367: Temu App is Spyware?! (Plus, More Nintendo Lawsuits!)

Episode 367 July 04, 2024 01:19:21
367: Temu App is Spyware?! (Plus, More Nintendo Lawsuits!)
Technado
367: Temu App is Spyware?! (Plus, More Nintendo Lawsuits!)

Jul 04 2024 | 01:19:21

/

Show Notes

Gamers rejoice: we've got news on Xbox, Nintendo, and Apple retro game emulators on this week's Technado!

In some of our biggest stories this week, there's a new Google Chrome 0-day, Temu's getting sued, and millions of OpenSSH servers may be vulnerable to an attack. We also cover PortSwigger's very first outside investment, a biometric MFA token that doubles as a ring, and Grasshopper: a group of hackers...or pentesters...or hackers pretending to be pentesters.

In other news, an Australian man was caught red-handed harvesting credentials while on a flight (yes, DURING the flight), Kadokawa Group got hit with a ransomeware attack, and Sophie and Daniel have some strong opinions on AI-generated commentator Al Michaels.

For more on this week's stories, check out the articles below:

https://gbhackers.com/claiming-sandboxrce-0-day/
https://www.ign.com/articles/xbox-live-suffers-widespread-outage-xbox-support-investigating
https://arstechnica.com/tech-policy/2024/06/shopping-app-temu-is-dangerous-malware-spying-on-your-texts-lawsuit-claims/
https://thehackernews.com/2024/07/how-mfa-failures-are-fueling-500-surge.html
https://www.techspot.com/news/103636-nintendo-sues-two-switch-hardware-software-modders.html
https://securityaffairs.com/165108/cyber-crime/evil-twin-wifi-attack-plane.html
https://arstechnica.com/information-technology/2024/06/ai-generated-al-michaels-to-provide-daily-recaps-during-2024-summer-olympics/
https://gbhackers.com/grasshopper-hackers-penetration-testing-malware-deployment/
https://www.ign.com/articles/fromsoftware-parent-company-hacked-by-ransomware-gang-threatening-to-release-internal-data
https://www.securityweek.com/millions-of-openssh-servers-potentially-vulnerable-to-remote-regresshion-attack/
https://www.theverge.com/2024/6/24/24185066/apple-pc-dos-emulators-ios-rejection
https://techcrunch.com/2024/06/27/portswigger-the-company-behind-the-burp-suite-of-security-testing-tools-swallows-112m/

