349: Huge AT&T Outage Causes Chaos! (OOPS!)

Episode 349 February 29, 2024 01:09:28
349: Huge AT&T Outage Causes Chaos! (OOPS!)
Technado
349: Huge AT&T Outage Causes Chaos! (OOPS!)

Feb 29 2024 | 01:09:28

/

Show Notes

Happy Leap Day from the Technado team! This week, we have some big feature updates in the Windows world - some exciting, some annoying - as well as a new autofill feature coming soon to Bitwarden. In security news, Don and Dan break down the latest installment in the LockBit saga. Then, the crew covers last week's major AT&T cellular outage (with some personal commentary from Sophie). Finally, Ubiquiti got pwned by a Russian military hacking group - also known as APT28 or "Fancy Bear."

View Full Transcript

Episode Transcript

[00:00:04] Speaker A: You're listening to Technato. Welcome to another episode of Technato. I'm Sophie Goodwin, just one of your many hosts here. And before we jump into the show, just want to give a quick shout out to the people behind it pro and the sponsor of the podcast, aci learning. If you go check out that course library, you can see more of myself as well as my co hosts, which we'll get to in a second. And don't forget, you can use that promo code, Technato 30, for a discount on your it pro membership. Once again, like I said, I do have some friends here with me. I'm proud to call them friends. Don, to my left. How are you, Don? [00:00:34] Speaker B: I know. [00:00:34] Speaker A: It was touching. You weren't expecting that. How are you, Don? [00:00:38] Speaker C: She thinks we're friends. You're a good actor, Don. [00:00:43] Speaker B: Well, I'm doing great. I am here to chew Bubblegum and kick ass. And I'm all out of bubble gum, which we've been quoting. They live this morning. No exciting day. We got our normal new spiel that we're going to go through, and you'll want to stay tuned all the way to the end because we're going to be doing some format changes coming up as soon as next week. So we'll talk about what those format changes are and what to expect all the way at the end of today's episode. Wow. [00:01:10] Speaker A: Okay, well, cliffhanger. [00:01:13] Speaker B: Yeah. [00:01:14] Speaker A: Make sure you stick around for that one. Daniel, any thoughts on that? [00:01:16] Speaker C: I just like how Don sets it up, man. Everybody's now like, ah, sheesh. Now I got to listen to the whole podcast. [00:01:21] Speaker B: Yeah, now I gotta hit that password longer than normal. [00:01:23] Speaker C: Goodness gracious. I love scrubbing through these things. [00:01:27] Speaker A: Well, it is going to be some interesting news here at the end of the show, and some neat stuff coming to the show, so make sure you stick around for that, like Don said. But we'll go ahead and jump into the news because we do have a lot to cover this week. Some fun developments here we'll talk about. So we'll get started with one of our favorite categories, Microsoft news. We love to talk about Microsoft. This article comes to us from Tom's hardware. Microsoft begins forced updates to Windows 1123 h two and targets pcs running at 21 h two. And 22 h two. And the forced updates. Anytime I hear the word forced, I don't love that. But I know that it's not necessarily, I don't think, a new concept specifically to Windows. It's a security thing. Right. [00:02:04] Speaker B: Well, so it's not a new concept for security things. You're right. For feature updates, it is a new thing, right? They don't normally force a feature update on you and that's okay because there's security updates that are pushed out every month, sometimes even more rapidly if it's one of those high critical updates or whatever. But the feature updates, they're usually pretty lax on, but this time they're a little more excited. And I know the last couple of weeks we've talked about end of life systems and what to do is as Windows, well, Windows eight is long gone at this point. Windows ten is reaching end of life. We talked about how the longest support you can get on that is through 2025. So Windows ten s days are numbered. But in this scenario, what we have are even some of the early versions of Windows eleven are reaching end of life. Windows eleven itself is going to have a long support cycle, right? Ten years I think is what they've got it mapped out for right now. But the individual feature updates inside of it, the 22 h two and 21 h rolls just right off the tongue, doesn't it? Those updates themselves don't have a ten year support cycle. They're much much shorter. And so some of them are being end of life. In particular, it is 21 h two and 22 h two are being end of life on October 10, 2023, which is right around the corner. That's like six months was last year. Oh wait, I'm in the wrong year. Yeah, those have already passed. Put me in charge of your update program. So basically Microsoft has given people a chance to voluntarily update for free, right? So they're very generous. [00:03:42] Speaker C: So sweet of them. [00:03:43] Speaker B: And now the voluntary side is being taken away. [00:03:46] Speaker C: Now it's volunteered. Yes. [00:03:49] Speaker B: I like that. [00:03:50] Speaker C: I stole that from Brad. A whole new world is open before me. He's going to volunteer a lot of people. [00:04:01] Speaker B: Why do I do any work? [00:04:05] Speaker C: That's what I'm here for, to help you learn, expand your horizons. [00:04:09] Speaker B: There we go. [00:04:10] Speaker C: Well, how do you feel about being volunteered? You will do this. Resistance is futile. And just as soon as you get on board, that's just a better way to go because there's no stopping this. [00:04:21] Speaker B: Train when there's security updates. I don't mind. [00:04:24] Speaker C: Right, I agree. [00:04:25] Speaker B: And in fact I even get frustrated sometimes. I have an iPhone. I know you're not a fan, Daniel, but I'll get a message sometimes that'll say like, hey, such and such update is going to install tonight. Okay? And it gives you the option to say no, but I'm like, fine, hey, install tonight. And then the next morning I wake up and it's like, such and such update was not installed. And I'm like, well, why not? You said you were going to do it. Now I got to go do it myself. In those scenarios, I'm fine with it doing it, going in, just doing the update and being done. [00:04:56] Speaker C: Well, that makes sense. It's a safety feature, right? [00:04:58] Speaker B: Right. But sometimes the updates are stupid and it's like, oh, hey, we're adding tabs to notepad and you will like it. At that point the update just becomes kind of nonsense, right? [00:05:11] Speaker C: Well, the fact that it becomes a forced update, that's what's interesting to me, that they would come heavy handed. We are Microsoft. You are using our product. I wonder. My mind is now starting to churn and bubble. It makes me think of like an Xbox. Do you really own an Xbox, Don? [00:05:31] Speaker B: Hard to say. Today you used to, you can run offline, you can run on disks, but. [00:05:37] Speaker C: When you start hacking them, you come under sanctions for that because they said you technically don't own the Xbox. You have licensed the ability to use the hardware. You are not able to open it up and make those changes. That's illegal. Don't do that. Makes me think, are they wanting to go down the same path or do they feel like they're already down the same path? They're so deep down that rabbit hole of it's Microsoft's, you're just licensing the. [00:06:02] Speaker B: Ability to use it. [00:06:03] Speaker C: You don't actually own this. [00:06:05] Speaker B: I think the difference, in my opinion, obviously none of this matters because this is all who the hell am I, baked? But when you talk about a gaming console, they intentionally price them either at cost or lower than cost because they know they're going to make the money on the gaming revenue, right? So Microsoft gets a percentage of every game sold on the Xbox whether they made the game or not. And Sony does the same thing with PlayStation and so on. But when I buy a Dell laptop with Windows on it, Microsoft gets paid for the OS right there and then. They don't have any other guaranteed revenue. [00:06:40] Speaker C: Beyond that other than they're trying to future proof. They don't want you to move away from the platform. Not that they're in super danger of that ever happening, but macOS and Linux have made strides to be more user friendly and become a little deeper into the desktop market. And maybe they're trying to because they've had a history of kind of doing this. They get you hooked on Internet explorer because it's with everything, it's just the default. You start using it, and you're so used to that as your ecosystem, you don't want to move away. So when you're presented with an option, it's not an option. And they got sued over this. They got brought up on charges of non compete because of that. Maybe it's because the history of it. I always feel like when they start getting heavy handed on things, it's because they just want you to. [00:07:31] Speaker B: You know, I'm going to go off on a tangent here. [00:07:33] Speaker C: I love it. [00:07:35] Speaker B: You mentioned Max. Do you ever go to the site hacker news? [00:07:38] Speaker C: Of course. [00:07:39] Speaker B: Y combinator, right? Yeah. When you're on there, it's almost like an echo chamber. Very Silicon Valley minded. And everyone runs a Mac. It's just assumed that you run a Mac. So in the real world, Macs have a 6% market share, right. So if you go out and grab 100 computers at random, six of them will be max. Right. It's a small number, but in Silicon Valley and on Hacker news, it's like 99%. And the one person who's running a Windows machine, they make fun of. And it's like this disconnect that's out there. So when you look at the two oss, it's such a different world, right. Because in the Apple world, they make their money on the hardware, not on the OS. [00:08:24] Speaker C: Not the OS. That's right. [00:08:26] Speaker B: Versus Microsoft. Except for the surface stuff. Right. They really make their money on the OS, not on the hardware. So two very different companies. But they both do forced updates. And Apple's been getting more aggressive