Hello and welcome to the Wednesday, January 7th, 2026 edition of the Sands Internet Storm Centers.

Stormcast, my name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the Sands.edu master's degree program in information security engineering.

Yesterday, I briefly mentioned the tool tail snitch.

Just got across it yesterday and I thought it was interesting in particular since yesterday I talked sort of about KBMs and remote access that often uses tailscale VPNs.

Well, today I took a little bit time to closer look at tail snitch, and it's a pretty impressive

and useful tool. So the goal of tail snitch is to audit your tailscale configuration.

Tailscale itself, it's a pretty solid system as far as VPNs go,

but of course a lot of it also depends on how you configure it,

and tail snitch will point out some of the possible misconfigurations

that you're running into.

And yes, it does this very well.

It's very comprehensive the tool.

In my case, it found two systems that I had that had an old version of tail scale running.

So basically, but the auto update wasn't configured correctly fixed that.

And that's something nice to point out.

It also points out things like, for example, access tokens that you issued and set to not

expire.

In my case, I intentionally did it that way.

Overall, what I also find is that the severity levels it assigns I think are rather reasonable.

A lot of tools like this tend to sort of, you know, a little bit overhype kind of some of the

configuration issues that they're detecting.

...