369: Hacktivists Leak Disney Data! (Plus, Signal Finally Fixes Encryption Flaw!)

Episode 369 July 18, 2024 01:07:20
369: Hacktivists Leak Disney Data! (Plus, Signal Finally Fixes Encryption Flaw!)
Technado
369: Hacktivists Leak Disney Data! (Plus, Signal Finally Fixes Encryption Flaw!)

Jul 18 2024 | 01:07:20

/

Show Notes

Breaking news: 126 updates from Google Chrome and many more patches abound! On this week's Technado, Sophie and Daniel get into hot topics like hactivism, AI, and banning Russian/Chinese companies from the states. In gaming news, CFB25 isn't even out yet, and its servers are already in shambles. All this and more await in this week's episode!

View Full Transcript

Episode Transcript

[00:00:04] Speaker A: You're listening to Technado. Welcome back to another thrilling episode of Technado, brought to you by ACI learning the folks behind it pro. Remember, you can use that code, Technado 30, for a discount on your it pro membership. Okay. It took me a second. I was like, what is the connection? [00:00:20] Speaker B: Yeah. [00:00:20] Speaker A: Okay. I understand now. Daniel was hitting the thriller. For those of you listening in audio mode, I would recommend tuning in so you can see that it's gonna be a great day. Great episode. Uh, we got new games coming out this week that I'm excited to talk about. Our new game. Singular. So we'll. We'll get to that a little bit later on. But some stuff about Kaspersky, the At and T breach. I mean, we have a lot to get through, don't we? [00:00:40] Speaker B: We do. There's. There's a bit of news there for you good folks. [00:00:43] Speaker A: Like a bit of hunt. [00:00:44] Speaker B: Some of it is a little, kind of important. [00:00:46] Speaker A: A little bit. [00:00:46] Speaker B: So, yeah, a little bit could be running some of these systems that are gonna need you to do some stuff. [00:00:50] Speaker A: News affecting millions, perhaps. [00:00:52] Speaker B: What do they say? News you can use? [00:00:54] Speaker A: Yeah, sure. That's. I don't think I've heard that one before, but yes, I'm sure. Yeah. Well, yeah, I mean, I'm twelve in most. I just watched Batman begins for the first time, like, two weeks ago. [00:01:04] Speaker B: Really? How was it? How'd you find? [00:01:05] Speaker A: I really liked it. [00:01:06] Speaker B: It was good. [00:01:07] Speaker A: Like, honestly, I've not seen most of the Batman films. Like, in the history of Batman, being a character, I know there's lots of iterations of it, but of the ones I had seen, the Dark Knight was my favorite, but I had never seen Batman begins. It was just a little before my time. And finally, admittedly, full disclosure, I heard Cillian Murphy was in it, and I was like, gotta see this. [00:01:25] Speaker B: You're a big Killian Murphy fan, huh? [00:01:27] Speaker A: I do enjoy his work. Yeah. Ever since I. Now that I really liked him in red Eye, I thought he was really good in red Eye. Weird to see him play a character that was, like, psychotic. That was pretty fun. So now I wanna see. I didn't realize he was an interstellar. I've seen it or not interstellar inception, I think he was in or something. I spent a long time since I. Interstellar inception. One of the two that I've seen and didn't even register he was in. Anyway, I enjoyed Batman begins. It might be my new favorite Batman film now. It may have dethroned. [00:01:51] Speaker B: It's funny that you watched that because I literally yesterday, the day before, watched Tim Burton Batman. [00:01:57] Speaker A: Huh. [00:01:57] Speaker B: Just randomly. [00:01:58] Speaker A: Tim Burton Batman. [00:01:59] Speaker B: Yeah, the Tim Burton. [00:02:00] Speaker A: Interesting. How was that? [00:02:01] Speaker B: That's great. I saw it in the theater when I was a kid, so. [00:02:04] Speaker A: Oh, okay. [00:02:04] Speaker B: This looks like one of my favorite comic book movies. It helped define a genre. [00:02:09] Speaker A: Okay. See I was more of a. I was a Marvel girly when I was like a kid and so I fell behind on a lot of the DC stuff and I have some catching up to do. I'll get there eventually, but. Yeah. So I had a productive little. [00:02:21] Speaker B: Pop culture aside. [00:02:23] Speaker A: Pop culture? Yeah. [00:02:26] Speaker B: I have ruined you for life, haven't you? [00:02:27] Speaker A: Yes. Yes you have. Well, to start off with, you know, we've kind of been, been doing this new segment of things that are just popping up on our radar the day that we film these that we don't have time to get super deep into, but we feel like it's important to cover. I think it's about time for some breaking news. Breaking news. I'm surprised you into the hammer. [00:02:46] Speaker B: I know that no one can hear that. [00:02:48] Speaker A: Christian. [00:02:49] Speaker B: We're smiling because we hear Christian screaming over the microphone. [00:02:53] Speaker A: Our directors really doing us a solid letting us know what the sound is going to sound like. So Daniel found this one this morning. Critical Apache huge grab vulnerability is under attack. Patch ASAP. Seems like that would be the obvious solution, but looks like CVSS score 9.8. So I can see why they're saying patch ASAP. Daniel. [00:03:12] Speaker B: Yeah. You know, when they hit those nines, that's when you really start paying attention. And when it's actively being exploited, that's also another eyebrow razor. Gotta be honest with you, if you are running Apache huge graph version, anything before one 30, you should probably hit the oh crap button at this point and we will forgive that. You are leaving the technado as we speak running over to your servers to do some updating. Because yes, this is an actual problem. Says there's some things you can do. Users are recommended to upgrade to version 130 with Java eleven and enable the AutH system, which fixes the issue. They also say you can also enable the whitelist IP port function to improve the security of the restful API execution. So that's going to be some of those little tidbits of information that you can run over and make those adjustments to your server. Keep yourself a little safer because, yeah, that would be bad. Would hate to see anything bad. That's a nice Apache server you got there. Be a shame something would have happened to it. Like I don't know, crypto lock, that kind of thing. A little double extortion, you know, horrible thing. [00:04:28] Speaker A: Double bubble, double, double, double in trouble. [00:04:31] Speaker B: We've gone. [00:04:32] Speaker A: Whatever the line. [00:04:32] Speaker B: I am big pentameter with. [00:04:34] Speaker A: Yeah, I try to keep a little bit of culture in the. In the Technato room. That's probably a mistake, but, yes, you're right. Patch ASAP. [00:04:41] Speaker B: I don't like your fancy learning. [00:04:43] Speaker A: Big words are not allowed here. We did say before the episode, we're. [00:04:45] Speaker B: Gonna try to make you still appreciate the way. It's my suspenders. [00:04:51] Speaker A: I thought you were just gonna say your mom, and that was gonna be your response. I was like, what the hell? [00:04:56] Speaker B: Yeah. [00:04:56] Speaker A: Okay. [00:04:57] Speaker B: You're your mom. [00:04:59] Speaker A: You usually know the big word. Your mom. That's your answer. [00:05:02] Speaker B: See, I got them. Intellectual comebacks. [00:05:05] Speaker A: Well, if you're hearing it here first, like Daniel said, you might want to run over and patch this. And that's not the only vulnerability on our radars this morning. Chrome. 126 updates. Patch. 126 updates. [00:05:17] Speaker B: 126 updates. [00:05:18] Speaker A: Okay. 126 updates. Patch high of security vulnerabilities. Now, I know, obviously, 126. Big number of that. 126. How many of them are actually severe? [00:05:28] Speaker B: I want to say it was eight of them. They said that? Yeah. You know, there's a little problem, and you need to take a look at this. Google ended up paying out $32,000 in bug bounties for the different flaws. I do believe they have a breakdown of them. Let me find that. It was. It was here, I swear. Oh, there it is. Use after free flaws. There were race conditions in the dev tools, out of bounds memory access. What else? We got a type confusion. That's fun. It resolves. Oh, so it said not eight flaws. It says implementation flaw in v. Eight. Oh, you're right. We read this, this one like 17 minutes ago. [00:06:09] Speaker A: You're right. It does say earlier in the article, including eight high severity. [00:06:13] Speaker B: Okay, yeah, I'm not getting. [00:06:14] Speaker A: You're right, you're right. [00:06:17] Speaker B: Facts. Good here. [00:06:20] Speaker A: We do read them pretty quickly and. [00:06:21] Speaker B: Yeah, we do. [00:06:21] Speaker A: Go, go, go. [00:06:22] Speaker B: Lots of stuff going on there. So just obviously, the fact that this is potential for remote code execute execution and sandbox escape nightmare scenario when it comes to browser. So, you know, go ahead and if you see that, hey, you should patch your. Your chrome. Time to update. Go ahead and hit that button. Make that happen. I know you got 400 tabs open. Who doesn't? Right? Who doesn't? But, you know, it has the restore tab functions to just do. [00:06:49] Speaker A: That's true. I don't keep a lot of tabs open, but I do keep a lot of folders of several bookmarks. So it's like on my bookmarking ten folders that each have ten bookmarks in there or ten tabs in them. [00:07:00] Speaker B: Yeah. [00:07:00] Speaker A: So really I do kind of have a bunch of stuff going on at once. [00:07:04] Speaker B: It's a layered approach. [00:07:05] Speaker A: It's a layered approach. Yeah, yeah. But yes, absolutely. Good. To cover those critical, critical vulnerabilities. First thing these things were, like we. [00:07:14] Speaker B: Said, this is breaking. These articles are from today as. Yeah, as of today, this is the 17th when we're, when we're filming this. [00:07:20] Speaker A: So yeah. If there's anything else that you want to add, feel free to let us know in the comments if there's anything that we missed. But it is hard to, hard to catch everything. So we're not done talking about these critical vulnerabilities and flaws though, because