because I used to compliment Apple on, they would release new oss that would run on ten year old laptops, right. [00:08:43] Speaker C: Oh, I did love that part about them. [00:08:45] Speaker B: And then they shrank it down to seven years and six years. And now with the M two crossover, it's like getting smaller and smaller because they want you to buy more hardware, right. [00:08:53] Speaker C: Because they've invested in this whole hardware system, right. Because creating their own silicon, they got money to make and they ain't making it. You out there buying something else or sticking around the old thing you got. [00:09:04] Speaker B: When it's a forced update, I appreciate it when it's bringing value to me, when it's giving me new security features, right. Or a new feature that I care about. But this one, it gives us copilot. [00:09:18] Speaker C: This is a really good. I love that you made fun of it that way. So Apple, I think one of the things that they did really well, especially when Steve Jobs was still around was. They were pretty good at predicting you didn't even know that you would like this, and they would come up with things that you liked. They come up with things that were cool. And people went, I didn't even know you could do it this way. And it's super awesome and we loved it. Right? And that's why iPhones became super popular and all the other different things that Apple did. Microsoft hasn't really ever been good at that, going, this is cool. Here's a zoom. [00:09:52] Speaker B: They had a 15 year stretch where it was, oh, ipods are catching on. Let's create a zoom. Oh, Google's doing search. Let's create bing. And it was saying after, oh, social media is a thing. Let's buy LinkedIn. [00:10:05] Speaker C: Let's make a dollar store version of that, even though we're a multi billion dollar company. [00:10:09] Speaker B: Or Yammer. I forgot about that one, too. And so everything, it was catch up, right? Sony's got a game console. Let's try that follow the leader mobile phones. It was absolutely, follow the leader. And every time, even if they made a better product, they were so late to market that it didn't matter. [00:10:23] Speaker C: Right. People had already planted their flag somewhere else. [00:10:26] Speaker B: And I feel like Apple has fallen into that mode now, right? Because here's our VR headset. When everybody else failed at VR headsets eight years ago. [00:10:35] Speaker C: Well, Apple hasn't done it. [00:10:36] Speaker B: We'll fix that. I'm sure it'll be better. Yeah. So I feel like they're falling into that now. They can get out of it easy. [00:10:44] Speaker C: Enough, but just go back to doing what you do and do it well and be done, which we'll see. [00:10:49] Speaker A: Yeah, well, I think anytime we see something like forced in a headline, at least for me, it does set off the alarm bells a little bit. And like you were talking about, with security updates, I'm a little more likely to be like, okay, well, I understand this is necessary, but maybe it's just my caveman brain. Anytime I see, like, forced, you have to. You're required. I'm like, what do you mean? It's my laptop. [00:11:08] Speaker B: I do what I want with it. Don't tread on me. Flag. [00:11:13] Speaker C: Mark Twain, right? The most powerful word in the English language is no, right? No, you can't do that. You must do it this way. What? I don't care if it's bad for me. I'm a smoke cigarettes and drink turpentine. You told me. No, don't do that, by the way. [00:11:30] Speaker A: Yeah, maybe I'm just spite fueled and anytime somebody tells me I can't do something, I'm like, well, I'm going to do it even harder now. [00:11:34] Speaker C: I just realized by telling people don't smoke and drink turpentine, they're going, I've never, where's my. [00:11:40] Speaker B: Never told me no, I've never tried that. Now I got to see, might be good. [00:11:46] Speaker A: They're trying to keep it from me. [00:11:48] Speaker C: Yeah. Oh my goodness. That train derailed. [00:11:54] Speaker A: That's not all we have in the world of Microsoft news this week. We've got another article here from Neo win. This one says, here's what's new in Windows eleven moment five, the first feature update in 2024. We're all about the feature updates today. So a couple of things here. I mean, for me personally, the one that stood out as the most impactful, the most hard hitting, the one that's really going to make a difference, is those bonus wallpapers. Truly? [00:12:16] Speaker B: Sure. [00:12:16] Speaker C: It's mean. [00:12:17] Speaker A: I don't know what you guys think. [00:12:18] Speaker C: I'm developing a religion around. [00:12:20] Speaker B: Know we can actually blame Apple for that because it's a big deal when Apple drops new wallpapers. [00:12:26] Speaker C: Yeah, because they get these super pretty. [00:12:30] Speaker B: And so now Microsoft is trying to jump on that same train. [00:12:32] Speaker C: Oh, you don't say. That. Doesn't sound like them at all. [00:12:36] Speaker A: Full circle. [00:12:37] Speaker C: Yeah, it's how we know them. [00:12:39] Speaker B: All right, so I've made fun of the moment naming convention before, so I don't think I have to dive into that. But this is Windows eleven moment five, which is a stupid, meaningless name, but. [00:12:49] Speaker C: It is a marketer spent a lot of time and effort coming up with the name moment. [00:12:55] Speaker B: I'm sure. And so this is an optional update. You don't have to do it. It's not being forced, you're not being volunteered to install it. But it's coming. It actually was supposed to be released today, but it's not. And so any day now this update is going to drop. They say the latest should be the first week of March. So any day it's going to drop. And there's really two features in it that stand out to me as being useful. The one that I'm actively excited about is snap layouts. And I know Daniel, you're not a big Windows user. [00:13:29] Speaker A: Sophie, you snap layouts right now. [00:13:31] Speaker B: You are. And they're awesome, aren't they? [00:13:33] Speaker A: I love. [00:13:33] Speaker B: So you've been able to drag a window to the side and have it snap. That's been there for a while, right? You float your mouse over the maximize or minimize button or whatever. And you'll see a couple of layouts you can click on to move the window around. Now I use a third party program called Aquasnap that lets me add more layouts because I have a number of different layouts that I use on my desktop. Microsoft is now expanding the snap layout functionality to give you more layouts. So if you want to do we have something on the left and two things on the right, it'll map them out and you have a little more control over what that layout is. And it will remember how you arrange your program windows so that it can preserve that in the future which it doesn't do right now. So those are things that I'm excited about and I haven't had a chance to try it because the update hasn't dropped yet. But I suspect I'll be able to move away from Aquasnap once know anytime I can reduce software I like to do that. [00:14:29] Speaker C: If it's built in it's one less thing you got to be running, right? [00:14:32] Speaker B: Yeah, one less thing that I got to worry about patching with security updates and so on. [00:14:35] Speaker C: That is true, true story right there ladies and gentlemen. I am actually not a huge fan of snaps. When Linux started doing it I was like what is this and why is my window keep trying to grab over here? Because I guess I just have a very odd way of laying out my windows and I want to control that. That's me, that's just me. I like control over my life. It's a weird quirk of my personality. [00:15:02] Speaker B: When I think of Daniel I think of control and cigarettes. [00:15:05] Speaker C: That's right. [00:15:06] Speaker B: Delicious. [00:15:08] Speaker C: That's a good time on a Sunday night I ever heard it in my life. But yeah, anytime I'm driving I do run windows at home from my YouTube channel. I use a windows machine for doing all my editing and things of that nature and filming. So when I'm trying to move stuff around, especially because I have multiple monitors, if I'm trying to go from one monitor to the other, the snap is always trying to make it do something and I don't necessarily want it to do that but it's trying to default to that. So maybe you know a trick about turning that off or whatever that I might want to do. But it just tends to annoy me more because I like weird sized windows. I do odd things with my window sizing for specific purposes. I have a very edge case for that. So snaps just kind of get in. [00:15:47] Speaker B: My way a lot. Yeah, I know the snap functionality in gnome can be turned off, but I think it requires a command line. I don't think it's got a GUI element for it, but in Windows you can turn it off in settings too, so it can be disabled. But it's pretty darn convenient. Especially if you have one of those widescreen monitors. Not a regular 16 x nine. The ones that are 16 x like crazy. Yeah, something, whatever. [00:16:14] Speaker C: Those really wide, ultra wide ones, like an IMAX experience. [00:16:18] Speaker B: That's where snaps come in really handy, because you want to have something in the middle and on the left and on the right. And that's hard to do if you're just trying to arrange it all by yourself. [00:16:26] Speaker C: That's for people with money. Done. [00:16:29] Speaker B: They also introduced a feature that caught me by surprise. I don't know where this one came from, but if you've ever dealt with networked Windows computers, you know that Windows has a default system for naming your computer and it's an almost random set of letters and numbers and lightly based on whatever your username is for the first user created on that system. It's not a great system for naming a computer, right? So you have a junk name and people hate that. And the problem is, if you want to change that junk name into something useful, it's a big deal in Windows when you change the computer's name. In Linux, not a big deal at all. Right, Mac, who cares? You just make a little setting change. That's it. But in Windows it's such