hpr_transcripts/hpr2491.txt

Episode: 2491
Title: HPR2491: Some news with Finux
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr2491/hpr2491.mp3
Transcribed: 2025-10-19 04:05:29

---

This is HPR Episode 2491 entitled Some New Winfix.
It is hosted by FIX and is about 18 minutes long and carries an explicit flag.
The summary is just a short little podcast on some recent Ish security related news stories.
This episode of HPR is brought to you by AnanasThost.com.
Get 15% discount on all shared hosting with the offer code HPR15, that's HPR15.
Better web hosting that's honest and fair at AnanasThost.com.
Hello and welcome HPR listeners.
This is a voice from the past FIX and thank you for joining me today.
I know it's been a while but you know how things are so I thought I'd pop back and produce a few shows for the feed and see if there are any old voices or ears about that I used to podcast along with.
This episode is going to be a quick look over a few news stories from security that I found personally interesting.
It really shouldn't take too long to listen to. It should be tagged not safe for work but if it isn't be warned it probably won't be safe for work.
So yeah I'm going to cover three stories.
So firstly I'm going to talk about Cloud Flare's Cloud Strike and Sci Hub.
So this story comes from torrentfreak.com.
And it's a quick discussion about Cloud Flare has terminated service to several domain names of Sci Hub which is often referred to as the Pirate Bay of Science.
The content delivery network provider was compelled to take this action in response to a permanent injection the American Chemistry Society obtained later last year.
While Cloud Flare previously objected to similar requests there is no sign of protest from them this time.
So a quick synopsis of what the story really is.
If we remember back to back in the day the Aaron Schwarz or sorry the late great Aaron Schwarz was arrested for basically downloading a number of papers that are stored behind these academic white paper distribute.
Anyone who's been in academia will know that your white paper ends up in some paywall thing that only academia can afford the license for and thus your research is ever only available to the academia world.
And ethically there's some issues here that firstly this all of this content was funded by public funds anyway.
And secondly it really shouldn't be third party companies profiteering of public works but that aside there is a website called Sci Hub which my presumption is is born out of out of what happened to the late great Aaron Schwarz who was arrested a number of years ago for doing something similar.
He downloaded as many of the papers that he could with the aim of putting them online.
He was arrested and treated as though he was some black hacker taking down the internet and basically in the end he killed himself.
After huge amounts of legal BS I mean basically he was guilty of checking too many library books out of the library.
But anyway it seems that the American chemical society is unaware of the barbers strides in effect.
So if they didn't want people to know about Sci Hub or go and visit Sci Hub the worst thing that you could possibly do is actually try and sue someone over it and especially not content providers.
However this is an interesting story because it is almost like nobody learned any lessons from pirate bay and while it's going to cause a little bit of problems for Sci Hub in a short period of time it isn't likely to cause any problems whatsoever at all going forward.
So yay free publicity to make sure that academic papers are available for everyone but not through clown flares I mean cloud strike.
So there's that story and also the next story of God is just a little bit about meltdown inspector interesting story meltdown inspector basically Intel CPUs and AMD CPUs are completely an ugly fucked a lack of a better time.
I'm not going to go to the ins and outs of what the exploiters but so this story comes from Boeing Boeing and it basically talks about a 139 pieces of seemingly non functional malware that exploits specter all meltdown and our circulating in the wild.
This week A.V. test sensors of sample of circulating malware that attempted to exploit the meltdown inspector bug hits 139 up from 77 on January the 17th the A.V. test CEO Andreas marks not to be not related to car marks I presume.
It says that the different strains of malware mostly contain recompiled versions of the same proof of concept code released with the initial report on the bug.
It doesn't appear that any of the exploits work here but it's clear that malware authors are working actively to exploit meltdown inspector and in other news water is wet and also we've heard that fire is hot.
This is an interesting story for a whole host of reasons so they found 139 samples floating around the web that trying to exploit meltdown inspector.
My guess is there's probably a lot more floating around that are functional that are just not being uploaded to a virus total or any of these other websites.
Really meltdown inspector is quite annoying to me as an individual because I actually feel that while they've guys to meltdown inspector under what's called responsible disclosure what it really meant was they were able to give commercial advantages to certain companies.