View Full Transcript

Episode Transcript

[00:00:04] Speaker A: You're listening to Technado. Welcome, and thanks for joining us for another episode of Technado. Quick reminder, tech NATO is sponsored by ACI Learning, the folks behind it pro. And you can use that discount code, Technato 30, for a discount on your itPro membership. You know, it's like clockwork now. It's like it's ingrained. [00:00:22] Speaker B: It just hit the switch. [00:00:23] Speaker A: I'll never. I'll be long gone. On my deathbed, those would be my last words. Like, she's gonna say something for a discount, and then I'll flatline. [00:00:32] Speaker B: Yeah, be. [00:00:34] Speaker A: It's been a good morning. It's been a good morning. I'm in a good mood. It's. [00:00:38] Speaker B: You're cold. [00:00:38] Speaker A: I'm very cold. I have my. [00:00:40] Speaker B: She's got, like, a straight up. So it's like 104 degrees in Florida right outside. Yeah, but it's like four degrees in here. [00:00:47] Speaker A: Freaking icebox. Yeah, I understand that. Like, you gotta keep parts of the building cold. Like, I understand why the server room's cold. I get that. But, man, I feel like a piece of cookie, though, back here, chilling in the fridge. [00:00:56] Speaker B: It's feast or famine in these studios. Like, if that air conditioner goes out and it becomes a swamp and you're just pouring sweat. So if I'm gonna have to be uncomfortable one way, I'll take the cold. [00:01:09] Speaker A: Yeah, I'm glad that it's cold and not super, super hot. Plus, then I get to be Grandpa for the day. [00:01:13] Speaker B: That's true. [00:01:14] Speaker A: My sweatshirt says grandpa on it. It's one of my favorites. I haven't worn it in a while. And I got Marty McFly over here to my right. [00:01:19] Speaker B: So, in the back of the future, my son this morning was like, what is that, daddy? I go, that's the DeLorean son. That's the time machine. You're gonna learn about Doc Brown very soon. [00:01:29] Speaker A: But your daughter loved it, didn't she? [00:01:31] Speaker B: Oh, two of them. Both the kids. I got two daughters. They were like, oh, I can't wait to see back to the future, too. Aw, you're not quite old enough for that one yet, because there's some more adult material in there that's more obvious. But then back to the future. Three, you're good to go. [00:01:47] Speaker A: But you gotta watch them in order. [00:01:48] Speaker B: But you gotta watch them in order. [00:01:49] Speaker A: So you gotta wait. Okay. [00:01:51] Speaker B: A little bit of time. [00:01:52] Speaker A: Almost time to bring the boy in, though, on the back of the feet. [00:01:55] Speaker B: Oh, yeah. [00:01:56] Speaker A: Okay. Okay. Well, I look forward to hearing how that goes. [00:01:58] Speaker B: He's not old enough to understand it. [00:01:59] Speaker A: Yet can't really appreciate. It's like taking, like, a six month old to Disney. Like, they can't really appreciate. They're not gonna remember it. So what's the point? [00:02:06] Speaker B: You know, we've got older kids that make sense. [00:02:08] Speaker A: Yeah. Cause they can enjoy the rides and they remember what's. What's going on for the most part. So I get that. It's gonna be a good week. We got to. I hope you guys are having a great 4 July holiday if you are watching this on the day that it's released. And if not, I hope you had a great holiday and you didn't lose any of your fingers. Hopefully you didn't have any firework related accidents. But if you do celebrate the fourth happy force, we have some great articles that we're gonna get into today. We'll start with our very favorite newest segment, breaking news. [00:02:35] Speaker B: Get it? [00:02:36] Speaker A: You didn't do the. You didn't do the head. [00:02:38] Speaker B: There it is. I did the head. I was head butting it. [00:02:41] Speaker A: Okay, so it's psychic energy now. Telekinetic. Okay. He's gotten rid of the invisible hammer. Well, we've got this one. We feel like it's a little more pressing, so we'll cover this one. First. A threat actor claim the sandbox escape rce zero day. Google Chrome. Daniel found this one for us. And lots of big words in that title. Yeah, it's early, it's a good morning, but I'm still tired, so maybe. Maybe we could break this down a little more. But this was just this morning. I think that this broke, right? [00:03:10] Speaker B: Yeah, yeah. You know, we on. On technado day, we do try to see what might we miss. That someone be like, hey, you didn't cover such and such. [00:03:19] Speaker A: Yeah. [00:03:19] Speaker B: So we looked through some articles, and this definitely seems like a noteworthy one, is that someone is selling supposedly a zero day rce for and sandbag box escape for Google Chrome. And that is what we call nightmare fuel, ladies and gentlemen, because if that is true, guess what the number one used browser in the world is right now? [00:03:40] Speaker A: It's Google Chrome, not Microsoft Edge. [00:03:42] Speaker B: It's not Microsoft, even though that is a Chromium based browser. So I would be interested in seeing, does this affect all Chromium based browsers, or is it just Chrome? [00:03:52] Speaker A: Interesting. [00:03:52] Speaker B: That's an interesting idea. Right. So you might want to switch over to Firefox for a few. Just, you know, it never hurts to have multiple options sitting on the desk. And ultimately, that's. That's really what's going on? If you look at the article, you can see the web and dark web informer is saying zero day for sale. The r two Al Kaz is. I don't know how they say that is allegedly selling a sandbox escape. RCE and Google Chrome affected versions 126 point such and such on the Windows operating system and gives those versions as well. I do like that. I think they do actually say this is a nightmare. Yeah, a sandbox escape combined with RCE in Chrome is a nightmare scenario, said Jane Doe, a cybersecurity analyst. You think that's a real name? [00:04:40] Speaker A: Sure. [00:04:41] Speaker B: Yeah, I think that's it. I think she's actually Jane Doe. There she is. Give her credit. Good old Jane Doe. If her parents did name her Jane and her last name happened to be Doe, they obviously were just trolling their own kids. [00:04:52] Speaker A: I was gonna say they hate their. [00:04:53] Speaker B: Kid or they just thought, this will be fun, it'd be real. [00:04:57] Speaker A: Cause I know it's like an anonymity thing. It'd be real funny if we found out one day that there was a source that was just throwing that in there. Like we need to attribute this random thing to somebody and we don't really have an actual quote on it. We'll just throw in a Jane Doe and say, oh, she's anonymous. It's an anonymous source. We gotta protect our sources and it's not real. [00:05:12] Speaker B: I wonder how much this is running for. Yeah, it would seem like it would be a bit of money. [00:05:16] Speaker A: Yeah, that'd be a good question. The way you explained it was a lot easier that. I feel like the headline was not threat actor claiming of sandbox escape Rce in zero day Google Chrome. I feel like those words are in the wrong order. [00:05:26] Speaker B: Well, you know, listen, that's just me. When AI writes your titles, you gotta be ready for whatever it spits. [00:05:32] Speaker A: This was breaking. They had to get this out, right? [00:05:34] Speaker B: It's got time to edit. [00:05:35] Speaker A: Sometimes the words get scrambled. [00:05:37] Speaker B: You just copy paste out of chat GPT and you go with it. [00:05:40] Speaker A: If it works, it works. You get the. What is the SEO? You get the SEO. So it does, it does. [00:05:46] Speaker B: All that matters. [00:05:46] Speaker A: So a little bit less pressing. This issue has been resolved, but it was a pretty big deal earlier this week. Xbox Live suffered a widespread outage. Xbox support was investigating at the time. So this was happening Tuesday of this week? [00:05:58] Speaker B: Yeah. [00:05:58] Speaker A: Trouble in paradise. Well, I don't know if I'd call it paradise. [00:06:01] Speaker B: Those Xbox live chat rooms, they can get pretty rough. [00:06:03] Speaker A: Yeah. You log on for five minutes, and you leave, like, having to go to therapy. [00:06:07] Speaker B: You just like that picture of Matthew McConaughey smoking a cigarette. Like, exactly the things I've seen and heard. [00:06:16] Speaker A: So it was unavailable for approximately 7 hours, which, if you're a serious gamer, I mean, that's a big deal. [00:06:21] Speaker B: Oh, man. I guarantee there were some people losing their ever loving minds that they couldn't get on Xbox Live, which is sad. [00:06:29] Speaker A: Affected, thousands. [00:06:30] Speaker B: Touchgrass. [00:06:31] Speaker A: Yeah, affected. They do. Touchgrass simulators. [00:06:35] Speaker B: Yeah, they get on the Xbox Live. Have you played Touchgrass 2.0? It's amazing. [00:06:41] Speaker A: Well, they. It said they received a peak of more than 38,000 individual outage reports around 03:00 p.m. on the day this happened, which again, I think was Tuesday the second, but it was resolved. Xbox said, hey, users should no longer be encountering issues. You should be good to go. But they didn't say what happened or why. So I don't know if it was just maybe there was something going on in the world of Xbox Live. Just a lot of people happened to log on and overwhelm stuff. I don't know. [00:07:03] Speaker B: You think maybe it was an accidental denial service? [00:07:05] Speaker A: Could be, yeah, it would surprise me. [00:07:08] Speaker B: It's a shitty intern. [00:07:10] Speaker A: Yeah. [00:07:11] Speaker B: Push some unauthorized code or some infected, some weird configuration change. Not that that's ever happened with Microsoft before, but. [00:07:19] Speaker A: No, like, no, like obvious, like, security issues or anything. It was just a pretty big outage. So maybe. I hope we don't find out later that it was like, by the way. Yeah, so we had. We had some problems. There was a little threat actor. [00:07:31] Speaker B: You never know when those things turn into a security incident. [00:07:33] Speaker A: Hopefully not. Hopefully not. That's, I think, gonna do it. For our breaking news today, if we missed anything, let us know. [00:07:38] Speaker B: I'm sure we did. [00:07:39] Speaker A: Well, yeah, there's a lot of it goes on, but we do try to pull some stuff as we're filming just so that we covering. [00:07:46] Speaker B: It's on the edge, pertinent, you know. [00:07:48] Speaker A: Well, getting into our articles that we. That we hairfully hand picked and curated. Handpicked and curated just for you. Shopping app Timu is dangerous malware. Spying on your texts. Lawsuit claims, lawsuit. [00:08:00] Speaker B: See, now that. That's where. That's Barry in the lead right there. The lawsuit. [00:08:04] Speaker A: That's the big one. [00:08:05] Speaker B: That's what's up right there. Everybody knows that teemoo is a piece of crap. [00:08:09] Speaker A: If you're not familiar with t moo, it's. It's a. You can buy basically anything if you go to their page they have everything from maternity clothes. Have you bought anything automotive? I don't think so. I've bought off of Sheen before. It's been a long time. But I did buy several shirts off sheen, and I'm still wearing them to this day. Like, I. They're not supposed to last. [00:08:25] Speaker B: Did not disintegrate after they lasted me. [00:08:27] Speaker A: They have lasted me. But it's, you know, it's fast fashion, and so if you're not going to wear it for a long time, they say not to because it's not sustainable. But Taimou is. It's kind of like sheen in a different font. I've never ordered off of there, but they do have quite a bit of variety in their wares. [00:08:42] Speaker B: But the package looks like they were shipping human organs. [00:08:45] Speaker A: This does look ominous, doesn't it? [00:08:47] Speaker B: Here's your liver. [00:08:49] Speaker A: This is a mug shot of the package. That's what that looks like. That's very ominous lighting. But it's grown very popular. There was. If y'all watched the Super bowl, there were, like six or seven team who. Commercials that played during the Super bowl. They're very. They were very much pushing in the US, but according to. I believe it was grizzly research had a forensic investigation that they did that said that it. The company that supports T Moo or the company behind Timo, is a fraudulent company, and Timu is cleverly hidden spyware. What do you think about that? Daniel? I know your opinions on apps like this. [00:09:19] Speaker B: Anything you have to be, if you're in the United States or any other area, honestly, but especially in the United States, and you're using apps that are chinese in origin, you should be suspect of that just because of how the CCP has their hands, and, like, that's just how that goes. And apparently Timu is not, you know, immune from this. I did pull up the report that talks about what the problems were or that they think they have found within the TMU app. A lot of weird, definitely shady looking stuff going on there. If you want to jump in here, we got. It says the app has hidden functions that allow for extensive data exfiltration. Unbeknown to the user. This potentially gives actors full access to almost all the data on a customer's mobile device. It's evident that great effort was taken to intentionally hide this malicious intent and intrusiveness of the software. The parent company of this has also had another app been suspended from the Google Play store for doing very suspicious things. And it wasn't until they removed those suspicious items they were allowed back in, guess what? TMU has those specific suspicious things embedded into them, like being able to, according to this article, recompile itself, make configuration modification changes after you install the app. And once you give it permissions, of course anybody that's ever downloaded an app before you download the app, it goes. [00:10:59] Speaker A: Would like to access blank permissions. [00:11:01] Speaker B: You go okay, yeah, here's your permissions. After you give it those permissions, it goes haha, you have