344: MOTHER OF ALL BREACHES: 26 Billion Records?!

Episode 344 January 25, 2024 01:18:17
344: MOTHER OF ALL BREACHES: 26 Billion Records?!
Technado
344: MOTHER OF ALL BREACHES: 26 Billion Records?!

Jan 25 2024 | 01:18:17

/

Show Notes

Today on Technado, Don, Dan and Sophie are joined by a lizard (yes, really) to bring you the latest in tech news. Google is cracking down on 2FA requirements - even revoking support for certain third-party apps. In Microsoft news, the company is setting a 16-gig default for RAM for so-called "AI PCs." Finally, for fans of Linux, Ubuntu is working on installer support for NVMe-over-TCP.

 

After a quick break (and a hunt for a lizard), the team jumps into this week's security news: first up, a German court convicted a "hacker" for...warning the public about a security vulnerability. Then, Microsoft's network got pwned through a password-spraying attack. And to wrap up the show, the Technado crew breaks down "the mother of all breaches": is it as scary as it sounds?

 

View Full Transcript

Episode Transcript

[00:00:00] Speaker A: You're listening to Technato. Welcome, and thanks for joining us for another episode of Technato. I am one of your hosts, Sophie Goodwin. And before we jump in, I want to take a moment to thank the sponsor of Technato aci learning, the people behind it pro. As a reminder, you can use that code, Technato 30, for a discount on your it pro membership. Once again, I'm Sophie, and as you probably know if you've been here before, I'm not alone. I have the master of ceremonies here next to me, Don. How are you today? [00:00:31] Speaker B: I am doing great. We got a cool week set up for us. I had a hard time paring down our security articles because literally everyone got hacked last week. That's pretty much the status of that, but we got a good show. [00:00:44] Speaker A: Everyone but us got hacked last week. Put that disclaimer. Well, I don't want to speak for everybody, Daniel, you didn't get hacked last week, did you? [00:00:50] Speaker C: Yeah, I got totally hacked. Hacked three, four different ways, easily, I'm sure. I don't know. [00:00:57] Speaker A: And you take pride in that, and we love you for that. [00:00:59] Speaker C: Hey, those fishing links are just too darn tantalizing. [00:01:03] Speaker B: You got to know what's on the other end of that link. [00:01:05] Speaker C: It could be awesome. [00:01:07] Speaker A: Is that why they call it fishing? Because it's like dangling a worm on a hook? [00:01:10] Speaker C: There you go. [00:01:11] Speaker A: I cannot believe the penny just dropped for me on that one. [00:01:13] Speaker C: Are you for real in this? [00:01:15] Speaker B: I thought she was joking. [00:01:18] Speaker C: Because if that's not the case, then we have done a poor, poor job at teaching you here, my girl. [00:01:24] Speaker A: Oh, no. I will say. What was it? I think fishing took a little bit for me to understand because I thought it was like, video chat fishing, and then I realized it was supposed to be, like Voip or voice fishing or whatever, so then it made sense, but no. Yeah. [00:01:36] Speaker C: Highly effective technique. By the. [00:01:38] Speaker A: Yeah, yeah. You don't say. [00:01:39] Speaker C: Right. You can talk a lot of people into doing a lot of dumb stuff. I used to follow this hacker. I guess Jason street is his name, and that's basically his job. He's like, I hooked up with another social engineer guy, and we were going to go after this bank because they got hired by banks and stuff to test their security. They basically just walk in and start plugging in rubber duckies everywhere. Yeah, it's fun. And the guy was like, yeah, let's get these uniforms, and we'll pose as this. He's like, why can't we just go in and be charming? He goes, I get a lot of rubber duckies installed that way. Let's just do that. I was like, yeah, he's got a point. [00:02:18] Speaker B: Yeah. You got to save on the uniform, Bill. [00:02:20] Speaker C: Yeah. I mean, don, we've worked in different various support roles in our careers. I can talk a lot of people into doing a bunch of dumb stuff, and they just go, yeah, because you sound like you speak with confidence and with authority, and they just know. [00:02:37] Speaker B: I've noticed this. I think it's a paradox. I don't want to be like Lannis Morsette and use irony wrong, but I think this is a paradox where if there's a building that has secured entry, right? So, like, key card entry, you would think that would make the building more secure. But if you can get past the key carded door and get in the building, everybody just assumes you're supposed to be there. Like, well, you got past the door supposed to be here. So you practically have free roam of a building at that point. [00:03:04] Speaker C: Yeah. [00:03:04] Speaker A: Wow. Okay, well, I'll take notes, and if I ever install a key card reader on my front door at home, then I will keep that in mind. [00:03:10] Speaker C: Plus, nobody wants to confront anyone. [00:03:13] Speaker B: I revel in it. [00:03:15] Speaker C: I remember one of my first jobs as, like, a youth, right? Was I worked at a drugstore, and I was working the cashier, and this lady come up, and she was like, I want my money back on this item. I was like, cool, where's your receipt? I don't have one. I go, well, you got to have a receipt. That's how this works. She's like, no, I don't. I go, yeah, you kind of do. And she was getting upset. I'm like, I'm not returning anything without a receipt. Your manager let me do it last time. I'm like, you better get her, because this guy ain't doing it. And, of course, manager comes over, and she immediately just returned. I'm like, are you kidding me? You just hung me out to drive. Principal of the thing, right? [00:03:53] Speaker A: Come on. [00:03:53] Speaker C: And then the next day, we got message from corporate saying, there's people in your area running around stealing without receipts. They steal from one area, and then they take it to another one, and they do a return and get the money. [00:04:09] Speaker B: And that's a thing that still happens today. [00:04:11] Speaker C: Absolutely. [00:04:12] Speaker A: I feel like we should add a new segment that's just stories from all the jobs that Daniel's had, because I've had a lot. Yeah, it's always fun, from transporting the rocket ships to, I mean, just everything that you've done. So maybe we'll look at instituting a new segment for that soon. But for now, we've got some tech news to jump into. [00:04:28] Speaker B: So before we get too far, I just noticed we have a fourth visitor on our podcast. And normally I wouldn't mention this, but it's going to distract you guys the whole show. So I feel like I need to. We have a lizard on our window right there. And not like outside the studio. He's right there in the studio. [00:04:44] Speaker C: You want me to get him to capture him and bring him to the table? [00:04:47] Speaker B: Why don't we? Waiting to see what his feedback will be on our first article and we'll go from there. [00:04:52] Speaker A: Maybe we'll grab him during the break. [00:04:54] Speaker C: Cold outside. [00:04:56] Speaker A: Now that you pointed out, that's all I'm going to be able to see. [00:04:58] Speaker B: Exactly. [00:04:59] Speaker A: You might have done the opposite. [00:05:00] Speaker C: She's just staring at. So here, Microsoft. [00:05:04] Speaker A: It's just his little feet that you can see on the side, but good eye. I would not have noticed that. Well, this first piece of news that we've got here is in the cloud space and we're actually pulling this right from the Google blog. It is a Google workspace update that says beginning September 30, 2024, 3rd party apps that use only a password to access Google accounts and Google sync will no longer be supported. So what does this mean? Like third party apps where you can use your Google username and password to sign into stuff? [00:05:30] Speaker C: Sure. [00:05:31] Speaker B: So it's actually anything, anything that uses Google authentication. What they're doing is they're saying, look, we are going all in on OAuth and we want people to be able to use multi factor authentication. OAuth is a big part of that. With Google, we need that support. And so anywhere that you have a system that is able to access a Google process, just using username and password, that's going to get cut off. And there's going to be two phases of this. It's going to start in June for some things, and then it'll fully roll out in September. Now, when I first glanced at this, I didn't think much about it, right? Because I was like, hey, we almost all have multifactor authentication at this point. The mobile apps have all been updated. It's not an issue, right. So I kind of put it behind me. And then it was the next day that I was just thinking about some other stuff and I was like, wait a minute. I know something where this will have a big impact. And that's for people that use IMAP and pop access to their Gmail accounts. [00:06:30] Speaker C: Because there's no two fa for that stuff. [00:06:31] Speaker B: Right. And there are a lot of people that use application specific passwords or other types of authentication to access those. And maybe you use a secure mail system like proton. Proton mail, right. And some of those systems support logging into your Gmail account and bringing the email in and they do that with just a username and password combination. Other systems, we might just have forwarders set up to do that or whatever, but there are plenty of third party email clients like canine mail on Android and those where they default to just username and password, that's going to stop working. And so most of it is a non issue for people. But specifically, pop three and IMAP four access to Gmail boxes, that's going to really be the area where you see impact on this. So if you don't use those, you don't care about this, it's not a big deal. But if you do use those, you've got about six months to come up with a backup plan. [00:07:28] Speaker C: Well, the question then becomes are those providers going to go, hey, you're right, we haven't been doing two fa because whatever, it's not been a thing, but now it's a thing. You think that they are going to start implementing design changes so that two Fa is now a factor in their product? [00:07:47] Speaker B: I would hope so, but I don't think it's going to happen. Right. And you have to think about pop three and IMAP four. Right. Those protocols are really old and they have not changed in 30 years. Right. You hear pop three. All right. So there was pop one and pop two. So sure, back in the 1980s they progressed, but once we got into the mid 1990s, once pop three, I forget when pop three released, but I believe it was early 90s. That's it. That's frozen in time. It has not changed in 30 years. IMaP four is the same way. [00:08:20] Speaker C: You think they'll just bolt on to Fa some way instead of changing the protocol per se but just adding some sort of functionality to the side. [00:08:27] Speaker B: They sort of did that by rolling in TLS. Okay, right. So you have pop three over tls or over SSL, but the security is not a part of the protocol. So you've got to establish a tunnel first and then you can transmit over it. Well, TLS doesn't do authentication unless you have full certificates. That's not going to happen. And so most people just treat it like a normal web connection. TLS opens up temporary and then IMAP