a big change you've got to reboot for it to take effect. Like a ton of services depend on the name of the computer. And so instead of fixing that, what Microsoft did is they introduced an extra layer here with what are called nearby sharing names. You can give your computer a second name, a name that only shows up on the network when you're sharing files and printers and things like that. So if somebody browses they can see it and more importantly you can change that name and it just takes a second. It's no big deal. Your system doesn't have to reboot because the original crazy host name that your computer has, it stays. That's the primary one. I can't remember what these. They have a name, it's like a PDN or something like that. Whatever the primary name of your system is that stays the same. And this is like a secondary name that's being added on top of it. So neat feature. It's not something I asked for, but. [00:18:04] Speaker C: They may have actually gotten ahead of the curve on this one. [00:18:07] Speaker B: Maybe considering every other os does this without a problem, it's hard to say. [00:18:11] Speaker C: They're ahead of the curve. Never mind. Yeah, why is this not just open file or change hostname to my computer? [00:18:22] Speaker B: I can't think of another operating system that is so hung up on the name of a computer and it literally. [00:18:28] Speaker C: Just is almost like a file entry. Right. Because just what is your name? This is where I get said name. That's your name. But you're right, it kind of like borks a bunch of crap if you. [00:18:39] Speaker B: Especially with this, especially when the computer has a Sid, it has a security identifier which doesn't change. Actually identifies. Yeah, it doesn't change. I can only guess that it's because of backwards compatibility and the fact that this all came from intel land manager back in the day and so there's got to be some hang up there. But Windows has always been super picky about computer names and now we're seeing them kind of work around that a bit. [00:19:01] Speaker C: We get super pissed about it. [00:19:05] Speaker A: It's not all negative Microsoft news today. There's some positive developments here, some fun things coming, and also we're going to get in our home section in the settings app, we're going to get a big old banner for Copilot Pro. So that's good. It'll be there constantly, forever. I went and looked at the comments and stumbled upon an argument about somebody's 89 year old father. So that was really fun. Yeah, Daniel snapped. They were arguing about copilot. It needs the option to turn off copilot. And somebody explained, well, here's how you would do that. But you have to go through this big chain of stuff. Well, the average person doesn't know that you're the only person that would care to turn off copilot. Average person doesn't care. Well, my 89 year old father cares. Well, your 89 year old father doesn't know about AI. It was really fun to read. Actually, my 89 year old father is fairly up to date on computers. It was quite fun to read. If you are looking for the comments. [00:19:49] Speaker C: Section can get spicy. [00:19:50] Speaker A: Yeah, it just kept going. [00:19:51] Speaker B: Can't you just ask copilot to turn itself off? [00:19:54] Speaker C: That's a good question. Right? [00:19:55] Speaker A: I mean basically asking it to kill itself. [00:19:57] Speaker C: Yeah. Do it. [00:19:57] Speaker B: Yeah. [00:19:58] Speaker C: Ask your copilot to turn itself off. [00:20:01] Speaker B: Oh shoot. I'm on my iPad. I can't do it. [00:20:03] Speaker A: I don't know if I have it. [00:20:04] Speaker C: You have a forced update. [00:20:07] Speaker B: So I know for a fact my computer at home got forced updated. Let me. [00:20:11] Speaker C: Yeah, mine did, too. I came in like yesterday and was like, oh, you've rebooted. What's going on here? I was going to say you rebooted, you crazy machine, you. Interesting. [00:20:22] Speaker B: Yeah. We can come with the next article. I'm going to run into my computer home. [00:20:32] Speaker C: Alive yourself. [00:20:33] Speaker A: Censor yourself while Don is doing that. Like he said, we'll jump into our next article. This one comes to us from the Android police. Bitwarden has. Yes, the Android police themselves. Bitwarden has finally launched inline autofill for easier password submissions, now available in supported browsers and self hosted support is coming soon. And personally, I'm a Bitwarden enjoyer. I'm a bit warden girly, and I have the little, the browser extension that I like to use. But right now, when I go to sign in, I have to click on the button, I have to make sure I'm signed into it right, and then click on the button, and then click auto fill, and it'll do it for me because my passwords are 80,000 characters long or whatever, because you've taught me well. But it sounds like with this, it's going to be as long as you're signed in to your Bitwarden safe or whatever you call it, it will auto populate. Vault. Vault. The word was up there. I just couldn't find it. Synonyms, right? [00:21:17] Speaker C: We're close. [00:21:18] Speaker A: It'll auto fill it, which is convenient, it sounds like. [00:21:21] Speaker C: Well, this is a feature that, like, Lastpass used to do just by default. This was something that was always there. And correct me if I want to say Bitwarden had this feature already, but you had to enable it, and there was like some security issue around it because it could get tricked into auto filling in. [00:21:38] Speaker A: I feel like I remember what you're talking about that we talked about. [00:21:40] Speaker C: And so they were like, it's not really a security issue, you just have to be aware of it because you could get fooled. So it's up to you to turn it on or on. We turn it off by default. So am I wrong on this, don? [00:21:51] Speaker B: No. What happened? And a lot of people are experiencing this, right? So when Lastpass imploded, a lot of people had to move to other vendors. One password was probably the biggest winner. A lot of people went there, and they have pretty much feature parity with Lastpass, but a lot of people wanted to go to Bitwarden. And Bitwarden is probably one of the most robust solutions, especially if you want to self host. Like, if you don't want to use their cloud services. That's not an option with one password, that's not an option. With Lastpass, you've got to use their managed service. But with Bitwarden, you can still set up your own servers if you want, but you don't have to. So when Bitwarden builds out features, they're usually a couple of years behind because they're trying to maintain it, not just for their cloud managed service, but also for the standalone server if you want to run that. One big missing feature that a lot of people complain about was on Bitwarden. If you went to a page that had a login field, it was just a login field, and you had to right click in the login field and go to the Bitwarden option, and you had to jump through some hoops versus Lastpass and one password where they would stick a little icon right there in the field and you could click on it. And Bitwarden said, look, it's trivial using CSS to create a password field that's hidden from the viewer that you can't see, and it's named password. And if you've got autofill turned on, then, yeah, it'll autofill like Daniel said. And now you're handing somebody credentials without even knowing. You don't even see it happen. So what Bitwarden did is they finally broke under the pressure. Like, enough people were saying, this is not user friendly, and it isn't. It's a pain in the butt, right? But they said, okay, enough people are asking for this and we're going to roll it out, but we're going to do this differently than everyone else. First off, it's off by default. You got to turn it on. It's easy to turn on. You just go into settings. There's an auto fill tab, should turn it on. Yeah, I turned it on right away. And so you can turn that on. But then there's the option to show the auto fill icon, which is what I turned on. And then there's the option to auto fill the first matching password, which I keep off, right? Because I just want the convenience of here's my login field, and if I want to log in, I can click the little bit warden icon, and now I can choose the right account so I'm not sending the wrong account. And then it logs in and off I go. So I think it's a good compromise. I think they could have done it years ago, but they were being stubborn. But now that they've realized how much of an opportunity they missed on customers they could have taken from Lastpass. Now they're finally wonder what was done. [00:24:16] Speaker C: So, Bitwarden user full disclosure. And when I migrated over from Lastpass to Bitwarden, it was one of the first things I noticed was like, this is an auto filling. And I'm so used to that auto fill feature, man, it was just so great. And now I just kind of accepted that as reality. And for me, if I'm remembering correctly, you go to a login page and you just click the little extension icon, it shows you your login possibilities for that site. You click the one you want, it fills it in, you're done, right? So it was literally two clicks icon. Pick the one, done. So I was like, well, it's not. I mean, I'm not dying. This is definitely a first world problem for me. So I got used to it. It's not a big deal. And then I thought, well, maybe that's actually a better way to go about things, because I'm not auto filling maybe hidden fields or I went to the wrong site and it's tricking me or whatever. I'm purposefully saying, yes, this is the right password. A lot of sites will have multiple different logins for different purposes, and I get to choose the one I want. It's just a simple. And like I said, it's two clicks. So I didn't really think much of it. But most people, I get that that pain was there. So, honestly, now that we're kind of here today looking at Bitward and going, we got to steer the ship this way. Everybody else does this, why don't we do this? Why did they make it that way out of the gate? [00:25:44] Speaker B: The frustration point for me was that it was more than one menu deep. So you'd go to