done stupid and now I'm going to make more changes. So it's almost acting like malware does when it goes for a second stage, and in that second stage it does malicious things. Yeah, so there's a whole chart that they have available here, let me pull that up. Here we go. Things that are dangerous and TMU does them all local. Compiling with package compile requesting information of app runs root rights or root privileges is how I would have put that. Let's see, request process list, request system logs accessing debugger status reading and writing system files to SY's devices accessing external storage, making screenshots requesting Mac addresses, putting Mac address in JSON and sending it to an information server code obfuscation with most Java code unnamed files, folders and functions, which is also a hallmark of malware Android permissions to camera, permissions to write external storage permissions to record audio, permissions to install packages, permissions to access the Internet permissions to wake, unlock and putting location information into JSON, which is the fine, like the precise, I guess it's precise, precise location, not general location. It accesses that and gives the precise location of the device. [00:12:25] Speaker A: Well that's nice. [00:12:26] Speaker B: So yeah, just a lot of weird stuff going on with inside the team up. Now to their defense. Yes, they do them all. Amazon does quite a few of these things as well, and they are the biggest, one of the bigger decriers and copiers of Teemo. [00:12:41] Speaker A: That's true. [00:12:42] Speaker B: And you can see Sheen actually is one of the lesser. [00:12:46] Speaker A: That's surprising. [00:12:48] Speaker B: That's good to know. And tick tock as well. So for everybody that's worried about tick Tock and their chinese connections, if you're running Teemo, that's probably way more dangerous. [00:12:58] Speaker A: Prioritize. [00:12:59] Speaker B: This is the only time you're going to hear me say anything good about TikTok. [00:13:02] Speaker A: So comparatively. [00:13:03] Speaker B: Comparatively, right? I say to the fire with both of them, but whatever, you know, but. [00:13:09] Speaker A: Punching a guy is not as bad as stabbing a guy. So comparatively, like maybe deal with, deal with Timu before you deal with, before you deal with TikTok. I thought it was interesting. It was the Arkansas attorney general that was leveraging this lawsuit. That's not the name. [00:13:21] Speaker B: And they've got a bill in place that maybe the tick tock bill. I'm not sure, but there is an HR bill that is associated with this. It is hrtainen. Where is it? I know it's in this article somewhere. I just saw. Oh, HR 1153. In part. The Department of the treasury can issue a directive prohibiting us persons from engaging in any transaction with any person who knowingly provides or may transfer sensitive personal data subject to us jurisdiction to any foreign person subject to chinese influence. That, yeah, sounds like it falls underneath that right there. [00:13:59] Speaker A: So a little sus. Of course, Timothy said they were surprised by the lawsuit. We categorically denied these allegations. Right, right. Feel like they're gonna come out and be like, yeah, you caught us, you know, man. [00:14:10] Speaker B: Busted. [00:14:11] Speaker A: That's it. Guess we'll, guess we'll back down. No. [00:14:14] Speaker B: So deny, deny, deny. [00:14:16] Speaker A: Of course. Of course. Until you, until it's proved it wasn't me. So. So we'll have to see, of course, the, you know, they've got to then prove these allegations. And so, you know, it, it'll be interesting to see how this plays out. But Tamew is becoming more and more popular in the states. So if you do have that app downloaded on your phone, maybe considered another. [00:14:33] Speaker B: Interesting factoid that the report kind of brought up was that they say, they allege that Teemu is losing $30 on average per sale. [00:14:43] Speaker A: That's interesting to me because they, they. [00:14:45] Speaker B: Guarantee like, an x amount of shipping from China. Oh, that shipping is like killing them. But they don't care why? Because the data they mine is worth more than the product they sell. [00:14:57] Speaker A: Interesting. [00:14:58] Speaker B: And that's why they don't, they don't just give a crap, they just do whatever. [00:15:02] Speaker A: Because I always thought that, like, it's. Yes, they're advertised as, these are high quality goods. Anybody that's buying off of Taemoo and sheen at this point, you probably understand it's not gonna be like egyptian cotton. You know, like, it's very, it's very cheaply made. [00:15:16] Speaker B: Somebody said that in the comments that Teemu was the wish version of wish. [00:15:20] Speaker A: Exactly, exactly. [00:15:22] Speaker B: Yeah. [00:15:23] Speaker A: But I guess I didn't consider it. It is pretty fast for coming from China. It gets there pretty quickly. So I guess I didn't think about the fact that, yeah, the shipping's killing them. So. Hmm. Hmm. Little sus, to say the very least. [00:15:34] Speaker B: Don'T install the app. Just go to the website. If you want to buy from tv and use like Hoonix or cubes or something, and they get nothing. [00:15:42] Speaker A: You're just saying words now. [00:15:44] Speaker B: Those are like privacy versions of Linux. [00:15:47] Speaker A: Oh, okay. [00:15:48] Speaker B: Privacy. Focus. [00:15:48] Speaker A: See, I'm not a Linux user. Does that make sense? [00:15:50] Speaker B: One day I'm gonna switch you over. [00:15:52] Speaker A: By God, it sounded like you were saying a spell, like use Hoonix to prevent TMU from stealing. It's all just a bunch of made up words. [00:15:59] Speaker B: Technically, all words are made up. [00:16:01] Speaker A: Yeah, okay. I know, I know. If Shakespeare can do it, so can we. Moving on from T Moo, though. Yeah, if you've got the app, maybe delete it. But this next article, how MFA failures are fueling a 500% surge in ransomware losses. And Daniel, anytime I see an article like this, I'm instantly like kind of skeptical because I see like a big number like that. Like this is how this particular thing is ruining you or da da da da. Is this. Is there any merit to this headline? [00:16:27] Speaker B: So probably, yes, I say probably it is. There's some, I don't know if 500% is the right number or whatever, if they're inflating those numbers. This is definitely a marketing article because it links directly to a product and the product is token ring, which is this thing here. Stop phishing with ransomware and ransomware with next generation MFA, where it is a literal ring that is fido two compliant. So you just like wear it on your wrist. You swipe your ring like for your finger. Ring for your finger. Yeah, except it's got a fingerprint reader in it. [00:17:06] Speaker A: I'm married to my career. [00:17:07] Speaker B: Yeah. It's using. It's using biometrics. [00:17:10] Speaker A: Yeah. Right. [00:17:11] Speaker B: Biometrics vastly superior to, obviously passwords and other token based systems. The kind like if you get SMS message. Right. There's obviously flaws in that. Even when you use something like an authenticator app, if someone is able to get you to go to a credit credential harvesting or MFA harvesting site, that looks like the legitimate site to enter your MFA code here, and that's actually going to the attacker. So there are absolutely problems with password and even some MFA systems. The most secure thing you can do is to use something like a Yubikey or fido based compliant device. The problem that comes with that, and I think that that's what they're trying to solve with this ring system that they've got going on here, is what if I forget my yubikey at home? Right? [00:18:01] Speaker A: Yeah. Okay. [00:18:01] Speaker B: You're supposed to keep it on your key ring. And that's probably the best solution, honestly. And they have UB keys and other, like, titan key and whatever that. Fingerprint readers and everything. So you're involving biometrics. There's also the biometrics of, like, facial recognition and that kind of stuff. I think it's an interesting solution, but I thought the more interesting conversation was, would you use it? Would you out there be willing to put a ring on every day? [00:18:31] Speaker A: Yeah. [00:18:32] Speaker B: For your. [00:18:33] Speaker A: Cause if I'm forgetting my yubikey, I mean, maybe it's because, like, I, like, you wear a wedding ring. I'm not married, so I don't wear. Maybe if you keep it by your, like, if you already wear a ring every day and you just keep it near the ring you already put on every day and you're using to that, maybe it's easier. [00:18:46] Speaker B: I don't want to look like, you know, wear it like a New York mafia. [00:18:53] Speaker A: Put it on your pinky like Robert De Niro. [00:18:55] Speaker B: Oh, yeah, that's my fido too. You know what I mean? Like, oh, hey, Joey, you got that fido ring on. [00:19:02] Speaker A: Like, if I'm already used to doing it, maybe it's not as difficult. If I wear a ring, it's for, like, fashion purposes. I wear it as an accessory, and I still forget. Like, I'll be like, oh, I forgot to put on earrings today. I forgot. So I think for somebody like me, I'd be just as likely to forget something like this. I don't know that it really solves that problem. Maybe it's harder to lose, but if you're keeping your yubikey on your key ring, then I think it would be unlikely that you'd lose that. [00:19:26] Speaker B: So I can see where people are like, well, if it's connected to your keys and you got this, you know, you look like a high school janitor next to your computer where you get your whole key kind of thing going on. I get that, which is why I kind of get creative with the things that I want to be able to quickly detach from my key ring. I have quick detachers for all those, those devices I'd be interested to see. I don't think I would wear a ring, honestly. You know, I wear a ring. If I wasn't married, I would not wear a ring. [00:20:00] Speaker A: I want to know what this looks like on. I want to know if it looks stupid and bulky when you. [00:20:04] Speaker B: It does look pretty chunky, right? [00:20:05] Speaker A: Because it shows the ring by itself, but it doesn't show it on a person. [00:20:08] Speaker B: Yeah. [00:20:08] Speaker A: So I wonder. [00:20:09] Speaker B: I mean, you kind of got something. I mean, that's pretty wide. [00:20:12] Speaker A: Yeah. [00:20:14] Speaker B: This looks very like a. Like a slug. Like a metal slug. [00:20:20] Speaker A: And even in the demo video, it shows him, like, using the ring to do the MFA stuff, but it doesn't show him wearing it. I know at this point, it's security. [00:20:28] Speaker B: Yeah. [00:20:28] Speaker A: But at the point, good for them. [00:20:29] Speaker B: For trying to come up with a creative solution to the problem. I'm not dissing token ring here for. It's just not something that I think I would use personally. [00:20:38] Speaker A: Yeah. It's a good idea in theory, right. I think it's a. It's a novel idea. [00:20:42] Speaker B: It's definitely a novel idea. I guarantee there's a market of people that will, and that's cool. Go for them. Like, I got. I got nothing against that. It's just, I figure if I was gonna go with something like this, I would just get a titan key or a fido or. [00:20:54] Speaker A: Yeah. [00:20:55] Speaker B: A yubikey or something and just do that. [00:20:57] Speaker A: The convenience factor, I think, is about the same for either of those things, but still interesting. And the fact that, you know, MFA, or the lack of MFA, I guess, if it's not implemented properly, or I could see how that could cause the problem that it's saying that it caused. [00:21:12] Speaker B: I think that they're absolutely right, because in the article, they talk about how the number one way in which companies get breached is through phishing and cred stealing. And even with MFA, that can still work quite often because of, you know, typo squatting and fake sites and stuff, where you go, oh, yeah, push that. Push that two fa code right here. [00:21:38] Speaker A: Right? [00:21:39] Speaker B: And you can. You can. They can then grab that and bypass, and you're none the wiser. [00:21:43] Speaker A: Yeah. [00:21:44] Speaker B: Right. So having. Having that. That hardware based tokenization is. Is definitely the better way to go, whether or not I think it should be in a ring form factor. And maybe necklaces, is it? Or a hat. [00:21:57] Speaker A: Who was the movie star that wore, like, the vial, the blood? Was it Angelina Jolie and Billy Bob Thor? [00:22:02] Speaker B: Oh, yes. [00:22:03] Speaker A: I do believe they do. She's gonna invest in this ring. [00:22:05] Speaker B: Oh, she's into. [00:22:06] Speaker A: She's into, like, biometric jewelry already. She's got the DNA already. [00:22:10] Speaker B: The blood. See, that's the biometric. He pours one drop. It's like that. What was it? Tales from the crypt. Demon Knight, the movie. He had a cross that was also a vial, and inside of it was the blood of Christ. And then he could use that. He could put some blood on a doorway or a windowsill. And it would. [00:22:29] Speaker A: And, like, protect it. [00:22:29] Speaker B: It would protect it from demons. Yeah. It was very entertaining. [00:22:32] Speaker A: I used to love tales from the grid. [00:22:34] Speaker B: It was a very entertaining series. [00:22:36] Speaker A: Feels like it should be a scene out of Salem's lot or something. That's right. [00:22:39] Speaker B: Well, it was obviously. [00:22:40] Speaker A: Sure. Yeah. Yeah. I probably would even scare me now. [00:22:43] Speaker B: The name of the movie is Demon Knight. [00:22:45] Speaker A: Yes. Okay. Yes. Yeah. I'll stay away from that one. I will not add that one to my list because I. I think you. [00:22:51] Speaker B: Would enjoy it, actually. [00:22:52] Speaker A: You think so? [00:22:53] Speaker B: Yeah. It's not, like, scary. [00:22:55] Speaker A: Okay. [00:22:55] Speaker B: It's more entertaining with monsters. [00:22:57] Speaker A: Oh, okay. I guess if it's older. Yeah. Okay. Maybe I