Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
202
hpr_transcripts/hpr4081.txt
Normal file
202
hpr_transcripts/hpr4081.txt
Normal file
@@ -0,0 +1,202 @@
|
||||
Episode: 4081
|
||||
Title: HPR4081: The Oh No! News.
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr4081/hpr4081.mp3
|
||||
Transcribed: 2025-10-25 19:21:10
|
||||
|
||||
---
|
||||
|
||||
This is Hacker Public Radio Episode 4,081.
|
||||
From Monday the 25th of March 2024, today's show is entitled The Oh No News.
|
||||
It is part of the series' privacy and security.
|
||||
It is the 60th show of some guy on the internet and is about 12 minutes long.
|
||||
It carries a clean flag.
|
||||
The summary is, Scotty gives us some moral panic-ridden pearl clutching nonsense.
|
||||
Hello and welcome to another episode of Hacker Public Radio.
|
||||
I'm your host, some guy on the internet.
|
||||
This is The Oh No News, let's get started.
|
||||
Qnet warns of critical off bypass flaw in its nest devices.
|
||||
All right ladies and gentlemen, this article is coming from bleeping computers.
|
||||
And the beloved QNAP competitor to Synology, you know those little in-house cute boxes.
|
||||
The beloved NAS in a box.
|
||||
Yeah, you know the ones.
|
||||
What they've got a little bit of vulnerability here is actually three vulnerabilities.
|
||||
One of them, which is label CVE 2024 21 899, is marked as low complexity
|
||||
and it can be executed remotely.
|
||||
So three vulnerabilities in total.
|
||||
One can be executed remotely.
|
||||
The other two just sort of play off of the first.
|
||||
I'm not going to go into too much detail with it.
|
||||
All you need to know is if you have a QNAP device and they have the models listed in the article here.
|
||||
It's the QTS models, the QTS 5.1, QTS 4.5 models,
|
||||
as well as the QUTS hero and the QUTS cloud models.
|
||||
I believe version 5 and 4.5 are the models that are affected by this vulnerability.
|
||||
However, there's a simple fix.
|
||||
They've already patched it all you have to do is update.
|
||||
The article also walks you through on how to update from the UI.
|
||||
You know, go to the control panel, click on systems, firmware update, check for updates.
|
||||
Your system should pull down updates and you'll be good to go.
|
||||
So if you or a loved one are using QNAP devices, just go ahead and perform an update.
|
||||
Now, the article does go on to tell us a little bit more about a few ransomware groups
|
||||
that are currently targeting QNAP devices like deadbolt, checkmate, and Qlocker.
|
||||
But like anything that's on the internet, it is an attack surface.
|
||||
So you can always want to stay up to date.
|
||||
Not only that, you're also going to want to back up your data.
|
||||
Backing up your data is a surefire solution to prevent ransomware attacks
|
||||
or actually won't prevent the ransomware attacks, but it'll allow you to recover from a ransomware attack.
|
||||
See, that story was just a nice little warm-up.
|
||||
It was a refreshing cup of tea in comparison to the next story.
|
||||
Switzerland, play a ransomware leak 65,000 government documents.
|
||||
Yeah, hi!
|
||||
Can you say yikes?
|
||||
I know Switzerland likes to take that neutral stance,
|
||||
but right about now, they're going to have to be firing up a storm.
|
||||
So yeah, they're going to have to do some let-goals.
|
||||
65,000 government documents were leaked.
|
||||
And it seemed like a lot of files were in Switzerland's justice department.
|
||||
So they're covering agencies like the Federal Department of Justice,
|
||||
the state secret rate of migration, internal IT Service Center,
|
||||
the Federal Department of Defense, Civil Protection, and Sport.
|
||||
They even said that around 5,000 of the documents were just flat out personal information.
|
||||
We're talking about names, email addresses, telephone numbers, and home addresses,
|
||||
along with the good old technical details, like their classification information.
|
||||
Oh, and let's forget about, let's definitely not forget about their account passwords.
|
||||
We're also a part of that.
|
||||
Yeah, and I like the way how in the article,
|
||||
they sort of shrink away, like, you know, lean close to the microphone and whisper.
|
||||
Yeah, a small subset of the data that was leaked,
|
||||
containing software and architectural data, along with more passwords.