While Google got to protect itself and its cloud services and all their friends got to do the same they didn't tell people like digital ocean.
So while like Azure was protected other organizations spent a long time trying to catch up also my understanding in this as well as the Google themselves broke the embargo on responsible disclosure with the Intel bug which caught everyone off guard.
But on top of this we also later found out that Intel had spoken to Chinese manufacturers about the bug while it was under quote unquote embargo but didn't notify a number of governments to such security issues as well.
And meltdown inspector is an incredibly dangerous exploit.
So it's really interesting in a lot of different ways I mean I've always been very much against responsible disclosure most because the people that do responsible disclosure aren't actually responsible they just trying to ensure that their product is safer than their competitors.
And this is just another example for me of this going on.
So there's an interesting story because I find incredibly hard to believe that there is no working exploit worm code out there.
And the article doesn't say that but if anybody is log monitoring and seams and so on and so forth you'll probably see a sharp increase of automated scanning going on at the moment a lot more than usual I mean there's always a lot but a lot more than usual.
So this is an interesting story so make sure to be wary of websites there if I remember correctly as well they should be a number of updates that you should definitely be updating anyway but specifically in this case you should be updating to.
Last time I checked my understanding was that only windows 10 was going to be patched to meltdown inspector of course I don't know if that's true or not now I mean it was the case at the time.
I understand that most Linux distributions have been updated now to protect against specter is likely to see a degradation in the performance of your laptop your desktop your server it's going to make things a little bit slower but trust me it's incredibly worth updating without doubt.
So the next docket the next story on the docket is actually about aquifax and a subject matter that's very close to my heart which is third party data breaches so long story short aquifax and there's no bloody justice in the world and this is a story that came from routers dot com and basically I'll read you the quick synopsis of the story.
And anyone who remembers me from the past all know that I have previous to absolutely destroying people's surnames so let's start as we mean to go on but Mick Mulvaney head of the consumer finance protection bureau has pulled back from a full scale probe of how aquifax incorporated for tell failed to protect the personal data of millions of consumers according to people familiar with the matter.
Equifax said in September the hack is still personal data it had collected on some 143 million American citizens Richard Corday then the CFP director authorized an investigation that month said that former officials familiar with that pro with that probe I looked into it.
But Corday resigned in November and was placed by Mulvaney who was the president Trump's budget chief if that doesn't feel you with confidence I don't know what will.
The CFPB which is the credit finance protection bureau as effort against aquifax has splotted since then said several government and industry in the site sources which is code for yay gossip.
Raising the question about how Mulvaney with the police and data warehouse and industry that has a normal sway over how consumers pay to borrow money.
I mean long story short aquifax is a credit ratings agency they collect a huge amount of data on individuals if you are getting credit in the U.S.
The number of other places in the world I may add my understanding is the aquifax breach effects for example 25 million citizens in the UK.
However this company was compromised and their whole incident response to this is absolutely shocking.
So they hold data on people's credit card history on purchases on a whole host of things they were compromised it took them.
My memory serves me between three to six months to notify people that this big warehouse of data this big data tracking technology that we have on a 145 American 143 million American citizens has been stolen by hackers unknown.
Let's take them like I say a couple of months to notify anyone in accordance to this.
On top of this what was also incredibly interesting was the CEO of aquifax who is now resigned also sold shares in aquifax once he found out about the breach.
Well yeah he actually did that so that's kind of interesting but what's doubly doubly horrid about this whole fiasco is that aquifax really treated the data that they collected with little to no respect.
So call me old fashioned but you can't call it an advanced attack technique when the reason that you were compromised is that you were two versions behind on your updates for your Apache Strauss service.
Strauss service knowing that there had been two critical vulnerabilities in that time.
So you know obviously they had little regard my understanding was as they also tried to blame the one person who was responsible for updating their real estate for this problem when clearly it was a when you're holding that type of data you might want to invest.
So now my understanding was the whole of the aquifax board had to leave as a result of all of this.
Now look this data as far as I understand is not on the open market just yet and this isn't to say that it's not on the dark web but I haven't seen anything such as this and I do work with third party data breaches all the time but when this comes out this is going to be incredibly brutal.