will. Then it's gonna be towards the bottom of the list. [00:23:03] Speaker B: Jada Pinkett Smith. Before she was Jada Pinkett, but she was just Jada Pinkett at the time. [00:23:08] Speaker A: Yeah. [00:23:09] Speaker B: Blunt. This star, William Sadler was in that. It was a very entertaining flick. I usually watch it around Halloween time. [00:23:15] Speaker A: It was Jada Pinkett before her entanglement, before all her issues, before. [00:23:19] Speaker B: Man, did that shit hit the fan. [00:23:22] Speaker A: Anyway, we'll move on. I won't. I won't rag on poor Jada too much. Going back to, you know, we just talked about a lawsuit a little bit ago, and we're not done talking about lawsuits today. We mentioned last week Nintendo gets a little litigious sometimes. Just probably an understatement. [00:23:36] Speaker B: Nintendo, is it a day that ends in why? [00:23:38] Speaker A: Exactly? Yeah. Nintendo is now suing two switch hardware and software modders. Modded hardware store and archbox are being targeted for aiding in the use of pirated games. So one of these websites, the modded hardware website, is actually still up and active. So they haven't been, it's not like, wasn't an immediate, like, take everything down da da da. But they are. They are suing. And one of these guys, I think, is just like a, he's like a subreddit mod or a Reddit mod, but he will post, like, tips on how to. I'm not paying dollar 50 for a game. Here's how you can get it for free. And that's sketchy. You're kind of like, you dug yourself a hole there. [00:24:15] Speaker B: Yeah. When you were just outright talking about, here's how to steal things. [00:24:19] Speaker A: Yeah. [00:24:20] Speaker B: I mean, I can't blame Nintendo for that one. How can you, honestly? Right. And these are hardware modules that allow you to basically rip games or something or use them as a. [00:24:33] Speaker A: So the guy that runs, the guy that runs the modded hardware website, one of the, one of the people that's being sued it, mainly they ship Nintendo consoles that have already been hacked to run pirated games. Or you can pay to send in your console, get it modded, and they'll do it for you. Or they'll send you the stuff to do it and you do it yourself if you have the know how to do that. But yeah, the website's still up. Get a modded Nintendo switch today. I'm not advertising this. This is. I'm not telling you to go buy. [00:24:58] Speaker B: You know, that's an interesting legal argument, though, because. And of course not. Listen, ladies and gentlemen, I am not a legal scholar. Do not take legal advice from me at all. But just thinking out of the box here, this is the first time I've actually read this article. I didn't read it other than to skim it. If, if they are making a product, even if its sole purpose is for, is for something illegal, I mean, if they advertise it as such, it has no other purpose in life other than to do something illegal. Or the service we provide is only illegal. I think there are laws against that. [00:25:36] Speaker A: Yeah. [00:25:36] Speaker B: So you dug your own grave on that one, man. You cant advertise. Thats like saying you can. I can, you know, make drugs for you, you know, or something like that. No. Yeah, I don't believe that's how that works. [00:25:51] Speaker A: You can't get mad when somebody then comes after you like, hey, you can't do that. [00:25:54] Speaker B: Right? [00:25:54] Speaker A: That is an illegal thing. [00:25:55] Speaker B: Well, I, like, I feel like this would be a dark web kind of service. [00:25:59] Speaker A: Yeah, you would think, right? No, it's just, it's out in the open. Yeah, very. And I'm at me, bro. Like, one of the products that they have is called a Mig switch, and it's. You can back up your Nintendo consoles, your games, all Nintendo Switch consoles, apparently. [00:26:14] Speaker B: Definition shit though. [00:26:17] Speaker A: Yeah, could be. It says they're all sold out, so apparently this guy's pretty popular. [00:26:21] Speaker B: Well, like, but have you ever had a game die on you? [00:26:24] Speaker A: Yeah. Yeah, it's kind of sad. [00:26:26] Speaker B: And it cost you money though, didn't it? Yeah, it'd be nice to have a backup of that game. [00:26:30] Speaker A: Right. But. Okay, so, like, when I back up, if I back up a dvd, in theory, if I take a dvd that I own and I back it up. [00:26:37] Speaker B: Yeah. [00:26:38] Speaker A: And, like, if it's on like a plex server or whatever, I bought the DVD, I own it, but by backing it up, am I then doing something wrong? Or. [00:26:48] Speaker B: As far as the DMCA goes digital money copyright act. It says that you are allowed to make backups of media that you own. [00:26:56] Speaker A: Right. [00:26:57] Speaker B: It further says that you are not allowed to break the encryption on the device. So there's just like this catch 22 system that goes on inside of it. You would literally have to be caught red handed in the middle of breaking the encryption to back it up. [00:27:17] Speaker A: Yeah. [00:27:17] Speaker B: Or the FBI to go, ah, Sophia, you're going to jail. Busted. [00:27:21] Speaker A: They probably have better things to do. [00:27:23] Speaker B: Right then trying to catch you for backing up your dvd's. They're not going after people like that. They're going after those folks that are in like ripping movies and then distributing them online. [00:27:33] Speaker A: Okay, okay. Targets. [00:27:35] Speaker B: That's right. They're. They're big, big targets. They want to get the mass people as far as this goes. Again, if you. If you had a game and you spent a good amount of money on it and you're like, I just want to make a backup copy in case this thing goes dead on me. The only reason Nintendo cares is because they want you to buy another copy of the game. [00:27:57] Speaker A: Yeah. [00:27:58] Speaker B: Right. They. And this is, this has been historically when VCR's and Betamax came out, the movie companies, the movie, like Universal, Warner Brothers, all them, they sued the manufacturers of VCR saying people will make copies of our movies and they won't buy them anymore. [00:28:19] Speaker A: Yeah. [00:28:20] Speaker B: Guess you know what ended up happening. They sold more movies and videotapes and everything like that. They became a massive market. And rentals. They got all this licensing money. Do you know how much it costs for a video rental store to be able to license to rent movies out? It was really expensive. Like one movie was $100. This was in the eighties. That was massive. There was this big outlay of money for those companies to be able to be able to rent them to people. [00:28:50] Speaker A: Yeah. [00:28:51] Speaker B: And it made them tons of money. So ended up backfiring on this. I can only imagine that this would follow suit, but if you were advertising saying steal from Nintendo, you're done. [00:29:03] Speaker A: And. Yeah, I think that was. That's the main thing. I think you're right. I don't know that the mix, which is the big ticket item here, I think they also wasn't just modded switches. They had like modded three ds's that they were selling on this website. [00:29:14] Speaker B: Soft modded or hardware mods. [00:29:17] Speaker A: Modded. New Nintendo three DS xl. Modded with homebrew cFW Luma H shop. [00:29:22] Speaker B: I homebrewed my. My Wii. [00:29:24] Speaker A: Oh, yeah. [00:29:25] Speaker B: Yeah. [00:29:26] Speaker A: Would you say that again into the mic so that we can call Nintendo. [00:29:28] Speaker B: Not illegal to homebrew your Wii or your, or your three deciseconds. They just don't like it. [00:29:35] Speaker A: Yeah, those aren't even being made anymore. [00:29:36] Speaker B: So it's like, and here's, here's why. Because it's just a software mod. I'm not changing the hardware. Right. I can, I can wipe that out fairly easily. [00:29:44] Speaker A: Yeah, well, I mean, this particular, the website's modded hardware. Nintendo actually reached out to this guy, the operators named Ryan Daley and warned him in March and said, you better close your business. Which is odd for Nintendo, I think. I don't think that's something they usually do. But he kept going. He was like. And kept running his business. And so now Nintendo is suing, seeking damages, accusing him of trafficking hacked hardware, implying he sold products preloaded with pirated games. But the site's still online. [00:30:13] Speaker B: I mean, if he did that, then that is, that's straight up illegal. You cannot do that. And Nintendo should go after him for that. [00:30:19] Speaker A: Yeah. [00:30:20] Speaker B: And they should win. [00:30:21] Speaker A: Well, like we were talking about last week, the, the Switch emulator that got taken down. It was like, well, there can be an argument made as to why Nintendo wouldn't want that online because if it's current Switch games, then you could argue that, oh, Nintendo's, you know, it's taking money from Nintendo. But the three ds emulator, it was like, well, you're not making those games anymore. You're not selling anything for the DS anymore. Why does it matter if the emulator. [00:30:42] Speaker B: Yeah, I know in the Nintendo, like the Switch store or whatever, they do sell retro games or access to retro games, but it's never the full library and it can be hit or miss. Like, things are available and then they're not. [00:30:58] Speaker A: Okay. Yeah. [00:30:58] Speaker B: At least from what I understand, I don't have a switch and I don't. [00:31:01] Speaker A: I think you're right. I think you're right. [00:31:02] Speaker B: From what I understand, that's kind of how it goes. So there's never like a guarantee that the game you're looking for or whatever, or the game you own is going to be available for your switch. So I've got a three deciseconds and I've got it soft modded with homebrew. What's wrong with me playing all my like, gBa games. [00:31:20] Speaker A: Yeah. [00:31:21] Speaker B: On one style. Like, I just don't see the problem. [00:31:24] Speaker A: Yeah, no, I get that. I think there's an argument for that, but. Yeah, it's this guy. And then there was, like I said, the Reddit Mod that was openly on Reddit, you know, hey, I'll help you. Da da da. I'm not paying $50 for a game. They're both being sued. Not a lot of details on for how much on any kind of like numerical figures. People think maybe in the millions. So we'll have to see how that develops going forward. We're going to move into a. We'll move away from the Gaming for now. We're moving to another segment. [00:31:48] Speaker B: We do love it. [00:31:49] Speaker A: We do love it. It's quite fun to talk about, but this is also going to be hopefully pretty fun to talk about. Favorite segment called behind bars. [00:31:58] Speaker B: Break the law and you'll go to jail. [00:32:02] Speaker A: If you break the law, you'll go to jail. [00:32:04] Speaker B: Nobody knows the trouble I've seen. What? [00:32:07] Speaker A: Yeah, what was that? Oh, was that like you running a cup? [00:32:09] Speaker B: Yeah. Across the bars. [00:32:14] Speaker A: That you were just. I thought you were just getting down over there in your chair. So an australian man was charged for evil twin Wi Fi attacks. Aussie man. Aussie man. Yeah, yeah. This is a hack a dial Dundee or whatever. [00:32:27] Speaker B: Hack a dial Dundee. [00:32:29] Speaker A: He's been, he's been charged carrying out evil twin Wifi attacks during a flight. So not even just like in the airport on a flight that, I mean, I, I have to give him credit. It's at least innovative, I think. [00:32:38] Speaker B: I mean, he's got cones to do it on a flight and so when I was reading this article, I'm like, how did they know? [00:32:49] Speaker A: Yeah. What took them off? [00:32:50] Speaker B: There's not many open Wi Fi at 30,000ft. [00:32:54] Speaker A: Yeah. [00:32:55] Speaker B: So they were like, what the hell is that? Somebody wanted like the stewards or whatever saw that's not ours, this weird wifi. [00:33:03] Speaker A: Yeah. [00:33:04] Speaker B: And they started investigating what was going on and they realized this dude was basically, I think that they, they kind of, obviously they knew what flight it was on, right. And they wrangled him and they opened his luggage and there's an access point, a laptop and all the stuff he needed to perform this attack. And they're like, what's that you got there? [00:33:26] Speaker A: No, no, no, it's my emotional support router. Yeah, just take it with me on flights. [00:33:30] Speaker B: But yeah, so obviously this was a weirdly unsophisticated yet sophisticated attack because what a great. Like to have people in the air thinking, oh, there's a free open wifi. [00:33:45] Speaker A: Right? [00:33:46] Speaker B: That's where the sophistication comes in. That was smart for an attacker to find an untapped market and to be able to spend the money to get on the plane. He was doing all, you know, obviously within Australia, he wasn't flying to foreign lands and meeting exotic people. [00:34:01] Speaker A: That might complicate things a little bit. [00:34:02] Speaker B: Yeah, he was, he was going for in nation flights, but giving them fake pages and things like that so they would put in their credentials. I think it was like a fake captive portal. And one of the things that they mentioned in the article, which was good advice, if you're ever confronted with open Wifi, a public wi Fi that is open, and it asks you to put in your credentials or something that's suspect. [00:34:31] Speaker A: Because then it's not open. [00:34:32] Speaker B: Right. That's, that's not how that works. [00:34:35] Speaker A: Yeah. [00:34:36] Speaker B: Right. Now, captive portals tend to look kind of feel that way, but a lot of times it's not. It's just, you know, if you are on the right thing, tell me your flight number. [00:34:44] Speaker A: Right. To make sure that you're not like just camping out or whatever. Yeah, yeah. [00:34:48] Speaker B: Right. I. So it just takes a little bit of thinking. Don't be so quick to just go, oh, yeah, cool. Open wifi. Yo, my flight number, it's not gonna give you flights. Oh, my username and password. [00:34:59] Speaker A: