Hello and welcome to the Friday, August 25th, 2003 edition of the Sandsenet Stormsenders Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

John Grant, one of the students in our sands.edu, a bachelor's program program did as part of his internship,

create a little password generator that simulates keyboard walk password patterns.

Keyboard walk password patterns are essentially when you are sort of hitting sequential

keys on a keyboard like QWERTY.

And well, John is part of this programming assignment, did use chat GPT for help.

And some interesting lessons learned here from using chat GPT.

No real big surprise, but well, you need good specifications.

So initially, the results retrieved from chat GPD to write a script like this wasn't really all that great,

but then with some added instructions informing chat GPD about the keyboard layout and such,

it actually ended up with a pretty good result.

As always in development, well, having good

clear specifications, of course, helps arriving at a good result. And password lists like this

are, of course, very useful in order to look for weak passwords. We do see a lot of these

password walk patterns. For example, in our SSAH logs,

as people are trying to prude-force passwords. And the FBI released one of its flash advisories

stating that if you are running one of the Burakuda ESG devices, double check if it doesn't

have a backdoor installed. There was this famous CBE 2023-2868 vulnerability that was patched earlier

this year, but it was exploited starting October last year.

The FBI states that this exploitation happened in significant numbers.

Many of these devices were set up with multiple back doors,

...