Fast Feed

This Week in Security: CIA Star Wars, Git* Prompt Injection and More

1 min read

Summary

  • Ciro Santilli has been looking at the CIA’s covert communication sites from 2010, and making the list of 472 domains public.
  • The sites used a password into a search field to access a Java Applet or Flash application, for intelligence agents to report back to the CIA.
  • Some of the best sources for finding the domains were domain name data sets.
  • Simple checks included IPs hosting only one domain, or the word ‘news’ in the domain name.
  • Citizen Lab found 885 of the sites in 2022, but declined to publish its findings.
  • Researchers at Netscout have been looking at TCP SYN packets, and found that very few systems send TCP SYN packets with a header of 20, and that 29,200 is a suspicious TCP window size, seen in a large percentage of packets.
  • GitHub has developed the MCP (Master Control Program Model Context Protocol) server, but Invariant Labs has shown that without granular controls, it can be used for malicious purposes.
  • GitLab also has an AI integration which has potential vulnerabilities.
  • Thomas Stacey of Assured has written on HTTP smuggling/tunnelling attacks.

By Jonathan Bennett

Original Article