there's another one from a little bit earlier in the week we wanted to bring up critical exim. Is that how you would say that exim exim flaw allows attackers to deliver malicious executables to mailboxes? Oh, malicious executables, how fun. [00:07:43] Speaker B: Those are always a good time. Add by. All right, they're cute. Exim, they create, it's kind of a. So they use what's called an MTA mail transfer agent. This is the way we basically send mail to each other. And if they hit another MTA, then they can forward that onto the MTA that it's looking for. But if the user exists on the MTA that it lands in, then they can deliver the mail to the person. It's great. It's wonderful. We love it. Unfortunately, there is an issue tracked as CVE 202-43-9929 with a cv's score of 9.1. Like I said, once it gets into that hole, we really start paying attention. Once we crack the nines. Right. It's impacting the header parsing in RFC 22 31. So if you're a little more familiar with XM than I am, that makes sense to you. It results in file names being incorrectly parsed, which could allow remote, oh wait for it, remote attackers to bypass the name extent of the file name extension blocking protection mechanisms, which would be bad. Right. We don't want that to happen. Successful exploitation of security defects could allow attackers to deliver. Right. Those, those bad executables into your mailboxes, which is what we look to avoid on a daily basis. [00:08:55] Speaker A: That is true. [00:08:56] Speaker B: Here we are struggling. We're on the struggle bus together trying to keep the bad stuff out of your inbox. And unfortunately XM, you know, these things happen. But the good news is, if I'm not mistaken there's a proof of concept code. No that's not, that's not the good. No. [00:09:13] Speaker A: Go, go put this to use. Just kidding. [00:09:15] Speaker B: Yeah. Do they have a update to this? That is the question. [00:09:20] Speaker A: It says proof of concept code has been released but no exploitation attempts observed yet. But I'm not seeing anything about like oh, here's how you can fix it. Here's a workaround. Anything like that? [00:09:30] Speaker B: Oh no. It says right here this vulnerability was disclosed last month and was addressed in exim t a version 4.98. I believe if you go to Exim's website it is kind of a barking dog. They're saying hey, XM 4.98 is this version you should be on. So it looks like they have adjusted. But most Internet facing servers remain unpatched. That's according to census, who kind of weighed in on this. If you're not familiar with census, it's a wonderful little search engine that allows you to find Internet connected devices. So if you got that XM server out there or you're using XM in any capacity, you might want to go ahead and grab that update and go for, you know, I've heard good things about 4.98 xm. I hear it's, it's really nice. Got those new features like less flaws and that might be where you want to go with this. [00:10:22] Speaker A: That would be. Yeah, that'd be a good idea. Thank you for bringing that to our attention. I think as far as I know, oddly enough that's it for flaws. [00:10:31] Speaker B: This is patch day though, man. There's like a lot of patches going on. [00:10:34] Speaker A: A lot of patches. Especially considering just Google alone there was like a lot. 126. So still a lot. Still a lot going on. But moving on we've got another old favorite segment that we haven't really done in a while. We haven't seen this in a while. I believe this is Deja news. [00:10:49] Speaker B: Deja News. [00:10:55] Speaker A: I know it's your favorite musical ly at least. [00:10:59] Speaker B: I'm sorry, that's a catchy tune. [00:11:00] Speaker A: It is, it is. Hey. [00:11:02] Speaker B: I make no apologies. You're enjoying queen bees. [00:11:06] Speaker A: Nor should you. Dynce. She's got it. This you might have heard a little bit perhaps this week about the at and t breach. This is not the first time we've talked about an AT and T breacher security issue in the last however many weeks. But in this case this one's been linked to an american hacker, a telecom giant, paid a $370,000 ransom, according to reports. Now, I don't think at and t has come out and made a statement about this yet, but it was. Somebody was able to see, like, a blockchain transaction, I guess, where it changed hands between at and T and this hacker, and it was that amount that this american hacker asked for. So if you haven't seen stuff about this breach yet, it was hundreds of millions or 100 million customers were impacted, and their data was exposed. And it wasn't like calls and text messages, like the content, but it was like, any number that you interacted with, there was, like, a log of all these numbers. Just still not good. No. [00:12:01] Speaker B: Any access from a unauthorized organization or individual is always bad is a no bueno. Right. This is what we're looking to avoid. But it's good to know that, like, I mean, phone numbers, they seem to be fairly findable. Right. If I needed your number, I could probably find it on. On the open web. [00:12:23] Speaker A: That is true. [00:12:25] Speaker B: Is that a big deal? Is this the. I mean, okay, at and t, big company data breach, and is it just the numbers that they got or what else do they get? [00:12:36] Speaker A: This is what we know so far, correct. That's been accessed, but then, yeah, in two months, it could. [00:12:40] Speaker B: This is just what they're willing to admit. [00:12:42] Speaker A: Yeah. By the way, you might want to check and make sure your identity didn't get stolen. You know, just. Oh, you're gonna laugh. You're gonna laugh. [00:12:48] Speaker B: Remember that time we told you about the data breach? Well, here's the thing. [00:12:52] Speaker A: It's so crazy. [00:12:53] Speaker B: Oh, they got your passwords. [00:12:55] Speaker A: I think you're right, though. Like, even though maybe something like a phone number, if you looked hard enough, you could find it. Right? It's more like, okay, now, if somebody wanted to let. I don't know why I would be a target, but if somebody wanted to target me or people that I was. [00:13:08] Speaker B: Close to, now, they conjunction with other stuff. That's when it gets really stupid. [00:13:11] Speaker A: Yeah, exactly. [00:13:12] Speaker B: Again, at and t, they caught you napping. [00:13:15] Speaker A: They did. [00:13:16] Speaker B: And crypto locked your junk and. Right. Was it ransomware? Right. [00:13:20] Speaker A: Yeah, it was ransomware. And I guess it was back in May that at and t reportedly paid this hacker close to $400,000, but the data still got leaked, so. [00:13:31] Speaker B: Well, they were like, they were leaking samples of it to verify that it was. [00:13:35] Speaker A: It was real, right? [00:13:36] Speaker B: Yeah, it was a real, like, we really did this, and here's the proof. Here's. Here's a snippet of. Of some of that stuff. Just in case you think we're bullshitting you. [00:13:46] Speaker A: Yeah. Yeah. The thing that got me about this is that maybe this. I'm just being naive. I always thought the idea was that you don't pay the ransom like you're not supposed to. [00:13:58] Speaker B: We do not negotiate to a terrorist. [00:13:59] Speaker A: Right. Exactly. Like, it doesn't. It doesn't do you much good because, I mean, maybe then. Yeah. It prevents your data from getting leaked. [00:14:06] Speaker B: Federal government. [00:14:07] Speaker A: Yeah. [00:14:08] Speaker B: Does not negotiate with terrorists. [00:14:10] Speaker A: But private companies. [00:14:11] Speaker B: Private companies, on the other hand, that's up to them whether or not they wish to negotiate with terrorists. [00:14:16] Speaker A: Yeah. [00:14:17] Speaker B: So if they feel like paying them is, like, less impactful to their bottom line and their business than not paying them, I would assume that the companies that have made that assessment are paying. [00:14:34] Speaker A: Good point. That is a good point. [00:14:36] Speaker B: And then you have. You have cyber insurance. [00:14:38] Speaker A: Yeah. [00:14:39] Speaker B: It used to be the running joke, and maybe it still is. I haven't had to mess around with cyber insurance in a while. Is that. Well, we're not paying them. Our cyber insurance company is paying them, and they negotiate a lower price for those things to kind of like. And that's. It's basically, they are a ransomware group. I don't know if you know this, but there are negotiators that deal with, like, human ransom. [00:14:58] Speaker A: That is true. [00:14:59] Speaker B: That ransom. Well, hey, you know, the family really can't afford that. They can't get that much money together. So what about this much? And you get some money and everybody's happy, and that's kind of how those things go. And it bled over into the digital world we had. [00:15:12] Speaker A: I'm trying to block their information here, but somebody did forward to me the message that at and t sent out to, like, their customers. Like, hey, we're letting you know we're reaching out to let you know. I think I have their information blocked here, their email and stuff. We just have to let you know that some of your data was accessed without authorization. We have no current indication of any public release or illegal use, but we respect the privacy of your info. We want to provide you with details. So they've got, like, the information involved. The. They say it doesn't include the content of the calls or texts, no personal information and no timestamp or calls or calls or texts. So it was just the counts of calls and texts and call durations by itself, like you said, not really. Super, super concerning. [00:15:55] Speaker B: At least not on the surface. It doesn't seem. Maybe. Yeah, not. Not fully baked ideas. This is off the dome, you know, so it to me, I probably wouldn't, like, freak out, knee jerk action. [00:16:06] Speaker A: Yeah. As a team customer, it would be concerning just to be like, yeah, okay, well, then if that's not secure, what else is insecure? [00:16:12] Speaker B: But that's where, like, oh, yeah, what don't we know? You let people breach you. Yeah, that seems to be a problem. Hmm. What aren't you telling