And this is really a case of capitalism gone mad too because aquifax answers to this is now they wanted to sell products that would protect you against identity theft which is hugely ironic that the company that made you more riskier towards identity theft is going to sell you a product that will protect you against identity theft which is absolutely crazy.
And I have no doubt that there will be more on this story going forward but like I say it is critically important that aquifax at the very least are investigated so that the tales of this story can at least we can benefit from because if we're all about to get screwed by something like this.
It is important that we have the tales to tell our defenders so that we know where mistakes were made and how we can make sure that things like this don't happen again.
So yeah I'm going to wrap up on this story but yeah they're the three stories that I talked to you today about so just to recap I quickly spoke to you about Syhub I also spoke to you about Matt down a specter and I also spoke to you about aquifax.
But yeah I would wrap the show up I'd like to thank you again for all joining me if you have any questions or feedback or anything like that.
As Lance told said please feel free to email me I'll feel free to ignore it but you can get me a podcast at finnix.co.uk and finnix is F-I-N-U-K and until the next episode I wish you all a good day. Cheers now bye.
You've been listening to heckaPublicRadio at heckaPublicRadio.org. We are a community podcast network that releases shows every weekday Monday through Friday.
Today's show like all our shows was contributed by an HBR listener like yourself. If you ever thought of recording a podcast then click on our contributing to find out how easy it really is.
HeckaPublicRadio was founded by the digital dog pound and the infonomicum computer club and is part of the binary revolution at binwreff.com.
If you have comments on today's show please email the host directly leave a comment on the website or record a follow-up episode yourself.
Unless otherwise status today's show is released on the creative comments, attribution, share a light, 3.0 license.
Thanks for watching.
Initial commit: HPR Knowledge Base MCP Server - MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-26 10:54:13 +00:00			`Episode: 2491`
			`Title: HPR2491: Some news with Finux`
			`Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr2491/hpr2491.mp3`
			`Transcribed: 2025-10-19 04:05:29`

			`---`

			`This is HPR Episode 2491 entitled Some New Winfix.`
			`It is hosted by FIX and is about 18 minutes long and carries an explicit flag.`
			`The summary is just a short little podcast on some recent Ish security related news stories.`
			`This episode of HPR is brought to you by AnanasThost.com.`
			`Get 15% discount on all shared hosting with the offer code HPR15, that's HPR15.`
			`Better web hosting that's honest and fair at AnanasThost.com.`
			`Hello and welcome HPR listeners.`
			`This is a voice from the past FIX and thank you for joining me today.`
			`I know it's been a while but you know how things are so I thought I'd pop back and produce a few shows for the feed and see if there are any old voices or ears about that I used to podcast along with.`
			`This episode is going to be a quick look over a few news stories from security that I found personally interesting.`
			`It really shouldn't take too long to listen to. It should be tagged not safe for work but if it isn't be warned it probably won't be safe for work.`
			`So yeah I'm going to cover three stories.`
			`So firstly I'm going to talk about Cloud Flare's Cloud Strike and Sci Hub.`
			`So this story comes from torrentfreak.com.`
			`And it's a quick discussion about Cloud Flare has terminated service to several domain names of Sci Hub which is often referred to as the Pirate Bay of Science.`
			`The content delivery network provider was compelled to take this action in response to a permanent injection the American Chemistry Society obtained later last year.`
			`While Cloud Flare previously objected to similar requests there is no sign of protest from them this time.`
			`So a quick synopsis of what the story really is.`
			`If we remember back to back in the day the Aaron Schwarz or sorry the late great Aaron Schwarz was arrested for basically downloading a number of papers that are stored behind these academic white paper distribute.`
			`Anyone who's been in academia will know that your white paper ends up in some paywall thing that only academia can afford the license for and thus your research is ever only available to the academia world.`
			`And ethically there's some issues here that firstly this all of this content was funded by public funds anyway.`
			`And secondly it really shouldn't be third party companies profiteering of public works but that aside there is a website called Sci Hub which my presumption is is born out of out of what happened to the late great Aaron Schwarz who was arrested a number of years ago for doing something similar.`
			`He downloaded as many of the papers that he could with the aim of putting them online.`
			`He was arrested and treated as though he was some black hacker taking down the internet and basically in the end he killed himself.`