something that wasn't filled out, you'd right click, you'd have to go down the menu and find Bitwarden. [00:25:52] Speaker C: Yeah. [00:25:53] Speaker B: And then you'd have to go down the menu to find unlock. [00:25:55] Speaker C: Wow, that's crazy. [00:25:56] Speaker B: And then nine times out of ten, mine would say, oh, your vault is locked. Unlock your vault. Now I got to unlock the vault, so the menu goes away, and then I got to bring it back up again. Go two levels deep. It was just frustrating. [00:26:08] Speaker C: That's a frustration right there. [00:26:09] Speaker B: And so now I know right away if the vault is locked because it has a little lock icon on it, and I deal with that, it, and then I can just fill it faster. So I think it's a difference of priorities. So when your lastpass and one password. They want adoption, right? So they want as many users as they can get, and they want it to be user friendly. But Bitwarden wasn't focused on that. They were focused on security. Right. They wanted to create the most secure bastards. And users are important, but security was more important. Right. Lastpass wasn't thinking that way, which is. [00:26:45] Speaker C: Why they worked out where they. [00:26:49] Speaker B: Don'T. I don't begrudge them this, but I will say I use bitwarden at work because that's what the it team chose. I use one password for my personal stuff because I don't like bitwarden. [00:27:03] Speaker C: It was a philosophy of use, was different than the others. It didn't hurt them, obviously, right. They're still in business. They're still doing their thing. But enough people apparently have had their fur rubbed the wrong way on this, and they're listening to their clients. Good for you, bid Wharton way to listen to your members. That's a weird choice of words, but. [00:27:24] Speaker B: You got to listen to your members. So, pivoting here. [00:27:31] Speaker C: Yeah. Moving on. [00:27:33] Speaker B: Politely asked Copilot to turn itself off. Here's the prompt that I used. So I went into copilot, and I said, turn off the copilot icon on my taskbar, right. And I was kind of hoping it would do it for me, but apparently it doesn't do anything. Do you remember those old ups commercials where there were the consultants that would come in and they'd propose something, and the CEO would say, all right, do it. And the consultants would go, whoa, we don't do it. We don't do what we propose. We just propose it. Yeah, that's copilot. [00:28:04] Speaker C: That's a good job, by the way. [00:28:07] Speaker B: So it proposed to me three different ways to turn it off, and one way is temporarily, I can just right click on it and choose quick. Copilot. Right? [00:28:16] Speaker C: Okay. [00:28:16] Speaker B: I didn't know I could do that. [00:28:17] Speaker C: But it'll just start back up when you restart or whatever. [00:28:20] Speaker B: It tells me I could use a group policy editor and go that way, which for that guy's 88 year old dad is not. But the number one recommendation is super straightforward. It says, if you want to remove it completely, just go to settings personalization taskbar and toggle off. Copilot. There's an option right there. [00:28:39] Speaker C: Booyah. [00:28:39] Speaker B: And that's it. And so they haven't made it difficult. That person's 88 year old father, who is kind of up on tech, will have no problem figuring that out. But you can ask Copilot to kill itself. [00:28:50] Speaker C: That's kind of cool. [00:28:53] Speaker B: And it will comply with these. [00:28:55] Speaker C: It will tell you how it would do it if it were able to. [00:28:58] Speaker B: Oh, interestingly so it's got citations for this and it does link to Tom's guide for the first one. So it's not linking to Microsoft documentation. [00:29:05] Speaker C: So copilot, does it have the ability to do things inside of your operating system for you? [00:29:11] Speaker B: Apparently the copilot preview does not. Or at least I haven't found a scenario yet where it does. [00:29:15] Speaker C: So you can't say, hey, open control panel. [00:29:18] Speaker B: Or let me just ask it. Like, lock my computer. So I'm remoted into my computer at home. So I'm telling it, hey, lock my computer. And it says, sorry, Dave, there are several ways to lock your windows on pc. [00:29:34] Speaker C: It doesn't actually do it. It just tells you how to do it. [00:29:37] Speaker B: It's a consultant. [00:29:38] Speaker C: Yeah. Piece of shit. Yeah. [00:29:40] Speaker B: It's like a self help book, right? What was that guy? Tim was in love with him. [00:29:46] Speaker C: No, Simon Sinek. Simon Sinek. Yeah. [00:29:48] Speaker B: You'd read these whole books. Sophie, have you heard of this guy? [00:29:51] Speaker A: I don't believe so. [00:29:52] Speaker C: He's very popular in the insanely popular. Yeah. Like business. [00:29:57] Speaker B: You read these books and he tells you all these great things that great companies do and how you can make your company amazing. And at the end of the book you realize, wait a minute. He didn't give me a single actionable thing. There's nothing I can actually do. [00:30:11] Speaker C: It just made me feel good about these other companies, something. [00:30:15] Speaker B: And the formula to write a book, I'm going to totally shit on business. Self help books here is all you have to do is say, all right, I'm going to look at companies that were successful and just tell you facts about them. Right. Not necessarily a correlation to their success. And I'm not going to talk about bad companies, right. Or if I do talk about bad companies, I'm going to make sure that they didn't do the things that these good companies do. So I'm going to hand pick the references. [00:30:37] Speaker C: Basically he's getting you high on success and then through that you feel like you're getting ready to go out and conquer the world and you're motivated and then probably stirs creativity and. [00:30:50] Speaker B: And maybe makes him a butt ton of money. [00:30:54] Speaker A: Okay. Yeah. I was not familiar. He's got several books here. [00:30:59] Speaker C: No, he's prolific writer. [00:31:01] Speaker A: I think it's funny that he's got start with why. Find your why, know your why. So at some point we're going to get you down. [00:31:07] Speaker C: And, like, I got this whole y scheme going on. [00:31:10] Speaker B: Okay. [00:31:10] Speaker C: Yeah, I got that. I got six books in the hopper. [00:31:13] Speaker A: Just on why specifically a version written in a different language. But that is very specific language. Those are his why books. He's got to start with why. Find your why, know your why. [00:31:23] Speaker B: And then Tamil. Isn't that one of the. In India, there's like three primary languages, isn't that one? [00:31:32] Speaker C: I don't know. [00:31:32] Speaker A: You may be right. That sounds right. Christian says he thinks so. Our director says he thinks so. [00:31:39] Speaker B: Tamil, natively spoken by the people of South Asia. Yeah. I don't know a lot about indian politics, but I do know that there's several different major languages. And when they release movies, I think it was. Was it rr? Have you guys seen. [00:31:54] Speaker C: Are you giving me a movie? [00:31:55] Speaker B: That movie is ridiculous. It's lightly based on indian history about these two folk heroes that in real life never actually met. But in this movie, they're like buddies and they're super powered. [00:32:07] Speaker C: Okay. [00:32:08] Speaker B: Yeah. Anyhow, when it was filmed, it was filmed in. It was filmed in Telugu, which is one of the other languages. And it was a big deal like that. They chose to film it in this other language. [00:32:21] Speaker A: But interesting. [00:32:22] Speaker C: It's not hell comes to Frogtown. [00:32:27] Speaker A: I wish that we could sometimes splice in those little bits of conversation you guys have before the show about things like Frogtown. [00:32:34] Speaker C: Very similar upbringing and similar taste references and everything. So we kind of chew on that. [00:32:42] Speaker B: A lot before the show. [00:32:43] Speaker A: I clearly have a lot of catching up to do. [00:32:46] Speaker C: I feel bad for your childhood. I'm just saying. [00:32:48] Speaker A: I'm sure. Yeah. Well, those are sheltered. [00:32:51] Speaker C: You didn't drink? [00:32:51] Speaker A: Probably. [00:32:52] Speaker B: Good. [00:32:52] Speaker C: No. [00:32:53] Speaker A: Oh, boy, here we go. I drank. If I broke my leg, I just put some dirt on it and I was fine every day. [00:33:02] Speaker B: You guys had dirt? [00:33:03] Speaker C: Yeah. [00:33:03] Speaker B: Must have been nice. [00:33:06] Speaker A: Well, I'll future reflect on my youth privilege while we're here. We're going to go ahead and take a break. And during that break, hey, if you're enjoying the show, feel free to subscribe. So you never miss any of our videos in the future, check out some of the old Technato episodes and maybe take a look around the channel, poke around, see what you find, leave a like. But we're going to go ahead and take a break, and we'll be right back with more Technato. Tired of trying to schedule your team's time around in person learning? Isn't it a bummer to spend thousands of dollars on travel for professional development? What if we said you can save money and time and still provide your team with the best training possible, the answer to your woes is live online training from ACI learning. With live online training, we provide our top in person courses in private online instructor led formats. You get to provide professional development in a manner that fits today's expectations. Entertaining, convenient, and effective. Our exam aligned courses inspire the full potential of your team. Visit virtual instructor led training at ACI learning for more info. Welcome back to Technato. Thanks for sticking with us through that break. Hope you enjoyed maybe poking around the channel. If you did what I said and had a look around at your surroundings, were they volunteered? If they were volunteered, yes. And if you didn't, well, let me just say, I'm not mad. I'm just disappointed. But we've got some security articles for you here in the second