me? [00:16:20] Speaker A: Yeah, that's a good point. [00:16:21] Speaker B: That's where I would want to go. [00:16:22] Speaker A: Now. [00:16:22] Speaker B: I heard a lot of people talking about how much they paid and like. [00:16:26] Speaker A: This was like a king's chair. Yeah. [00:16:28] Speaker B: $370,000 in the ransom. I just did a quick Google search here and it says the average ransom payments surged by 500% this in the last year to reach 2 million per payment according to Sophos, the state of Ransom 2024 report. So this is a recent report. This. This compares to an average payment of $400,000 calculated by Sophos in 2023. So even by 2023 standards, they hit underneath average. [00:16:59] Speaker A: Yeah. [00:17:00] Speaker B: So I don't understand why everybody's kind of making a big deal about, or at least in my experience, maybe. Maybe in your experience you're not seeing that. But I just saw it mentioned a couple of times as if it were a lot. [00:17:09] Speaker A: Yeah. [00:17:09] Speaker B: Don't get me wrong. I don't have 370. [00:17:11] Speaker A: It's a lot for us to throw at a ransomware for at and t. It's like, yeah, one of the executives. [00:17:17] Speaker B: Is like, they want. I think I've got. Let me. [00:17:20] Speaker A: That was my bonus. [00:17:23] Speaker B: Can you break $100,000 bill? [00:17:25] Speaker A: It's like monopoly money for them. [00:17:26] Speaker B: Yeah, exactly. [00:17:28] Speaker A: Yeah, that's a good point. [00:17:28] Speaker B: You guys lighting his cigar with the money with hundos. [00:17:32] Speaker A: Yeah, it depends on your perspective. I guess. It's a lot for us, but maybe even not for at and t. Yeah, but you're right. I did see some play. You know, all the Kings alliance share ransom amount. So just depends on your perspective, I guess. But continuing with the deja news theme, you might have remembered that over the last few weeks we've talked a little bit about Kaspersky and how they are waving goodbye to their operations in the US. Kaspersky exits us market following Commerce department ban. I did read that they're apparently giving away some like, free software as gifts. [00:18:00] Speaker B: Oh, really? [00:18:00] Speaker A: As like a parting gift to Americans. [00:18:02] Speaker B: Like, you can't use free security software. [00:18:04] Speaker A: For the next six months. Yeah, you know, good luck. [00:18:07] Speaker B: So I guess that. I guess that would be the people that already. [00:18:09] Speaker A: Maybe it's like, yeah, if they've already got. [00:18:11] Speaker B: They're not charging them for the service. [00:18:13] Speaker A: Yeah. The rest of it's free. It's free till you can't use it. [00:18:15] Speaker B: Until you can't use it anymore. Yeah. [00:18:17] Speaker A: Which is nice of them. [00:18:18] Speaker B: Just really interesting, you know, to see them pulling out and being no longer their Persona non grata in the american workforce. I wonder, to me, this is just like, where do we go now? Does it continue? And if so, is this a good thing? Is this a bad thing? There's probably good points on both sides of that argument that if we deem Kaspersky to be an arm of the russian government, then I feel like that would be a good thing that we got them out of here. We do see that Kaspersky has done a lot of good in the world of cybersecurity as well. So, like, it seems to be in conflict. This isn't like China, who actively are trying to kick our ass digitally every day of our lives. Or a russian ransomware gang that's stewing x one. [00:19:14] Speaker A: Don't get me wrong. [00:19:15] Speaker B: We know that Russia is not friendly to us, but Kaspersky, is it the same as China? Where in China, tick tock is control. Owned and controlled, at least ultimately, by the CCP. [00:19:30] Speaker A: Sure. Yeah. [00:19:30] Speaker B: Is that the same in Russia? I don't know. Just because I haven't researched into it. If it is, I can understand why we would be hesitant to allow them access into, even if we've never seen. [00:19:42] Speaker A: Sure. [00:19:42] Speaker B: You know what I mean? This is a very complex. [00:19:44] Speaker A: A lot of unknowns. Yeah. [00:19:47] Speaker B: To become an expert in this. [00:19:48] Speaker A: Yeah. You'd have to do some research. I would be curious to know how long. From the inception of this idea of, like, oh, Kaspersky, bad news. We gotta get him out. And now it looks like July 20 is the day the band comes into effect. How long did that take? Because I've been hearing about TikTok bad for, like, the last ten years. It seems like. I know it's not been that long, but, like, it seems like it's been a long time, and yet I can still go on TikTok. It's not. There's been no, like, active. It's banned in the US. We're not. It's been talked about. I know there's been, like, court cases and stuff that have been going on, but how long does it take? If we know that this is supposedly a threat, how come it's taking so long to take care of tick tock but this lickety split, you're able to take care of this. [00:20:28] Speaker B: I wonder what that is. Interesting, right. And the fact that, like, so they say the manipulation of Kaspersky software, including in us critical infrastructure, can cause significant risk of data theft, espionage and system malfunction. The Bureau of Industry and Security noted it can also risk the country's economic security and public health, resulting in injuries or loss of life. But is there. Okay, so is this. Do I have to read this? Commerce Department, do they have a report available that shows the, like, the smoking gun of. Or. We just feel that Kasper, like, they are connected to the FSB and we can prove that. But even though we can't prove that they've actually done anything. You see what I'm saying? [00:21:08] Speaker A: Yeah. [00:21:09] Speaker B: There seems to be a lot unknown that's going on here. [00:21:12] Speaker A: I guess maybe if the risk that they think they'd be taking here by allowing Kaspersky to continue operations, if they're saying that the risk of doing that is there might be issues of data theft and espionage and economic security for the whole country, whereas the tick tock stuff is like, well, you as an individual might have. [00:21:29] Speaker B: Right. [00:21:29] Speaker A: You might be being spied on, I guess, or your data might be being farmed or whatever. And so it's not as big of a deal because you're just talking about the individual us citizen consumer. And we can deal with that later. But this is like, well, this is a full spread. [00:21:43] Speaker B: Yeah. Hit on these things. [00:21:44] Speaker A: Like, could be. [00:21:46] Speaker B: I could see that. Well, yeah. I'm surprised they didn't start off with just not in the us government. You can't have this in the us government. Okay. [00:21:53] Speaker A: Right. [00:21:54] Speaker B: I. Right. But to just come out and full scale wipe them off the map as far as, like, us market goes. [00:22:02] Speaker A: Maybe their reasoning logic is that, like, if they are, if the us government is entangled at all with any big tech firms and they're thinking that. I know. We're inching into conspiracy territory. [00:22:12] Speaker B: Yeah, we're stuck. [00:22:13] Speaker A: I know. [00:22:13] Speaker B: I mean, we don't know that they, they haven't, obviously, you know, the Twitter files has kind of proven that there's at least some communications between the two. [00:22:22] Speaker A: So if they think that there's a chance that big tech firms like that would then use technically their private company. [00:22:26] Speaker B: Come into the side door. [00:22:27] Speaker A: Right. Yeah, that would be. [00:22:29] Speaker B: I would love to see a report. That's all I'm saying. I would love to see a report on this speculating. And if. Don't get me wrong. Don't hear me say, like, I am, I'm a patriot to the United States. And if. And Russia is an enemy, a foreign. We do not wear foreign adversary. That's right. And if they're doing anything hinky, I. For me. Right. Just saying. I've seen Kaspersky just do a lot of really good things out. [00:22:55] Speaker A: Yeah. [00:22:55] Speaker B: In the security space. So I have this kind of weird little inner conflict. Yeah. This weird little inner conflict inside. But if they are adjoined anyway to the FSB and any kind of espionage or attacks against America, then good riddance, right? [00:23:12] Speaker A: Exactly. [00:23:12] Speaker B: In my. That's just how I feel. [00:23:15] Speaker A: Yeah. It will be interesting to see if anything more comes out about this or. Yeah, maybe there are details that are in whatever the report was that was released. It says, oh, it was an extremely thorough report, but like you said, I wonder if there was, like, a smoking gun. Oh, this is very obvious. Or just. I'm definitely a bad feeling about this. [00:23:30] Speaker B: I'm definitely gonna look into any kind of evidence that they have. [00:23:34] Speaker A: Be curious to know what y'all think about that, too, what your opinions are on that. And I second what you said. Hey, staunch patriot, if there truly was a threat, then good riddance. But it'd be interesting to know exactly what that threat was or what proved it, I guess. But continuing a little bit with that deja news theme, you might also recall that a few weeks ago, we talked about there being an issue with Disney's data security, and it turns out that some hacktivists are claiming a leak of over 1 Disney data. Now, I know that now, a terabyte is, like, not a ton of data in the grand scheme, but for a group like Disney, depending on what that data is. [00:24:13] Speaker B: So if it's just slack communications. [00:24:15] Speaker A: Right. [00:24:16] Speaker B: And that kind of stuff, that's a lot. [00:24:17] Speaker A: Yeah. [00:24:18] Speaker B: Right. Because it's just text. Right. It's not a lot. A terabyte is not allowed when you're talking about video files and images and audio and all this other stuff. When it's just text, that's. That's a butt ton, I think. [00:24:31] Speaker A: Yeah, it's mostly text. Yeah. So there's a complete 10,000 channel data dump of their internal slack channels encompassing files, messages, unreleased projects, raw images, and