Right. [00:34:59] Speaker B: Is this. That is a mistake. [00:35:02] Speaker A: I think at the most places like Starbucks and Panera and stuff, if you're trying to log in, it'll have you like check a box to say like, confirm you wanna use Starbucks as wifi to make sure you're not just camping out or, hey, enter your email and then they send you like, marketing emails. I've never been asked to enter a password. I've never been asked to enter like super personal or like logging through social media account. But you're right, a passenger, it might not immediately be a red flag. If you're just thinking, I'm looking for the in flight Wi Fi, there it is. And you don't think to check. But as a stewardess or somebody that's used to flying on that plane, then you probably. It would be a little bit more red flag to you. [00:35:32] Speaker B: Now, homeboy that did this, he is getting ready to learn the old axiom of if you f around, you are eventually going to find out because he is staring on the barrel of a maximum of 23 years in prison. [00:35:46] Speaker A: Geez. [00:35:48] Speaker B: Yeah, yeah. Charged with unauthorized access or modification of restricted data, dishonesty, obtaining or dealing in personal financial information and possessing our, and possession of identification information. So yeah, they don't like it when you hack people. That's why it's illegal and that's why you're looking at a 23 year stint in the old pokey there, my friend. [00:36:14] Speaker A: Yeah. Yeah. [00:36:15] Speaker B: Well, it was worth it. [00:36:17] Speaker A: He did the crime. He will probably do. Yeah, he will most likely do something. [00:36:21] Speaker B: Yeah. It's probably gonna be a plea deal involved. [00:36:22] Speaker A: Yeah. Maybe won't be the full 23 years. That's the maximum, but, yeah, you never know. [00:36:26] Speaker B: Sometimes a judge goes, you know what? We need to make an example. [00:36:29] Speaker A: Yeah. The judge is having a bad day. [00:36:31] Speaker B: Yeah. [00:36:31] Speaker A: He's like, the ice cream machine at McDonald's was broken at lunch. [00:36:34] Speaker B: And I was on that flight, I noticed that my funds diminished greatly. Well, I guess he would have to recuse himself from that. [00:36:46] Speaker A: Yeah, that's true. He could lie. [00:36:47] Speaker B: He could. [00:36:48] Speaker A: He could lie. [00:36:48] Speaker B: Good. [00:36:49] Speaker A: This next one is. I feel like I have some opinions on this, so I don't know. I know we're reaching the halfway point here. Do you think we should break and come back to this after the break, or you think we should do this and then hit the break? [00:36:59] Speaker B: Let's do this. Because it's not a lot. Yeah, we can hit this. [00:37:02] Speaker A: I do have some opinions. [00:37:03] Speaker B: So four or five minutes to rant. [00:37:06] Speaker A: On this, to babble about this. I don't know if y'all are planning on watching the Summer Olympics. I probably won't, I'll be honest. But you may have heard of Al Michaels. He's the guy that made the. Do you believe in miracles, that guy? Yeah, he was let go or his position was removed, I guess, from NBC last year. He was still doing calls for football for NBC. And it was. Yeah, people think it was because of his age. They didn't come out and say that, but up until last fall, he was still calling football for NBC. [00:37:32] Speaker B: Yeah. [00:37:32] Speaker A: There's going to be an AI generated Al Michaels to provide daily recaps during the 2024 Summer Olympics. I don't like this. I don't. It. So he, this guy listened to it initially, he was skeptical and then listened to it and was like, wow, that's crazy. It's maybe like 2% error, you know, margin, but it sounds just like me. [00:37:52] Speaker B: It tastes real bad. [00:37:53] Speaker A: I'm just thinking, like, I feel like if he's still alive and kicking and has still has been calling football since last year, why not just get him to do it? But the argument, I guess, is that this can be super specific to the point where, like, you're listening to it on the app or watching on the app and it'll be customized to you. [00:38:09] Speaker B: What? [00:38:10] Speaker A: Which, like, who needs that? Who's asking for that? [00:38:12] Speaker B: Zero people. I don't need customized color commentary. [00:38:17] Speaker A: Right. That's not, it's just like, I don't know, it takes away from the fun and whimsy of, of calling sports that way. [00:38:25] Speaker B: I mean, while that is doable and maybe there is a market out there for that. [00:38:31] Speaker A: Yeah. [00:38:32] Speaker B: That's not my biggest concern. My biggest concern with this is, do I own the sound of my own voice? [00:38:38] Speaker A: Right. Exactly right. [00:38:40] Speaker B: Does Al Michaels, who has made a living off of his voice and the way he speaks and how he delivers commentary, does he own that? Or can they create an AI representation of that and then go, what do we need on Michaels for? And this, honestly, is why there have been a lot of writers, artists that have been highly vocal and protesting the use of AI for creating artistic works because you basically, you know, everybody's talking about, you know, AI take our jobs. These people are on the forefront of whether or not a job is getting taken. [00:39:21] Speaker A: Yeah. [00:39:21] Speaker B: Right. Because it is pretty easy to create an AI generated image that is very useful. I mean, tell me that just about 90% of the articles that you read now are not AI generated images. [00:39:33] Speaker A: Yeah, right. Almost always. [00:39:35] Speaker B: Almost always. [00:39:36] Speaker A: That's pretty obvious. [00:39:37] Speaker B: Unless it's an actual, like, still, like. [00:39:39] Speaker A: A picture of a taboo package. [00:39:40] Speaker B: Yeah, that absolutely occurred. It is now mostly AI generated images. So all those artists that were out there creating images for news articles and sites and things of that nature and getting paid per download and use. [00:39:55] Speaker A: Yeah. [00:39:55] Speaker B: They don't have to worry about that AI to do it. You're fired. [00:39:59] Speaker A: I was. I wanted to see his opinion on it. If he was like, I'm not okay with this. [00:40:03] Speaker B: Did he say anything? [00:40:04] Speaker A: The only thing that I could find in this article on it was that he was initially skeptical, like, okay, you're gonna AI recreate me and it's not gonna. And then when he heard it, he was like, wow, holy crap. He was astonished and, wow, that's crazy. Sounds almost like me. But no indication of whether he was like, that's B's. Don't do that. Or whether he was fully in support of it. But honestly, I don't know that that's extremely relevant to, like, going forward, whether or not he's okay with it. If he could be like, I think this is great. I'm okay with it. But for other people, right. [00:40:30] Speaker B: It's not. [00:40:31] Speaker A: I don't like that. [00:40:31] Speaker B: It's not the question of whether or not what they should do is make a legal system that allows you to opt in or opt out of that. I own the rights to any likeness of myself. Right. My voice, my person. And therefore, if I wanted to license you to use the likeness of me, then I get to make money, and you get to make money. [00:40:55] Speaker A: Right. [00:40:55] Speaker B: I'll have to do the work, and you guys can AI it all day long. I feel like that would be the best system, because then everybody kind of wins on that with, you know, for the 4 seconds I just thought through that. [00:41:06] Speaker A: Right. Yeah. [00:41:06] Speaker B: I'm sure there's somebody out there that's deep in the weeds on AI and law and. Well, Daniel, you're. [00:41:11] Speaker A: Yeah, they're gearing up. [00:41:13] Speaker B: Yeah, they got their. Their template. Copy and paste into the comment section, actually, Daniel. [00:41:21] Speaker A: Yeah, I know. [00:41:21] Speaker B: Let's not do that unless it's constructive and helpful, please. Yeah, yeah, absolutely. Let us know. [00:41:26] Speaker A: Just don't call him names, you know? That's all we're asking. [00:41:29] Speaker B: I think I've already said I'm not a legal scholar. [00:41:32] Speaker A: That goes for both of us. [00:41:33] Speaker B: It just seems like common sense. [00:41:35] Speaker A: Yeah. [00:41:36] Speaker B: Gut feeling, like I am me and I own me. I own anything about me. [00:41:40] Speaker A: I think even for, like, obviously, Al Michaels is a huge name in sports and everything. Like, he's super famous for a reason. But even just on a smaller scale, people that are doing commentary at the local level or people that are just voice actors, usually you would put a sample of your voice online, like, hey, here's what I can do. And then people hire you. They say, here's my script. Can you read a sample of it? You read the sample, and then if they like your voice, then you're not worried about them stealing the whole project. But at this point, I could read a sentence of a long script that they have, and then I. For all I know, they can then take my voice. And we like her voice. We'll just use it. [00:42:13] Speaker B: You just kind of opened another can of worms, though, here, because let's say you create a voice to do voice acting. Let's say you're, you know, Harry Schirra or Hank Azaria. [00:42:24] Speaker A: Okay. [00:42:24] Speaker B: Right. Who do voices for the Simpsons? Nancy Cartwright. [00:42:28] Speaker A: Right. [00:42:28] Speaker B: She created the voice for Bart Simpson. [00:42:31] Speaker A: Yeah. [00:42:32] Speaker B: Does she own that, or does Fox own that? Does. Does the Simpsons franchise own the voice to Bart Simpson that comes out of Nancy Cartwright's head, or can she go off and use that voice in other contexts to make money? Does she own that? That's an interesting one. [00:42:52] Speaker A: It's the kind of thing where, like, if that did happen, if somebody stole my voice off of, like, voice 123 or one of these. These voice over websites, I probably would never know. I would just assume I never heard back from them. They didn't hire me for the project, and I would move on. [00:43:03] Speaker B: But once you move into someone that's. [00:43:05] Speaker A: That's got some notoriety, that's got Michaels. [00:43:07] Speaker B: Right. People know his voice. That voice is very distinctive, and he has made a career off of that voice. And the companies that he has worked for have made a lot of money off. It's weird because it moves from. It moves from him giving commentary and that being a part of the product to people wanting to watch their product because of him. [00:43:32] Speaker A: Right, right. [00:43:33] Speaker B: It's when you make that shift, which is why we need to, in contracts, start to preface and pregame. Hey, listen, if I ever become so big that people are watching your stuff or listening to your stuff because of me, we need to renegotiate. [00:43:50] Speaker A: Yeah. [00:43:51] Speaker B: And there needs to be a set renegotiation with metrics that. [00:43:55] Speaker A: Yeah, there's contracts where it's like, oh, we technically own your likeness or whatever, and we can use it for whatever we want. And I guess in this context, that would include your voice. Right? [00:44:03] Speaker B: I mean, isn't that how it works with if. Let's say I had a comer. I wanted to run a commercial for, you know, deodorant. [00:44:09] Speaker A: Right. [00:44:09] Speaker B: And I used a celebrity. Right. So I own. I own that piece of. Of content. Right, as the creator, but I don't own. I can't. Then just take that and go. We'll make deepfakes. [00:44:22] Speaker A: Right. [00:44:23] Speaker B: And use that slow. You can't do that. [00:44:25] Speaker A: Sure. There's guidelines. [00:44:25] Speaker B: If you can, you shouldn't be able to. [00:44:27] Speaker A: Yeah. Cause that's outside the scope. [00:44:29] Speaker B: That's what I'm saying. [00:44:30] Speaker A: Yeah. Of what the person agreed to. [00:44:31] Speaker B: We had. We had a very specific agreement on what you could use my likeness for in my person. And this was outside of that context. Exactly. [00:44:39] Speaker A: This is the kind of stuff that makes me not like the advancements in artificial intelligence. [00:44:44] Speaker B: AI gets scary, even. [00:44:45] Speaker A: There's always gonna be a group of people. There's always gonna be people that. That use it for stuff where it's like, now, why'd you have to do that? You're ruining it. You're making it like you're making things. The water's muddy now, but, yeah, this. This is something that they're gonna go forward and do. This is the plan. They're gonna use this AI generated all Michaels to provide daily recaps. I wouldn't be watching the Olympics anyway, so it's not like I can say I'm boycotting because I don't want to hear this AI crap. I wouldn't be watching anyway. But something interesting to know, if you think you hear the voice of beloved commentator Al Michaels during these recaps, you don't. It's not him. It's a robot. [00:45:13] Speaker B: It's not him. [00:45:14] Speaker A: It's not him. I'm saying it right now. It's not him. That's my opinion. I'm sticking to it. [00:45:17] Speaker B: I don't want the tea mood Al Michaels. [00:45:19] Speaker A: No, I want the real guy. I don't care. I don't care if he's 100 years old. Put him in front of a mic. [00:45:24] Speaker B: Because he's got breath in his voice. [00:45:27] Speaker A: That's the only commentator I want to hear. We will. I'm. And I'm heated now, so we'll go ahead and. Go ahead and take a break. But don't worry. [00:45:34] Speaker B: Calm down. [00:45:35] Speaker A: Well, yeah, I got to chill out. And I'll get one of those monsters, too. [00:45:37] Speaker B: There you go. [00:45:38] Speaker A: That'd probably have the opposite effect, actually. So I'll just calm down, chill out, drink some water. We'll be back, though, in just a little bit with more technato. Tired of trying to schedule your team's time around in person learning? Isn't it a bummer to spend thousands of dollars on travel for professional development? What if we said you can save money and time and still provide your team