or pop three rolls over it. But if you want to stick authentication on it. Now you're talking about changing the protocol and these are legacy protocols. And so on one hand I could look at it and say, well, you know what? Screw it. That's it. This is the death knell for pop three and IMAP four. But there's no good replacement for this, right? Gmail is proprietary as all hell. You go into their web page or use their app and you have no idea what language is talking in the background. Microsoft Outlook and Microsoft Exchange or Office 365. They use their own. I forget what their protocol is called. Shoot. The messaging protocol. Darn it. It's got a name. I'll remember it later. It's not pop three and IMAP four. But do we want to go into a world where this is all proprietary stuff for mail clients? Like email is still important. So I feel like, yeah, it's time for a pop four or an IMAP five, but I just don't know that anybody's willing to put in that work. [00:09:48] Speaker C: This seems like a very elaborate way to reduce the amount of spam that you get. [00:09:55] Speaker B: I do get a surprising amount of spam from Gmail accounts. [00:09:58] Speaker C: What I mean is you can't log in and see it. [00:10:02] Speaker B: Cut off. Access. [00:10:06] Speaker C: Is a mailbox that exists, but you can't access any different than no box at all. [00:10:11] Speaker B: It's like all these people fighting the inbox zero, and all you have to do is create a rule that sends your email to the josh and it's easy. Yeah, anybody can do inbox zero. [00:10:20] Speaker A: It wasn't SMTP that you were thinking of was. [00:10:22] Speaker C: No, no. [00:10:23] Speaker B: And SMTP is not going anywhere anytime soon. That one, because that's how email moves from server to server. [00:10:29] Speaker A: Right. [00:10:30] Speaker B: Super important. But it doesn't have oauth built into it either. It relies on other things. [00:10:35] Speaker C: So do you think that Google will just kind of like go, well, yeah, for the most part we're going to do this, but there are some caveats. We've got to make some exceptions, some enclaves for us to be able to allow certain services to continue to work until we figure out something different. [00:10:50] Speaker B: Yeah, they've backed off of a number of things over the years where they said, like, we're going to implement this. The cookie thing last year where they were like, we're going to kill off third party cookies. They did delay it. They delayed it for over a year, but now they're moving forward with it again. So if they don't do this this summer like they're saying, they'll end up doing it eventually. [00:11:09] Speaker C: Nothing like Google coming down ham fisted and saying, this is how it's going to. [00:11:13] Speaker B: I mean, you know, as a technology culture, we do need to recognize some of these protocols are wildly outdated and either need to be updated or eliminated. [00:11:25] Speaker C: If it ain't broke, Don. [00:11:26] Speaker B: All right. You could make that argument. [00:11:30] Speaker C: Yeah. How's that working out? [00:11:33] Speaker A: Well, it says they previously announced this changed five years ago in 2019. So I guess it's just now they're implementing it and it's coming to fruitions. So, yeah, I guess if this is something that you said, it's only certain users that are going to be impacted if they use those certain services. So I don't know that this will affect me because I don't know that I've ever used pop three or IMAP for to access anything in my life ever. But maybe I should not start if it's not very secure anymore. [00:11:57] Speaker B: Yeah, well, where you're at risk is maybe you are using it somewhere and don't know. You know, sometimes these services use it on the back end, and a lot. [00:12:05] Speaker C: Of your phone clients and things like that will. Oh, that's how you connect is you do like, an IMap connection to get your email if you don't have the gmail client installed. [00:12:14] Speaker A: So how would I. [00:12:15] Speaker C: Something else. [00:12:15] Speaker A: How would I know if I am using a service that does that? [00:12:18] Speaker C: Is there any way to know from setting it up? Like, you would have recognized that. [00:12:22] Speaker A: Okay. [00:12:22] Speaker B: Yeah. You look at your account settings and how they're defined, because a lot of times on an iPhone, if you go and add your office 365 account, it'll say, like, you're connecting to an exchange server even though it's office 365. And that's using the exchange protocol that I cannot remember the name of. Is it Mappy? [00:12:41] Speaker A: Mappy. [00:12:42] Speaker B: It's something imappy. It uses a different protocol. Ima, Pippi, if you choose AOL, right, let's say you've got an old AOL address. There's lots of those people out there. It will automatically populate those server names for you. So you don't see that. You don't know that it's connecting with IMAP or pop three. But then if you go back into the server settings, afterwards, you can see where they're identified as that. [00:13:06] Speaker A: Interesting. Okay. [00:13:07] Speaker B: And my concern, it is Mappy. All right, look, I did remember. So the concern here, though, is once Google starts this ball rolling, will we see other companies doing the same? And so like I mentioned, AOL, I think most of us know at least one person who is retirement age, who's had an AOL account forever, and they're not going to change it. They're going to have that AOL account until they die. Those are the people that are going to really be impacted by this as other companies start eliminating these protocols too. [00:13:36] Speaker C: Now my brain's going, I'm like, okay, how could we keep it around, but almost have, like, what if we did something like a jump system to where. I guess that's kind of what you were talking about, where you have like a secure tunnel through TLS, like a VPN. Yeah. To where now I'm entering into a secure area where using those old protocols are fine. And I had to two fa into that. But you have to build that, right? [00:14:00] Speaker A: Yeah. Well, that's interesting. I'd be curious to know if any of you all have any opinions on that or if this is something that's going to affect you directly, if you're concerned about it at all. So if you are watching from YouTube, feel free to leave a comment and let us know. But we'll jump into this next article here. This is more on the Microsoft side of things. This comes to us from Tom's hardware. It says Microsoft sets 16 gigabyte default for ram. For aipcs, machines will also need 40 tops of AI compute. This might be an obvious question for somebody that's more familiar with this stuff. What is tops? [00:14:29] Speaker B: Trillions of operations per second. [00:14:32] Speaker A: Jeez. [00:14:33] Speaker B: So when they say 40 tops, that means the cpu used in that system needs to be able to do 40 trillion operations per second. Not necessarily the cpu, but whatever the AI chip is, which could be the GPU. [00:14:45] Speaker C: I didn't know they were going to call the next version of Windows AIpcs. Yeah, because it is getting a little ridiculous how much ram you need. [00:14:54] Speaker B: It is. So this morning I got my AI car and I drove to work on the AI highway, and companies are literally sticking the word AI on everything. What's going on here, I think is interesting on a few points, and if you're new to computers, you might not have noticed this, but in the last ten years, laptop and desktop hardware has not really advanced significantly at all. Right? It used to be in the old. [00:15:22] Speaker C: Days. [00:15:25] Speaker B: If you had four megs of ram, you were just dying to get to eight megs. And when you had one gig of ram, you wanted to get to four gigs. And it was always, I need more, I need more. And you were constantly running out. You're having to capitulate various places to try and just get to maximum performance. But about ten years ago, eight gigs kind of standardized as the amount of ram that people need. If you go to best buy or any of the various computer stores, you'll see the majority of systems just have eight gigs of ram, and some have 16. It's pretty rare to find a system with 32 gigs of ram in a store. [00:16:07] Speaker C: And the price difference, friend, like, when you jump above that eight gigs to something else, it's like, cool. Four, five, maybe $600 for a nice little system. I need 60. I'm going to need some money. [00:16:19] Speaker B: Yeah, it jumps up. [00:16:21] Speaker C: Yeah. [00:16:22] Speaker B: When the motherboards that we're buying support easily 32 and even 64 in a lot of cases. So you can have quite a bit of memory. But we just kind of stopped, and there's a few reasons for that. Part of it is technology. One big driver was like, when you go from eight gigs to 16 gigs of ram, or actually 16 to 32, you have to have a different chipset controller, and it's not as energy efficient. So for people that are going for long battery life, this is why Apple tried to hold people at 16 gigs for so long as they wanted that long battery life. The other thing is the push towards cloud computing. People use their local resources far less. In fact, most people just live in a web browser, and that's it. If you're a video gamer, it's a different story. But if you're a regular user, you just need a web browser, and your web browser is a memory hog, right? Like, chrome will sit there and eat up eight gigs all day long, but it won't eat up 32 gigs or 64 gigs of ram. It doesn't spread out that way. So it's interesting to finally see something that's going to drive a little bit of a hardware push. Microsoft is saying, hey, we're rolling out the. I'm having a bad memory day. What is their AI called? [00:17:34] Speaker C: Ginkgo Beloba. [00:17:36] Speaker B: It's not Cortana, it's copilot. [00:17:38] Speaker C: Copilot, yeah. [00:17:39] Speaker B: So they're going to be rolling out copilot. They're going to be putting a key on the keyboard for copilot. Your machine needs the hardware to drive that. Here's our minimum. Got to have 16 gigs of ram, and you've got to have an AI processor, either your general purpose cpu or a gpu that can handle 40 trillion operations per second. That's their big push. This is kind of drawing a line in the sand, and so we'll start seeing where stores are moving to that as the minimum standard. [00:18:07] Speaker C: How are we going to afford these devices, don? [00:18:09] Speaker B: I think it'll be surprising how quickly that price drops. [00:18:12] Speaker C: Oh, that will be nice. [00:18:16] Speaker A: This is unrelated, I'd like to point out the lizard has disappeared. [00:18:18] Speaker B: He's gone up your leg. [00:18:27] Speaker A: So you made the comment that companies are kind of tacking AI onto everything nowadays because it's a buzzword. You hear it everywhere. Is there something specific about these pcs that would justify them being like, oh, they're AI pcs? [00:18:40] Speaker B: Yep. So what's going on is the companies that are behind these big AI pushes, right. And I don't mean OpenAI, even though they're at the forefront of it. OpenAI is getting money from a ton of other places. Right. Microsoft is pumping billions of dollars into OpenAI and giving them access to azure servers. Right. Like an almost blank check when Microsoft says they gave $3 billion, or I think it was 3 billion in cash, and then there was like another 8 billion, which