Initial commit: HPR Knowledge Base MCP Server

- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

hpr_transcripts/hpr4406.txt

@@ -0,0 +1,85 @@
+Episode: 4406
+Title: HPR4406: SVG Files: Cyber Threat Hidden in Images
+Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr4406/hpr4406.mp3
+Transcribed: 2025-10-26 00:19:31
+
+---
+
+This is Hacker Public Radio Episode 4406 for Monday the 23rd of June 2025.
+Today's show is entitled, SVG Files, Cyber Threat Hidden in Images.
+It is hosted by Komok and is about 8 minutes long.
+It carries a clean flag.
+The summary is, out of nowhere, my Firefox browser on my Mac many started automatically
+adding every page I visited.
+Hi everyone, welcome to Hacker Public Radio with me Cosmos.
+The show where I show share my experiences from cyber security, Raspberry Pi projects and
+Hammer Radio.
+Today's episode was inspired by a creepy incident that happened to me recently.
+Just a few days ago, out of nowhere, my Firefox browser on my Mac many started automatically
+adding every page I visited to my bookmarks.
+At first I thought it was a bug after a recent update, maybe a misconfigured settings
+or similar.
+But when I searched for a fix, Google suggested something alarming, scan for malware.
+And guess what?
+The source of my troubles turned out to be for SVG Files, hidden malicious code.
+That's right, those innocent looking vector graphic files that are used every day for
+logos, icons in a web design, they can secretly carry a malware.
+In my case, those were the files, logos of Rebietable, delivery companies like Deliver
+and Just Eat, which I have downloaded while I was updating a website for my client.
+And today I would like to break down how SVG Files can be weaponized by their self-effective
+and how to protect yourself.
+So let's dive in.
+As first, for those listeners who don't know what are the SVG files, SVG stands for
+scalable vector graphics.
+It's image format that use XML-based text to define shapes, colors, animations and similar
+behavior.
+And unlike the JPEGs or PNGs SVG aren't just pixel-based, they are code-driven, which makes
+them flexible for web design, but also it makes them good for potential security risk.
+So they can contain even the JavaScript, they can be interactive, the item or graphic
+can change the colors and so on and so on.
+So many email filters and antivirus programs don't scan SVGs as truly as executables.
+They're really common, logos and icons, so they don't trace immediate suspicions.
+As number two HUD SVG delivers the malware, it can take a few ways from putting some
+malicious JavaScript.
+It can link to some external server where once when you download and start a code it will
+get it from somewhere else and it can be like putting the attachment.
+So the point is you get that file in a certain moment when you did something like load
+the document, it will start to execute its contact or its payload.
+So the best way to protect yourself is not to open which is much easier to say than
+to be done.
+So any items that you're downloading from Internet when it's containing images in this SVG
+file or some similar like PNG, you should scan it separately in some sort of sandbox.
+If you're using a simple viewer to see the documents or images you should turn off any
+execution of JavaScript for any graphic format, not just the SVG.
+More popular and people are more knowledgeable about similar kind of threats they're coming
+from various document files like Office, Doc or XLSX formats that are using Word and Excel
+programs.
+They have a macro command available, then pretty much similar situation with the PDFs where
+PDFs have embedded in itself various JavaScript or certain elements that are building the documents
+and itself just like font that is embedded so it will look the way it is but behind that
+look it is going to be something potentially dangerous.
+Sometimes you don't need even a big software package or even the programs to detect that
+something is wrong with the file.
+This should be suspicious to me when I was downloading.
+When I have downloaded already and then I should notice that one of the files that was
+about a few hundred pixels and just color on the background contain a few megabytes
+of the space that should be just a few hundred kilobytes.
+There are similar kinds of documents that can be also used like PNGs, JPEGs, whatever,
+whatever.
+And they do the same, even you open the image, it looks on the screen the way it should look
+but what your program for or picture view what doesn't show is the code that is somewhere
+behind in some layer, in some metadata hidden or any other way how the hacker intended
+to hide it and to deploy its program and make some harm or damage to the end user.
+I would like to take this opportunity for everyone to share their experience if they have
+encountered similar issues with SVG or any other format or file that they deployed and
+help our community and our friends and families to protect themselves.
+Share your stories in the comments, you put it on your social, on web or on the HPR
+Telegram channel, stable, vigilant and hope you will also contribute to HPR radio.
+Best regards everyone.
+You have been listening to Hacker Public Radio at Hacker Public Radio does work.
+Today's show was contributed by a HPR listener like yourself if you ever thought of recording
+a podcast and click on our contribute link to find out how easy it really is.
+Hosting for HPR has been kindly provided by an honesthost.com, the Internet Archive
+and our syncs.net.
+On the Sadois status, today's show is released on our Creative Commons, Attribution 4.0 International
+License.