half of Technato. Going to get into some fun stuff. Yeah. Hope you brought your popcorn. That is a good way to put it. So we'll start with this segment called Deja News. I can hear the little song. It just plays in my head. This one comes. This comes to us from CSO Online. Hack me if you can. Lockbit challenges authorities, promises to return. This sounds like the end of a superhero movie when you think the villain's dead, and then there's a post credit scene and it's like, Loki will return or whatever. That's what this reminds me of. But this has been an ongoing story for a while. [00:34:57] Speaker B: It has. And I've steered us away from it just because this is a known pattern. Right? So it's hard for the US government, or actually any government, to get a good win on some of these cybercrime syndicates or whatever that are out there. There's just so much going on. Some of it's state sponsored. So even if you figure out exactly who the person is, you can't do anything about it. The others are just really smart. Like, these are really smart people getting in there and messing around with our world's networks. So when I hear about, hey, the FBI took down this ransomware ring or whatever, when we do cover it, it's usually a little tongue in cheek because it'll be six months after the ransomware broke out and, like, FBI releases a decryptor for that data. All right, so if you just sat there with your encrypted system for six months now, you're fine, right? It's just kind of pointless. And lockbit has been all over the news because there has been a concerted effort between the US, Canada, and the United Kingdom to take down several resources attached to lockbit. And they made some really good ground. They were able to take some systems down, but sure enough, lockbit is still a thing. They still exist and they're just rebuilding. They're in a rebuilding year. And we'll hear more from them. [00:36:14] Speaker C: I'm sure they're going to restructure after. So I found this to be interesting. It's gotten to the part where it's, yeah, we're not just lather, rinse, repeating. There's more interesting things going on and a couple of perspectives you can take from what is happening with know mostly the FBI and other police organizations, world police organizations going after lockbit and what's going on with this interchange. To see this warfare kind of take place, this back and forth, it's almost like watching two sets of caddy girl groups at high school attack each other. [00:36:54] Speaker B: Regina George really gotten crazy with houses gone. [00:36:59] Speaker C: So we've seen the FBI and others take them down, then lockbit pops back up. Now, lockbit is, I think they're attributing something like 40% of ransomware attacks is attributed to lockbit. [00:37:13] Speaker B: And are they one of the ones that they do the affiliate model where they make the ransomware and people license it? [00:37:20] Speaker C: Yes. [00:37:20] Speaker B: Correct. [00:37:20] Speaker C: They have ransomware as a service. And any cool trend when it comes to air quotes around that for our listeners that surround ransomware, they're right on it. They love that stuff. So double extortion using initial access brokers, the whole shebang, right. They've really got quite theirselves, a set up going on. And as far as we know, they're hundreds of million of dollars in profit because of this. Then this is where it gets spicy and fun. Right? Now, of course, that alone would garner the attention of any law enforcement to go, we've got to stop these assholes. Right? This has got to come to an end. But they've come out with a note stating, well, you're focusing on us because they did hack Fulton County, Georgia, ransomware and they were able to exfiltrate the data from those systems. Fun fact, this is where it gets fun. And not that this is a political show, but this is where the popcorn comes out. You're like, ooh, conspiracy theory. So maybe it stubbles as a tinfoil hat. Right? Where Fulton County, Georgia, is the center around some legal fun stuff with Trump, Donald Trump and his campaign in 2020 and all that goodness. And they said that's why they're coming after us. So that's just a little fun fact. But other than that, to see how they got hacked, they're very vocal on what happened, at least whether or not they're telling the truth is up to you to make that determination. But they seem to be very vocal and forward with how did the FBI gain access to us? What was the problem and what we're doing to fix it? And I'm thinking to myself, this is exactly what we do. When you hack us, we go, this is how they gained access. We were behind on the times when it came to a patch. And of course, that's exactly what they said, that they were slow and lazy to update their PHP instance. [00:39:19] Speaker A: He had too much money. [00:39:20] Speaker C: Yeah, because he had too much money. He was spending way too much time entertaining himself with his money that he did not quickly enough patch a known rce that was affected his or their PHP instance. [00:39:37] Speaker B: I had a teacher a long time ago who taught me a number of things, kind of rules of the game. And one of them know you're not supposed to count your money while you're sitting at the table. [00:39:46] Speaker C: That's right. You gotta know when to hold them, Don. [00:39:48] Speaker B: Yeah, I mean, there'd be plenty of. [00:39:49] Speaker C: Time for counting when the deal is done. [00:39:51] Speaker B: That's right. [00:39:52] Speaker C: This is words of wisdom. [00:39:54] Speaker B: Lockbit. Apparently not a Kenny Rogers fan. [00:39:56] Speaker C: I love you, gambler. Had you watched lonesome dove, maybe you wouldn't be in this little mess and predicament you found yourself in. [00:40:09] Speaker B: Do we know where the lockbit people are from? [00:40:11] Speaker C: You know, I don't know. [00:40:12] Speaker B: Do we claim they're Russians like everybody else? [00:40:15] Speaker C: But off the top of my head, I do not know. [00:40:18] Speaker B: All right. [00:40:18] Speaker C: Where lockbit is found, I will be interested. Like you said, they've already back online. They got new onion link. And the FBI did find this article says 1000 decryptors, but I've read as high as 20,000 decryptors that they've released to the public. [00:40:37] Speaker B: I do get frustrated sometimes, because the perception for us regular people is that the FBI, the CISA, and groups like that in the US government, they get really active when the government is the target. But they do seem to be perfectly fine when it's just regular citizens getting hit, when it's private businesses, when it's hospitals, when it's individuals, when it's school boards. They really don't seem to be. We'll fill out the report for you. Good luck on your cyber insurance claim. [00:41:09] Speaker C: Yeah. [00:41:09] Speaker A: Sense of urgency. [00:41:10] Speaker C: I saw a meme yesterday. I think it was where it was a guy pretending to be the Navy. And, oh, yeah, we lost an f 35. We don't really know where it is. Sorry. And the treasury department and how they've mismanaged funds, and we basically lost a trillion dollars, and we don't really know where it is. And then it's like, hi, we're the IRS. And we see that this mom in Ohio owes us $2.37. I'm thinking prison. It's like, yeah, why is that? Why do you act that way? And I totally get that. I feel that as well. I understand that they've attacked you and they've gone after your stuff, and now you feel slighted. But what about us out there? Oh, government. You're supposed to work for us. And now, apparently, you've made a powerful enemy because lockbit has taken this as a personal affront. They said, let me see if I'm very pleased. This is the quote from there. I'm very pleased that the FBI has cheered me up, energized me, and made me get away from entertainment and spending money. Right. It's very hard to sit a computer with hundreds of millions of dollars. The only thing that motivates me to work is strong competitors. And the FBI, they have taken this as a personal challenge, and they've even gone as far as to say, we are going to start focusing more on Gov. Oh, good. So maybe we'll get some shit done. [00:42:31] Speaker B: That's a good. Like, maybe they poked the bear. Give the rest of us a break. [00:42:35] Speaker C: Yeah, leave me alone. Don't do nothing anyway, other than come after me. [00:42:43] Speaker A: Reading through that note, I know that this is obviously, this is a very smart guy. Obviously, this organization has caused so much damage to people, I'm sure. And he's using his powers for evil and all that, but reading through the note just couldn't help but laugh because I'm reading it in, like, I don't know if y'all have ever been in, like, an Xbox party before, right? And you get, like, a little kid on there that's you playing Call of Duty or whatever, and he's like, my dad, widowy owns Microsoft, and I could get you banned. That's how I read this. Like, I'm very pleased. The FBI's actually cheered me up, and I'm motivated. It's very hard to focus when I'm swimming in money for five years. That's how I read it. I was like, oh, come on, dude. How am I supposed to take you seriously when this is how you're talking? [00:43:19] Speaker C: It is interesting to hear because there's also some aspect to this that the FBI is saying that they have arrested some of the admins of lockbit and that they're working with them to help bring lockbit down. And lockbit is saying, no, that's a lie. All you've really got is people that were using our service and probably for crypto laundering and that kind of stuff. You don't have anybody. So it's this almost psyop on both sides to who do you believe what's true and what's not true? There's a lot of obfuscation and basically lying going on to try to sway people to one side or the other on whether or not this is actually occurring. Because lockbit has customers and they need to control the narrative when it comes to the trust in their system so they don't lose those customers to competitors, as you said. He said strong competitors makes him work hard. And so you can't put it past them. They're not the most trustworthy of people already as it