, I just more meant like would GitHub have pulled this down if it weren't for all the obvious fake accounts trying to push it, right? Like if this were such a minimal, like if they would have went the route of trying to keep slow rolling it and just made a minimal fuss throughout all of it. How long could they have kept this going?

Tom Bowyer: Great.

Yeah, very true. I also find it interesting that it ended up in, um, you know, brew homebrew on Mac. Right. Like it obviously Mac's not impacted because of that. That was checks in the very beginning, but that's how homebrew works. Right. It pulls down the code. It does a configure and it doesn't make like it builds it from the tarball.

Cody Dietz: Yeah.

Tom Bowyer: And when I first saw this, I'm like, oh God, this is going to be a nightmare scenario. Um, but luckily, you know, the, the maintainers of, of brew quickly reverted back to, you know, 5.4.5 or whatever the version was, but still it was like all those commits came from the same person and they are malicious. I didn't check on what they were doing now about it because I know they, they tore down the repo and it's probably still hosted on SourceForge or something. right? Cause

homebrew pulls from like GitHub, SourceForge, random thing that people submit to you. Bitbucket, all those fun things.

Henry Smith: Bitbucket.

Cody Dietz: random post-insight yeah it's me all those random gitty

Henry Smith: GitYa

Tom Bowyer: Yeah.

Henry Smith: I just really though, I admire the intuition that the Microsoft employee had and the curiosity, that led them to ultimately reporting the backdoor and pretty much saving the world from it.

Tom Bowyer: Yeah.

Cody Dietz: Yeah. Hey, why did this thing take extra milliseconds?

Tom Bowyer: right yeah no kidding yeah I do appreciate that because it's you know it takes people like that to counter you know from the other side right

Seth Hoyt: Yep. Hehehe

Henry Smith: Seriously.

for real. They could have just wrote it off, you know? It's like, oh, it's just running slow, whatever, but they really dug deep.

Tom Bowyer: You know?

Cody Dietz: Yeah, and it was over what 3 failures that were in, he couldn't replicate them. Right. So, right. He couldn't replicate them easily. So yeah. Yeah. I think there's a lot of people that just gave up. It's called a bug.

Tom Bowyer: such an, yeah, no kidding. That persistence, you know, is, it's an important skill. You know, just digging in and I gotta figure this out, you know, I can't sleep until I know why 500 milliseconds is, my test is slower by 500 milliseconds. Like I, I appreciate that. Yeah, like I found this weirdness in this package. Maybe I should say something to somebody.

Henry Smith: Yeah and then reporting it, you know, yeah.

Tom Bowyer: You know, cause I'm sure he's like, Oh man, if I, all these security people, they're going to, you know, they might tell me, I'm, I've lost my mind or something, you know, it takes a lot of courage to kind of report that stuff, especially on like Open Wall and, you know, those kind of old school distros. Right. It's very well.

Henry Smith: Right.

Seth Hoyt: That's the only good thing he did.

Cody Dietz: Learning point for everyone on YouTube, if you see something funky, deep dive.

Tom Bowyer: Yeah, no kidding. No kidding. Any last thoughts anyone before we kind of wrap this up?

Cody Dietz: We could put our conspiracy hats on and think about where the actor came from based on their commit history and stuff.

Tom Bowyer: I mean, we can save those for our 3AM conspiracy podcast, you know? Going over shortwave radio.

Cody Dietz: Yeah, that's right. That's right. Tom and I are going to be re we're going to kick off the new coast to coast.

Seth Hoyt: I was gonna say, Coast to Coast AM, baby, let's do it.

Tom Bowyer: Heck yeah, dude. Vuln to Vuln! Yeah, there we go. We get this deep dive at 3am and talk about state actors.

Seth Hoyt: It could be Vuln to Vuln AM.

Cody Dietz: Vuln to Vuln! yeah, there we go!

Seth Hoyt: Now, nobody steal that, that's now copyrighted. Might already exist, I don't know.

Tom Bowyer: Yes, it is.

Cody Dietz: in the woods.

Tom Bowyer: It probably does. Anyway.

Henry Smith: So how long until the next XZ incident?

Cody Dietz: I give it a week.

Well, they still have those active investigations right now, right? There is what it's, it's spidered out into, I think, 9 other repos, something like that. And there's, there's not a lot of evidence for most of them, but I think there's 2 or 3 in particular that, uh, um, either Jia Tan had contributed to, and it looked like they were contributing. Like I said, it was LibArchive and the control sequence stuff. And then there was another one that looks like it was the same sort of.

Tom Bowyer: It was already... Right. Yeah.

Cody Dietz: a thing with a different user, you know, maybe a different user who knows. Um, so I'm sure this is, this is probably just, uh, scratching the surface of probably a lot of other, cause there's no way they put all their eggs in one basket, right? Like whoever this was. So.

Tom Bowyer: Yeah. Yeah, absolutely not.

Agreed. Well, thanks everyone for joining on this wonderful Tuesday. Hopefully you didn't burn your retinas with knockoff eclipse glasses. And I wish everyone a happy, happy Tuesday.

Takeaways

  • Implementing defense in depth strategies, such as monitoring network logs and creating alerts, can help detect and respond to attacks.

  • MacOS has been consistently vulnerable to memory safety issues, highlighting the need for better security measures.

  • More penetration testing is needed on MacOS to identify and address vulnerabilities.

  • It is ironic that Google, a competitor of MacOS, is finding vulnerabilities in their software. Pay attention to security vulnerabilities in lesser-known systems like Mac as they gain more market share.

  • Open source projects face challenges due to lack of maintenance and underfunding.

  • Malicious actors can exploit vulnerabilities in open source software, highlighting the importance of thorough code review and testing.

  • Persistence and curiosity are key in uncovering security issues and reporting them.

  • The XZ outbreak serves as a reminder of the potential risks associated with relying on unmaintained code.