Good Morning! In a major security revelation, watchTowr Labs found they could hijack abandoned AWS S3 buckets to launch supply chain attacks that would dwarf the SolarWinds incident. OpenAI's Deep Research just turned hours of online research into a 5-minute task, promising to analyze hundreds of sources faster than your morning coffee run. Meanwhile, Alpine Linux is urgently seeking new infrastructure partners after Equinix Metal's sunset announcement threatens their core services powering countless Docker containers worldwide.

— Forrest Knight & Meghanadh Vasireddy

S3 Bucket Takeovers: Making SolarWinds Look Like Child's Play

Remember the SolarWinds hack that had everyone freaking out? Well, watchTowr Labs just dropped a bombshell that makes that look like amateur hour. They've discovered a concerningly simple supply chain attack vector through abandoned AWS S3 buckets.

The team managed to re-register about 150 previously abandoned S3 buckets that were once owned by governments, Fortune 500s, and major tech companies. In just two months, these buckets received over 8 million requests for:

• Software updates and binaries

• Virtual machine images

• CloudFormation templates

• SSL VPN configurations

• JavaScript files

Here's where it gets scary. Many of these requests came from high-value targets like military networks, NASA, and financial institutions. The kicker? A lot of these systems were blindly pulling executables and updates without proper signature verification. watchTowr found buckets that had been abandoned since 2015 still receiving regular requests for critical software components.

Impact: AWS has now sinkholed these specific buckets to prevent abuse, but the broader issue remains. The researchers argue that AWS could solve this by simply preventing the reuse of bucket names – a simple fix for what could be a catastrophic supply chain vulnerability.

OpenAI's Deep Research: Your New AI Research Analyst

Context: OpenAI just dropped their latest AI agent, and this one's a game-changer for anyone drowning in research tasks. Powered by a specialized version of their o3 model, Deep Research aims to be your personal research analyst that can tackle complex queries independently.

The agent can dive into hundreds of online sources and synthesize information from:

• Texts, images, and PDFs

• Technical documentation

• Market analysis

• Scientific papers

• Complex datasets

• Web content

What sets this apart: Its advanced reasoning capabilities. It doesn't just aggregate information – it analyzes, interprets, and adapts its research strategy based on what it finds. Each report comes with citations and explains its reasoning process, making fact-checking straightforward. Tasks typically take 5-30 minutes to complete, depending on complexity.

Availability: Currently, it's exclusive to ChatGPT Pro subscribers ($200/month) with a 100-query monthly limit. The feature will eventually roll out to Plus and Team users, followed by Enterprise customers. OpenAI's also working on adding data visualization and embedded images to reports in the coming weeks.

Performance Note: While it scored an impressive 26.6% on Humanity's Last Exam (doubling previous scores), OpenAI admits it can still hallucinate facts, so human verification remains crucial.

Alpine Linux Seeks New Infrastructure After Equinix Metal Sunset

Alpine Linux, the lightweight security-focused distro we all know and love, is facing a critical infrastructure challenge. Equinix Metal (formerly Packet.net) is sunsetting their bare-metal hosting service, leaving Alpine's core infrastructure without a home.

The project currently relies on Equinix for several mission-critical services:

• T1 mirroring infrastructure (3 storage servers handling 800TB monthly traffic)

• CI runners for x86_64 and x86 architectures

• Development environment for contributors

• Each mirror needs 5TB storage, CI runners need 16GB+ RAM

Here's where it gets interesting: Alpine isn't just looking for any hosting solution. They need bare-metal servers or high-performance VMs, preferably near the Netherlands for maintenance purposes. The infrastructure needs to handle significant bandwidth and compute power for building packages like Chromium.

Call to Action: If you or your organization can help with colocation space, bare-metal servers, or even suitable VMs, reach out to [email protected]. Can't provide hardware? Alpine now accepts financial contributions through Open Collective to help fund their infrastructure needs.

The Ask: Help keep one of the most reliable, secure, and efficient Linux distros running strong. Whether you're using Alpine in your Docker containers or as your main OS, now's the time to give back.

🔥 More Notes

• Apply for the Swift Student Challenge now through February 23

• New macOS malware disguises itself as Chrome & Zoom installers

• Code.org and Amazon launch new curriculum to teach AI skills to kids in grades 8-12

📹 Youtube Spotlight

Was this forwarded to you? Sign Up Here