is. So it's not beyond reason that they would use lying to keep their customer base in lockstep with them. So this is a really interesting thing and we can utilize what we're seeing from this to better see how they operate. You're getting kind of a backstage pass to their ttps and what's going on. So I thought that was a really good thing that came out of this. [00:44:41] Speaker A: I did look it up. They are, I guess, Russia based. According to Department of Treasury, they are based. And we're going to talk some more about russian hackers in a later different, different group because they don't have a monopoly on hacking. But dang it, they should do try. But one other thing that before we move on to the next one, I guess there was a who is lockbit? Sup? Message that was post on one of the seized sites hinting that law enforcement knows who he is and where. I just thought it was funny, the stuff they were saying. He's claimed to live in the US, he doesn't. He's claimed to live in the Netherlands, he doesn't. He's claimed to have a Lamborghini. He drives a Mercedes. So I just thought that was funny. [00:45:12] Speaker C: The way they matter what damn car he drives. [00:45:17] Speaker A: Yeah, really? So I just thought that was funny. I got a good laugh out of this. I know it's serious stuff, but you got to find the humor where you can. Well, this next article, this actually may be something that affected a lot of y'all watching and listening. I know it affected me, but this is part of one of my favorite segments. Don't ray me faso latte. [00:45:36] Speaker C: No, you really got it down. I'm just laughing because I'm like, man, she has commitment on this. [00:45:40] Speaker A: I practice it at home and it. [00:45:42] Speaker C: Is in your wheelhouse now. [00:45:44] Speaker A: I'm so glad as a budding voice actor, that makes me feel good. This article comes to us from laptop mag. IPhone users stuck in SOS mode as at and t outage disrupts cellular network. Now this is something that happened several days ago. It's now been resolved, but it was for a good chunk of the day. I think it was like close to 12 hours, I'm pretty sure. Maybe not quite, but a long time. Phones were stuck in SOS mode, meaning that they could only make emergency calls and even in some cases, users couldn't even do that. [00:46:09] Speaker C: Were either of you affected by this? [00:46:11] Speaker B: Yes, I was not. [00:46:12] Speaker C: I was not. So one out of three. [00:46:14] Speaker A: Okay. [00:46:15] Speaker B: I rely heavily on wifi calling. [00:46:18] Speaker C: Sure. [00:46:18] Speaker B: So it's possible that the towers were now in and I wouldn't have noticed. [00:46:22] Speaker C: Was it only calling or was it all data or like cellular? [00:46:26] Speaker A: It was anything over cellular. Cellular stuff. So I was still able, as long as I had wifi. So when I was at home, when I was in the office, I am an iPhone user. So I was able to use the wifi calling and text over iMessage. Right. But I was in like a group chat for a job that I was doing, and I was only. Only getting the texts from iPhone users because they were using wifi. Any texts that were coming through from Android users that were other providers, not at t, I was not getting any of them. [00:46:47] Speaker C: So I only had only affected Apple. [00:46:50] Speaker A: Users at t. It affected. [00:46:55] Speaker C: At t. Okay. [00:46:56] Speaker A: No, I'm just, from the perspective of an iPhone, that's how it affected me. But it was anybody on at t and then cricket, because they're like, everybody's. [00:47:05] Speaker B: Where you get kind of the blurred line is with imessage, it'll send via Apple servers over the Internet, but when you go Android to iPhone, it's got to go over the cellular network. And so that's where you see that breakdown. Also, a lot of people thought that T Mobile and Verizon were having outages too, but it turned out that it was them trying to connect to at t users. So this was limited to at t as far as an outage. Now, what's our first thought when a major outage like this happens? Somebody got hacked. [00:47:32] Speaker C: Right? Service attack. [00:47:35] Speaker B: Yeah, that's what you think in this case. So far, nothing has been put forward to indicate that it was a cyber attack. However, at T did release a statement saying that they're not sure what caused it, but they believe that they were rolling out a change to their network. They were upgrading some systems, and their process may not have been followed properly, leading to an outage. Now, Microsoft had something like this happen a while back. They were pushing an update out inside of Microsoft Azure, and they had it scripted so that they could just run the script against 10,000 hosts or whatever. [00:48:13] Speaker C: Got the semicolon, it's always just a. [00:48:16] Speaker B: Decimal point or something like that, and abort everything. And it cut them off from their management network. [00:48:24] Speaker C: It was good to know that they were just incompetent and secure, but in. [00:48:28] Speaker B: That scenario, they knew what happened. They're like, here's the change we were rolling out. This is what happened, and here's what we had to do to fix it. [00:48:34] Speaker C: Right. It was an easy correlation to that. [00:48:37] Speaker B: So at t is saying we think it was tied to this update. And that seems a little suspicious to. [00:48:43] Speaker C: Me because also the fact that they brought in the CISA and incident response teams, you're saying, I don't believe that it is a security incident, but we've got a bunch of security responders here right now looking for a security incident. Yeah, that was odd to me. Don't you need some sort of indicator of compromise before or indication that there was a breach of some kind or an attack before? You would want to bring those people in? If you weren't sure on that, you would just kind of default. Well, obviously, we're making changes. It's most likely culprit here. [00:49:17] Speaker B: I think the difference, and I can't remember the term, there are utilities things that are considered like basic human rights in the United States, and those are higher priority than other things. Right. So Microsoft Azure is not considered a utility that we have to have access to, but the cellular network phone service is. If people can't call 911. [00:49:38] Speaker C: Right. [00:49:38] Speaker B: Then that's a big problem. And so it may just be their default when there's a kidnapping. [00:49:46] Speaker C: I just wanted to go, Alexa, call that one. [00:49:50] Speaker B: When there's a kidnapping, the FBI immediately gets involved. [00:49:54] Speaker C: Right. [00:49:54] Speaker B: No matter what. [00:49:55] Speaker C: And we get Amber alerts and that kind of stuff. [00:49:57] Speaker B: Right. And the reason is with a kidnapping, they've got like this small window of times of 48 hours, 72 hours or whatever, where in that period of time they can successfully rescue people who have been kidnapped. But once you cross that time threshold, the odds of that person still being alive drops insanely, right? [00:50:14] Speaker C: Yeah. [00:50:14] Speaker B: So they just cut the bureaucracy out. Like, hey, if it's a kidnapping, we immediately go to the FBI. So I suspect we've got similar stuff for the phone system, for water, power, and so on. So when they have a significant outage, they just immediately go straight to code red, Defcon one, whatever. [00:50:34] Speaker C: They just start looking for assumed breach at that point. [00:50:37] Speaker B: But I don't feel good. I don't feel confident about what at t is saying about. We suspect it was this change because it's usually pretty easy to tell. I just rolled out this change. Here's what it should hit. [00:50:49] Speaker C: The why. Why the, yep, that's causes me pause. [00:50:56] Speaker A: Well, if you were affected, I know that. I think it was Ronnie here in the office said he got a text saying, hey, we're really sorry about this. You're going to get a $5 credit to your account because you didn't have service for this many. Right? So a lot of people were upset about that. They were like, oh, that's a joke. $5 that can't make up for emotional damages, whatever it is that you suffered because you couldn't text your mom or something. But legally, for me, it was that I couldn't text my mom, but legally, they're not owed anything. There's no legislation or rules in place that say you have to reimburse customers for outages. So $5, I guess, really is generous. [00:51:30] Speaker C: Considering some forms of downtime throughout the year. [00:51:34] Speaker B: Oh, you agree to all sorts of being crapped on, especially for something like. [00:51:38] Speaker A: This, where it's not like it was just specifically like, what was just my service. And I pay for this every month, and I was the only one affected. Lots of people were affected. So it's like, all right, this clearly isn't just a you problem. This is a bigger issue. But they're giving, supposedly I haven't gotten a text like that, but supposedly they're going to give everybody $5 credit into their account and hope that that fixes things. But yeah, it is a little concerning that. It just kind of happened, and then it was like, oh, it's fixed. And there's no real information on exactly why. [00:52:04] Speaker C: I feel like you ever watch, like, a movie or a tv show and a guy's trying to get information out of, like, a bartender or something and they're not going to talk and they go, maybe this $5 bill will change your mind. They slide it. Oh, sir. Now I was a vault, but now I am a river. Of information. $5 is $5, right? [00:52:27] Speaker A: Before we get too far down that rabbit hole, we'll go ahead and move on. Like I said, we are going to talk some more about a different russian hacking group. This is part of a segment we like to call who got pwned. Looks like you're about to get. Think Cartman's the next impression I'm going to work on. So I'll add that to my list of things. [00:52:44] Speaker C: I cannot wait to hear this. [00:52:45] Speaker A: Yeah, I'm working on it, man. [00:52:48] Speaker C: No, I want to hear the proto. [00:52:49] Speaker A: Cartman after