Welcome to The Lock Podcast, exploring technology and information security topics. This is the second alpha (α) episode of The Lock Podcast, or 🔒 ("The Lock"), where I choose a few issues and events that seem like they may interest you, the listener, with follow-up links at "lock podcast dot com" in case you want to know more. I do sincerely hope you all enjoy the show.
Episode α2 includes:
        - Industrial control systems attacks,
        - Residential Botnets with Zyxel,
        - last week's major vulnerabilities,
        - Recent and Upcoming Hacker Conferences,
        - Built with building a resilient website with Zola, OpenBSD.Amsterdam, Bunny.Net, CloudNS, and Let's Encrypt.

I'm M.J., and here is the news.

Top tech news has the Nintendo video game Zelda: Tears of the Kingdom continuing to amuse fans with a new patch, correcting a duplication bug. At the same time, the Japanese moon lander Hakuto (Japanese for White Rabbit) appears to have taken an unfortunate three-mile drop at 100 meters per second into the moon due to a software glitch failing to account for the new landing site, according to Hakamada officials. Lastly, after settling animal welfare violations in its work, Elon Musk's firm Nuralink has obtained FDA approval for brain implants.

In industrial news, the threat agent Volt Typhoon targets critical United States infrastructure using standard living-off-the-land techniques. At the same time, CISA added another industrial control system vulnerability to its catalog of known exploits.

This week's Top Information Security news, Cisco Talos, reports the increased use of the Intellexa Predator malware based on the research from Google's Threat Analysis Group (TAG) article Protecting Android users from 0-Day Attacks in May of 2022. Additionally, the Mirai botnet has also been upgraded to include multiple Zyxel remote buffer overflow vulnerabilities. CVEs 2033-33009 and 33010 were issued according to the Zyxel advisory.

Last week was Security B-Sides Budapest, Roanoke, Dublin, ExploitCon Boise, and Security Fest in Gothenburg. This coming week is x33fcon, Headwear.io USA, BSidesBuffano, and CONFidence. Links to more conferences are available at lockpodcast dot com slash events.

Finally, over the years, I've iterated through several hosting styles. A lot of VPS', some racked servers in data centers, and too many rented servers to count. All to get the uptime and latency that others were eventually selling at a far lower price than I could manage without taking on customers to break even with the advantage of "doing it myself," and I did participate in a couple cooperatives that aimed to do just that. The reality is that what used to be measured in servers or packages is now measured in services or providers. The DNS for this site lives on CloudNS, which chooses either Bunny.net or OpenBSD.Amsterdam to send traffic to, and those each serve up static HTML generated with the Rust tool Zola which behaves almost exactly like Hugo from the GoLang space. Once generated with Zola, the HTML and associated files are uploaded to the CDN Bunny.Net and a well-placed host at OpenBSD.Amsterdam to serve up files synced with rclone. To top things off, both Bunny.Net's Edge Rules and RelayD's Response Headers allow for setting Response Headers that are fun to get graded at Security Headers.com, as often it is a trial-and-error to get them right. Testing what has been built as it is being constructed is essential. I'll use services like Pingdom, WebPageTest, and PageSpeed.dev and do some of the ol' load testings before making them public.

Links to more information about all of the mentioned topics are available at lockpodcast.com