Paul's Security Weekly (Audio) Digging For Vulnerability Gold - PSW #909
Jan 15, 2026
Aaron Leland, recurring security contributor versed in hardware and supply-chain risks, joins the panel. They dig into KVM and remote-access hazards. Conversations cover supply-chain backdoors, e-scooter and e-bike safety, LLM privacy and HIPAA tradeoffs, and platform security failures like Instagram password resets.
AI Snips
Chapters
Transcript
Episode notes
Confidential LLM Sessions Reduce Exposure
- Confer uses confidential computing to hold session keys client-side and purge them after sessions end.
- That design reduces exposure of sensitive prompts compared with standard cloud-hosted LLM sessions.
Harden Add-On KVMs Immediately
- Treat cheap add-on KVMs like remote physical access and lock them down with strong authentication and network controls.
- Avoid exposing their management interfaces publicly and enable MFA, logging, and inventory scanning where possible.
5G KVMs Evade Local Inventory
- 5G-enabled KVMs can bypass network inventory and monitoring because they backhaul off-network.
- That makes discovery tools blind to devices and increases risk of unnoticed attacks.