with the best training possible? The answer to your woes is live online training from ACI learning. With live online training, we provide our top in person courses in private online instructor led formats. You get to provide professional development in a manner that fits today's expectations. Entertaining, convenient, and effective. Our exam aligned courses inspire the full potential of your team. Visit virtual instructor led training at ACI learning for more info. Welcome back. Thanks for sticking with us through that break. We had a lovely, riveting, calming conversation. [00:46:26] Speaker B: I have regained very many and sundry. [00:46:29] Speaker A: Very many. Not menius. That's gonna be our new word. Menius. Sundry. [00:46:32] Speaker B: Many and sundry. [00:46:33] Speaker A: It was close. It's close enough. But yeah, I've regulated, I've calmed down. So we can jump back into our, into our news now. Hope you're enjoying the episode so far. Leave a comment, let us know what you like, which didn't like what you want to see in the future. We're gonna jump into this next article, literally jump because grasshopper. Haha. [00:46:47] Speaker B: I see what you did there, grasshopper. [00:46:49] Speaker A: Hackers mimic as penetration testing service to deploy malware. Now grasshopper I've never. Is this like a service, or is grasshopper like a term, like a type? [00:46:59] Speaker B: I think they're saying it's like an apt. [00:47:01] Speaker A: Oh, okay. That's like the name. [00:47:03] Speaker B: I hadn't heard of them either. [00:47:04] Speaker A: Yeah. [00:47:05] Speaker B: But I saw this article, and it was making its rounds on, like. Yeah, like, security Weekly got on GB. Hackers. I think it's on hacker News. There was quite a few outlets that I saw this article pop up, and I thought, and honestly, if you read it, it's not really crazy. It's just talking about how they found WordPress sites that looked like they were very specifically pointed toward israeli governments systems to look and mimic israeli government systems. And once you go through that, you end up getting malware downloaded, I think was like a drive by download or something. And they talked about using off the shelf, publicly available, open source security hardware or not hardware, but gear, like donut, and I think sliver. Was it sliver or havok? One of the two. And just a bunch of off the shelf things that you could cobble together to basically deliver malware and have command and control overdem a target. It seems like there's some. This is where the article got interesting. Interesting. It seems like there was some ambiguity on whether or not this was actually set up by pen testers to pen test. So was this an authorized thing? [00:48:24] Speaker A: In which case it's not malicious because it was authorized. [00:48:27] Speaker B: Right. If it was a pen testing service or organization that been hired by the israeli government to pen test their systems, this would be legitimate, like a red team operation. Right. But it could also be the fact that this is hackers that are mimicking a pen test operation using all the same types of things. And that's a. That's what I thought was interesting about this article, is that if hackers are utilizing the same kind of ttps as a pen test organization would be doing, it could potentially fly under the radar as, oh, no, we're legitimate. And people thinking, oh, if I stumbled onto something, oh, that's just part of the pen test. [00:49:11] Speaker A: Right, right. [00:49:12] Speaker B: That's what I thought was kind of interesting about this article. [00:49:14] Speaker A: Like a wolf in sheep's clothing. Like, they're gonna make it look like it's a pen test, but this is not fake. [00:49:19] Speaker B: And if they do that effectively, that makes them even more dangerous as attackers, because now I got to really figure out how, or how do I do that? Figure out whether or not this is an authorized pen test, and you got to run it up the chain of command. You got to figure out, hey, I think I found something. Then that goes to the next person in line. Goes the next person line. Because pentests, especially red teaming activities, are not typically known by the defensive teams. [00:49:47] Speaker A: Yeah. [00:49:47] Speaker B: They don't know that they're engaged in a red team. Sometimes they're in the dark and they just want to see how well does the blue team respond to the red team's activities? How long did it take? What, what were they able to detect? What were they able to not detect? And the red team's kind of modus operandi is to act as a true apt threat modeling as actual apt. So it get, the line gets really blurry. It could be really difficult for an organization to figure out whether or not this was a red team operation or whether it was an actual threat actor. [00:50:21] Speaker A: Yeah. [00:50:21] Speaker B: That is utilizing the same types of and tools and procedures that a red team would be using. [00:50:30] Speaker A: It's like you've got the ski mask on. Like you're very clearly doing something. [00:50:33] Speaker B: You're wearing an apt uniform. [00:50:35] Speaker A: Yeah. Like you're hiding in plain sight, almost like nobody's thinking anything of it. [00:50:39] Speaker B: It's the Spider man meme, right? [00:50:42] Speaker A: Hey, you're supposed to be here, right? [00:50:44] Speaker B: No, I'm supposed to be here. You're not supposed to be here. [00:50:47] Speaker A: Then they just. Yeah, probably just end up, okay. It's probably fine, and, and leave it alone. I tried looking for, I was able to find a couple other articles where they talked about this, but when I first looked, looked up grasshopper hackers and went to the news tab on Google, the first thing to come up was when WikiLeaks revealed, I guess it was a CIA tool that they used called grasshopper. So I saw that I was like, the CIA. It's not. It's a different thing. If you did what I did. Don't do that. It's a different thing. But it'll be interesting to see. I looked at, like, the chain of events or like, it kind of walked through a little bit of the process. [00:51:19] Speaker B: Yeah. The drive by download, right? [00:51:21] Speaker A: Yeah, I think so. Donuts. Always going to be funny to me. I just think it's a fun name. [00:51:24] Speaker B: Yeah. So donut creates obfuscated shellcode. [00:51:27] Speaker A: Okay. [00:51:28] Speaker B: Right. And then they had a nim based shellcode runner and, like. And which I think grabs the next stage, which is going to be for Sliver. [00:51:37] Speaker A: Yeah. [00:51:38] Speaker B: Sliver is a c two command and control framework. Very. But it's open source. It's all these things are available online. You just download them. [00:51:46] Speaker A: So it's still not 100% clear whether this is actually a correct. So we don't even. We don't even know. Okay. [00:51:54] Speaker B: So some investigation is going to have to take place and whether or not this is a malicious actor or an actual pen test that is happening. [00:52:01] Speaker A: So the ideal outcome is that this is a pen test and it was a false alarm. [00:52:04] Speaker B: I don't know. [00:52:06] Speaker A: Like, that's. That's what, hopefully that's the news that we hear back. That would be. [00:52:09] Speaker B: Hopefully that is what we hear back. [00:52:11] Speaker A: That's the ideal outcome. That. Just kidding. False alarm. We thought it was a threat. It's not. They're supposed to be here. They're doing their thing. [00:52:16] Speaker B: Otherwise they're going to go. Who knows? [00:52:18] Speaker A: Yeah. The implications of that, I do not like that. [00:52:20] Speaker B: I just thought that was interesting. Like those. If it is a threat actor and they're using those techniques to kind of blend in. [00:52:27] Speaker A: Yeah. [00:52:27] Speaker B: Even more, man. That make. That changes the game a bit. [00:52:29] Speaker A: Should have called themselves Chameleon. Would have been a better. [00:52:32] Speaker B: I think they get the name themselves. [00:52:33] Speaker A: No. [00:52:34] Speaker B: Yeah. That gets kind of done by. [00:52:36] Speaker A: Yeah, I've talked about that before where I think it's stupid that we give them cool names because. [00:52:40] Speaker B: Come on. Oh, dragon. [00:52:41] Speaker A: Yeah. Why would you give it. That's like, yeah, I am a Komodo dragon. Like, no, call him diaper boy. And maybe they won't do what they're doing, but whatever. What do I know anyway? Well, I'm getting angry today. We'll move on. This is. Oh, we actually have another segment. This is. Who got pwned. Where's Cartman? Well, I mean, that's not Cartman, but it's Cartman's voice. Right? [00:53:04] Speaker B: Yeah. [00:53:04] Speaker A: Saying, okay, that's what I thought. So this company that I was not familiar with when I first saw it, but it's a company called Kadokawa Group, I believe. But it's the parent company of Fromsoftware, and this parent company was hacked by a ransomware gang that is threatening to release internal data. The reason that I wanted to just touch on this for a little bit is that Fromsoftware is the group that develops Elden Ring, which is huge right now. [00:53:28] Speaker B: Oh, so this hits a little close to home to you. [00:53:30] Speaker A: I'm not personally a big Elden ring fan. I'm not like a big Elden ring player, but I do know people that are, and I know that, like, every time I go to, like, game rant, game informer, whatever, over the past few weeks. [00:53:40] Speaker B: Yeah. [00:53:41] Speaker A: Half the it's kind of starting to piss me off. Half the articles are about Elden Ring, the shadow tree one. And it's, I think, shadow of the Erdrie or something like that. [00:53:50] Speaker B: I'm gonna look up how many Elden ring players or subscribers are probably, yeah, 8 billion elden ring. [00:53:57] Speaker A: Oh, boy. All right, well, while he's doing that. So this is a multinational media conglomerate, and one of their holdings is from software, but also the anime news network. So that's pretty big company. [00:54:08] Speaker B: 23 million. [00:54:09] Speaker A: Oh, okay. So not quite. [00:54:10] Speaker B: Elden ring sales have surpassed 23 million copies. [00:54:13] Speaker A: Okay. [00:54:14] Speaker B: 25 million unique players. [00:54:16] Speaker A: I'm in the minority. It's definitely a very popular game, but the one that's out right now is a specific elden ring something. Shadow tree Erdtree, something like that. I'm gonna get crucified in the comments for not knowing the name. That's fine. You can correct me. [00:54:29] Speaker B: How dare you. [00:54:30] Speaker A: Madam, you have an opportunity to correct me. Please do it. So it's a. They said the popular japanese video sharing site Nikoniko was the hardest hit by the cyber attack. All services suspended did not acknowledge from software. So they're not quite sure how heavily fromsoftware was impacted yet. But this parent company was hit pretty hard. And the ransomware group that perpetrated the hack, of course, they posted a message. We have confidential information. We have it and we're going to leak it. So, I mean, as such is the nature of ransomware. Groups are demanding a ransom. [00:54:59] Speaker B: Step one, deny. [00:55:00] Speaker A: Step one, deny. And when I looked at this, when I went to the Katokawa group and, like, looked at their list of holdings on Wikipedia, I think I may be pronouncing that wrong, but they've got quite a bit. I mean, if you look at this list, publication films and visuals, various others group media. So they have quite a bit of names to their name, I guess. So this is no small potatoes. It's a pretty big group, obviously based out of Japan. So it'd be interesting to see how far forward this goes. IGN reached out to Bandai Namco and the Kadokawa group and didn't receive any comment back. So that's not really a surprise, though. [00:55:36] Speaker B: I don't know why, but my mind just went, I wonder how long before my ransomware groups start offering chatbots. Once you land on the page, do you need help giving us bitcoin? Have you been ransomware? Please enter your identification. [00:55:50] Speaker A: They're going to have their own AI. [00:55:51] Speaker B: Yeah. [00:55:54] Speaker A: Ransomware AI? Yeah, like the little rufus bot that pops up on Amazon. Like, let me help you, like, no need. [00:55:59] Speaker B: A ransomware version of clippy. Yeah, or whatever. [00:56:02] Speaker A: People are going to start getting mad at the ransomware groups, not because they stole their information, but because you try to talk to a person and they just keep redirecting. [00:56:09] Speaker B: I'm just trying to pay my ransom and I keep getting redirected. If I gotta hear that hold music. [00:56:14] Speaker A: One more time, the customer service is just downhill. [00:56:18] Speaker B: Yeah. [00:56:18] Speaker A: For this ransomware group. Thank you for making light. [00:56:22] Speaker B: Yeah. [00:56:23] Speaker A: Two things. I really don't like these new AI bots and ransomware groups, so I wanted to touch on that really quick just because it is a pretty large company. Significant cyber attack. We'll see. [00:56:33] Speaker B: What, you're an elden ring player. Be looking forward to that. Email from, from software. [00:56:40] Speaker A: I got an email. It's not a gaming thing, but my, I think a lot of apartment buildings do this now. They have like some kind of a rental reward service that, like, if you pay your rent on time, you get reward points and you can redeem it for stuff. You get like two points per rental. And, like, it takes a while to accumulate points. But anyway, I got an email. It was like, they used to reward. [00:56:56] Speaker B: You with letting you continue to live there. [00:56:59] Speaker A: Like, what's the point of doing it if, like, like, what am I gonna. Oh, I get a dollar off a burger in six months. Anyway, regardless, I got an email this morning. [00:57:08] Speaker B: Everything counts now. [00:57:09] Speaker A: That's true. I got an email that said, hey, so we don't think that you were affected. We don't think any of our customers were affected, but our parent company got, it