Hello and welcome to the Friday, February 27th, 2006 edition of the Sands and its Storm Center's Stormcast.

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

And this episode is brought you by the Sands.edu bachelor's degree program in Applied Cybersecurity.

Well, I'm talking about our bachelor's program. Today we have another guest diary by Austin Bodily.

Austin looked into one of our Inite Storm Center honeypots.

That's part also of the Inlet Storm Center internship that these students participate in.

And, well, he struggled with a very common challenge information security,

and that's too many alerts.

Now, you wouldn't really think so, but even for a simple honeypot connected to a random home IP address,

you still have this problem. And Austin now turned to, well, who else? ChatGPT to AI for help to try to

understand these alerts better and is here documenting some of the

challenges. One of the conclusions here that is something that people often like recognize at this

point is in order to really better understand alerts, you can't just rely on just looking at

inbound data and seeing basically what gets stuck in your firewall or

what inbound requests trigger certain IDS rules or in this case just know of honeypot hits.

But what's going back is sometimes as important, if not more important, to really figure out

what a particular attack is trying to accomplish.

And Joe Leon with Truffle Security has published an interesting blog post about some unintended consequences with Google API keys

once Google started offering Gemini, their AI system.

Joe works with travel security, and travel security, of course, is famous for the software they're

creating that helps you find stray and leaked API keys.

Now, the problem with the original Google API case was that Google didn't consider

...