code. [00:24:41] Speaker B: There is some images, but it's mostly text. [00:24:43] Speaker A: Mostly text. So, yeah, a lot of information. [00:24:45] Speaker B: That's a pretty good bit of information. [00:24:47] Speaker A: It says it was. I believe it was. The name was weird. Null. Bulge is the name of the attacker they claim. [00:24:52] Speaker B: Hacktivists, if I'm not mistaken. [00:24:54] Speaker A: Yes. They claim to be a hacktivist group protecting artists rights and ensuring fair compensation for their work. They're saying the AI generated artwork harms the creative industry and should be discouraged, and that is what motivated them to carry out this attack. AI generated art. [00:25:06] Speaker B: So I think that, obviously, we got a story in the idea that they were compromised. Right. That Disney saw a breach. I think the real conversation here, though, is hacktivism. [00:25:19] Speaker A: Yes. [00:25:19] Speaker B: Right. What do y'all think about hacktivism? Do you think that breaking the law and doing these types of activities, did the ends justify the means or. Right. And here's where it gets fun, is. Because that can be really subjective. [00:25:38] Speaker A: Yeah. [00:25:39] Speaker B: Right. Well, I don't agree with your ends or your whatever. I don't agree with you. So therefore, yeah, the ends justify the means. But if you were doing against me. No, the ends do not justify the means. Right. I feel like that's how a lot of hacktivists kind of feel. [00:25:54] Speaker A: Yeah. [00:25:54] Speaker B: Could be wrong. I don't know a lot of hacktivists, honestly. But just from what I see, I feel like that is the mindset is that it's okay for us to do this to you, but if you did it to us, that would be bad. [00:26:07] Speaker A: Yeah, I think you're right. And I think, too, where the line is for certain people changes, because maybe some people are like, okay, you're going a little too far over AI generated art, you know, to hack into Disney and steal their stuff and whatever. But maybe there is a point where those same people would be like, okay, you've gone too far now. It's okay to do this. I feel like, you know, maybe it's not Disney, but hacktivism in general. Somebody's trying to hack in somewhere. So, like, PETA, right. If there's a hack, this group trying to hack into PETA, maybe there are people that feel that strongly about what PETA does that are like, we think that this is where the line is, and because of what PETA's doing, what they're doing is evil enough that it justifies what you're doing. So the line is different for everybody again. [00:26:46] Speaker B: Yeah. It goes back to. Depends on what side of the fence you're standing on, whether or not you feel like it's justifiable. Yeah. Yeah. So, to me, I just think that I. And I say this a lot. I do not feel that any position that I have is so weak that it could not withstand scrutiny and that the better thing to do was would be open forum, open debate, bring attention to it. By, hey, let's. Let's bring in some of these. Let's. Let's organize, get the word out, and build our own campaigns to drum up interest and awareness of these things in a way that's cool. And I really. If you want to affect doing things like hacking into their websites and being douchebags by breaking the law and data dumping their stuff, that, to me, is just not the best way to go about this stuff. [00:27:43] Speaker A: Yeah. [00:27:43] Speaker B: Right. I'm not saying good has never come out of that kind of thing. [00:27:46] Speaker A: Sure. [00:27:47] Speaker B: But ultimately, if we can just start having these conversations and culturally kind of, like, bring awareness, because ask someone who has a likeness. Sophia, you have a likeness? I do. Fun fact. Fun fact. This ain't the first time that we've been down this road. And do you know who Crispin Glover is? [00:28:06] Speaker A: That sounds really familiar. [00:28:07] Speaker B: Crispin Glover is an actor who sued. I don't know if he suede universal or if he sued Bob Gale and Bob Zemeckis directly, but they are the two people that are the creators of Back to the Future. He was George McFly in the first back to the future. Crispin Glover played George Floyd. [00:28:25] Speaker A: Oh, okay. [00:28:25] Speaker B: Okay. He sued them because he asked for more than what they were willing to give in his contract for back to the future two. Therefore, he was not in back to the future two. What they did was they hired an actor that kind of looked like Crispin Glover, and then they did makeup to even further make him look like Crispin Glover as an old man. [00:28:48] Speaker A: Okay. [00:28:49] Speaker B: Because he was hanging upside down in this thing, you know, because of his back being thrown out. Where Crispr and Glover sued them was. Is in back to future one. They took molds of his face to make his old makeup as he was an older man in the beginning of the film. And they used those molds to create the face on the actor and back to the future, too. And he said, you do not own my likeness. [00:29:14] Speaker A: Interesting. [00:29:15] Speaker B: And I was like, this is an interesting case. This is the case. Like, that's the kind of stuff that if you get out there like, that is interesting. You probably want to know more about that and want to look at did he win the case and how did that come out? And what was his arguments? What was the rebuttal? That's interesting stuff. That's the kind of stuff that can really influence some positive change in the industry. If you start saying, hey, you know what? I don't think you did right by these artists and stuff by using AI. And I would. I would much rather put money in someone's pocket, that's an artist. Otherwise, we're going to lose true artistic renditions of things. Right. True artistic vision. And the only time we'll ever see that and have availability to that will become the elite, because now art by a human becomes a high level commodity. It becomes like a veblen good where only the richest people have it. Because otherwise, you just go get AI to generate it, and it becomes sand. Art becomes sand. [00:30:16] Speaker A: That's an interesting point, because if these people that carried out this attack are saying they did it on behalf of the artists, because it's unjust to artists to be using AI art and da da da, if that kind of scenario didn't happen, you'd think artists would be all for that because now their arts worth more because the market's so saturated with computer generated art that what I. [00:30:34] Speaker B: Yeah, but the market shrinks, right? Because then only, only the best of the best. [00:30:39] Speaker A: That's true. They can't commission the people on Twitter. [00:30:41] Speaker B: Right. I can't just become like, oh, I'm gonna create, you know, hotel lobby art. Yeah, I'm just getting it done by AI. AI is doing that. That's a, now there's an argument on the other side of that as well, right? Hey, an artist could use Aihdeme to see their vision come out, right? [00:30:56] Speaker A: To kind of give them an idea. [00:30:57] Speaker B: To one way or the other. [00:30:58] Speaker A: Sure. [00:30:59] Speaker B: It's just an interesting talk on whether or not the activist should have taken this type of action to go that far. Right. [00:31:07] Speaker A: And risk like, I mean, it's Disney. If any company's gonna come after you, and there's gonna be legal ramifications, you do not wanna. It's not a mom and pop shop. It's Disney. [00:31:15] Speaker B: We're talking the house of mouse here. [00:31:17] Speaker A: This is way around high risk, low reward situation. [00:31:21] Speaker B: They got pinky rings and gold chains. [00:31:25] Speaker A: You're gonna be billy Batts on the floor of the bar. You are not gonna look good for you. [00:31:29] Speaker B: I do not envy you, you poor souls, you. [00:31:33] Speaker A: I have some input from our director. I don't know if he wants to show it on the screen and put his name to this or not. [00:31:40] Speaker B: Okay. [00:31:40] Speaker A: Christian says, that is the dumbest thing I've ever heard. AI artists sick. Get good. Dumb artist. Make sculptures or tapestries. Tell the people that AI art is great. Hoorah. So that's. Christian would like you to know that is what he thinks. I'm sure there are people. [00:31:51] Speaker B: I didn't understand a word of that. [00:31:52] Speaker A: No, Christian likes AI art. He thinks it's cool. [00:31:57] Speaker B: I think there's obviously a place for AI art. I think there's a place. I think we just haven't found the equilibrium with it yet. I think the AI is so hot and so new, and people are seeing. I say people. I mean, organizations, companies that need art. Seeing the just the bottom line benefit of not having to pay someone. [00:32:16] Speaker A: Yeah. [00:32:17] Speaker B: Getting a, you know, a mid journey account. [00:32:19] Speaker A: I think at the end of the day, the people will respond. And so if Disney did start using AI for all their stuff to generate a bunch of animation, I think you'd see enough people be like, well, this is crap. [00:32:28] Speaker B: The culture will dictate. Right? What if we say we don't want AI art or we want less ar? Or we want AI art like this? Or you've gone too much. I don't mind Ar. You see what I mean? Hacktivism is, it's just not the way to go. That was the wrong move. Now you've painted yourselves as the a. [00:32:46] Speaker A: Holes in the story, stealing information. [00:32:50] Speaker B: I mean, I guess you're okay with that. You had to know that going in. No one's going to think you're Robin Hood. [00:32:55] Speaker A: Yeah. Because it helps nobody, really. [00:32:59] Speaker B: Right. [00:32:59] Speaker A: You got a terabyte of data from Disney. Sure, it's a lot of stuff, but. [00:33:02] Speaker B: Like, yeah, what are you doing with that data? [00:33:03] Speaker A: Who's that gonna really help? [00:33:04] Speaker B: Did they say. Did they say what they're doing with it? [00:33:08] Speaker A: I don't think so. It was more just. I kind of wonder if this was just supposed to be like, oh, this is a warning. Says they claim they are disseminating the stolen data for, like, to what end? I'm not sure. [00:33:21] Speaker B: Are they just trying to hurt