|
||||
Yikes!
|
||||
I can't imagine having to do the presentation for that one, right?
|
||||
Can you imagine having to put together a PowerPoint and a standard front of a bunch of guys
|
||||
in the government and explain how this happened?
|
||||
What you see, what happened was, those guys over there did it.
|
||||
Yeah, it's not my department, it's the other guys that did it.
|
||||
If you could fire anybody, fire them, I knew I should have went to work at Google.
|
||||
All right, so there'd be a little bit more clear.
|
||||
Explain is a company that contracts to work with the Switzerland government.
|
||||
So if you want to split hairs, you can say it's not actually the government that was breached,
|
||||
but the company that was contracted to perform these tasks for the government.
|
||||
Nonetheless, the government employees and government data was still lost due to the attack.
|
||||
Well, this just goes to show you Switzerland should have hired me
|
||||
because I could have got them breached for a quarter of the price they paid.
|
||||
Explain, you understand?
|
||||
And we would have got a lot more jokes out of it as well.
|
||||
And here's one of the things that I think is kind of funny.
|
||||
They mentioned that analyzing the delete data, right?
|
||||
Saying that this is legally complicated.
|
||||
Let's stop and think about it.
|
||||
It's already broadcasted on the internet for everyone to see how much more complicated,
|
||||
you know, how much more complicated could it get?
|
||||
And you know, let's make sure only the appropriate containerized agency departments
|
||||
with only the specialized individuals in their perfectly positioned cubicles
|
||||
have access to this documentation that we found on the great wide open.
|
||||
I don't see any information on how the attack was carried out.
|
||||
You know, we don't know if this was like a sis admin hunt or a fishing type attack
|
||||
or anything with that information is just not present.
|
||||
And I'm willing to bet it's because somebody used password one, two, three.
|
||||
Now I need to be clear, the article did not say that, but I wouldn't put it past
|
||||
them either, right?
|
||||
You got one individual somewhere in this investigation that had password one, two, three.
|
||||
Well for the Swiss government or explain, you got my email, go ahead and contact me.
|
||||
I can only promise you one thing that the next time you get breached, at least with
|
||||
me on board, you'll have a much better time will throw a breached barbecue will do it
|
||||
almost like one of those gender reveal parties, except rather than revealing the gender,
|
||||
we'll be revealing how we got breached, right?
|
||||
And the name of the person who, who, who was that ground zero during the attack, right?
|
||||
Whoever was targeted for the attack, put them on blast.
|
||||
So you imagine how hard it would be to get hired after something like that.
|
||||
So we probably wouldn't do that.
|
||||
That would be too mean.
|
||||
You imagine putting like, okay, we have determined that the person responsible for the breached was
|
||||
DNT.
|
||||
If you have any questions concerning the breach, contact DNT.
|
||||
Oh, that one was a toughy, maybe we should move to something a little bit lighter.
|
||||
Let's move over to dark reader for just a moment.
|
||||
Spoof to zoom, Google and Skype meetings spread corporate remote access Trojans.
|
||||
Now this story brings me back to a time when Microsoft mentioned in the past that they
|
||||
were going to be making it possible for Android apps to run on Windows.
|
||||
Does anybody remember that now Windows, which is already just flooded with malware because
|
||||
they have the largest, they have the largest user population.
|
||||
The vast majority of machines you buy out there today come preloaded with Windows.
|
||||
So that's understandable.
|
||||
I'm not faulting them for having malware when you have a large user population.
|
||||
Obviously, you're going to have more tax, but to think that it will be a good idea and
|
||||
allow Android applications knowing that Android is just at this point, Android is malware.
|
||||
You know, it's so bad over an Android market and look, sorry, not sorry, Android users
|
||||
out there.
|
||||
If you're using like FDroid or something like that, okay, kudos, I got you, right?
|
||||
There's a sale official S for those of you that can run it from understanding it didn't
|
||||
run well here in the US, like no carrier, whatever, or let you get out on network with it or
|
||||
whatever.
|
||||
I could be mistaken, but that's just what I remember from the last time I heard something
|
||||
about it.
