Avsnitt
-
Welcome to The Low Down, the best show on the internet for hackers
The Low Down is presented by Maze.
LinkedIn: https://www.linkedin.com/company/mazehq/
X: https://twitter.com/Maze_Security
Follow Us!
https://www.instagram.com/lowdown.pod
This week we're diving deep into one of the most viral cybersecurity controversies in recent memory: Microsoft's Global Device Identifier and what it means for privacy, tracking, and operational security.
Today we're talking about:
The Scattered Spider Arrest & Court Documents
Breaking down the arrest of a young Scattered Spider hacker and the court documents that revealed how law enforcement tracked them down. From diamond "Hack the Planet" necklaces to Discord flexing, we examine how poor OPSEC led to their capture.
Microsoft's GDID: The Controversy Explained
What is the Global Device Identifier, how does it work, and why did VX Underground's 1.2 million view tweet spark massive debate? We break down the forensic reality of this hardware identifier and whether it's truly undocumented or just misunderstood.
Hardware Identifiers Meet Web Activity Tracking
Exploring how Microsoft tied hacking activity to specific individuals through GDID, PUID (Passport Unique Identifier), and telemetry data. We discuss the marriage of hardware identifiers with web activity, gaming profiles, and Microsoft online accounts.
The Privacy Implications: How Deep Does It Go?
Is Microsoft collecting every website you visit, every program you execute, and every online account you access? We separate fact from fiction, examining what telemetry actually collects versus what law enforcement pieced together through multiple warrants.
VPNs, OPSEC & Marcus Hutchins' Warning
Marcus Hutchins weighs in with a stark warning: if your OS install has ever connected to the internet without a VPN, it's a matter of time. We discuss whether VPNs truly protect you when telemetry can see VPN software execution, keying material, and destination IPs.
The Forensic Reality Check
Cybersecurity professionals explain this is standard forensic technique, not some secret backdoor. We compare this to the moment normies discovered EDR capabilities and realized their IT departments can see everything on corporate devices.
Allison Nixon on Tracking The Comm
Threat intelligence expert Allison Nixon shares her perspective on tracking these threat actors, why "Scattered Spider" is a marketing term, and what The Comm really represents in the cybercrime ecosystem. -
Welcome to The Low Down, the best show on the internet for hackers
The Low Down is presented by Maze.
LinkedIn: https://www.linkedin.com/company/mazehq/
X: https://twitter.com/Maze_Security
Follow Us!
https://www.instagram.com/lowdown.pod
This week we're broadcasting live from the PlanetScale office at the AI Engineering Conference in San Francisco, diving deep into the most pressing issues in cybersecurity right now.
Today we're talking about:
The Fable Ban & AI Export Controls
Breaking down the unprecedented government intervention that pulled Fable from public access, the Free Fable movement, and what this means for AI security research going forward. We discuss the export control implications and why this sets a dangerous precedent.
Mythos, Project Glasswing & The Future of Exploit Development
Why Mythos and Fable aren't uniquely dangerous despite the government narrative, how AI is genuinely changing vulnerability research, and the philosophical questions around automated exploitation capabilities.
Open Weight Models & The China Question
Examining DeepSeek, Kimi, and other Chinese models that are rapidly catching up to frontier capabilities, plus Meta's internal restrictions on competitor model usage and what it reveals about the industry.
Beats by Dre Bluetooth RCE Vulnerability
A year-old vulnerability finally patched that gave attackers remote code execution on Bluetooth headphones, allowing microphone access, call initiation, and complete device control within proximity range.
Nightmare Eclipse & The Rogue Planet Exploit
The latest Windows Defender zero day from the controversial researcher, featuring a race condition that allows malware placement in System32. We discuss the painful disclosure saga, MSRC's reputation crisis, and what this means for bug bounty programs.
The Bug Bounty Crisis
Why researchers are revolting against major programs like MSRC and Apple, the broken social contract of responsible disclosure, and how AI is reshaping the economics of vulnerability research.
Karuna & Darksword: The $40 Million Exploit Kit
Discussing the leaked government contractor iOS exploits found on public websites and what it tells us about the crashing value of zero days in the AI era. -
Saknas det avsnitt?
-
Get more content and Ask Us Questions on Patreon: https://www.patreon.com/cw/TheLowDownPod
Welcome to The Low Down, the best show on the internet for hacker news, cyber news, and whatever else you want to talk about.
Today we’re talking about:
GitHub Supply Chain Attacks & The npm Worm Crisis
The Real Problem: Developer Culture & Package Management
AI Security Research: The Mythos Phenomenon
What Makes Mythos Different?
The Philosophical Questions
Career Implications