Disney on the bottom line? Because, again, it just goes back to, you're not the hero here. [00:33:28] Speaker A: Right. Yeah. [00:33:29] Speaker B: That's not how you hurt Disney. If you think what they're doing is wrong. [00:33:32] Speaker A: Yeah. Hurts in their wallets. [00:33:35] Speaker B: Right. You. And again, don't buy their stuff. I love to see when organizations or companies, they misstep. They gaffe hard and people, you know, recoil and they feel that in the pocketbook, and they feel that their brand is being hurt, and they go, you know what? We made a mistake. We're not going to do that anymore. And then as a consumer, I like to go, you're forgiven. [00:34:00] Speaker A: Yeah. [00:34:00] Speaker B: Right. You learned doing the right thing now, and I want to reward you for that. [00:34:04] Speaker A: Yeah. [00:34:05] Speaker B: So I will continue to now purchase or use your service or whatever the case is. [00:34:09] Speaker A: Lesson learned. [00:34:10] Speaker B: Right. If there's no path to forgiveness. If there's no reconciliation between the two entities, then they just feel like they did. I'll just do whatever I want. That. [00:34:18] Speaker A: Yeah. [00:34:19] Speaker B: And if it burns, it burns if it doesn't. Right? Because it's already burning. So what's the harm? You got to have, you got to be. We got to be reasonable here. [00:34:26] Speaker A: I agree. You know, gotta be reasonable. There's a compromise to be had. Figure this out. [00:34:31] Speaker B: We can find common ground, ladies and gentlemen. [00:34:34] Speaker A: Yeah, absolutely. Well, that is always a very interesting topic to get into. Especially, I mean, this obviously, the hacktivism and then the fact that their cause was because screw AI are. Screw AI generation. Whatever. Always a real interesting topic to get into. Curious to know what y'all's opinions are on that and what side of the fence you're on and what do you think is too far when it comes to this kind of stuff? Me personally, my throat starting to hurt. I need to like take a water break, so I'm going to deem we are taking a break because we still have some more stuff to get through. So I recommend that you take a water break as well. We'll be right back with more Technato. Anthony, what are we going to be talking about? [00:35:06] Speaker B: We are talking about our newest and most excellent cloud plus course. This course really does an amazing job of taking the learner from the very fundamental aspects of cloud and then walking them through some of the more advanced topics. They're going to learn about how to secure the cloud, how to optimize the cloud, how to save costs with the cloud. So this is not a course with complete bias to AWS or Google Cloud platform or Microsoft Azure. We breathe life into this material by doing demonstrations across all of the big three cloud vendors. [00:35:51] Speaker A: We have a lot of fun in cloud and we know that you will, too. So come check it out. Welcome back. Thanks for sticking with us through that break. We'll get right into it because this is one of my favorite segments and we haven't seen it in so long. [00:36:08] Speaker B: Oh, well, you did jump right to it. [00:36:10] Speaker A: And I am so excited. She is. I don't get to do this noise very often anymore. Yeah, you know, so let's hear it. This segment is called it better be good. It's called don't hear it. [00:36:27] Speaker B: I've heard you do better. [00:36:30] Speaker A: Okay. [00:36:30] Speaker B: Heard you do better. [00:36:31] Speaker A: Well, now I'm depressed. [00:36:32] Speaker B: You should be. [00:36:33] Speaker A: SZA broke into a us federal agency and no one noticed for a full five months. I need the Charlie Brown like, sad music playing in the background. I think this counts as a dough because it's like they broke into a us federal agency and nobody was any the wiser. [00:36:50] Speaker B: I agree. Absolutely. A doe segment here. This is crazy. Scary, scary. You know, it's funny that the CISa, you know, they've had their own issues. We have reported on that. [00:37:02] Speaker A: Oh, yes, they have. [00:37:03] Speaker B: Right. Where they were like, hey, you know, this Avanti things, like a real problem you should patch. I. I mean, we're not gonna. Right. Wasn't it Avanti? I think it was Avanti, yeah. So, yeah, I guess they took, they took that message to heart when they got smoked by whatever group that hit them. I forget who. We read so many articles, it just starts all bleeding together, blends together a while. But. So they were performing red team operations, right? They have a red team crew that was taking a look at what is the state of security in most of our federal agencies. Let's. Let's take a little peek behind the curtain here and see how well they do. And it did not go well, apparently, because. Right. How long were they in there? Months. [00:37:49] Speaker A: Five months. [00:37:50] Speaker B: Five months. [00:37:52] Speaker A: And one of the vulnerabilities they were able to exploit was like a 9.8. [00:37:57] Speaker B: Yeah. From like an oracle vulnerability. Right. It was like a. What wasn't. It wasn't Oracle. [00:38:01] Speaker A: Yeah. Oracle, Solaris. Yeah, yeah. The target agencies, Oracle, Solaire's enclave, leading to what it said was a full compromise. [00:38:08] Speaker B: Full compromise. Full compromise. So what they found was the fact that not only were they able to find exploits, but so the federal government mandates. So they have this thing called the Kev, the known exploitable vulnerabilities database, and that anytime they find something that's like that, they add it to the Kevin, they go, oh, man, we got software. It's saying it's actually exploitable because we did it. Add that to the Kev. And once it's in the Kev, then the federal organizations, by dictate, must come to compliance within a certain period of time. And they were finding that that was not happening due to x, Y and Z factors. And it was like, this is why we do red teaming. Right? I thought that's why I picked this article, because it was a prime example of why red teaming is important and it's not just fun and games, right. To go, oh, man, look how elite I am. And all cool hacks I can do. And I'm so good at this. You can't detect me. They're the John Cena of, you know. [00:39:11] Speaker A: They'Re like, yeah, see me, my time is now. [00:39:13] Speaker B: That's right. [00:39:16] Speaker A: Maybe you can shed some light on this because one of the things that this article says is that about two weeks after the team, CIS's team, obtained access, exploit code was released publicly into a popular open source exploitation framework and the CIS identified that the vulnerability was exploited by an unknown third party. So are they saying that like they exploited it but they had to be like, oh, we don't know who exploited it? Or was this just while they were in there, there happened to be a third party that was also poking around in there and it was like, oh, that wasn't us, that was somebody else? I guess we better add this to the. [00:39:48] Speaker B: Yeah, that absolutely sounds like they're saying we have found that you have been compromised. [00:39:53] Speaker A: Because then at that point, if this was only two weeks after they obtained access, did they then just stay in there while this other team had gained access? [00:40:01] Speaker B: And was it, was it another team or was it like unknown party, did they say? [00:40:07] Speaker A: It just says they identified that the vulnerability was exploited by an unknown third party. So I don't know if that was them saying like we, that's a lot of text. [00:40:15] Speaker B: Can you highlight that for us? [00:40:16] Speaker A: Yes, I can. I didn't realize he put it up there. Yes, an unknown third party here. So I don't know if that was them saying like, oh shoot. [00:40:26] Speaker B: So if it's, yeah, I mean, like, was it actually. [00:40:29] Speaker A: Or was that them? [00:40:29] Speaker B: You're saying it's possibly another red team? [00:40:32] Speaker A: Or like, was saying like, like were they the ones that exploited this? [00:40:36] Speaker B: No. And they're saying unknown third party means we don't know who did. [00:40:39] Speaker A: Okay, so this wasn't like a cheeky little, we don't know. [00:40:42] Speaker B: When they say an unknown third party, that means that. What? Nurse. Okay, so yeah, it's not the government. That's not. No, we don't know who this was. They. And if they know it wasn't them, then who was it? [00:40:55] Speaker A: I guess. [00:40:56] Speaker B: Right? Logic dictates that if it wasn't us, yeah, it was an enemy, it was a bad guy. Right. [00:41:03] Speaker A: I'd love to see like a timeline of all this going down because this is, it was about two weeks after the red team obtained access that they realized that this was going on. So did they then still stay in there and keep poking around? Because to bring it to their attention would be to admit that they were poking around in there too. [00:41:19] Speaker B: And if they were, they probably that will be one of those things. So when you do a red team engagement, you'll have kind of like these things that, what do they call them? It's like escaping my brain right now. Basically there will be things that make you pull the alarm and go, hey, I must inform you, I must, by a mandate, say I have discovered something. I have to go to my point of contact, let them know that this has been discovered and we kind of halt thing. [00:41:47] Speaker A: Okay. [00:41:48] Speaker B: Fun thing about the federal government is, is there's many a system for them to red team against. And yes, the ultimately the red team's goal is to gain access and then persist. They are to basically act as apt. [00:42:03] Speaker A: Okay. [00:42:03] Speaker B: They knew they want to go undetected and persist for as long as humanly possible because the purpose of red teaming is to a couple fold. Right. Find vulnerabilities that are exploitable and then check the defenses of the blue team. [00:42:19] Speaker A: Okay. [00:42:19] Speaker B: Right. Are the defenses that we put in place working? [00:42:25] Speaker A: Right. [00:42:25] Speaker B: So to what extent. [00:42:27] Speaker A: Yeah. [00:42:28] Speaker B: Right. So that is the purpose of doing red team operations is to see if all the money and time and effort that we're putting into our defenses are completely inept and ineffective. [00:42:40] Speaker A: So reassuring. [00:42:41] Speaker B: We need to take a harder look at what's going on here. Okay, red team, how was it that you were able to do all this? So once the red team engagement ends, they have an after action report where they sit around and go, well, we found this cool old 9.8 for Oracle and we gained full compromise to that system. From there we pivoted and we were able to walk through because you didn't have any defenses that were detecting of this, that and the other and so on and so forth. And then the blue team learns, they build new fences and then we red team again and we see how effective are the new fences. [00:43:12] Speaker A: Yeah. What controls do we put in place to. [00:43:14] Speaker B: This is an iterative cycle that you go through. [00:43:18] Speaker A: They were able to get access to tier zero assets, which is a term I've never heard before, but apparently it means the most highly privileged systems. [00:43:24] Speaker B: Correct. [00:43:24] Speaker A: That is so fun. [00:43:26] Speaker B: Yeah. [00:43:26] Speaker A: Thrilling. That's crazy. [00:43:28] Speaker B: And fun fact, ladies and gentlemen, whether or not we advertise this, we are in the middle of a cyber war. [00:43:35] Speaker A: Yeah. [00:43:35] Speaker B: With many a different nation states. [00:43:39] Speaker A: So this, this doesn't bode many different highly skilled nation states. [00:43:42] Speaker B: Yeah. [00:43:43] Speaker A: So if we can do this, I feel like it's not going to be difficult for, I mean, this is no insult to the abilities of american cyber teams and all that stuff. [00:43:52] Speaker B: Listen, they are working hard. I guarantee you some of the best. [00:43:55] Speaker A: And brightest, but so does Russia, so does China. [00:43:58] Speaker B: Right. [00:43:58] Speaker A: So it's like, if we can do this, then it can't be that difficult. [00:44:03] Speaker B: I'm glad to know they're doing red team operations, because that means that, yeah, hopefully this time next year, we got bigger, better batter fences that stop these things from occurring. [00:44:13] Speaker A: That is true. [00:44:14] Speaker B: Yeah. [00:44:14] Speaker A: Hopefully one, one can always dream, but, yeah, thank you for bringing this up, because that is. Wow, that's so reassuring. But you're right. It's good that the red team engagements are going on, because how do we fix these problems if we don't know about them? I think. I think that was the only other segment that I have for the day. But we do have some other articles that we want to jump through really quick. I talked to Daniel a little bit about this one this morning, and he had some opinions, and so I'm excited. Some small opinions. Yeah, some brief opinions. Signal. This is the title of the article, not my personal opinion. Signal downplays encryption key flaw, fixes it after x drama. X being the social media website. Apparently this has been ongoing. This issue has been ongoing since 2018. There's some issue with Signal storm storing an encryption key that it used for data on, like, a desktop app. If you use signal on your desktop, storing that encryption key in plain text, and people were like, hey, that seems like a bad idea. And signals argument was, if somebody can get to your desktop and get to that encryption key, you're already, like, you're screwed already. There's nothing that we can do about that. So what would then be the point in us going in and changing this? And that was six years ago that this first came up, and now it's. [00:45:24] Speaker B: We reported on this on Technato. [00:45:26] Speaker A: I'm sure you did, but I was not. [00:45:27] Speaker B: This was well before your time. [00:45:28] Speaker A: I was barely an adult, so I was not paying attention at that time. Uh, I was just trying to not drop out of college. So this is something that resurfaced now on x because Elon Musk tweeted and said, there's no vulnerabilities with signal. This is curious that they haven't fixed, you know, these vulnerabilities. Signal did not take kindly to that and said, well, hang on. That's a heavy accusation. You're leveraging against us. We've got known vulnerabilities and. Da da da. So this is the vulnerability, I guess, that was in question. [00:45:56] Speaker B: Yeah. [00:45:56] Speaker A: And, yeah, you were saying this morning. [00:45:59] Speaker B: That, like, this is. This is a little more nuanced than everyone's making it off to be. And I think that's why signal has a leg to stand on when they say it's not a vulnerability. Okay. Right. You have to, you have to have access to my device. Excuse me. To be able to actually exploit this. So if we're down that road already, I got bigger fish to fry. [00:46:26] Speaker A: Yeah. [00:46:27] Speaker B: I got bigger problems than the fact that you have my signal, right? Yes and no. Obviously, you do have a big problem if someone has gained unauthorized access to your device. That is something you wish to avoid. It's just common good security practice to say if you can encrypt it, encrypt it. [00:46:49] Speaker A: Right? Sure. [00:46:51] Speaker B: Why not? Why not encrypt it? Right. So there's the, there's the Elon Musk side of things that goes, you know, what are you doing? Yeah, why aren't you like, we've been talking about this for six years now, apparently. Why haven't you just went, just encrypt the thing? [00:47:07] Speaker A: Yeah. [00:47:07] Speaker B: Right. Now we've seen how well that worked out for companies like Lastpass, right? They're like, it's highly unlikely, blah, blah, blah, blah. It is highly unlikely, but in the eventuality that it does happen, you should just add that layer of defense to your clients. [00:47:23] Speaker A: Why would you not. [00:47:24] Speaker B: Don't bitch and moan about it. Just do it. [00:47:26] Speaker A: Yeah, right. Especially because it doesn't seem like there's a downside to do. [00:47:31] Speaker B: There's not. It's not like only upsides for to. [00:47:33] Speaker A: Implement that would mean that this is going to run slower and you're not going to be able to do X, Y and Z. Like, it doesn't seem like there would be a negative to it. So why not just do it? [00:47:41] Speaker B: Correct. Why not? Listen, ounce of prevention is worth a pound of cure, right? That's what they say. And it's true because it's true. You just encrypt the thing. Listen, what was it? The Microsoft recall, right? [00:47:56] Speaker A: Yes. [00:47:56] Speaker B: We've been talking about recall. Guess what? That sucker got basically 86. It's done. Because what was it doing? Nothing good and for no good reason. So just don't just listen, signal. You're you. I love what you're trying to do. I love that you have an app that gives people end to end encryption. You seem to be a fan of encryption. So encrypt, get encrypty. Go for it. [00:48:23] Speaker A: Get encrypted. [00:48:24] Speaker B: Yeah. [00:48:24] Speaker A: Rick and Morty, is that a rift? And Rick and Morty get Schwifty is the Rick and. [00:48:28] Speaker B: Oh, yes, I know that one just sounded sound. My mind did not go there. [00:48:31] Speaker A: Sounded a little similar. Yeah, if you don't know. I just realized that, like, I use signal, but I didn't know what it was before, like, a year ago. It's an encrypted messaging service for instant messaging, voice calls and video calls, and, like Daniel said, provides end to end encryption. So I think that's a big part of why people are especially, like, is raising reflection people, because they purport to be. [00:48:48] Speaker B: It just doesn't make sense. Wouldn't do this. [00:48:50] Speaker A: That would be your reason for using signals, because you want something that's encrypted and super secure, and then to see, like, oh, but you're not really encrypting everything that you can, even if the argument is that, you know, if somebody can get to that point, you've got bigger problems. Okay, that may be true, but this doesn't need to be one of my problems. Why would you not encrypt it if you can? So that was the only reason I wanted to pull it and talk about it a little bit, is because I'm a, I'm a signal enjoyer. I do like what signal does, and I like the mission that they've got. Given us some. [00:49:17] Speaker B: I thought it was interesting, the tweet that they had in there from, some, from Misc. They said, you know, tldr didn't install the signal app for Mac OS. It is not secure. I carried out this small experiment. I wrote a simple python script that copies the directory of signals local storage to another location to mimic malicious script or app. Okay, so you've been compromised, is what you're saying. [00:49:41] Speaker A: Yes. [00:49:43] Speaker B: And that's where it's like, okay, I feel like you're making a mountain out of a molehill here, as far as like, yes, it is a problem, and they should be there. But you're. You said I'm mimicking the fact that you have malware and remote access. [00:49:58] Speaker A: Yeah. [00:49:59] Speaker B: Okay. [00:50:00] Speaker A: Yeah. [00:50:01] Speaker B: Hell, I can just sit here and watch it type. You know, I could, I could put, I could put in a keypad. Let's say you still have to worry about things, right? It's not the fact that, again, signal, do your due diligence. Encrypt the thing. So let's all just stop throwing rocks at each other on this one and just go, hey, signal, we'd really like to see you just encrypt that thing and signal, just go, you know what? You're absolutely right. We're going to do that as of right now. Encryption on table. It looks like they did and they did. Right. That was. That was the thing. So what are we mad about? [00:50:30] Speaker A: Yeah. [00:50:31] Speaker B: That it took this long. Okay. [00:50:33] Speaker A: That was. Yeah. There was some comment that they highlighted. Uh, somebody said, do better next time. Don't wait for Twitter drama to implement things. Be more responsive. Learn your lesson. [00:50:40] Speaker B: Sure, sure. Absolutely. I think that's a. I think that is a fair critique. But