was. It's not Kadokawa. It's a different group. But they had a cybersecurity incident and da da. And that's the first time that I have had a service other than when I was using lastpass all those many months ago. And I've since redeemed myself and reformed. But this is the first time I've had, like, an actual service that I use and gotten the email that's like third party cybersecurity incident. And I, like, tensed up. I'm like, oh, no. So false alarm. But anyway, just reminded me of that. We'll move on, though. [00:57:41] Speaker B: You're having nightmares. [00:57:42] Speaker A: I do. [00:57:43] Speaker B: The flood of memories coming back. [00:57:45] Speaker A: I have night terrors. That's why I have to drink celsius when I come in, in the morning. Cause I lose sleep. This next article comes to us from security week. Millions of openssh servers potentially vulnerable to remote regression attack. [00:57:58] Speaker B: Regression. Like, this is a big deal. [00:58:01] Speaker A: It sounds like it. [00:58:01] Speaker B: This is a big deal. Probably one of the bigger stories this week. Probably one of the bigger stories this month, if not really year. [00:58:08] Speaker A: Okay. [00:58:09] Speaker B: Just because of how many possible vulnerable clients there are millions. Millions. Now I believe that a fix has been made available. If I'm not mistaken. There are certain, if you're. Is it glib C? That, that is the specific. What was it says the flaw track to CVE 2024 6387. Named regression was discovered by the threat research unit by. At cybersecurity units from qualis. Qualis. Obviously a very well known, well respected security firm has been described as critical and serious as the log for shell vulnerability of 2021, which was massive. All right, so they said it's unclear of exploitation affects windows and Mac OS systems, but if you're running Linux. Yeah, and it is Glib C based Linux systems are specifically affected. Unauthenticated remote code execution. See that? You want to talk about nightmares? [00:59:08] Speaker A: Yeah. [00:59:09] Speaker B: Keeping you up. Talking about this is what makes your, your admins break out into flop sweat and go, I'm sorry, what, what's happening? Somebody call someone. Right. Because you are completely hosed at this point. You have to shut off SSH at that point are heavily firewalled. [00:59:30] Speaker A: Yeah. [00:59:31] Speaker B: Until the fix is available again. I don't remember if they did say that a fix was available. [00:59:35] Speaker A: It doesn't look like, it says it's a regression of a previously vulnerability. [00:59:40] Speaker B: Yes, they reopened a vulnerability that had already been plugged right. From like 2006. [00:59:46] Speaker A: It says it was recently removed by accident. And organizations that can't immediately upgrade can apply patches that will be released shortly. So there are going to be patches but they haven't released yet. [00:59:56] Speaker B: Okay, so they're working on the patches as we, as we speak. Now this did, this article came out a couple of days ago. [01:00:02] Speaker A: Oh, so you think maybe. [01:00:03] Speaker B: So there is possible that there's a fix available at this point. But how many of you out there use SSHD on a Linux system? They say that there's about 14 million possible. [01:00:20] Speaker A: Let's see. [01:00:21] Speaker B: Here we go. According to Qualis, searches conducted using showdown and census services show that more than 14 million potentially vulnerable openssh instances that are directly accessible from the Internet. That is why the flop sweat showing roughly 700,000 Internet exposed systems that appear to be vulnerable at this point in time. Man, this is a, this is just not good. [01:00:49] Speaker A: So, okay, as of this was just, I found a different article just updated today, July 3. As we're recording this, openssh maintainers have patched a critical vulnerability. So they have patched as of today. [01:00:58] Speaker B: So patch now. Yeah, patch now. [01:01:01] Speaker A: It's true. [01:01:01] Speaker B: I don't care what you're doing. Stop and patch now. If this is the first you're hearing. [01:01:04] Speaker A: Of this, that's gonna be our newest segment. Patch now. [01:01:07] Speaker B: Patch now. [01:01:07] Speaker A: Patchnow.com. if you call now, you can get a free one. [01:01:10] Speaker B: That's right. Talk to our AI chat bot. [01:01:14] Speaker A: So. Okay, so I'm glad you brought that up because. Yeah, that does seem like, given how heavily and like the widespread. Of the widespreadness, the wideness. [01:01:23] Speaker B: Listen, we love to contribute to the english language every technato, given how widespread. [01:01:28] Speaker A: The impact, probably would be. Glad you brought that up. That is important. Patch now. [01:01:31] Speaker B: Indeed. [01:01:32] Speaker A: I picked several articles this week that I just. It's fueling my anger. It's like I did it to myself. You know, the angry Sophia episode, angry Sophie. But I'm not talking about Apple intelligence anymore, so that's a plus. That is a plus. But we are still talking about Apple. Apple says no to PC emulators on iOS. You might have, if you're into like, emulators at all. They did recently decide to allow retro game console emulators on the app store. And previously that was not allowed, but it's allowed now. Now, PC emulators, though, are a different story. If it's not a retro game console, you cannot have an emulator. You're not allowed to create an emulator for it, or they're not going to accept it on the app store, basically. [01:02:10] Speaker B: Why? [01:02:11] Speaker A: Good question. And it got me thinking about what is going to count as a retro game console? Because what if it's like, I think the very first, like, widespread computer game was Space War, and that was years and years and years and years ago. It's definitely older than 20 years. Making it retro. Okay, but that was on a computer, right? So what if it's an emulator that is for games that were originally designed for, like, an old PC? Like, at what point do you allow, where do you draw the line? Basically, right now, it's retro game consoles, which technically speaking, would be any game console that's older than 20 years, which includes games like consoles technically, like the Xbox, that is older than 20 years old. The first couple iterations of the PlayStation are retro game consoles by definition. Now, I know it's weird, I know Daniel's crying, but it, but it is technically retro now. It's. [01:02:55] Speaker B: What was interesting is, you know, so for retro game emulation, that was a big fat no no on, on iOS for forever up until very recently. [01:03:06] Speaker A: Yeah. [01:03:07] Speaker B: And I kind of got to, you know, thumb my nose at anybody that had, that was into retro gaming but yet ran an iPhone or something. I was like, oh, here I am on my Android going crazy, having a great old time. Haha. [01:03:20] Speaker A: Yeah. [01:03:21] Speaker B: Sorry. It sucks to be you. And then Apple removed that band and it was, it was, there was a couple emulators that popped up in, in the app store and was like, cool, welcome to the club. [01:03:33] Speaker A: Right? Yeah, enjoy. [01:03:34] Speaker B: It's a little late right now. You can enjoy that as well. And then they come out with. It's like. It just seems very arbitrary and I don't see any. And the, the person that they were. [01:03:45] Speaker A: Yeah. Somebody submitted a. And they got rejected. Their emulator got rejected. [01:03:50] Speaker B: Yeah. They said, in short, as the sole rule maker and enforcer in the iOS ecosystem, they being Apple, don't need to be consistent at all. And they basically said that. [01:04:01] Speaker A: They basically said, what's the problem? [01:04:03] Speaker B: They said, we can't tell you, but we know it when we see it. [01:04:07] Speaker A: There's no answer as to what counts as a retro game console. [01:04:10] Speaker B: So like, here it is. It's still the same old unreasonable answer along the line of we know it when we see it, even though there. [01:04:17] Speaker A: Are retro Windows games and things like that. So technically, I guess a PC is not a console is the argument, but it. What? There's just as many PC gamers as there are console gamers. [01:04:29] Speaker B: So when I asked what changes I should make to be compliant, they had no idea. Nor when I are. Yeah, nor when I asked what a retro game console is, they said it's still the same old unreasonable answer. We'll know it when we see it. Yeah, interesting. That is crazy. [01:04:45] Speaker A: And of course they didn't. They didn't reply to a request for comment. I'm not surprised. Right? [01:04:49] Speaker B: Big tech giving you ambiguous and hard to follow rules. [01:04:52] Speaker A: That. [01:04:53] Speaker B: That's unheard of. [01:04:54] Speaker A: It's like what we said a few weeks. Like, if you think that apple wakes up early morning and why is YouTube. [01:04:58] Speaker B: Giving me a copyright strike or hitting me with a hard strike? I don't know. And neither do they. [01:05:02] Speaker A: They're not here. [01:05:03] Speaker B: Just decided to do it. [01:05:04] Speaker A: They're here to just ruin your life. They're here to cause you. [01:05:07] Speaker B: What am I doing wrong? Just tell me and I'll stop. You're doing it wrong now. So you say. [01:05:14] Speaker A: So the person that wrote this article, his name's Jay Peters. He writes for the verge on give credit where credit's due. His opinion here at the end is that Apple likely opened the door to retro game emulators in the first place because of antitrust scrutiny. So I wonder if people keep pushing and saying, like, this isn't fair. I wonder if eventually. Cause there was a time when it was like, no game emulators on the app store. It's not allowed. And that's obviously changed now. So who knows? Maybe we'll end up going in a different direction. And I don't personally associate Apple products with gaming anyway, as far as, like, when I think of, I'm sitting down and put my headset on, I'm gaming. I'm not doing that on like, a Mac. You know, I'm not doing it on an iPhone. Me personally. Me personally. Yeah, Android users. Maybe it's different because, like you said, you guys have been on that train for a while, so who knows? Maybe there'll be a bigger market for this in the future. But, yeah, I just kind of. I saw that. [01:05:59] Speaker B: I was like, well, Mac has really good hardware, so it seems reasonable that a lot of people would want to do emulsion on a Mac system because of the horsepower that they have. Running some of the different emulators is very difficult. Three deciseconds is very difficult to emulate. Three deciseconds games. You would think this is a little stupid handheld. How hard could it be? But honestly, even PS two, ps three, all much, much older gaming systems take some real hardware to emulate all what was going on inside of those. Those. Those actual hardware systems. [01:06:36] Speaker A: Yeah. [01:06:37] Speaker B: So, yeah, I can see wanting. If you have a new MacBook or something, or a new iPhone, man, it's got great, great specs. Why wouldn't I want to? [01:06:47] Speaker A: That's a good point. Yeah, I guess. It's just not something I've ever personally thought. That's not what I associate with, but probably because historically, things like emulators and stuff haven't really been allowed on. On products like that. So maybe my. My context will change going forward, but, yeah, Apple's been pissing me off for the past month. Every week we got a new story on Apple that I'm, like, making me angry. [01:07:05] Speaker B: So are you. Are you mad enough is the question. [01:07:09] Speaker A: Like, you're gonna start an uprising? Yeah, like, you're not angry enough. [01:07:12] Speaker B: Can we get Sofia to jump? You want me to break Android? [01:07:17] Speaker A: Well, I don't know. [01:07:19] Speaker B: See, see, all of a sudden, this is pretty start. She starts hitting you. [01:07:23] Speaker A: This. I don't know. I don't know. Maybe give me a few years, because this is still. I've just bought this last year, so I'm not gonna listen. [01:07:30] Speaker B: Many different organizations will gladly take that in trade. [01:07:34] Speaker A: Yeah. I don't know. I have an emotional attachment to it now. It's like, I've been using an iPhone for so long. [01:07:39] Speaker B: And I'm guessing all your family is on. On Apple. [01:07:42] Speaker A: Yeah, my older brother switches back. [01:07:43] Speaker B: That's. That's how they get you. [01:07:45] Speaker A: He's a. He's kind of an early adopter for some of that stuff where he'll be like, new. There's new galaxy, whatever out. I want to try it. And then new iPhone's out. I'm gonna. He'll probably get the new iPhone when it comes out to try it. [01:07:53] Speaker B: Yeah. So honestly, for me, the Apple hardware is amazing. I've always said that you cannot deny that they have great hardware. [01:08:02] Speaker A: Sure. [01:08:03] Speaker B: I usually find fault in the software application, in the operating system itself. If, for me, is not intuitive at all. I'm like, where the hell is the back button? What is this? Why can't I not go to the previous screen that I was just on? That makes no sense to me. [01:08:18] Speaker A: Yeah. [01:08:19] Speaker B: Do they have a back button yet? Does that exist? [01:08:21] Speaker A: No, I think on the iPhone, it's. If you're trying to get back to the app, you were just. [01:08:24] Speaker B: No, no, no, I want to go. I'm going to be in the app and back up from something I clicked through to go to the next thing. [01:08:31] Speaker A: I think it depends on the app. Like, if you're in, I'm saying on. [01:08:35] Speaker B: My Android phone, every app does that because it's the phone that does it for you. [01:08:40] Speaker A: Okay. [01:08:40] Speaker B: The phone goes, oh, I have a back. [01:08:41] Speaker A: Like, hitting the back button on a webpage. [01:08:43] Speaker B: Correct. [01:08:43] Speaker A: Okay. [01:08:44] Speaker B: I can be in an app and go back. [01:08:45] Speaker A: Yeah, you're right. In Apple, I think it's