this article. It's rough. This article comes to us from bleeping computer. Russian hackers hijack ubiquity routers to launch stealthy attacks, as opposed to really loud and out there attacks. So yet another case of a russian hacking. Was it a group? Was it individuals? [00:53:11] Speaker B: They are identified as military unit 26165. So this is the russian military. [00:53:16] Speaker C: This is apt 28? [00:53:19] Speaker B: Yes. Also known as fancy bear. [00:53:20] Speaker C: Bear, yeah, fancy bear. Back in the actionaire. If you haven't heard of fancy bear, they have a long and luxurious list of hacks throughout the history of hacking here. Very well known apt group. We constantly struggle with these aholes doing stuff, especially attacking us specifically. So no big surprise that their name pops up in the news yet again because, well, they're going after that wifi. This is kind of a trend here lately. We reported on another hacking group using but home routers, and they have also gone after home router systems Iot, basically to kind of obfuscate the attack for making botnets and things of that nature. And that's kind of what we're seeing here, though. [00:54:03] Speaker B: Let me just clarify here, because ubiquity, they're known for making low cost hardware, but it's really designed for enterprise. Small medium office and some large enterprise. They start to break down a bit on the performance scale once you get up to there. So these edge routers are designed for businesses, and a lot of schools use them. Ubiquiti's had a bit of a spotty record over the years with security instance, but I will say I'm going to compare them to Fortinet. Right, because I crap on Fortinet all the time. Fortinet has had a number of breaches over the years, a number of vulnerabilities that shouldn't have happened, and they've actively worked to cover that up in a number of scenarios. They've been less than transparent, and that's why I don't trust Fortinet. Ubiquiti on the other hand, they've had a number of incidents over the years, but they've been pretty darn transparent about it. So they share the information, they tell you what to do. This one's pretty bad. The attackers are able to gain access in a way that's pretty persistent, like survives reboots and stuff. So if you have a system that has been compromised or if you're afraid that you may have been compromised and you haven't detected it, unfortunately, what you have to do is a hardware reset. You can't just use a software factory reset. You got to do the hardware button to do a full factory reset. [00:55:21] Speaker C: You got to go back to basics on this bad boy. [00:55:23] Speaker B: Yes. And then apply the latest firmware updates. So they've already pushed an update out to patch this vulnerability. [00:55:28] Speaker C: So the fix is rebuild your Wifi network. If you think or you know you have been affected. [00:55:34] Speaker B: The edge routers do wifi. [00:55:35] Speaker C: Oh, I'm sorry, it doesn't. It. [00:55:36] Speaker B: I don't think the edge routers do wifi. Got you. [00:55:40] Speaker C: Oh, this is the edge routers. [00:55:41] Speaker B: I'm sorry. I've worked with a couple and they did not have wifi. But who knows what they've added since? [00:55:46] Speaker C: Who knows? They do love to add features. Now, correct me if I'm wrong, though, I didn't see where this was. Something that was so fancy Bear did not get into these routers due to some RCE Cve that they discovered. But because people tend to have lax security, these things come out of the gate very open because you have to be that way out of the gate with a device such as this so that people can go in and administrate them, connect them to their networks, get all the configuration done, and then it's kind of up to you to secure them after the fact. I was reading in the article about how unfortunately, most people don't update these types of devices, so they're running old firmware, so there might be known vulnerabilities in them, and that's how they got in, or they left the defaults as they were and didn't change them, and they just took advantage of the fact that that was the case, and then they were able to infiltrate inside into that device and then add their malware to it, giving them this persistence and utilization of the devices. So if it is a CVE that we're using, it's probably a known one, and you just have to update. And if you're not doing those security things that we continue to try to preach to you, then you've probably left yourself open to an attack, because that's how it works. [00:57:05] Speaker B: And according to bleeping computer, the edge routers do ship with a default password. [00:57:09] Speaker C: Right. [00:57:09] Speaker B: And they ship with automatic updates turned off, so they don't automatically update box. [00:57:14] Speaker C: They're not opting into security for whatever reason. [00:57:18] Speaker B: Right. And so that's a challenge. And you could say that for us, as it people, it's our responsibility to implement that security. But there's certainly more ubiquity could be doing. Still, though, if you want cheap hardware, they're one of the best at it. [00:57:33] Speaker A: Good way to go. [00:57:35] Speaker B: Yeah, they've had a real tough time. They're the ones where the CISO had a backdoor into the system and he posed as a hacker to extort them. Right. And was ignored. I've got all your source code. Which he did because he was the CISO, and then he was set to investigate the breach that he caused, that he was perpetrating. [00:58:01] Speaker C: Yeah, serial killers kind of implant themselves into the investigation. Something they like to do. Yeah, it was like that, except he was a crazy person. He wanted money too, right? [00:58:13] Speaker B: Oh, yeah. Several million dollars. [00:58:16] Speaker A: Oh, wow. At least he's starting small. [00:58:18] Speaker C: And then I wonder what pushed him over the edge. Like, how do you wake up one day? And I would think that in his line of work, he's probably doing okay monetarily as far as his salary and everything goes, but one day he woke up and said, I've got an idea. [00:58:34] Speaker B: I've heard people. I describe jail as a deterrent, and I've heard some people say, like, jail is not a deterrent. And I'm like, hell it isn't for me, maybe not for you. Jail is a deterrent. [00:58:47] Speaker C: For me, actively trying to stay away from that place, it is much as possible. [00:58:51] Speaker B: It's what stops me from doing half the crap I'm capable of. [00:58:54] Speaker C: Exactly. [00:58:58] Speaker A: Wow. [00:58:59] Speaker B: Yeah. [00:59:00] Speaker A: I'm working with a couple of would be criminals here. I'm a little bit afraid. [00:59:04] Speaker B: So for that guy to wake up one day and say, I'm going to do this, that means that he thought. [00:59:09] Speaker C: He could really get away with it. [00:59:10] Speaker B: He had thought it through well enough that he could get away with it. [00:59:13] Speaker C: Yeah. [00:59:14] Speaker A: Maybe he just really wanted a trip to a nice state sponsored hotel. [00:59:17] Speaker B: You don't know. [00:59:18] Speaker C: I'm guessing this is why we constantly get attacked by russian hackers and north korean hackers and chinese hackers, because they. [00:59:26] Speaker B: Can get away with it. [00:59:27] Speaker C: There's nothing we can do about it, right? Yeah, we can say these are the hackers we think did this and there are warrants for their arrest. And if they ever land in a country with extradition or our own, we will arrest them. They're just never going to do that. And not that it hasn't happened. It does happen from time to time, but it's really so, like, hack them. What are they going to do? Don't go to China. [00:59:52] Speaker B: There was one guy who was, I think it was like a colonel in the russian army who's on our wanted list. Hey, if he comes to the US, we're going to arrest him. If he comes to the US, we're a war. [01:00:02] Speaker C: Right? [01:00:03] Speaker A: Right. [01:00:03] Speaker B: Otherwise he's not coming here. [01:00:05] Speaker C: Yeah, he's invaded and he has actively attacked us. [01:00:10] Speaker B: It's Red dawn. [01:00:12] Speaker C: He's literally going to Gitmo. He's not going to like the local. [01:00:15] Speaker B: Pokey where a sheriff's like, listen here. [01:00:19] Speaker C: Russian boy, you messed up and stepped into my one horse town. No, a federal man is showing up and he is going to actually, a military man is going to show up and take him to military jail where you are now a prisoner of war. That's fun. [01:00:33] Speaker B: Unless he shows up with the rest of his military unit. [01:00:36] Speaker C: That would also be bad. Yes. Then now we're in hot conflict. [01:00:40] Speaker A: I hope we were going to get a Daniel as Sheriff Andy Taylor impression there and Andy Griffith impressions from Daniel. I guess I can keep. [01:00:51] Speaker C: Shaking like a dog shitting a peach. [01:00:56] Speaker B: Know the analogies just never stop stocking trade. [01:01:00] Speaker A: Wow, that's brand new to me. How do you follow that up? [01:01:05] Speaker B: That's one of those that, you know, has to be rooted in reality. [01:01:09] Speaker C: You've never seen a dog, Jack? [01:01:11] Speaker B: I've never seen a peach. [01:01:14] Speaker C: And they look like they're made of hell. It's not something you would want to. [01:01:22] Speaker A: Pass to your GI system. [01:01:23] Speaker B: The ingredient list just says hell. [01:01:26] Speaker A: Oh, my God. [01:01:28] Speaker C: It's coming to Frogtown. [01:01:30] Speaker B: I've got a hell allergy. [01:01:34] Speaker A: You see, this is my favorite part of the week for exactly. This is what I look forward to. [01:01:38] Speaker C: The articles are just a vehicle for us to go down the rabbit hole here. [01:01:42] Speaker A: I thought you said duck. And I was like, that's so specific. And you were like, that's rooted in reality. I'm like, when have you ever seen a duck go through that? That's insane. [01:01:50] Speaker C: I watched the entire thing, the duck, eat the sea. And then I waited the requisite time for the duck to pass the sea. Let me tell you what. If I've ever seen