was Azure services, they were getting, like, credit. Those companies are now realizing when they roll this AI technology out, and my motto on this is most AI is BS. So when they roll out this BS to most people, they're realizing, wait a minute, that's requiring a ton of cpu, Ram, GPU access. It's expensive to run all this AI stuff. And so if we want to make this work, we've got to start pushing some of the work down to client machines. We've got to start getting the client cpus to contribute to really bolster up the amount of hardware that we have and not require it all to be on the back end. So I think that's the push here, is they can't rely on client machines to do any real work because most client machines don't even have an AI capable processor, better yet, a strong enough one to be able to do something meaningful. So now we're starting to see that change a little bit. [00:20:03] Speaker C: Did you see this AI ship that they're planning on doing? They want to build this giant ship with a massive AI farm that they're taking out into international waters to avoid these AI government regulations that they've been building. Because you're in international waters now, you're basically your own floating island, whatever you like, and to kind of beat the brakes off of what they can and cannot do with AI. And it looks really scary. [00:20:32] Speaker B: And they've bought 10,000 Nvidia H 100. Wow. [00:20:37] Speaker C: Yeah. [00:20:37] Speaker B: Wow. Who's financing that? [00:20:40] Speaker C: Dell complex hopes floating its computer clusters in the middle of the ocean will allow it a whole new level of autonomy. That is, if the company is even real. [00:20:49] Speaker B: Oh, great. So this is another crypto rug pool type thing. [00:20:57] Speaker C: I have no idea what the hell is going on with this. It's just crazy. [00:21:01] Speaker B: One of those H 100 running something like stable diffusion. And all the other ones are bitcoin mining. Well, I hadn't heard of Dell complex, so I pulled up their web page. It's loading incredibly slow, so right now. [00:21:19] Speaker C: It'S just running on a page. [00:21:21] Speaker B: Well, I imagine my tab is now crypto mining. Yeah, of course, that's what's happening. [00:21:28] Speaker A: All right, we'll come back to it. If it pops up. [00:21:33] Speaker B: I'll take that challenge. My laptop has 32 gigs of ram, so I should be able to handle web page well as a podcast. [00:21:43] Speaker A: That really is passionate about artificial intelligence, because all of our intelligence is artificial. This obviously means a lot to us, so maybe we will come back to it. We'll have to see if that tab loads for us by the end of the. [00:21:53] Speaker B: Turned off my ad blocker and I've started loading the page. I'll let you guys know when it loads. [00:21:56] Speaker C: How much bitcoin did you find? [00:21:59] Speaker A: Take away the inhibitors. That's great. Well, we've got one more article in this half of the show, and this one is definitely more in the world of Linux. So hopefully Don and Daniel can break this one down for me. But it comes to us from Pheronix and it says Ubuntu Linux working on installer support for Nvme over TCP. Nvme Nvme over TCP. So what is it about this article? Why did you think this was something that was important for us to cover? [00:22:23] Speaker B: All right, two things here. So one, it's just neat, right? So it's a new thing that's coming in Ubuntu. We're getting close to the release of Ubuntu 24.4, which is the next long term support release. I know I mentioned that like a month ago or whatever, but we are merely two months away, two and a half months away from when that releases. So betas are starting to roll out, and that will be the next version of Ubuntu that we run for a period of years. Right. They'll support it for five to ten years. So that's kind of a big deal in and of itself. And they're rolling out a feature to have it where with the installer you can do an Ubuntu 24.4 install using Nvme over TCP to where your local computer just has to have enough storage for the UEFI BIOS. So like a 64 megabyte partition on something, it can be an SD card and all of its storage. Beyond that, the operating system and everything can be stored over the network and access via Nvme over TCP. That's pretty cool, right? If you have a server farm and you want headless computers, if you want computers with no storage, you want to have a centralized pool of storage. Like this facilitates that and it's really cool. The other reason I grabbed this is, prior to reading about it, I had never heard of NVME. This is new to me, and I'm surprised because it's not new. It's actually been out for a couple of years. And Linux computer, go bird. [00:23:50] Speaker C: That's all I know. [00:23:53] Speaker B: So there's been Linux kernel support for it for like two years now. Now, I have worked extensively with ISCSI. Right. [00:24:02] Speaker C: Daniel, you've used icecuzzy storage and all that. [00:24:05] Speaker B: So, you know, normally when you get a San, a storage area network, you have like a fiber, they call it a fabric or a switch fabric in between the storage and your servers, and you have hbas that connect it all together, and it uses whatever communication protocol that particular Sam was designed for. Many of them just use the SCSI language right over the fiber directly to the devices. So everything just looks like SCSI drives on your system, and that's it. Well, ISCSI just takes all that SCSI traffic and wraps it up in a TCP IP wrapper and throws it on the network. It's not as efficient as doing native communications, but it frees you up to be able to have a much more diverse and distributed network. So IsCSi is if you're going for performance, not what you want, right? You want native san supported storage connections. But if you're going for flexibility, like you need multiple data centers or you're building in redundancy, you need more than one path to get from point a to point b. ISCSI gives you a lot of flexibility, but it's using the SCSI transport language, which is old, right? SCSI technology. Yeah. And it has not changed significantly in 30 years. I talk about pop three and IMAP. SCSI hasn't changed. [00:25:19] Speaker C: Literally older than Sophia. [00:25:21] Speaker B: Yeah, that's a fact. It's not saying much now. Nvme. NVMe is the new storage communication method that's used in most of our devices, right? So I think all three of us, our laptops have NVMe in them. If you have a desktop, likely it's using NVMe now. Any system made in the last five to seven years is typically going to be using NVMe storage or getting there. Well, they've made it where Nvme can be shuttled over TCP, just like iSCSi, and they're getting pretty decent performance out of it. And so this is a chance to move away from older iSCSI and implement newer Nvme over the network. Now, I don't think it's quite ready yet for full blown production use. As far as if you're going to build something that would normally be an ISCSI San, the ISCSI initiator clients are really mature, really stable. The NVMe over TCP clients, that's a little more cutting edge. Right. But it's coming down the line, and it makes sense that this would be the logical successor to ISCSI. Yeah. [00:26:23] Speaker C: And I'm thinking now, like, all the hardware that it took to get those sand devices working, the gigabit switches that came out at the time, and the. [00:26:33] Speaker B: Network adapters that had a two offload. [00:26:35] Speaker C: Engine, the shelf that you had to stick all those hard drives into, it probably weighed 200 pounds. It was massive. But nvmes are these little chips, like a ram chip, right? [00:26:47] Speaker B: Yes. [00:26:48] Speaker C: So think of how much storage you can now reclaim and reduce the size of your racks if you're racking and stacking. I'm looking at western digital blacks for $99. For a terabyte. I get ten of those. I've got a pretty good storage thing going on there, and you can get. [00:27:05] Speaker B: A little box the size of an intel nook that holds 16 drives in it. [00:27:09] Speaker C: Crazy. [00:27:09] Speaker B: And there's your sand. The biggest challenge they have is heat. These drives run a lot hotter than even the old 15k rpm drives, which put out some decent heat. Nvmes put out way more heat. And so when you consolidate a bunch of NVMe disks in one small location, you've got to have active cooling, you got to have fans, you've got to have heat sinks on each NvMe disk. And so when you look at the Dell or HPE solutions that are out there, you'll see that where the nvmes look bigger because they've got heatsinks kind of just directly screwed on. [00:27:43] Speaker C: Yeah. You ever see where you can get those? Basically like a portable enclosure for an NVMe, they look like big heatsink. One big heatsink, because that's exactly what it is. And you slide your nvme in there, you get a USBC connection and bam, you're good to go. But that's kind of cool. But yeah, they do generate a little bit of the old heaty. [00:28:01] Speaker B: Yeah. So if you're looking at vendors like NetApp and other people like that that make these network attached storage and sand type solutions, NVMe is the way of the future on this. And NvMe over TCP is a way to stop having to translate that language from the client to the host. It can be NvMe all along the path. [00:28:20] Speaker C: And kind of going back to the article, the article is talking about how not necessarily so much about NVMe over TCP, but more of the installer, like making this a little bit more user friendly to let you be able to install this and get it right. [00:28:35] Speaker B: Yeah, yeah, absolutely. And it is intended for server workloads, not for like, they don't want your average desktop running this way. But imagine you had like, I don't know, a little raspberry PI cluster. You could have five raspberry pis with no local storage. They can just use their NVRAM or whatever to store the UAFI or however they boot to then reach out and connect and just load the operating system off the network. [00:28:59] Speaker C: You say Raspberry PI. I've come up with a project for my wife. She's got an older van and the kids, they have dvd headrests, but my son is a tyrant and he wants to control what goes on these things. I'm like, I think I could take a Raspi, a fast small USB and like an old access point, put it all together inside of like a tackle box with a power supply, plug it all in and just build like a media server and they just connect to the access point when they get inside the car. And on that little small USB drive would be movies and tv shows and things of that nature. And now you can watch whatever the heck you want to watch. And homeboy don't have to control how that goes down. He can watch whatever he wants. I'm trying to overcome issues with technology. It's me. [00:29:55] Speaker A: I'd be curious to know if you tried that, if it actually worked. [00:29:58] Speaker C: I've just got to figure out. I would install like Ubuntu or whatever onto the Raspi, then install Apache and then figure out how to get, I'm sure I can do it within a couple of days. As far as figure out how to get Apache to serve streaming video and give them a menu that they can go to. There's going to be a website and just go to the website and pick their movie and click on it. That's the idea. [00:30:25] Speaker B: Well, for those of you who've been waiting with