Day: July 14, 2025

(NewsNation) — Jeffrey Epstein’s former attorney told “CUOMO” there is no such thing as an Epstein “client list.”

Alan Dershowitz, who previously said he knows the names of clients in the Epstein files, also doesn’t believe the government is hiding information about the investigation.

“There is no client list and never has been a client list,” Dershowitz told NewsNation. “A client list suggests that Jeffrey Epstein made a list of people to whom he trafficked women. What there is is a redacted FBI affidavit from accusers.

“There are several of them from accusers that accuse Jeffrey, that accuse various people of having improper sex, and that has been redacted. The names of the people accused have been blacked out.”

Dershowitz helped secure a plea deal for Epstein in his 2008 sex crimes case.

As for the names in redacted files, Dershowitz says they are not world leaders like many believers of the conspiracies think.

“Because I was the lawyer and I did all the investigations, I know who all these people are. I could figure out, based on everything that I saw, who Mr. X is, Mr. Y is and Mr. Z,” he said.

“I can tell you right now, none of them are public figures who are currently in office. Some of them were previously in office. Some of them are dead, but there is no client list.”

Dershowitz said the redactions could be removed through the courts and insisted it is not the Trump administration suppressing information but two Manhattan judges who are trying to protect accusers.

“The judges have issued orders – which is why I can’t disclose things I’d love to disclose – saying that you can’t disclose this information,” he said.

“But Pam Bondi and the Justice Department and Donald Trump are not responsible for that. I don’t know of any information that they could disclose that they haven’t disclosed. Maybe there is some but I’m simply not aware of it.

“I think it’s important to place the blame where the blame deserves to be placed.”

He went on to say if all the redacted files were released, “you would be shocked how few names are there that haven’t already been disclosed.”

Dershowitz also rebuked theories of Epstein having videotapes of prominent people in illegal or compromising sexual interactions.

“There is a videotape, maybe several videotapes. … Epstein was robbed by one of his employees of money and of a licensed gun, and he called the Palm Beach police, and they installed video cameras, not in the bedrooms, but in the living room,” he said.

“And those video cameras recorded some people, but there’s no sexual allegations there, so there’s nothing to that.”

He also addressed Tucker Carlson’s claim that Epstein was a Mossad intelligence agent, calling it “absurd.”

“I asked him about everything, including whether he had any contacts with intelligence agencies,” Dershowitz said.

“If he had, he would have been dying to tell me that, because I could have used that to get him a better deal. If he had worked with the Mossad or the CIA, that would have been golden for me. … I can tell you with absolute certainty he had no connections to Mossad.”

As for the notion that Epstein was murdered and did not kill himself, Dershowitz rejected that theory but said he believes it was an assisted suicide.

“It was not a suicide that he could have committed alone. I think the jailers had something to do with his cellmate being dismissed, with the cameras being turned off,” he said.

“So there are things that can be hidden, but there’s no smoking gun here, and there’s no fault on the part of this administration, as far as I can tell.”

A 20-year-old flaw in End-of-Train and Head-of-Train systems could let hackers trigger emergency braking, finally getting proper attention.

US CISA has warned about a critical flaw, tracked as CVE-2025-1727, in the radio-based linking protocol between End-of-Train (EoT) and Head-of-Train (HoT) systems.

An End-of-Train (EoT) device, also known as a Flashing Rear End Device (FRED), is a wireless system attached to the last car of a freight train. An EoT device monitors and transmits key data to the locomotive, enables remote emergency braking, and marks the train’s rear with a flashing light.

These systems, used in freight trains to relay data and apply the rear brakes, lack encryption and authentication. Attackers could exploit this vulnerability by sending crafted radio packets via software-defined radios, potentially issuing unauthorized brake commands and compromising train safety.

“Successful exploitation of this vulnerability could allow an attacker to send their own brake control commands to the end-of-train device, causing a sudden stoppage of the train which may lead to a disruption of operations, or induce brake failure.” reads the CISA’s advisory.

CISA labeled the flaw as a WEAK AUTHENTICATION CWE-1390. The EoT/HoT remote RF linking protocol uses a BCH checksum, allowing attackers with a software-defined radio to forge packets and send brake commands, risking disruption or brake system overload.

T”he protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation.” states CISA. “It is possible to create these EoT and HoT packets with a software defined radio and issue brake control commands to the EoT device, disrupting operations or potentially overwhelming the brake systems.”

The researchers Neil Smith and Eric Reuter reported the vulnerability, which has yet to be patched.

“Turns out you can just hack any train in the USA and take control over the brakes. This is CVE-2025-1727 and it took me 12 years to get this published. This vulnerability is still not patched.” Neil Smith wrote on X.

Smith explained that in the 1980s, the caboose was replaced by the End-of-Train (EoT) device or FRED, which wirelessly communicates train telemetry and can receive brake commands. The RF protocol it uses is outdated, relying only on a simple BCH checksum and no real security, under the assumption that FCC regulations would prevent misuse.

The researcher first reported the vulnerability in 2012 after detecting the signal with an RTL-SDR and recognizing the protocol’s structure. However, efforts to get the American Association of Railroads (AAR) and the Federal Railroad Administration (FRA) to act were stalled for years, with AAR refusing to acknowledge the issue unless proven in a real-world scenario.

Though another researcher, Eric Reuter, independently discovered the flaw in 2018, only in 2024 did the case gain traction again with renewed support from CISA. AAR still downplayed the threat, claiming the system was “end of life,” despite its continued use, including in passenger trains.

Eventually, under pressure, it was announced that the vulnerable protocol would be replaced with IEEE 802.16t by 2027. The risk remains severe: an attacker using a $500 radio setup could trigger train brake failures or derailments from a distance, posing national safety risks. The researcher warns against trying this, as it could seriously injure or kill people.

CISA’s advisory states there’s no evidence of active exploitation of the EoT/HoT vulnerability. The standards committee is seeking mitigations, and the AAR is working on replacing the outdated devices and protocols with new equipment.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, cisa)