|
||||
One way or another, if you just run like stock Android from whatever vendor, LG, Samsung,
|
||||
whatever, you got to know you're dealing with a ton of malware that you, you wrap that
|
||||
malware.
|
||||
It's like a malware burrito, you know what I mean?
|
||||
You got malware flatbread called Windows and you, you sprinkle in a whole bunch of malware
|
||||
from Google.
|
||||
It's terrible.
|
||||
I'm going to give you a little bit of a spoiler alert here.
|
||||
You should have just used Jitsy, all right.
|
||||
Anywho, the attacker is basically using fake meetings, luring people in for these rats.
|
||||
And by rat, I mean remote access trojan, and you know what?
|
||||
Not even just Jitsy.
|
||||
I mean, has anybody heard in next cloud recently?
|
||||
I mean, you know what I mean?
|
||||
There's so many better ways to do this and a lot of these meetings, I'm pretty sure could
|
||||
have just been an email, right?
|
||||
Am I right?
|
||||
Well, you can get fished like a responsible adult.
|
||||
I love the marketing in this article.
|
||||
They have a nice little slogan here, click to compromise.
|
||||
That's a good one.
|
||||
If only Windows had a repository of software where you could go in the terminal and use your
|
||||
package manager to pull down software that has been reviewed by, you know, knowing Windows
|
||||
it'll probably most likely just be Microsoft employees.
|
||||
But you know, if if they were going to do things in an open manner, you can get more eyes
|
||||
on not just the software itself, but the code, but we're not going to go there.
|
||||
Oh, wait, I forgot Microsoft heart slantics, that's right.
|
||||
I forgot about that.
|
||||
I mean, they did open source to calculator, right?
|
||||
Now, what we do, we do have that fantastic new calculator, just what we always wanted.
|
||||
I include this article so that the next time you get invited to a terrible meeting at work,
|
||||
share this article with your boss.
|
||||
Let him know, look, I can't go to each of these meetings because it's too dangerous.
|
||||
It's too dangerous.
|
||||
I could, I could lose my credentials.
|
||||
I could get remote access Trojan, especially if you're forced to run Windows as well.
|
||||
Oh, goodness.
|
||||
And if you're still using Android, good heavens.
|
||||
Shut that thing down and get you some F droid.
|
||||
Or you can do like the rest of us who, you know, those of us that wear our top hats and
|
||||
monocles walk with a cane, we are in our, in our, in our tuxedos, we carry iPhones.
|
||||
Yeah, we have, we have the blue bubble of sophistication, never mind that it's almost impossible
|
||||
for us to do anything with the device and we own nothing, not even the device itself.
|
||||
Never mind any of that.
|
||||
We got the blue bubbles.
|
||||
Okay.
|
||||
Alrighty, ladies and gentlemen, that's all I got time for today.
|
||||
I hope you guys enjoyed another episode of the Oh no news.
|
||||
If you have any questions about any of the pearl clutching panic, written nonsense,
|
||||
we've broadcast here today on Hacker Public Radio, please contact DNT.
|
||||
You're welcome to leave a comment, a show would be much appreciated.
|
||||
And for those of you that are new to Hacker Public Radio, you can start by just introducing
|
||||
yourself, letting us know who you are and what sort of hobbies you enjoy.
|
||||
If you're worried about rather not, we'd be interested in it.
|
||||
I mean, just look at what I'm doing clearly, it can't be too hard if I'm able to do it,
|
||||
right?
|
||||
And don't worry about if people like it or not, I've been doing this for a little while
|
||||
now and I have not had one single complaint at all, never wink, wink.
|
||||
So don't be shy.
|
||||
Come on out here, give us a show and I'll catch you guys in the next episode of Hacker Public
|
||||
Radio.
|
||||
Bye-bye!
|
||||
You have been listening to Hacker Public Radio at Hacker Public Radio.org.
|
||||
Today's show was contributed by a HBR listener like yourself.
|
||||
If you ever thought of recording a podcast, then click on our contribute link to find out
|
||||
how easy it really is.
|
||||
Posting for HBR has been kindly provided by an onsthost.com, the internet archive and
|
||||
our sings.net.
|
||||
On this advice status, today's show is released on our Creative Commons, Attribution 4.0
|
||||
International License.
|
||||
Reference in New Issue
Block a user