bated breath, the Dell complex web page has loaded. [00:30:29] Speaker C: Did it? [00:30:30] Speaker B: And if I didn't have any background information, I would think that this is a company that sells stock art because. [00:30:38] Speaker C: They have a lot of stock art. [00:30:39] Speaker B: They sure have a lot of stock art. But yeah, they've actually got pictures of the pallets of Nvidia H 100 servers. So they're not just talking the talk. They've actually secured some of the hardware prompt engineer. [00:30:53] Speaker C: Dell complex. [00:30:54] Speaker B: Yeah, prompt engineer. [00:30:55] Speaker C: That's the new thing. [00:30:57] Speaker B: I can't imagine that's going to be. [00:30:59] Speaker C: A real career for long, bro. I'm going to go to indeed right now and see. [00:31:04] Speaker B: I know for a fact companies are hiring engineers right now like what they're. [00:31:07] Speaker C: Running right now, because if it's lucrative, it's going to continue. They'll build certifications around it and they'll maintain that as much as they possibly can. [00:31:16] Speaker B: Yeah, I think it'll end up being like SEO. What do they used to call themselves? SEO engineers or something like that, where they focus on search engine optimization and then they realize like, well, everybody can game the system. You don't actually need a specialized education for that. [00:31:32] Speaker C: Do it. Yeah, see, SEO engineers just became prompt engineers. [00:31:38] Speaker B: Done. [00:31:40] Speaker A: If you do go find something on the indeed job board, I want to know what you find. I want to know what they're. We can always come back to it, but during this first half of the show alone, we gained a web page and we lost a lizard. So I'm feeling a little bit emotional right now, and hopefully we can find that lizard during the break. We'll go ahead and we'll take a short break. Give Daniel some time to pull up those job boards, and when we come back, we'll see what he finds here on Technato. Tired of trying to schedule your team's time around in person learning? Isn't it a bummer to spend thousands of dollars on travel for professional development? What if we said you can save money and time and still provide your team with the best training possible? The answer to your woes is live online training from ACI learning. With live online training, we provide our top in person courses in private online instructor led formats. You get to provide professional development in a manner that fits today's expectations. Entertaining, convenient, and effective. Our exam aligned courses inspire the full potential of your team. Visit virtual instructor led training at ACI learning for more info. Welcome back. Thank you so much for sticking with us through that break. I know you're looking forward to hearing what Daniel found on those job boards. But first, I want to remind you that if you are watching from YouTube, we'd love to hear from you all. If you haven't already subscribed, feel free to do so. So you never miss an episode of Technato. And if you're enjoying this episode so far, leave a, like, leave a comment. And if you are listening on a podcast platform like Spotify or Apple Podcasts, we so appreciate you and thank you so much for tuning into this episode. Now, Daniel, do you happen to remember what you found on the job boards? [00:33:04] Speaker C: Anything interesting? I've got it sitting right in front. [00:33:05] Speaker B: Of me so I don't have to remember it. [00:33:07] Speaker C: I can read the first right. I'm getting really good at the reading thing. I don't have to sound out as much anymore. So proud. It's going to be great. So it ranges from around 50,000 a year to 280,000 a year, depending. [00:33:26] Speaker A: It's quite the range. [00:33:27] Speaker C: Yeah, it's quite the range for a. [00:33:30] Speaker B: Prompt engineer, which it'll take a little while for businesses to realize that a prompt engineer is not really any different than somebody who just knows how to use Google really well. Yeah, but that doesn't have a cool job title. Like, I'm a Google search engineer. [00:33:44] Speaker C: Listen, they know how to train the GPT. [00:33:47] Speaker B: Yeah. [00:33:48] Speaker C: Right. [00:33:48] Speaker B: Yeah, that's a gig. [00:33:50] Speaker A: The answer, they're looking almost 300. Do you think that's just because it just depends on the company? [00:33:54] Speaker C: I don't know, but my resume is in for anybody open to work. [00:34:00] Speaker B: So we have an AI project going on at our day job, and the idea is that it will be trained on all of the content that we made, all of our transcripts and so on. So it can give answers and it can reference where it came from on a particular show. It's got some problems. It's not even an alpha yet. It's not ready for customers. [00:34:21] Speaker C: It's got some problems. [00:34:23] Speaker B: It's got some problems. And so I have this test question that I use every time I log into the system to see how it's doing. I ask it, what is two plus two? That's the question. Some days I get nothing because it's broken. Other days I get various things. Potatoes. The project's been going on for a few months now, and there's other priorities that are being worked on. So I don't want the listeners to think, like, there's people working on this every single day. But it's never told me four. And yesterday was the best because it gave me a five paragraph response all about arithmetic and how this was an addition problem, how we were combining two numbers and if I had two apples and I added two apples more and all this stuff, and it never told me that it would be four. [00:35:10] Speaker C: It's all the theory behind why you could come to an answer. [00:35:14] Speaker B: It was like listening to a politician, and it was kind of eye opening for me because I was like, there is a job field that is going to be disrupted. There's nothing a politician can do that I couldn't. [00:35:25] Speaker C: It might already have. [00:35:29] Speaker A: Oh, boy. Yeah, I do enjoy going in and just asking things like Chachi bt random questions just to see what it says. And yeah, sometimes it gives me an answer. I'm like, okay, that's fair. And sometimes it's like, how are people relying on this to cheat on exams? [00:35:40] Speaker C: I like to ask it epistemological questions because that gets really fun. [00:35:45] Speaker B: Is that contagious? [00:35:46] Speaker A: Yeah, I was going to say, it's. [00:35:49] Speaker C: Like, is there such a thing as objective truth? It gives me an objective truth answer saying that, no, there's no such thing as objective truth. And then I'm like, how are you not being circular? [00:36:00] Speaker B: This is maybe a little bit twisted for me. I like how in Chat GPT, if you stay in the same question, so don't start a new conversation and you keep asking it things, it gets like progressively more and more twisted as you go. And that's entertaining. [00:36:14] Speaker C: Yeah, it is a good time and it's a great way to pass some time. [00:36:18] Speaker A: Leave it to Don and Daniel to confuse the robots. Wow. We love to see it. We'll add a New. [00:36:22] Speaker B: They're coming after our prescription. [00:36:28] Speaker A: Do have some. As Don said, there was a lot of security news this week, so we do have a couple of things that we wanted to touch on and go over. This article comes to us from bleeping computer and it says, court charges dev with hacking after cybersecurity issue disclosure. And this is interesting because what was it? This guy was trying to report an issue and it ended up backfiring. And then he was the one that got arrested and convicted. [00:36:51] Speaker B: Has he been convicted already? I know he was arrested. He was convicted. [00:36:54] Speaker C: All right, well, he is in appeals. Okay, at this point. [00:36:58] Speaker B: So laws vary from country to country, and the United States has a different set of laws around some of this stuff. So this situation would play out differently depending on where it happened. In this case, it happened in Germany and Germany has some very strict, almost draconian rules around crime and punishment. And in this case, what happened is there was a company that was using third party software, and it had a problem. It wasn't working right. And they had a cybersecurity researcher take a look at it. Was it a part of a pen test, or was it part of troubleshooting? [00:37:34] Speaker C: They said their logs were, like, filling up a lot. [00:37:36] Speaker B: That's what it was. [00:37:36] Speaker C: Yeah. [00:37:37] Speaker B: All right. And so he was trying to figure out why, and so he started looking at the binary, and he knew it had to connect to a database server because that's where all these log messages were being generated about. And he looked at the binary, and in plain text, the database credentials are right there in the binary. So he was able to extract those out. [00:37:56] Speaker C: And I want to say he probably just ran some tool, like strings, right? He probably just strings the tool or the binary. And any readable ascii text is going to pop out from that, which happened to be one of those things, was the password to the database. [00:38:11] Speaker B: And so then he logged into the database. Now, the database was at the third party provider's services. It was like a cloud delivery. [00:38:18] Speaker C: This is where he entered some legal gray areas. [00:38:21] Speaker B: Right? Because once he logged into that database, he didn't just see his company's data. He saw every company's data that used that company's software. And so he did the responsible thing. He notified them. He said, look, guys, you've hard coded credentials. They're in plain text. Somebody can log in and have access to all of your data. And that company then said, oh, you hacked us and reported it, and he got arrested. [00:38:48] Speaker C: And if he got in €3000, he was ultimately fined. [00:38:52] Speaker B: Okay, any jail time? [00:38:55] Speaker C: No jail time. The judge said that he had a spotless record up until now, and he took that into account and therefore only charged him with €3000 as a fine for this. And it's like, well, thanks. I appreciate you, judge. What I would have really appreciated was the. Obviously, I'm not doing anything malicious. I was just trying to figure out why this system was acting in the way it was acting for my clients. And then when I disclosed that, you know, that anyone can access this server and all of its records, all of your other clients are also aggregating logs to this database server. You probably should do about that. You threw the middle finger up at me and called me a hacker. So I let the world know you have a security issue, and then you brought me up on charges. So, I mean, obviously, there is some, it's not as cut and dry as whether or not this person is guilty of doing something malicious. I don't think that you can, because a lot of times with crime, you have to prove intent. Right. And I think that this is one of those cases where you would have to prove malicious intent, and he had none. You could not prove malicious intent on this. He had a perfectly legitimate reason for trying to figure out why things were doing what they were and accessing the systems that he did. He disclosed any kind of security issues that he found with all the parties involved. He was not trying to utilize this for malicious