now that goes back to what I was talking about before about, let's move on. Yeah, they did the thing you said. Now, now reward them for doing it. [00:50:53] Speaker A: Yeah. Positive reward. [00:50:55] Speaker B: Unless you feel like the system is so busted that you no longer trust them or can trust them. Last pass. Right then. Right. Fortinet. These companies that have a history of nothing but security issues and flaws, because. [00:51:12] Speaker A: To my knowledge, doing it right, I don't rec, like I said, I've only been using signal for a year or two, but to my knowledge, I don't recall there being any giant, glaring security. Oh, my God, this thing went wrong with signal in however many years. [00:51:25] Speaker B: I don't hear a lot of people going, well, my signal was hacked. [00:51:27] Speaker A: Right? Yeah. So they seem to have a pretty decent track record. [00:51:31] Speaker B: Yeah. And data breach because of signal. [00:51:34] Speaker A: Right? [00:51:35] Speaker B: Not hearing those things. [00:51:36] Speaker A: No. So I think that's a good point. [00:51:38] Speaker B: I'm saying they're not out there. I'm just saying I haven't heard it yet. [00:51:40] Speaker A: Right. There's not been anything crazy big like that we saw with Lastpass or some of these other companies that have a history of it. Right. So I think it's a good point. Um, forgive when they do the right thing and positive reinforcement. That's word for good behavior. Right? Like, we're in preschool. [00:51:53] Speaker B: Give it. Give them the cookie. [00:51:54] Speaker A: Give them the cookie. Yes, exactly. [00:51:55] Speaker B: Good boy. That's what you do. You. Good boy. Signal. [00:51:59] Speaker A: Well, uh, in this case, it wasn't, you know, anything crazy. It wasn't like a big exploit or anything. It was just, hey, maybe encrypt something that you could be encrypting. However, uh, this next story coming to us from bleeping computer a little bit more. A little bit more concerning. Hackers use PoC exploits and attacks 22 minutes after release. That's pretty impressive. I'm not saying it's good, but objective. [00:52:18] Speaker B: But it is impressive. Absolutely right. This is crazy that within 22 minutes of a POC being available on the Internet, cloudflare kind of did some where they. They started looking for the attack and going, oh, there it is. Within 22 minutes. That's. That's kind of scary. [00:52:40] Speaker A: You have to be watching and waiting for these poc, like, to come out, like, wait as an attacker. [00:52:45] Speaker B: Right. This is so fast that your defense literally cannot get ahead of it. [00:52:54] Speaker A: How could you possibly, even if at the time that the POC is made available, that if they're, oh, there's a patch. Even if that's the case. Yeah. There's no way, right. That you could totally implement everything you need to in that, in a span of 20 minutes. [00:53:07] Speaker B: If that doesn't scare you, nothing will. Right. This is the cruella de vil, shivering. [00:53:12] Speaker A: My timbers right now, shaking in points of articles. [00:53:15] Speaker B: And that's why I picked this article, ultimately, for us to have this conversation of. What do you think about that? [00:53:21] Speaker A: Like, like the fact that there's no hope. Okay. [00:53:26] Speaker B: There's no dumpster fire behind. [00:53:29] Speaker A: That's what we need. [00:53:33] Speaker B: A chance. And that'll be our new background. [00:53:35] Speaker A: Yeah. Just permanently have, like, a little. It'd be like those fireplace animations at Christmas time. But it's a dumpster. [00:53:40] Speaker B: Yeah, it's just a dumpster. [00:53:41] Speaker A: I guess it, just because this can happen doesn't mean that that's the norm that attackers are. Every time there's a proof of concept that's out there, every time there's a new exploit, that they're exploiting it immediately, that it's possible, but it's not the norm. But at what point, as people get more and more advanced and more skilled, does this become kind of the norm? Like eventually years and years and years and years from now, do we get to a point where it's like, oh, yeah, that's just. [00:54:08] Speaker B: We just accept. [00:54:09] Speaker A: We just accept it. [00:54:10] Speaker B: The bombs are falling. [00:54:11] Speaker A: Yeah, nothing we can do. [00:54:12] Speaker B: So the article does go into, what do we think we can do about this? And it says right here, the Internet firm, which I believe they are, meaning Cloudflare, says the only way to combat this speed is to employ AI assistance to quickly develop effective detection rules. The speed of exploitation of disclosed CVE's is often quicker than the speed at which humans can create WAF rules or create and deploy patches to mitigate attacks, explains the Cloudflare report. I'm totally going to, like, read this report, because it does seem interesting. The fact that that a, the amount of data that cloudflare processes is astronomical. It's, it's so crazy. That boggles the mind. And I want to look in to see what further things they have. Since this also applies to our internal security analysis team that maintains the laugh managed rule set, which led us to combine the human written signatures with an ML based approach to achieve the best balance between low false positives and speed of response. So maybe this is, you know, we kind of complained about AI earlier in a way. You know, it has its pros and cons. This is definitely one of its pros. [00:55:20] Speaker A: Yeah. [00:55:20] Speaker B: And, you know, a lot of people talking in the security space about AI is going to take our jobs. [00:55:26] Speaker A: Right. Right. [00:55:27] Speaker B: We've had AI and ML maybe not at the level of which we do now, but we've had it in some capacity for quite some time. And the way it has always been best implemented is to supplement and fill in the gaps automatically do the things that it takes us as humans a while to do. [00:55:44] Speaker A: Right. I don't. [00:55:45] Speaker B: I love seeing that. [00:55:46] Speaker A: Yeah. I think in this case, like, if, if this were to be something that becomes the norm that you employ AI assistants to quickly develop effective detection rules. [00:55:53] Speaker B: Is that our dumpster? Is that the dumpster fire? It's a little overblown. We can't see very well. So if you can. [00:55:59] Speaker A: Yeah, that looks like it's from like an old PlayStation game or something. Poor animation. But thank you, Christian. We do appreciate the effort. I think that in this case, it's probably not going to be perfect. Right. Because AI doesn't always get it right. Yeah, but I think as like almost like a triage measure to like, immediately, as soon as there's a new exploit available or proof of concept is released or whatever the case may be, you've got some kind of system in place that can just put, okay, let's just put up a wall real quick, and then a human can then address it. [00:56:27] Speaker B: And we can fine tune it and fine tune it. I mean, the AI will start fine tuning itself. [00:56:32] Speaker A: That's true. [00:56:33] Speaker B: Right. You can make it do that. But obviously, like the, the human ability. Someone was talking about AI the other day and how if you take AI, right, and you say, here, here is me, recognize me, I'll go, okay, cool. I know who you are. And you show a picture of me and it goes, that's Daniel. Cool. And if I put a hat on, it goes, who the hell is that? Right? What are you talking about? But my three year old son could see me across a field with a hat on and a jacket and go, dad. [00:57:09] Speaker A: Yeah, right. [00:57:09] Speaker B: That's human intelligence versus where AI is at now. Eventually it's going to get to that singularity where it has, you know, on par. But right now it just does some of these things really well. [00:57:20] Speaker A: Yeah. [00:57:20] Speaker B: And we still need us because we see things in a way that it doesn't and then see things in a way that we don't. [00:57:26] Speaker A: Right. [00:57:26] Speaker B: So it's a good combination of the two right now. And other news just did the same article. It says 6.8 of all Internet traffic is ddos. [00:57:32] Speaker A: All right, hey, let's go for seven, guys. [00:57:35] Speaker B: We'll get there. Everybody fire up the low Orlando. Little orbit. [00:57:41] Speaker A: Ready? [00:57:41] Speaker B: Yeah. And let's. Let's start hammering down. Don't do that. [00:57:45] Speaker A: They just threw that in at the end, like. Oh, by the way, in addition, I'm. [00:57:49] Speaker B: Guessing it's just like malicious traffic on. [00:57:52] Speaker A: Okay. This is just another part of the report that they. Okay, I see. Oh, yeah. Cuz it's like the whole thing is about this. Like. [00:57:57] Speaker B: Yeah, yeah, look, and by the way. [00:57:59] Speaker A: Yeah, just so you know, here's your, here's your little. [00:58:02] Speaker B: Shaking in your boots. Enough. [00:58:05] Speaker A: 7%. That's crazy. Yeah, that's a lot. [00:58:08] Speaker B: Sleepy computer is fear mongering at this point. [00:58:10] Speaker A: Yeah, exactly. Because 6.8% of. I mean, it doesn't sound like a lot, but considering the amount of Internet traffic that there is, 6.8% of that. This looks so cool. This looks like I'm walking away from, like an explosion right now. [00:58:22] Speaker B: You're the good guy. [00:58:24] Speaker A: Yeah, it's like, it's like Henry Hill walking away from the cars. I blew up some cars. I didn't. [00:58:28] Speaker B: I didn't blow up some Q. The Rolling Stones, right? [00:58:31] Speaker A: Yes. Yeah, I need some music in the background. I need Layla or something playing background. [00:58:35] Speaker B: Layla. There you go. [00:58:36] Speaker A: There you go. Well, thank you for bringing that to our attention. That was a fun conversation, but yeah, I think in this case, AI has the potential to do some good, so maybe we'll start to see that implemented a little more regularly. [00:58:46] Speaker B: Agreed. [00:58:47] Speaker A: And some less happy news. I guess in the world of gaming, this is not as serious or, oh, my God, it's a threat and da da da da. This is just kind of an inconvenience. But you may have heard