			`After huge amounts of legal BS I mean basically he was guilty of checking too many library books out of the library.`
			`But anyway it seems that the American chemical society is unaware of the barbers strides in effect.`
			`So if they didn't want people to know about Sci Hub or go and visit Sci Hub the worst thing that you could possibly do is actually try and sue someone over it and especially not content providers.`
			`However this is an interesting story because it is almost like nobody learned any lessons from pirate bay and while it's going to cause a little bit of problems for Sci Hub in a short period of time it isn't likely to cause any problems whatsoever at all going forward.`
			`So yay free publicity to make sure that academic papers are available for everyone but not through clown flares I mean cloud strike.`
			`So there's that story and also the next story of God is just a little bit about meltdown inspector interesting story meltdown inspector basically Intel CPUs and AMD CPUs are completely an ugly fucked a lack of a better time.`
			`I'm not going to go to the ins and outs of what the exploiters but so this story comes from Boeing Boeing and it basically talks about a 139 pieces of seemingly non functional malware that exploits specter all meltdown and our circulating in the wild.`
			`This week A.V. test sensors of sample of circulating malware that attempted to exploit the meltdown inspector bug hits 139 up from 77 on January the 17th the A.V. test CEO Andreas marks not to be not related to car marks I presume.`
			`It says that the different strains of malware mostly contain recompiled versions of the same proof of concept code released with the initial report on the bug.`
			`It doesn't appear that any of the exploits work here but it's clear that malware authors are working actively to exploit meltdown inspector and in other news water is wet and also we've heard that fire is hot.`
			`This is an interesting story for a whole host of reasons so they found 139 samples floating around the web that trying to exploit meltdown inspector.`
			`My guess is there's probably a lot more floating around that are functional that are just not being uploaded to a virus total or any of these other websites.`
			`Really meltdown inspector is quite annoying to me as an individual because I actually feel that while they've guys to meltdown inspector under what's called responsible disclosure what it really meant was they were able to give commercial advantages to certain companies.`
			`While Google got to protect itself and its cloud services and all their friends got to do the same they didn't tell people like digital ocean.`
			`So while like Azure was protected other organizations spent a long time trying to catch up also my understanding in this as well as the Google themselves broke the embargo on responsible disclosure with the Intel bug which caught everyone off guard.`
			`But on top of this we also later found out that Intel had spoken to Chinese manufacturers about the bug while it was under quote unquote embargo but didn't notify a number of governments to such security issues as well.`
			`And meltdown inspector is an incredibly dangerous exploit.`
			`So it's really interesting in a lot of different ways I mean I've always been very much against responsible disclosure most because the people that do responsible disclosure aren't actually responsible they just trying to ensure that their product is safer than their competitors.`
			`And this is just another example for me of this going on.`
			`So there's an interesting story because I find incredibly hard to believe that there is no working exploit worm code out there.`
			`And the article doesn't say that but if anybody is log monitoring and seams and so on and so forth you'll probably see a sharp increase of automated scanning going on at the moment a lot more than usual I mean there's always a lot but a lot more than usual.`
			`So this is an interesting story so make sure to be wary of websites there if I remember correctly as well they should be a number of updates that you should definitely be updating anyway but specifically in this case you should be updating to.`
			`Last time I checked my understanding was that only windows 10 was going to be patched to meltdown inspector of course I don't know if that's true or not now I mean it was the case at the time.`
			`I understand that most Linux distributions have been updated now to protect against specter is likely to see a degradation in the performance of your laptop your desktop your server it's going to make things a little bit slower but trust me it's incredibly worth updating without doubt.`
			`So the next docket the next story on the docket is actually about aquifax and a subject matter that's very close to my heart which is third party data breaches so long story short aquifax and there's no bloody justice in the world and this is a story that came from routers dot com and basically I'll read you the quick synopsis of the story.`
			`And anyone who remembers me from the past all know that I have previous to absolutely destroying people's surnames so let's start as we mean to go on but Mick Mulvaney head of the consumer finance protection bureau has pulled back from a full scale probe of how aquifax incorporated for tell failed to protect the personal data of millions of consumers according to people familiar with the matter.`