purposes. [00:40:24] Speaker A: Right. [00:40:24] Speaker C: So it would seem that if I was a judge in this case, and that's the whole purpose of being a judge, is to judge whether or not something malicious was intended in what happened. If you do not find that to be true, the onus is on you as a judge to use your power to say, listen, you did cross a line here, but I'm not going to say the ends justified the means or anything. So maybe we've, we've got you for a lesser crime, but we're not going to throw the full extent of law. Maybe that's what this judge did. We don't have all the full details on what's going on, not in this article anyway. I didn't run it down to figure out what went on. [00:41:01] Speaker B: Well, so in this case, even if the judge believed that, he didn't have the flexibility. Right. This is like pedantic or whatever. [00:41:12] Speaker C: A lot of times they do, though. [00:41:13] Speaker B: They do. Yeah. [00:41:14] Speaker C: I don't know what goes on in Germany. [00:41:15] Speaker B: The way this law is written is they divide. Know if you're a right, they need to be able to penalize you. And they divide it into two parts. And so one is, if you secure, even for yourself, one, passwords or other security codes enabling access to data, and that's what happened here. And two, software for the purpose of committing such an offense. Right. So in this case, you could say, well, he wasn't like trying to commit an offense, but he did secure a password. It's two separate things, but they are two different bullet points in the law. And one is it's cut and dry. [00:41:49] Speaker C: He crossed the line per se. [00:41:50] Speaker B: Yeah. And that's an old story. If you think about like Kevin Mitnick way back in the 90s where he, I'll say broke. I'm doing air quotes here for listeners. He broke into at T's network. Well, he just found a modem he could dial into and he was dialed it. Yeah. And once he was in there, he found source code and other things. Right. And technically, even at that time, it wasn't really committing a crime, but he downloaded their information, and once he made a copy of their data, it became theft. [00:42:19] Speaker C: Right. [00:42:19] Speaker B: And that was ultimately what got him. [00:42:22] Speaker C: That Internet troll guy, little weave or whatever his name was, back in. Yeah, he's fine. He was an Internet. Like, his claim to fame was being an Internet troll. He got arrested because. I forget. I want to say it was Apple on Apple's website, once you were logged in, I could be wrong on this. So, in fact, check me on that. He was able to. You get the id equals 472. Well, he changed it to 473, and he was able to look at that user's id and manipulate their data and view their data. And he disclosed that. And they said, you hacked the system. He's like, I just changed a number in the browser, in the page that you gave me. That's all I did. No, that's hacking. And they arrested him. So this isn't the first time we've seen something what seemingly is innocuous. I see Sophia's face. It's like, holy crap. [00:43:11] Speaker A: I don't know if I have the right person. [00:43:13] Speaker C: No, you probably do. If your face is like that. When I say an Internet troll, I mean, that's being kind. [00:43:20] Speaker A: It's a little bit of an understatement. [00:43:21] Speaker C: Okay. Yeah. [00:43:22] Speaker A: Well, yeah, I won't go into detail then. [00:43:24] Speaker C: Total. Yeah. [00:43:25] Speaker A: Well, as far as this story goes, because I'm not going to get into that, but as far as this story goes, it is interesting because, like you were talking about, at least here, I know it's obviously different countries, so they've got different set of laws and wherever. But, yeah, you would think you'd have to prove criminal intent. And if this guy had any criminal intent, he's the worst criminal of all time because he committed a crime and then immediately was like, look what I did. Why on earth would you do that? I feel like all this would serve to do is, okay, well, I guess if I find something like that, I better just not say anything. And it's almost like you're punishing people for doing the right thing. [00:43:55] Speaker C: It's like the coal fire hackers, right? Oh, yeah, coal fire hackers. [00:44:00] Speaker B: They were doing the pen test, physical pen test. [00:44:02] Speaker C: Doing a physical pen test on a courthouse that they had authorization to do. And then they got into basically, like, a jurisdictional pissing match over who had jurisdiction over that courthouse, and they got arrested and they sat in front of the judge, and the judge was like, the state doesn't have or the county doesn't have jurisdiction. The state does. And I'm a state judge, and therefore, you're going to jail. So you didn't have permission from the right people. And they were like. [00:44:35] Speaker B: Go listen to. [00:44:35] Speaker C: That darknet diaries episode. Listen to those guys tell that story. Made me think I was taking crazy pills, because here they are trying to do something good, increase security, and they're basically getting railroaded for it. And it took lawyers and money and a lot of time to get them out of that legal hot water. [00:44:58] Speaker B: Yes, it's a shame that it works that way, but that is the response to a lot of companies, or that a company's take is they want to not disclose a breach. Actually, that's a good segue to the next article. They want to not disclose a breach. They'd rather punish the messenger. Yeah, they'll teach you. [00:45:17] Speaker A: Well, like Don said, speaking of disclosing a breach, we'll go ahead and jump into our next segment. This is who got pwned. Looks like you're about to get pwned. [00:45:25] Speaker B: Fatality. [00:45:27] Speaker A: Great segue there, Don. Appreciate that. This comes to us from Ars Technica, Microsoft network breached through password spraying by Russia state hackers. This has, like, every buzzword in it besides AI. All it's missing is AI. Yeah. So what's the full story here? [00:45:42] Speaker B: The headlight kind of sums it up, right, as far as what happened. Right. It's password spraying. So they used existing passwords that were in other breaches? [00:45:49] Speaker C: No, that's not password spraying. [00:45:51] Speaker B: Right. [00:45:51] Speaker C: That's credential stuffing. [00:45:53] Speaker B: Oh, wait, I'm mixing this up. [00:45:54] Speaker C: Credential stuffing is when I take passwords from known breaches to see if you're reusing those passwords in other places. Password spraying is where I take the most commonly used passwords and attempt them against your system. [00:46:06] Speaker B: And those are most common. So they were. [00:46:08] Speaker C: If they're saying this was password spraying, then that's what happened. I read the article, and it seems like they were unsure of whether it was credential stuffing or password spraying. But either way. [00:46:16] Speaker A: Yeah, just because they exploited a weak password. But it doesn't make clear whether it's somebody's weak password or just a weak password. [00:46:21] Speaker C: Correct. [00:46:22] Speaker B: And what I wanted to touch on you just kind of tapped on it there, Daniel, is they haven't given us a ton of details on it because they don't have it yet. This is actually a pretty rapid disclosure from Microsoft and a few months back, we talked about the new SEC ruling that said if you're a publicly traded company in the United States of America and you have a data breach, you have to disclose it to your investors within four days. And at the time, we know this is pretty interesting because it applies to publicly traded companies. Private companies don't have to do it. But if you've got investors, if you're regulated by the SEC, you now have to disclose this. Here in the US, prior to that, we didn't have any disclosure laws of any sort. In Europe, they do. In the US, we haven't. This SEC ruling was the first one. And at the time we said, I wonder how this is going to shake out. Here it is. Here's a great example. So Microsoft has had a breach. And I can guarantee you normally they would not have told us about this at all, right? They would say, well, it was one of our employees that was compromised, so we don't have to disclose that. And then we'll do research and find out what the hacker was able to access and, oh, now we'll just notify affected customers. [00:47:35] Speaker C: First rule of Fight club, nobody talks about fight club. That's right. Second rule of Fight Club, you do. [00:47:42] Speaker B: Not talk about Fight club. [00:47:44] Speaker C: See, a lot of you are breaking rules one and two. The SEC is kind of making us. [00:47:50] Speaker B: So I think this is a good thing personally, right? [00:47:54] Speaker C: Absolutely. [00:47:54] Speaker B: Because there's companies like we were just talking about in that last article where they don't want to do the disclosure. They're worried about that pr hit and they'd rather get it under a rug as fast as they can here. They've got to come out. And so Microsoft had to come out and say, look, we detected a breach on January twelveth and then they came out with a public release or they have to file a form with the SEC. And that's public. [00:48:18] Speaker C: Man, I hope to see the day when public pressure to disclose when breaches occur and be open and honest about what happened. And, yep, people make mistakes as long as they were trying as hard as they possibly could. Listen, you're not going to get everything. We have figured that out at this point, right? If Apple can't do it and Microsoft obviously can't do it and Google can't do it and all these other companies can't do it, then it can't be done perfectly. That's all there is to. You can throw all the money in the world at it you want because there are those that have that kind of money and they're still unable to stop these breaches from occurring. So as long as you're doing everything you can do and continually trying to improve those processes, I'm not going to be mad at you if you get breached, right? If it was something dumb, then I'm going to be mad at you. Right. And because if we're disclosing now, I know whether or not you did something stupid and that caused that breach, and that should cause the pressure for people, individuals that utilize your systems to say, hey, you're trying to be shady about stuff. I don't trust you anymore. To the leper colony with you, that's ultimately the way it needs to kind of go. Right? And if you want to get out of jail or whatever you want to call it, from being blacklisted by everybody, because you're no longer going to be shady. Okay, well, now there's a path to forgiveness, and if you want to be forgiven, you're going to do the right things now. And then we can start utilizing your product again. [00:49:47] Speaker B: I just want to make sure I heard that right. Did you say leper colony? [00:49:49] Speaker C: Leper colony with you? [00:49:50] Speaker B: Do we have a time machine? Yes. While you were talking, it gave me a chance to look up the form. What I would like to see out of this is right now, if a company has a breach, right. They make an announcement. Let's use Lastpass as an example, because I think we would all agree that was a pretty bad breach. But it's been over a year now. People forget, right? Short memories. And LastPass is still doing marketing. There's plenty of people that use it. And if they