an animal in distress, it was that day, ladies and gentlemen. [01:02:07] Speaker B: Goodness. Some people have too much time in that. [01:02:12] Speaker C: You think a duck only makes a quacking sound? I'm here to tell you. [01:02:16] Speaker A: Oh, boy. [01:02:17] Speaker B: Good job. [01:02:18] Speaker A: Thank you for that. Thinking about that the rest of the day. [01:02:21] Speaker B: Thank you for that. [01:02:22] Speaker A: He quacks us up. He does. Anyway. Yeah. Russian hijackers. And, yeah, I don't think we can go back at this point. Thanks for breaking that down. Appreciate some of the details on that article. I also forgot to mention, I realized that as you guys were talking about this, I was looking up some stuff and realized it's leap day. Happy leap day. It is? Yeah. The day that you're watching this right. [01:02:45] Speaker C: Now, it happens once every four years. So I forget. Yeah. [01:02:48] Speaker A: So I think as you're watching this, it's leap day. Happy leap day. Hope you're having a good day. [01:02:51] Speaker C: I saw a lady had three kids, right? And all of them were born on Leap Day. [01:02:56] Speaker A: Wow. [01:02:57] Speaker C: It was like a one in a billion chance or whatever it is, that she would have all her children on a leap day. [01:03:03] Speaker B: So her children were four years apart. [01:03:05] Speaker C: I guess so. [01:03:05] Speaker A: At least, I guess, yeah. Unless she had twins or something. That's crazy. She should go play the lottery, right? [01:03:11] Speaker B: Crazy. [01:03:11] Speaker A: That's interesting. Well, thanks so much for breaking down that last article and for teaching me so much about animal anatomy. If you enjoyed those kind of side streets, we encourage you to check out some of the other techno episodes here on the site. If you think today was fun. We do this every week and it's just great. We enjoy it. But Don did mention that we've got some updates for y'all concerning the show and the format and everything. So I'm going to pass it to Don to kind of break some of that. [01:03:34] Speaker B: Have we've been soliciting feedback from our users and trying to find out ways that we can adapt the Technato podcast to be entertaining, informative, and all the various things that are out there I need to go into at t operator mode here. We know that you have many choices and podcasts you can listen to, and we strive to provide the best possible service. So anyhow, do we. Yeah, I know. We phone it in. So we're going to try something new. And starting next week, the podcast is going to follow a slightly different format. So normally we pick about six news articles and we lightly touch on each one. And one consistent piece of feedback we get is it'd be nice if we got to learn a little more about what's going on, go deeper into something. And we mentioned our day job from time to time. I'm an administrator, a bureaucrat. I fill out paperwork. Right. But Daniel and Sophie are filming cybersecurity content every single day. And they dive into how this stuff works, how an exploit functions, how you can detect if you've been exploited, how you can protect to make sure you don't get there. All the different ins and outs, and they just go really deep into that stuff as a part of our training content. So we're going to try and bring that here into Technato. Instead of covering six articles, we're going to cover one or two a smaller amount, but we're going to go deeper into it. Now, when we do that, Daniel is our cybersecurity expert. He's the one who understands how this stuff works. And not only can he explain it, he can show you. So we're going to go a little heavier on the visual elements. So for those of you that are listeners, we're still going to describe what's going on, but for those of you who are watching, you'll actually be able to see some of this stuff pulled off, see information on it and just lean a little more into the video format. Because the bulk of our people are watching us on YouTube, we want to make sure that we're conveying the best information we can. [01:05:27] Speaker C: Now, we'll still be having fun, though, right? We'll still be having fun, joking it up, yucking it up. It'll still be a really good time, but. Right. [01:05:33] Speaker B: Yep. And when you dive into that, what is it? Two's company, three's a crowd. Right. Three people is a little bit too many to have us tackling that. So what we're going to do is I'm going to step away a bit from Technato so that Daniel and Sophie can do what they're great at, which is really show how that stuff works and help you learn more about what's going on. And then I'll pop back in from time to time, as usually, if we need somebody to make fun of Microsoft moments or something, if we need some. [01:06:00] Speaker C: 80S references, here we go. I'll be like, I'm missing my 80s references. I'm bringing Don in. [01:06:04] Speaker B: Yeah. But it'll be a different format and we're going to launch that. It's going to start next week. And my ask to you guys, I'm not making you volunteered, but give us feedback, watch it, tell us what you think. And if you have suggestions, be sure to share that with us. [01:06:19] Speaker C: Right. [01:06:20] Speaker B: We've got our YouTube comments section, which we actually do pay attention to. We read the comments that go in there. You can also send us emails. You can go to the techno.com website, send us any feedback you have, give us suggestions, and we'll try it out for a few weeks, see how it goes. And if it works great, I think people will be really happy with it. Then we'll keep going that way. And if it doesn't work, great. If Daniel sucks, then tell us that. [01:06:46] Speaker C: So we're going to hear that a lot. [01:06:49] Speaker A: It's just me with seven ghost accounts. [01:06:51] Speaker B: So we'll make some changes. We love to hear from you all. You keep us around, right? If we didn't have our viewers, we wouldn't be doing this stuff. So we want to make sure that we're giving you the best content that we can. [01:07:04] Speaker A: Yeah, absolutely. I mean, we spend however much time we spend, 60 minutes, 90 minutes talking, and you guys listen and we want to hear from you, too. So it is always good to see the comments and to get feedback like that. Whether you are watching on YouTube or listening on Spotify, Apple podcasts, we do appreciate your time that you come and join us and let us banter for a little bit. So I think it's going to be. [01:07:22] Speaker C: Fun and make it more of a learning experience with fun, right? [01:07:25] Speaker A: Yeah. Because learning can be fun. That's what we do in our day jobs. [01:07:28] Speaker B: Why not do it? [01:07:28] Speaker C: I do it right? Yeah. [01:07:30] Speaker A: Well, hang on. Sometimes it's not fun. It's just scary. [01:07:34] Speaker C: That's true. [01:07:34] Speaker A: So we got to make sure we're. [01:07:36] Speaker B: Going to learn about cigarettes and turpentine. [01:07:39] Speaker C: You'll never forget that analogy. [01:07:42] Speaker A: Cigarettes, turpentine, the anatomy of a duck. [01:07:45] Speaker B: I learned so much peach seeds. [01:07:47] Speaker A: Seeds which are made of hell. Never seen a peach seed like a peach pit, right? [01:07:51] Speaker C: Yeah. [01:07:51] Speaker B: I need to google it. You never seen a peach pit like actually peaches? What do I look like? [01:07:56] Speaker A: Excuse me. Okay. Yeah, it's a really pretentious fruit. You got to work at it. Some people are put off by the fuzz on the skin. Some people don't like that. [01:08:07] Speaker C: It's like an interesting sensation when it. But then it's really good. [01:08:11] Speaker A: It is a sensory thing for some people. What do you think about seeing it now? [01:08:15] Speaker B: It's a giant seed. I thought it was going to be spiky after your description. [01:08:19] Speaker C: You can see that it has ridges, it has sharp edges. [01:08:23] Speaker B: All right. [01:08:23] Speaker A: It's like a little brain. Looks like a walnut. [01:08:25] Speaker B: I'm not going to eat one I guess that's the point. [01:08:27] Speaker C: Where's your sense of adventure, Don? [01:08:30] Speaker A: For one, I'm just so disappointed. Well, thanks so much for kind of walking us through that and just giving the folks a heads up on some of the changes that are going to be coming. It's going to be fun. We're going to have a good time. And like Don said, we love to hear your feedback. Once again, we want to thank our sponsor, ACA learning. Like Don said, that is what we do in our day jobs and we do enjoy every minute of that. We make learning fun here with audit, cyber and it content. If you're listening from the Technato website, you can look for that sponsored by Button. Click to go to the ItPro website and if you want to support the podcast, check out those courses. Once again, drop a comment. Let us know what you thought about this episode, as well as any future changes. I think that's pretty much going to do it for me. Anything else from you guys? [01:09:04] Speaker B: That's it. It's been a busy week. [01:09:05] Speaker A: Been a busy week. [01:09:06] Speaker C: Let's call this a day. I got some seeds to pass. [01:09:09] Speaker A: Right? Well, I'll get the duck out of here then. Thank you so much for joining us for this episode of Technato, and we'll see you next week. Thanks for watching. If you enjoyed today's show, consider subscribing so you'll never miss a new episode.
Previous Episode
Next Episode

Other Episodes

Episode

April 21, 2022 00:45:21
Episode Cover

Technado, Ep. 252: T-Mobile Plan Backfires

There was a ton of news to cover as Wes Bryan sat in for Don. Malaysia tested out using AI for court sentencing, Oracle...

Listen

Episode

December 27, 2018 00:44:54
Episode Cover

The Technado, Episode 80: Security Weekly's Jeffrey Man

With 30 years in IT, Jeff Man has some good stories to tell. In this episode, Peter and Don talk to the Security Weekly...

Listen

Episode 321

August 17, 2023 00:56:31
Episode Cover

321: UK Government Website Looks Like A SCAM?

Don and Sophie are back alongside Daniel for this week's episode of Technado! To kick off the show, the Windows 365 Switch has entered...

Listen