contingent on the app. [01:08:48] Speaker B: You just have to close the app and then go back in. [01:08:50] Speaker A: Yeah. Depending on what you're using. Yeah. Yeah. Well, okay, then we're both pissed at frustrating. That's one thing we can agree on. [01:08:56] Speaker B: Apple makes us make sense and how, like, what is this doing? [01:09:00] Speaker A: That's fair. It's not super intuitive. [01:09:02] Speaker B: Not for me, anyway. [01:09:03] Speaker A: Somebody that's familiar with computers and is. [01:09:05] Speaker B: Used to people that are 80, they love it. [01:09:06] Speaker A: Yeah. It's maybe more intuitive to people that aren't super computer savvy, but if you're used to using a standard computer, then, yeah. [01:09:12] Speaker B: Just. It's just a monkey and you backwards. [01:09:14] Speaker A: I agree. A lot of the Mac controls are backwards to me. I don't like them. But I could rant about that all day long. [01:09:19] Speaker B: And that is purposeful, that it's backwards. Did that specifically. Yes. [01:09:24] Speaker A: Like, oh, you go. You go left and right. We want to go up and down. Exactly what happened. [01:09:29] Speaker B: Exactly what happened. We are not windows because jobs was pissed at gates. [01:09:35] Speaker A: And they both have nouns for their last names. They need to quiet down. You can't have a last name that's a noun and be talking that loud. We got one more article that we want to get through. We do. We do. And you, I think you. [01:09:46] Speaker B: I did. [01:09:47] Speaker A: Handpicked this one from the depths. So Portswigger, the company behind the burp suite of security testing tools, swallows 112 million, and I get an image of Kirby in my head when I see that. Like, swallowing that. [01:09:57] Speaker B: Yeah, in his dreamland. [01:09:59] Speaker A: Exactly. Yes. Playing golf in his dreamland. So the company is named Portswicker. I didn't realize that this was the company behind Burp suite, because I know you use burpsuite. Is the product a decent amount? [01:10:08] Speaker B: Portswigger is the company. [01:10:09] Speaker A: Okay, I didn't know that. What does it mean, they swallow 112 million? [01:10:12] Speaker B: That's just a play on words. Port Swigger, somebody that swings. [01:10:16] Speaker A: They're being funny. [01:10:17] Speaker B: They're being funny. It's a word game. [01:10:20] Speaker A: Okay, I'm not meant for you to. Enough for that. So what's the story here? What is. [01:10:25] Speaker B: They have. So Port Swigger company. They are a for profit company. Back. Way back when. When they began, though, it was just a dude or two making a product of a useful piece of software called burp. Burp. Then it became known as Burp suites, and now it is the gold standard for doing web application security in a lot of ways. Right? It is by far the most used. Now, there are. There's competition to. There's a wasp. Zap. Free open source. There's. I think it's called caldera. All right, what is the name of that system? There's another one that's, like, new. Yeah. What is the name of that thing anyway? It doesn't really matter. They do have some competition out there. But they are a for profit system. Am I right on that? [01:11:11] Speaker A: Uh, when I. When I look up Caldera, it says it's a cybersecurity framework developed by miner. [01:11:15] Speaker B: So maybe that doesn't really explain what it is, though. [01:11:17] Speaker A: Yeah, that's true. It empowers cyber practitioners to save time. [01:11:20] Speaker B: Money, and I wish I could remember the name of that thing. [01:11:22] Speaker A: I'll do some research. Let's see if I can find it. [01:11:25] Speaker B: But anyway, they are now taking investment funding to the tune of $112 million. Fun fact, I saw this article yesterday or day before, and I was on LinkedIn, and somebody I follow, Tim Tomes shoutouts. The guy who created recon ng, phenomenal hacker, creating great tools out there, free and open source for us to all use and enjoy. He made a post about this and how he was cautiously optimistic because he's worried about in shit ification. [01:11:58] Speaker A: Ah, yes, right. [01:11:59] Speaker B: And he said, this is a real term. Go look it up. Which it is. It's a real term where you have an online service that is amazing and people love it and it really caters to the needs of the user, and then they get acquired or they take funding, and from there they start working on trying to focus more on business and getting business customers instead of, you know, just. What's the word? Consumers. [01:12:27] Speaker A: So a little more b two b instead of b two c. Nailed it. I see. [01:12:29] Speaker B: Right. They start focusing more on b two b than they do b two c. And then because of that, they start changing the way the thing works and how it operates to cater more to that b two b market and kind of alienating their b two c market. [01:12:43] Speaker A: Because the b two b is where the big money is. [01:12:45] Speaker B: Correct. Because that's where the big money is. Once they've alienated their b two c market, they now start going just for profit grab, and they now alienate their b two b market, making just a really crappy. Because they're just going for profits because that's what investors are looking for to make profit. They're not necessarily. Do they care whether or not your product is something that people like and enjoy. They just want to make money off of it. Okay, so Tim makes this comment, and I say, I kind of agree with you. I'm cautious left for missing. Hopefully, the investors are not going to throw their weight around on how the money is used to better the product that is burp suite. [01:13:28] Speaker A: Okay. [01:13:30] Speaker B: He goes, his name's. I can never remember how to pronounce his first name. He goes by diff, I think, daft. [01:13:35] Speaker A: Yeah, yeah. [01:13:37] Speaker B: He. He commented on that thread in LinkedIn and says, we have no. No plans for any insignification. Oh, well, that's perp switcher. [01:13:45] Speaker A: I'm glad they ran on it. [01:13:47] Speaker B: Yeah, I don't think that's typically how it works. I think nobody has plans of insidificating. [01:13:51] Speaker A: One of you logged on, he was like, you're absolutely right. Yeah, yeah, yeah. It's only a matter of time before we start alienating you. Like they have a whole roadmap. [01:13:57] Speaker B: But there is a lot of companies that this does ring true. [01:14:01] Speaker A: Yeah. [01:14:02] Speaker B: And hopefully we do not see that with burp suite. [01:14:04] Speaker A: So the concern here is that they've never taken a big outside investment like this. And this is the first time that port sweater is doing this. And there's a concern that it might be a slippery slope. [01:14:13] Speaker B: Correct. [01:14:14] Speaker A: Okay. [01:14:14] Speaker B: Where the product. Because it's used by a lot of individuals. Right. A lot of individual security researchers pay for this either because they're hobbyists or the bug bounty hunters. So because it's reasonably priced, this is an amazing tool that runs like 400 ish dollars. That is, that is within the realm of somebody out there, just Joe Schmo, Jane Schmoe doing their thing. Being a security researcher, that is, that's not absurd amounts of money. If all of a sudden they start focusing on b two b, is the licensing fee going to go up? Yeah, there's burp suite community, but it's highly hamstringed as far as performance is concerned and what you can and cannot do with it. Will that even go away? Will they have to focus there? How, how is this going to look? I can't wait to see their roadmap on what they plan to do with that investment money and how it's going to better the product for everyone. Not just b, two c or b two b, but for everyone that uses it. Because it is such a, has such a diverse market. Fingers crossed. [01:15:17] Speaker A: Fingers crossed that, that it goes in the right direction. Yeah, yeah. That it doesn't become a case of, like you said, in shittification. Because it, I mean, yeah, it would be unfortunate. I understand that it's trying to keep up with the, you know, it's constantly growing and evolving. Want to keep up with the market, but at what cost? Right. [01:15:30] Speaker B: So yeah, the question is like what was the impetus for taking that, that level of money or any money at all? [01:15:38] Speaker A: It kind of vague, like what do. [01:15:40] Speaker B: You want to do to grow the products? [01:15:41] Speaker A: There's no specific make it better. [01:15:43] Speaker B: It was just, at least it hasn't been yet. [01:15:45] Speaker A: No specific goal stated yet outwardly. Yeah. Just the market's getting bigger. Our customers needs are getting bigger, which. [01:15:50] Speaker B: Is probably true, but hey, we need more developers to work on Burp suite, especially the pro version, to make it as to continue to corner the market on doing web application security testing. [01:16:05] Speaker A: Yeah. Show me your budget. Yeah, I want to see what you're gonna put that money towards. Well, hopefully, hopefully it doesn't go that way. Right? I mean, if you are pessimistic, then you'll either be right or pleasantly surprised. But hopefully it doesn't. It doesn't go in the direction of shit ification, which is fun to say. But thank you for bringing that up because, you know, as a pretty big deal and good for them for getting as far as they have and being able to get to this level. And hopefully they do the right thing with it. But I think that's gonna do it. For our articles that we had this week. I know we've got, obviously, the holiday coming up and then next week, because usually we do the first Thursday in. First Thursday of the month is our all Things Cyber show, but because the first Thursday of the month is a holiday and we will not be here, it's going to be next Thursday on July 11 at 02:00 p.m. eastern time, all things cybersecurity with Pat Gorman or infosec Pat as you may know him. It's going to be. It's going to be a good time. It's going to be a fun time. So that'll be right here in the studio next week. Thursday, 02:00 p.m. you don't want to miss it. And of course, there'll be a new episode of Technado out that day as well. So you might as well just come to the channel and then hang out all day at that point. I mean, you can also subscribe to Miss. To never miss an episode of Technato in the future. If you haven't subscribed already, drop a like. If you enjoyed this episode, we hope that you did. Thank you for letting us jabber on about the things that make us angry. [01:17:14] Speaker B: I'm trying to look at. [01:17:15] Speaker A: Are you doing some research? [01:17:16] Speaker B: I'm looking up what that. The, um, the caldera thing. Is it Caldera? I don't. [01:17:21] Speaker A: When you said Caldera, the only thing I found was from Mitre and it said Caldera can be used to test endpoint security solutions and assess a network security posture against common post compromise techniques in the mitre, ATT and CK model. I don't know if that sounds like what you were looking for, but that's the only Caldera I know that. [01:17:37] Speaker B: Like, I think Jon Hammond recently did a video on this specific product. Ooh. [01:17:43] Speaker A: Okay. [01:17:44] Speaker B: So I was just. For my own personal edification. [01:17:47] Speaker A: Yeah, it's edification. As opposed to. [01:17:51] Speaker B: Yeah, it's an interesting tool. It's just killing me. [01:17:54] Speaker A: And it was. Would there be any keywords like of what it does that would. [01:17:59] Speaker B: I know, I know. This was such a recent video that I should be able to find it. [01:18:03] Speaker A: Oh, okay. [01:18:04] Speaker B: Relatively quickly, I wonder if we'll have. [01:18:06] Speaker A: Jon Heyman back on the show soon because we've had him. [01:18:08] Speaker B: We always have Jon on from. [01:18:10] Speaker A: We've had him on a couple of times and that's always fun, too. We saw him at a conference and my mom was there with us and she recognized him. She was like, I know him. I saw him on your show. She was so excited. She probably will recognize Pat, too, I would imagine, because he was there as well. [01:18:24] Speaker B: He was there. [01:18:25] Speaker A: It's always neat to see everybody in the same place at those conferences where it's like I've only seen you on a screen and now I get to see you in person. Do you have any luck? [01:18:33] Speaker B: It's going to take me a minute. [01:18:34] Speaker A: Okay. So maybe, maybe we'll have an update for you next week then, if Daniel can find any information on that. But until then, thank you for joining us for this episode. Again, if you do celebrate the fourth, hope you have a great holiday. Try not to lose any fingers. [01:18:46] Speaker B: And someone said, posted, somebody doesn't know that this is their last year with ten fingers. [01:18:52] Speaker A: Hopefully, hopefully next week when you come back, you'll have all ten digits. So you can continue to so you. [01:18:58] Speaker B: Can continue to cross your fingers that you'll have ten digits. [01:19:01] Speaker A: Wow. All right. We'll call it there. Thank you, Daniel, for that. For Doc Brown, I'm grandpa, and we'll see you next week for another episode of Technado. Thanks for watching. If you enjoyed today's show, consider subscribing so you'll never miss a new episode.

Other Episodes

Episode

June 22, 2018 00:47:49
Episode Cover

The Technado, Episode 54: Week 25 in Review

Reunited, and it feels so good! Don and Peter are back in the studio to talk about Android messages, cryptocurrency hacking, and two of...

Listen

Episode

January 20, 2022 00:42:56
Episode Cover

Technado, Ep. 239: Keysight Technologies' Chris Cain

Chris Cain from Keysight Technologies, a leading manufacturer of testing and measurement devices, joined Technado this week to talk about some of the impressive...

Listen

Episode

July 21, 2022 00:47:47
Episode Cover

Technado, Ep. 265: MFA Phishing Attack

The Technado team was back together in the studio this week to discuss the new Intel Core i9-12900K benchmarks, Microsoft's shift in Windows development...

Listen