didn't move away before now, then they're not going to move away and they stay on it and people forget. Right? It just becomes a thing of the past. Breaches have been happening. For know. Hey, like Daniel said, sometimes people make mistakes. It's a one time thing. Yeah, we failed here, but we fixed it and now we're good, right? What this new reporting structure puts in place is within four days of a breach, they have to file a form. It's called a form eight k with the SEC. That's in the public record, right? It's filed with the SEC. The government has that data. What we can do in the future, so, like, five years from now is I could say, let me pull all the eight ks that Microsoft has submitted, and now I can see that track record because we don't really have that right now. Companies like RSA, right? RSA. That breach, it's been over ten years since they had theirs. That was, in my opinion, the worst, most significant cybersecurity compromise in the history of my career. Because RSA was pushing out these hardware tokens and the private keys for all of their tokens got compromised. And they were used in all of our highest level, highest protection environments throughout the government, throughout the military. [00:51:35] Speaker C: I don't see the problem. [00:51:36] Speaker B: Don't be making this up, but the government actively suppressed that news story because it impacted our national security. Right. And so they effectively, I'll say, covered it up, but it wasn't like who. [00:51:52] Speaker C: Assassinated Fox Mulder, kind of. [00:51:55] Speaker B: Right. And so after a few years, when the data started coming out, which is now we can see what happened, people have forgotten about that. And RSA still runs one of the biggest cybersecurity conferences in the industry. So we need a way to be able to see that track record, to be able to see that history. And I think this system is kind of creating a pathway to that. [00:52:14] Speaker C: One of the comments says, f up, move up. Expect them to be given new leadership positions. I'm like, yeah, that is kind of how that works. [00:52:23] Speaker B: You've seen Pentagon wars, right? Oh, yeah, with karaoke. That was super awesome. It's a story about how the Bradley troop carrier was designed. [00:52:31] Speaker C: A true story. [00:52:32] Speaker B: And there's these generals that are, like, doing huge cost overruns and bureaucratic nightmare and all that. And there's this one. Was he a colonel? I think he was a colonel, yeah. [00:52:42] Speaker C: It's kind of over the whole entire. [00:52:44] Speaker B: Project, who's there as, like, an auditor, a monitor. And he comes in and he looks at all this and he sees all the madness that's going on, and he reports it and so on. And at the end of the movie, a little spoiler. They do a report on what happened to these people. And all the generals that were involved got promoted. And Carrie always character the auditor who reported on all this stuff. Discharged. [00:53:08] Speaker C: Yeah. I love this scene. Kelsey Grammar was one of the generals. [00:53:13] Speaker B: He was the head. [00:53:13] Speaker C: Asked him, well, how much have we spent on this? And he's like, like $204,000,000,000. And the judge is like, you said, $204,000,000. He goes, no, billion. It was something. Crazy amounts of money, and it doesn't work. And it's a death trap. And every audit proved that it was a complete failure. And they just kept going, well, what we need to do is. And instead of just scrapping the project or starting from the ground up, they would just continually try to change it. And then they would ask for more money because. Oh, now we got to change this thing and. Yep. [00:53:49] Speaker A: What's the name of this movie? [00:53:50] Speaker C: Pentagon Wars. [00:53:51] Speaker A: Pentagon wars. [00:53:52] Speaker B: It's really good. [00:53:53] Speaker C: It's pretty funny. [00:53:53] Speaker B: It was on Netflix. I watched it on Netflix. So it's probably there. [00:53:56] Speaker A: But add it to the list then. [00:53:57] Speaker B: And there are scenes like the one you're referencing because he kind of coughs to cover up the b at first. And you think that's made up? That is straight from the congressional investigation records. They use the transcripts. Wow. It's 100% true. [00:54:12] Speaker C: It's sad and it's kind of depressing, but it's also funny as hell. [00:54:15] Speaker A: Yeah. If you can get past the fact that it's kind of real, then it's this. I know we got another article we want to get through real quick. I just have an inquiry, I guess. So. I know that there's been some talk the last, I guess, couple of months around the office at our day job about, oh, Microsoft is having people change their authenticator. Like, if you're using a third party authenticator app, you're going to have to switch to Microsoft's Authenticator. Or if you're using SMS, you've got to use their authenticator. Right. They're being real. They're trying to get real strict about it. [00:54:43] Speaker C: Right. Yeah. [00:54:43] Speaker A: But I'm looking at some of the input that people had on this and the nature of the attack. A successful password attack would suggest that there wasn't a two factor authentication. Correct. Interesting that we're all having to use specifically Microsoft's two FA app. [00:54:58] Speaker C: And evidently response to that was these are old test environments that are also connected to our production environment. Interesting, because if I'm not mistaken, which I could be, they said that the russian attackers were able to pivot into Microsoft's larger environments, but no customer data. [00:55:20] Speaker A: Or. [00:55:23] Speaker C: The critical systems were no signs of access to. [00:55:28] Speaker A: Totally, totally, totally. [00:55:29] Speaker C: Remember step one. [00:55:31] Speaker B: Deny, deny, deny, deny. Their quote is it was a legacy non production test tenant account that was. [00:55:41] Speaker C: Connected to the Internet. [00:55:42] Speaker B: That's as many words as you can stick on there to make it sound insignificant, but it's a foothold. [00:55:46] Speaker C: Yeah. [00:55:47] Speaker A: And yeah, somebody said, why give that test account such great privileges if it's just a test account? [00:55:52] Speaker C: Great question. [00:55:53] Speaker A: Interesting. [00:55:55] Speaker B: Our test account is a full blown domain admin. [00:55:59] Speaker C: They used to work for an insurance company. [00:56:04] Speaker A: Well, maybe we'll get some more detail on this in the future. But, I mean, I guess on the bright side, it was a pretty quick disclosure, I guess, because it was what they. I don't know, relatively speaking. As far as we know, at least. [00:56:16] Speaker B: We heard about it, right? [00:56:17] Speaker A: That's true. They told us something which is more than we can ever really hope for. [00:56:22] Speaker C: Anything I know about Microsoft is they do not like talking about breaches or anything. I don't even think you're. I was reading, like, a form or something, and some Microsoft engineers, like, we're not even allowed to say the word. [00:56:34] Speaker B: Oh, yeah. Like zero day and stuff was on their bandwidth. [00:56:37] Speaker A: Interesting. [00:56:37] Speaker B: I remember that. [00:56:38] Speaker A: Wow. That's a little concerning. [00:56:40] Speaker C: But listen, if we don't say it, it doesn't exist. [00:56:46] Speaker A: Sounds like some don't. Oh, boy. [00:56:49] Speaker B: We don't say we were breached by an attacker. We say that we had a network visitor. [00:56:56] Speaker A: It's not a problem. It's an opportunity. [00:56:58] Speaker C: Yeah, so Conley pointed out that we had a security issue and we took care of it. [00:57:03] Speaker A: Well, there's a lot about that story that doesn't really makes sense. And speaking of, this next segment is called don't make no sense. [00:57:13] Speaker B: It made no sense. [00:57:14] Speaker A: It made no sense. What you're talking about, will, it wasn't quite as good as your segue, but I'm doing my best. So this one comes to us from malwarebytes, the mother of all breaches. 26 billion records found online. When I first saw this, I was. [00:57:27] Speaker B: Like, oh, come on. [00:57:28] Speaker C: Births. He said, it's the mother of all breaches. [00:57:34] Speaker B: Oh, my God. [00:57:36] Speaker A: Well, when I first read this, I was like, oh, come on. There's no way you can have that many records in one breach. And I guess it says it doesn't seem to be from one single data breach, but a compilation of multiple breaches. But still, 26 billion records. That's billion. That's insane, right? [00:57:52] Speaker C: Have I been poned? [00:57:53] Speaker B: Yes. [00:57:53] Speaker C: That's all it is. [00:57:55] Speaker B: So it is interesting. There are not 26 billion people on the planet, right? I think Daniel told me earlier that the world population was under 8 billion. Hell, let's say it's 10 billion. Who cares, right? This is way more than what there are. So this is not a single breach. In fact, I think it's a bit of a misnomer to call it the mother of all breaches, because it's likely not a breach at all. Now, I have to say likely, because where did this data come from? So the most probable story here is that you've got a malicious threat actor operating on the dark web. There's people that sell credentials, right? And so anytime there's a breach, anytime there's a disclosure of data, they aggregate it to build a bigger pool. And so somebody has built a super pool of all of these different breaches to create one big, massive data set that you can go on the dark web and purchase. Right now, if you want. 26 billion records, of which probably less than a billion are actually functional. But, hey, that's a ton. Then you can. [00:59:02] Speaker C: There's most likely a bunch of duplicates. [00:59:04] Speaker B: More than likely. [00:59:04] Speaker C: Yeah, there goes your 10 billion right there. [00:59:06] Speaker B: But where did this come from? Right, so it could just be somebody who's been operating on the dark web and aggregating this stuff. Right, so you can do that. And, Daniel, you mentioned, have I been poned? I mean, that's effectively what he does. He gathers the databases. I wonder how many records he has. [00:59:21] Speaker C: A question. [00:59:22] Speaker B: I don't know. Or this could be. There are a number of cybersecurity companies that specialize in dark web monitoring. Right? In fact, I have credit reporting through Equifax. I can't remember the name of the company now. I don't think it's Equifax. It might be. [00:59:44] Speaker C: So the company you work with is not Equifax, but where they do their. [00:59:48] Speaker B: Stuff is directly through equifax? Yeah, well, I have credit monitoring to somebody, and one of the things they do is what they call dark web alerts. And so if my email address shows up in some kind of breach, they'll let me know. Like, hey, your email just showed up in this one right now. How do they find that out? Well, that means that they are getting the publicly disclosed databases. When an attacker threatens that you pay me a ransom, or I'm going to publicly disclose this. So that's one way they can get it. When people don't pay a ransom, however, the thing they don't like to talk about is that they are usually going out and actively buying these databases. They're supporting the industry that they're claiming, trying to