			`Equifax said in September the hack is still personal data it had collected on some 143 million American citizens Richard Corday then the CFP director authorized an investigation that month said that former officials familiar with that pro with that probe I looked into it.`
			`But Corday resigned in November and was placed by Mulvaney who was the president Trump's budget chief if that doesn't feel you with confidence I don't know what will.`
			`The CFPB which is the credit finance protection bureau as effort against aquifax has splotted since then said several government and industry in the site sources which is code for yay gossip.`
			`Raising the question about how Mulvaney with the police and data warehouse and industry that has a normal sway over how consumers pay to borrow money.`
			`I mean long story short aquifax is a credit ratings agency they collect a huge amount of data on individuals if you are getting credit in the U.S.`
			`The number of other places in the world I may add my understanding is the aquifax breach effects for example 25 million citizens in the UK.`
			`However this company was compromised and their whole incident response to this is absolutely shocking.`
			`So they hold data on people's credit card history on purchases on a whole host of things they were compromised it took them.`
			`My memory serves me between three to six months to notify people that this big warehouse of data this big data tracking technology that we have on a 145 American 143 million American citizens has been stolen by hackers unknown.`
			`Let's take them like I say a couple of months to notify anyone in accordance to this.`
			`On top of this what was also incredibly interesting was the CEO of aquifax who is now resigned also sold shares in aquifax once he found out about the breach.`
			`Well yeah he actually did that so that's kind of interesting but what's doubly doubly horrid about this whole fiasco is that aquifax really treated the data that they collected with little to no respect.`
			`So call me old fashioned but you can't call it an advanced attack technique when the reason that you were compromised is that you were two versions behind on your updates for your Apache Strauss service.`
			`Strauss service knowing that there had been two critical vulnerabilities in that time.`
			`So you know obviously they had little regard my understanding was as they also tried to blame the one person who was responsible for updating their real estate for this problem when clearly it was a when you're holding that type of data you might want to invest.`
			`So now my understanding was the whole of the aquifax board had to leave as a result of all of this.`
			`Now look this data as far as I understand is not on the open market just yet and this isn't to say that it's not on the dark web but I haven't seen anything such as this and I do work with third party data breaches all the time but when this comes out this is going to be incredibly brutal.`
			`And this is really a case of capitalism gone mad too because aquifax answers to this is now they wanted to sell products that would protect you against identity theft which is hugely ironic that the company that made you more riskier towards identity theft is going to sell you a product that will protect you against identity theft which is absolutely crazy.`
			`And I have no doubt that there will be more on this story going forward but like I say it is critically important that aquifax at the very least are investigated so that the tales of this story can at least we can benefit from because if we're all about to get screwed by something like this.`
			`It is important that we have the tales to tell our defenders so that we know where mistakes were made and how we can make sure that things like this don't happen again.`
			`So yeah I'm going to wrap up on this story but yeah they're the three stories that I talked to you today about so just to recap I quickly spoke to you about Syhub I also spoke to you about Matt down a specter and I also spoke to you about aquifax.`
			`But yeah I would wrap the show up I'd like to thank you again for all joining me if you have any questions or feedback or anything like that.`
			`As Lance told said please feel free to email me I'll feel free to ignore it but you can get me a podcast at finnix.co.uk and finnix is F-I-N-U-K and until the next episode I wish you all a good day. Cheers now bye.`
			`You've been listening to heckaPublicRadio at heckaPublicRadio.org. We are a community podcast network that releases shows every weekday Monday through Friday.`
			`Today's show like all our shows was contributed by an HBR listener like yourself. If you ever thought of recording a podcast then click on our contributing to find out how easy it really is.`
			`HeckaPublicRadio was founded by the digital dog pound and the infonomicum computer club and is part of the binary revolution at binwreff.com.`
			`If you have comments on today's show please email the host directly leave a comment on the website or record a follow-up episode yourself.`
			`Unless otherwise status today's show is released on the creative comments, attribution, share a light, 3.0 license.`
			`Thanks for watching.`