Dark mode: ON

Infosec Decoded Season 5 #8: DeepSeek

With Doug Spindler and sambowne@infosec.exchange

Recorded Tue, Jan 28, 2025

AI

China's DeepSeek just dropped a free challenger to OpenAI's o1 – here's how to use it on your PC

Good background, how to run the model locally, and excellent tests on questions LLMs often get wrong. DeepSeek seems to be vastly cheaper than ChatGPT-o1 and has comparable performance.

Tech stocks tank as US AI dominance no longer a sure bet

It's a Sputnik moment: the USA is humiliated by the Chinese LLM, which seems to be vastly superior to our outrageously expensive models. Trump just announced that we're investing $500 billion in AI, and China just made a model as good as ours for just $6 million.

The Microsoft 365 Copilot launch was a total disaster

At the start of the New Year, with no warning, Microsoft gives its flagship productivity app a name change and a huge price increase. They said it was for CoPilot AI, but many users can't even use CoPilot yet.

Anthropic builds RAG directly into Claude models with new Citations API

Citations helps Claude models avoid hallucinations by linking their responses directly to source documents. The feature lets developers add documents to Claude's context window, enabling the model to automatically cite specific passages it uses to generate answers.

Politics

All federal agencies ordered to terminate remote work—ideally within 30 days

Some exceptions may be made. The timeline and real effects are not yet clear.

Energized neo-Nazis feel their moment has come as Trump changes everything

Nazis are celebrating the Trump administration, especially Elon Musk who's come out explicitly as a Nazi, with the Nazi salute, joking about Nazi figures, and open support of the AfD in Germany.

Elon Musk faces criticism for encouraging Germans to move beyond 'past guilt'

Fresh off a controversy over a gesture many saw as a Nazi salute, tech billionaire Elon Musk appeared virtually at a campaign event for a far-right German political party on Saturday, where he urged listeners not to be ashamed of their country's history.

Trump’s Gaza proposal rejected by allies and condemned as ethnic cleansing plan

US president has suggested Palestinians should leave Gaza for neighbouring countries to ‘just clean out’ whole strip. Trump discussed the territory as a real-estate prospect, praising its seaside location and weather.

‘Never seen anything like this’: Trump’s team halts NIH meetings and travel

In an unprecedented move, research-grant reviews have been suspended indefinitely at the world’s largest public funder of biomedical research.

'I had anti-government views so they treated me for schizophrenia'

Chinese protestors were given anti-psychotic drugs, and in some cases electroconvulsive therapy (ECT), without their consent.

Infosec

Ransomware gang uses SSH tunnels for stealthy VMware ESXi access

ESXi features a built-in SSH service that allows administrators to remotely manage the hypervisor via a shell. Attackers get in by exploiting known flaws or using compromised administrator credentials. VMware ESXi appliances have a critical role in virtualized environments, but they are largely unmonitored.

Clone2Leak attacks exploit Git flaws to steal credentials

A set of three distinct but related attacks, dubbed 'Clone2Leak,' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. The attacks involve injecting carriage returns or newlines, or tricking Git into sending authentication tokens to unintended hosts.

Stealthy 'Magic Packet' malware targets Juniper VPN gateways

A malicious campaign has been specifically targeting Juniper edge devices, many acting as VPN gateways, with malware dubbed J-magic that starts a reverse shell only if it detects a “magic packet” in the network traffic.

New Android Identity Check locks settings outside trusted locations

The new Identity Check feature is designed to enhance theft protections in Android by requiring biometric authentication to access critical account and device settings when outside trusted locations.