fight. Yeah. So if we buy enough drugs, the drug dealers won't have anything to sell on the streets. We've solved the problem. So let's just go buy all the drugs. So that's what these guys are doing, and they'll go and buy these databases. So it is possible that a cybersecurity monitoring company got breached and that their database, their treasure trove of data that they use to notify their customers, has now been leaked out. And that would be an extra tool in the arsenal of an attacker out there that would make this a breach. [01:00:56] Speaker C: And it's interesting. This article goes on to go in other news about leaked, I mean, it's just this little blurb about this 26 billion. Then it's like, in other news, Trillio has got 15 million records. And they go into talking about, how do you define a breach? And they offer a definition of the word breach. And they say a breach is an incident where data is inadvertently exposed in a vulnerable system, usually due to insufficient access controls or security weaknesses in the software. That's an interesting and probably a pretty good working, walking around definition of what a breach is. And it does kind of like, if I put a bunch of sensitive information onto an open s three bucket and someone finds it, is that a breach or is that a leak? Is there a difference? At the end of the day, the end product is really no different. Right. Because I've, either through vulnerability or negligence, have exposed sensitive information to attackers, and they have pilfered my pockets and taken this data and are now selling it or doing whatever they do. But it's an interesting idea that do we really care how it got into the hands of the bad guys, that through something of yours, either through negligence or incompetence or both, you have made this available to attackers? That's the problem. [01:02:25] Speaker B: So I just did some quick googling. So the company that I use, my wife, manages this stuff. I had to look it up. It's called identity force, which is a transunion product. So you got the three big credit reporting agencies, Equifax, Transunion, and. [01:02:44] Speaker A: Credit karma. I know, does stuff, but I don't. [01:02:46] Speaker C: Know if they're pulling from these credit reports. And there is a third one, but I think those are the two ones we typically see. [01:02:54] Speaker B: Equifax, Experian is the third one. Experian, equifax, and so. But they're all effectively the same. [01:03:01] Speaker C: Yeah. [01:03:02] Speaker B: Although Equifax has had the biggest breaches. Yeah. Good times. Good times. So anyhow, the point is this has been released. 26 billion interesting identities that you can go and purchase. I don't know what the going rate is. [01:03:21] Speaker C: Yeah, obviously it's big money because people keep doing this. Right? [01:03:25] Speaker B: Yeah. Honestly, they could sell it for $100 and sell it so many times that they make a bunch of money, but they probably sell this for money. [01:03:33] Speaker C: I almost wish that, except for, like, passwords and credit card. And if it wasn't so easy to use that information to do, like, identity theft, I would almost be willing to just say, here's all my pii. And now it's worthless. Right. If everybody's got it, that's the idea behind value in something? Is it scarcity or it's access to it? [01:04:02] Speaker B: Right. [01:04:02] Speaker C: So the reason gold is expensive is because there's not a bunch of it and a few people have access to a lot of it. [01:04:08] Speaker B: Yeah. [01:04:08] Speaker C: Right. Same thing has got to be with our personal data. If we could just permeate the vast majority of it, that's not useful in identity theft and other schemes, that would be great because it would reduce the value of it, making it less valuable for companies to collect. Because why collect it when it's freely available? [01:04:30] Speaker B: Yeah, it's one way. It is, but. [01:04:34] Speaker C: Oh, I know there's flaws. [01:04:36] Speaker B: I get it. [01:04:38] Speaker C: Totally get it. But we got to start somewhere down and tackle the problems as they. [01:04:45] Speaker B: Yeah, yeah. One day when we get to the space communism that's in Star Trek, then we won't have to worry about this. [01:04:52] Speaker C: This is exactly what it is. Gene Roddenberry said as much. Right. He was like, they said that on season one of the next generation, they were having trouble coming up with interesting plots because there was no conflict. Gene envisioned this communist utopia of the future where no one envied each other and no one had more than anybody else. And it's like what gets us angry? There's no conflict, Gene. These are not compelling. [01:05:28] Speaker A: Was the. There was a movie I told me about that was, I want to say Kurt Russell, but I could be wrong. And he was like some super soldier. Soldier, was it soldier where he gets discharged to this planet and he doesn't know what to do because there's no conflict. [01:05:39] Speaker B: Yep. [01:05:39] Speaker A: So there's nothing for him to. [01:05:41] Speaker B: Yep. [01:05:41] Speaker A: Oh, interesting. Okay. [01:05:42] Speaker B: Or major pain. [01:05:43] Speaker C: One of the others. [01:05:45] Speaker A: Definitely not major pain. It was definitely not major pain. [01:05:47] Speaker B: Someone who needs some killers. [01:05:49] Speaker C: I'm sorry, major. [01:05:50] Speaker B: There's no one left. [01:05:51] Speaker C: You've killed them all. [01:05:54] Speaker B: I love that movie. [01:05:55] Speaker C: Such a good flick. [01:05:57] Speaker A: I'm going to have a list a mile long by the end of this month of movies I need to watch. [01:06:01] Speaker B: Major pain is a heartwarming family. [01:06:06] Speaker A: Yeah, I watched rounders. I know that's not one you recommended, but it's a good flick. Yeah, it was a different comfort zone for me. It was good. [01:06:13] Speaker C: So I'm trying Matt Damon, he's like a card shark. [01:06:16] Speaker B: Okay. [01:06:17] Speaker A: I liked it. It's got some of the narration style that Goodfellows had. I quite enjoyed it. [01:06:22] Speaker C: I would recommend the eternal monologue of the main character. [01:06:25] Speaker A: Yes, I enjoyed that. That's why I'm wearing my Boston shirt today in honor of Matt Damon. [01:06:28] Speaker C: Well, there you go. [01:06:30] Speaker A: So real quick. Obviously, the headline of this article, the mother of all breaches, is pretty. Oh, my God. It's kind of sensational. Is this something that, because it's. Oh, well, it's not really one single data breach. It's probably a compilation. And then what do we really call a breach? This story in general, is this something we need to be concerned about? [01:06:48] Speaker B: Not really. So these are aggregated breaches that have already happened. So you've likely already been notified, you've likely already taken action. So the only thing you can do here is, if you want, you can go and buy a copy of the database, see what's in it, but otherwise, subscribe to. [01:07:03] Speaker C: Have I been pwned? [01:07:05] Speaker B: This is more of a don't panic. I hate that they're calling it the mother of all breaches, because it's not. So don't panic. [01:07:12] Speaker C: That's called a clickbait title. [01:07:14] Speaker B: Yeah, except, I mean, this is carried by numerous news sources at this point. [01:07:20] Speaker C: The major news sources don't use clickbait titles to get you to click on their titles and go to their stuff and make money. [01:07:26] Speaker B: Some of it's pretty bad. [01:07:27] Speaker C: Yeah. [01:07:28] Speaker A: See, that's why you go to Technito for your techno. [01:07:30] Speaker C: Because CNN, if it bleeds, it leads, right? [01:07:33] Speaker A: Was that a CNN thing? [01:07:34] Speaker C: Yeah, they caught them on tape talking about how they kept the COVID ticker at the bottom of the screen for the purpose. [01:07:40] Speaker A: I've heard the phrase before. [01:07:41] Speaker B: Yeah. So just this morning I saw a headline. Now we're going to get outside of technology. We're going to talk about the WWE for a minute, which I don't really follow. I loved when it was WWF, when macho man Savage was wrestling. Yes, I loved it. And rowdy Roddy Piper and stuff like that. That's. [01:07:59] Speaker C: Dude, I loved Rowdy Roddy Piper. [01:08:00] Speaker B: He was the best. But there was a headline this morning, I just saw it in my newsfeed, and it said, wWE wrestler dies at 56, former opponent of Steve Austin. And so it didn't say his name. Right. This person who died has died, and they're important enough to write an article like, hey, we need to acknowledge this person contributed to our society in whatever way. But we're not going to say his name. We're going to say Steve Austin, because he's more popular, more recognizable. And you're going to have to click on this article to find out who it is. [01:08:33] Speaker C: Because you glance over that and you say, steve Austin died. [01:08:35] Speaker B: Click. Well, I looked at it and I said, oh, I don't know who it is. [01:08:39] Speaker C: I don't care. [01:08:40] Speaker B: I don't care. That's sad, right? Because a human being, right? [01:08:44] Speaker C: But ultimately, as far as newsworthy, that's like, know George Smith of Akron, Ohio died. It's like, who the hell is George Smith? Yeah, he's an Akron, Ohio resident, and I'm sure he's got a family that loved him. I don't know who he is. So how does that impact me? Separated, 17,000 degrees. [01:09:03] Speaker B: Do you guys use the hacker news website? [01:09:05] Speaker A: Yeah. [01:09:06] Speaker B: So they have a rule that says when somebody dies, you're not allowed to editorialize in the subject line at all. And so all they can say is the name, and they die. So Ada Loveless died. [01:09:16] Speaker C: Got you. [01:09:16] Speaker B: And that's it. And I see these names pop up. I'm like, all right, who the hell is that? Now I got to click, and I got to do research and figure out who the person is. I'm like, it's not going to do it, but it turns out to be the person who invented Java or something. Well, that's pretty significant. [01:09:29] Speaker C: It's not editorializing to say the person that invented Java at a level list died. That's factual statement. [01:09:35] Speaker B: But they're super strict on it, and so they just cut it down to a name, bare minimum, which is annoying. [01:09:42] Speaker C: I like news outlets that just report the facts. And if you want to do an op ed, that's fine, but put op ed at the top. Don't try know, pander it off as some sort of factual article. [01:09:55] Speaker A: Right. [01:09:55] Speaker C: When it is your take. [01:09:57] Speaker B: That is a complaint I have about Google News is they mark articles as opinions. They actually have a tag for it. You can't filter it out. They're tagging it. [01:10:05] Speaker C: Kidding me. [01:10:06] Speaker B: There's no way to filter out opinion. And probably a great way. [01:10:09] Speaker C: You don't use Google news. [01:10:11] Speaker B: Yeah, probably 40% of the crap that's in my Google newsfeed is tagged as opinion. Yeah. [01:10:16] Speaker C: Which is nice. [01:10:17] Speaker A: I feel like that's just the norm now. It's unfortunate. Well, I know we're probably close to running a little long, but I know that in some of the previous episodes, when there's been weeks where there's of stuff going on, we've kind of touched on, like, oh, this and this, and this happened, but we didn't go into depth on it. Was there anything that happened that was notable that you wanted to include but we couldn't? [01:10:33] Speaker B: Oh, man, you put me on the spot. [01:10:35] Speaker A: Oh, I'm sorry. [01:10:35] Speaker B: Yeah, there's actually a ton of little things, but nothing. [01:10:44] Speaker C: Lightning round. [01:10:46] Speaker B: I had to pare down like twelve things that happened in the cybersecurity world to get down to just the three. [01:10:51] Speaker C: That we reported on, ending with strict fingerprinting protection. That was an interesting. [01:10:55] Speaker B: Yeah, that was one where it kept breaking websites and only 0.5% of their users are actually using it. And so it made sense to end that. [01:11:05] Speaker C: I asked Wes this morning, because he said he uses edge. And I was like, isn't that Chrome based? Isn't that Chrome? He's like, it's not Chrome, it's edge. I go, okay, I get that. Aren't they kind of like the same thing? And he said, no. I said, how? So? He said, one's Chrome and one's. So what is the difference between something like edge and Chrome when they're both using Chromium? [01:11:30] Speaker B: So the web rendering engine is the same. [01:11:33] Speaker C: It's the same. [01:11:34] Speaker B: Right. So they're using Chromium to a server. When you get a client that comes to a user, one, you can't really tell the difference. Right. What's different is all the services, they lay on top of it. [01:11:42] Speaker C: Gotcha. [01:11:43] Speaker B: So if you run Chrome, it'll synchronize all your bookmarks and log in with your Google account. And that's all stored on Google services. If you run edge, does the same thing, but Microsoft servers. [01:11:54] Speaker C: Gotcha. [01:11:54] Speaker B: So, you know, it's really just the UI that they're changing. Everything behind the scenes is the same. [01:11:59] Speaker C: So it's the coat of paint that's on it. [01:12:01] Speaker B: Right. [01:12:01] Speaker C: Gotcha. [01:12:01] Speaker B: Right. [01:12:02] Speaker C: Makes sense. [01:12:03] Speaker B: Yeah. So that was one. And Google. That was a big one that we didn't really touch on here was they finally acknowledged. Oh, by the way, when you're running in incognito mode. [01:12:14] Speaker C: Oh, yeah. [01:12:15] Speaker B: We still track you. [01:12:17] Speaker C: You don't say. I never would have guessed on. [01:12:20] Speaker B: I thought I was safe. [01:12:21] Speaker C: And I can start looking at weird stuff on the Internet, but apparently you're never safe. [01:12:27] Speaker B: Yeah, it's a good time. [01:12:28] Speaker A: You could look at weird stuff on the Internet. You might have to. [01:12:31] Speaker C: Yeah, the Google betters might come and go, you weirdo. [01:12:36] Speaker A: There was one that Ronnie had forwarded along that the inventor of the network time protocol died last week. [01:12:42] Speaker B: Oh, really? [01:12:42] Speaker A: It was 85 years old. And the article says inventor of NTP protocol, which I think is funny because network time. Protocol. Protocol. [01:12:49] Speaker C: But I see you posted the one about the tech employee that filmed her firing. [01:12:53] Speaker B: Yeah, went viral. [01:12:55] Speaker A: It was like a cloudflare employee. Yeah. [01:12:57] Speaker C: Oh, she was with Cloudflare. [01:12:58] Speaker A: Yeah. They cited that. They said, oh, well, it was because of performance issues. And she was like, well, first of all, I've only been here a few months. Every review that I've had has been extremely positive. Yeah. Every KPI I met, like, every time I've spoken to my manager, you're doing great. You're exceeding expectations. So I feel like it's not performance. Give me the real reason why I'm being fired. If you're just doing a mass layoff, that's fine. But then say that. And they were like, well, we can't really get into that at this time and get to that at a later date. And she goes, you're firing me? When are we going to get into it? If after this, I'm done with the company and it's pack your things and you're done. So she recorded the whole thing, and it was just. I know it's like HR, and there's not really much they probably can do because they're limited in what they can say. But it was just, well, we understand, we understand, we understand. And I could feel her frustration. But anyway, I saw that it was a cloudstar employee, and I guess it was. [01:13:44] Speaker C: Yeah. Because, well, being fired affects her job market capabilities. Right. What happened in your last job? Well, I was fired. Were you laid off? Because being laid off is different than being fired. No, they wouldn't tell me. They just said you no longer work here. [01:13:58] Speaker A: When it was. They said that, oh, you're fired because of performance issues. And that's way different than being laid off because you go to get a new job, and it's like, I was fired because of layoff issues. Right. So, anyway, yeah, I just threw that in there. I figured maybe it wouldn't be something that we would cover, but it just thought maybe y'all would want to see that. [01:14:12] Speaker B: But, yeah, when I see the word viral in a headline, that usually makes me not read the article. That's fair. [01:14:18] Speaker C: Don's the antidote to that virus. [01:14:24] Speaker A: Sometimes I forget that I work with dads. That reminds was the one that Ronnie forwarded along, was the one about the NTP inventor. [01:14:33] Speaker B: You know what I would do if somebody filmed their firing? [01:14:36] Speaker C: What's that? [01:14:37] Speaker B: I'd fire them. [01:14:41] Speaker A: Well, I feel like maybe that's something. Maybe we should add in a segment that is like rapid fire stuff that we couldn't, because we do get comments sometimes that are like, oh, you didn't talk about this. You didn't talk about that. It's just because there's so much there. [01:14:51] Speaker C: Is you can't cover it all, run through a bunch of articles. [01:14:54] Speaker A: I'll have to talk to Titus or Christian or somebody about that and see. Maybe that's something we can do. But for now, I mean, I hope you guys had a good time. I know we got off track a few times, but I feel like that's when it's the most fun here on. [01:15:06] Speaker C: The rabbit trails are great. [01:15:07] Speaker A: The rabbit trails are real fun. [01:15:08] Speaker B: And for those of you out there in tv land that are concerned, the lizard has relocated to our windowsill over there and he is enjoying the sunshine. [01:15:16] Speaker A: He's looking out the window at all the cars and he's having a great time. [01:15:19] Speaker C: He's like, the food is out there, apparently. [01:15:22] Speaker A: Maybe I'll see if I can grab him after the episode. [01:15:24] Speaker B: I don't know how it got in here, but it probably can't find its way out. [01:15:27] Speaker A: He followed you. [01:15:28] Speaker B: That's how I feel. [01:15:28] Speaker C: We will save him. [01:15:30] Speaker A: Yeah, don't worry. I'll get him out. [01:15:31] Speaker C: I promise. [01:15:32] Speaker A: My grandma's probably watching this and she'll be glad to know that he'll be saved. Well, if you enjoyed this riveting banter, if you enjoyed the status updates on the lizards and the rabbit trails, we'd love it. If you like this episode, if you haven't already and consider subbing to the ITPro YouTube channel, you can check out all the previous Technato episodes that live here, as well as all of ACI Learning's webinars and live on social events, previous and upcoming. We had a lot of great webinars this month. We had it cybersecurity and audit webinars. So that's pretty cool. We covered all those bases and if you missed them, you can check them out on the channel next Thursday, February 1. Already we have got another all things cybersecurity webinar. That's going to be myself, Daniel Lowry, and Zach Hill. You've probably seen him here before if you've been with us for a while. Are you looking forward to that, Daniel? [01:16:11] Speaker C: Absolutely. I always have a good time hanging out with Zach. He's always got some great insights on always. His kind of like, passion in life is helping people. So he loves doing stuff like that. And you can tell when he comes on, he's just super excited. Just a good guy to do anything he can to help other people that are out. Yeah. [01:16:28] Speaker A: So real smart and just a good, you know, because when you're that good at your job, you could totally be a jerk. And he's not so we appreciate that about him. And we also want to thank again our sponsor, AcI, learning the people behind it pro. If you're listening from the Technato website, you look for that sponsored by button. Click on that, it'll take you to the IT pro website. And if you want to support the podcast, check out those courses. Don's mentioned our day job on here. That's what we do in our day job. We like to teach it cybersecurity audit stuff, and we have a whole lot of fun doing it. So check those out if you haven't already. And you can use that promo code, Technato 30 for a discount on your it pro membership. Drop a comment let us know what you thought about this week's episode and what you want to see in the future. And I think that's pretty much going to do it for me, unless I'm forgetting anything. [01:17:06] Speaker C: Thinking, what can we name the lizard? Drop a comment. [01:17:09] Speaker A: Yeah, right. Good point. [01:17:11] Speaker C: Now we got ourselves a mascot. [01:17:12] Speaker A: Unless. I don't know. Don, are you feeling inspired? [01:17:14] Speaker B: I think we should name him bird food. [01:17:18] Speaker A: All right. What a lovely, depressing note to end on. [01:17:23] Speaker B: If you don't live in Florida, lizards seem pretty awesome. But in Florida, they are everywhere. They're everywhere. I mean, it's insane how many lizards. [01:17:31] Speaker C: We used to have fun. We'd catch them and then you can. [01:17:33] Speaker A: Like, put them on your ears. [01:17:34] Speaker C: On your ears. You got to piss them off and they'll bite. [01:17:42] Speaker A: Rock stars. Oh, boy. Yeah, well, I mean, they're kind of harmless. They don't really do much. It's not like they come after you or anything. [01:17:48] Speaker C: Mosquitoes, which I appreciate, but they are everywhere to them. [01:17:51] Speaker A: We do have a lot of them. Annoles or something is like the official name. But yeah, I'll make sure he gets out. Don't worry if he's bird food. Well, it's the circle of life. Thank you so much for your insight on this episode, guys, and thank you for joining us for this episode of Technato. We'll see you next week. Thanks for watching. If you enjoyed today's show, consider subscribing so you'll never miss a new episode.

Other Episodes

Episode

July 22, 2021 00:27:49
Episode Cover

Technado, Ep. 235: 2021 Favorites

It's that time of year again where we look back at our favorite guests and articles from 2021 on Technado. Each of the hosts...

Listen

Episode

October 21, 2021 00:51:31
Episode Cover

Technado, Ep. 226: Cocoon's Jeff Bermant

Jeff Bermant, Founder and CEO of Cocoon, joined Technado this week to talk about your browser data and why you should profit from it....

Listen

Episode

October 06, 2022 00:55:54
Episode Cover

Technado, Ep. 276: VPN in the Browser

After making it through the hurricane last week, the Technado team got back to business. They covered Microsoft adding a VPN in their browser,...

Listen