that college football 25, which has been pretty largely anticipated this year, is coming out the. [00:59:02] Speaker B: Most generic game name I've ever heard in my life. College football 25. [00:59:07] Speaker A: It used to be like, you remember the NCAA games. [00:59:10] Speaker B: Yeah. [00:59:10] Speaker A: And it had like, tebow on the front and all that. I'm saying Tebow. [00:59:12] Speaker B: These were the EA? [00:59:13] Speaker A: Yes. So it is still ea, but they had to change the name copyrights or something? I think so off top of my head. I don't remember the exact reason, but. [00:59:21] Speaker B: I like how they went. They called it NCAA and, you know, all that stuff for years. [00:59:26] Speaker A: Well, in the last iteration of that to come out was in, like, 2011 or 2013. So they stopped, and I think, okay. [00:59:32] Speaker B: So that was, like, over ten years. [00:59:33] Speaker A: It was a while ago, and I think maybe part of it was the fact that it was college football, and pro football is different, you know, the Madden games, because those guys are making money anyway. But at the time, college football players couldn't really make money off of their likeness. [00:59:43] Speaker B: That's true. [00:59:44] Speaker A: Now they can with the name, image, and likeness stuff that's going on. So college football 25. Really highly anticipated this year for fans of those kind of games. [00:59:51] Speaker B: Did the college games originally, back in the, you know, 2010, whatever, did they use the likeness of the players, or did they just make generic players? [01:00:02] Speaker A: I don't remember. [01:00:03] Speaker B: Yeah, I don't. [01:00:04] Speaker A: I was. I was pretty. My older brother really enjoyed them. [01:00:06] Speaker B: I'd be curious, but watch it. [01:00:08] Speaker A: Get the goal basket. I know Daniel's pretty. Pretty largely. [01:00:13] Speaker B: Listen, I played football as a kid. My dad ruined that experience for me, and then I flipped the double birds to sports. [01:00:19] Speaker A: That's fair. That's. That's a fair assessment. I can appreciate that. I'm a football enjoyer, at least on the college level. I like my gators, even though, you know, we're struggling a little bit right now. [01:00:29] Speaker B: But anyway, hopefully they close the sports program. It just becomes an academic university. [01:00:34] Speaker A: This is. This is the one time, like, playing as the Gators in this game. This is the one time that they'll win. It's great. I get to, like, heal myself a little bit, but the news here is that they are experiencing quite a few issues with their servers and being overloaded, and the game's not even out yet. [01:00:47] Speaker B: So it's a DDoS themselves. [01:00:49] Speaker A: They did, I guess, weren't. [01:00:51] Speaker B: That's where the 6.8 traffic came from. They were trying to hit that solid seven. [01:00:55] Speaker A: Come on, guys, we're so close. The game's not gonna be officially released until it'll be the day after this episode comes out. July 19 is the official release date for college Football 25, but it came out in early access, and this wasn't even, to my understanding, early access in that. Oh, well, hey, it's kind of in beta, right? There's still going to be errors and bugs and things. This was like, no, no, this is the full game, ready to go. But if you pay, you get to access it before everybody else. I guess a lot of people did that. Weird, right? I guess a lot of people did that. And there was an article that talked about, yeah. 700,000 players in the first day of early access period. [01:01:30] Speaker B: That scares me, because if more people start paying for early access, guessing the early access to the game was more than if you just wait for the game to come out. [01:01:40] Speaker A: I think so. [01:01:41] Speaker B: Right. So what does that do if people are willing to pay the more money? That means we don't do early access. The game just now costs that much. [01:01:49] Speaker A: Yeah. [01:01:49] Speaker B: Because people are just willing to pay it. [01:01:51] Speaker A: Yeah. That's a good point. I hope that doesn't become the norm. I don't have that kind of money. [01:01:56] Speaker B: You have to. You have to say no to these things. [01:01:58] Speaker A: Yeah, you have to. You have to abstain. [01:02:00] Speaker B: That's right. You go, no, no, I'll be. I'm fine. Just come out when it comes out. But I've waited this long. [01:02:04] Speaker A: At least 700,000 people agreed to do this and gain the early access. And this was just the people. [01:02:11] Speaker B: Omo is powerful, isn't it? [01:02:12] Speaker A: And these were just the people that were online that were accessing it and were connected on. There are still offline players, so. But it doesn't, there's no way for them to document that. So. Yeah. 77 00 13,974 players online at one point as of the evening that, the day this was released. And I was talking to my brother and he was playing this yesterday, and he said at some. Or the day before, he said at some point, it just like, everything stopped working. He couldn't get to anything. None of the game modes were working. [01:02:38] Speaker B: Yeah. [01:02:38] Speaker A: And the game's not even out yet. And so I just thought that was funny. I'm like, you know, you had all this hype, everybody was super excited, and, and then there were still errors. There were people that were saying that when they tried to play what's called dynasty mode, they were met with an error. And it gives you two options. But they both just said Lorem Ipsum and had like, a little icon that was. So even then, there were still issues that people were running into, even though it was supposed to be the fully completed game. So not. Not having a great time over there at EA right now, I don't think. And they're still running into issues as of right now with those servers not being fully. [01:03:10] Speaker B: If this has been their first iteration into pre release access and it went this well, sure, it'll happen again. [01:03:18] Speaker A: And people, of course, are like, there's no excuse not to be ready. We know you knew this was gonna be popular, your fragile servers. And so people are obviously, they're people. [01:03:25] Speaker B: Like, to really start hitting below the bell once they feel wrong, don't they, really? Especially people that, that was too harsh. But I'm sure there's some, some twitter, some tweets or whatever the hell they are now. Exes, exposts, exposts and whatnot that are saucy. [01:03:40] Speaker A: People are already, they have a little bit of a bad taste in their mouth about EA because EA, I think, was one of these game groups that microtransactions were a big thing and people were pissed at EA for that like a while ago, before any of that. [01:03:52] Speaker B: Oh, gotcha. [01:03:52] Speaker A: So already I think people are not inclined to be super forgiving of EA. They're already primed to be like, you know, start barking at them. So anyway, if you are a fan. [01:04:01] Speaker B: Of clubs, baby seals, it doesn't do that. I'm kidding. That's a joke. [01:04:07] Speaker A: Takes them to clubs and they dance and they party and they have a good time. [01:04:10] Speaker B: It's a rave, the end. Just baby seals everywhere. [01:04:12] Speaker A: And it's the singer seal. It's not even an animal. So if you're, if you're interested in playing this game, just know you may run into some issues like that. And I kind of want to try it. I don't, I'm not gonna, I probably won't buy it. I'll go to my brother's house and try it. But, you know, I'd be curious to at least play it. And apparently the people that have been able to get on and access it, it. [01:04:31] Speaker B: Is game fly still a thing? [01:04:33] Speaker A: Man, I forgot about that. I don't think it is. But we loved game fly. It was so if you don't. Game fly is. It was kind of like Netflix, like the original Netflix where you get like a dvd at a time, but for games, we guess. What is it around? [01:04:45] Speaker B: It is still around. Ladies and way. Yes, ma'am. [01:04:48] Speaker A: That's crazy. [01:04:49] Speaker B: You can get an account today. Not that this is sponsored by game. [01:04:52] Speaker A: Flag, but that would be a really random considering, like, we didn't even know that they were still active. [01:04:58] Speaker B: Hey, I got Dmed by some marketer saying, remember the fido ring? [01:05:06] Speaker A: Oh, yeah. [01:05:06] Speaker B: And it was like, we got like eight customers because of you, apparently. Wow. What? [01:05:13] Speaker A: Huh? [01:05:14] Speaker B: Well, I mean, we mentioned it on techno. [01:05:16] Speaker A: You're welcome. [01:05:17] Speaker B: Yeah. [01:05:18] Speaker A: Didn't realize we had that kind of poll with eight whole people. That's crazy. Eight clients, eight new thing to those eight of you. Thank you. We hope you're enjoying your fido ring. Truly. That was all I had about. About that, but I was just kind of excited that was coming out this week, so I wanted to touch on it. That was just my own personal project there. [01:05:35] Speaker B: No, we like gaming here, actually, fun fact. We were thinking about, like, doing a technado where we game. [01:05:43] Speaker A: I think that'd be fun. [01:05:44] Speaker B: I think that would be fun. [01:05:45] Speaker A: There is an instance coming up in the next few weeks where I'm gonna be out for a couple days. [01:05:49] Speaker B: Yeah. [01:05:50] Speaker A: And so that might be a good time. That might be the weekend. [01:05:53] Speaker B: Who knows? Who knows? [01:05:55] Speaker A: I don't know. Keep an eye out. [01:05:56] Speaker B: If you tune in one day and there's a game on the screen. Oh, this is that. [01:06:00] Speaker A: That's. That's the gaming edition. Yeah. Yeah. Well, until then, I'm looking forward to that. I really do hope that happens, and I think we can make it and just talk tech while we game. [01:06:08] Speaker B: Yeah, that'd be fun. Just for the fun of it. [01:06:10] Speaker A: Just for the fun of it'll be more laid back episode. [01:06:12] Speaker B: So because we're not laid back, we're very. [01:06:14] Speaker A: Yeah. Staunch and stiff, talking all kinds of crap about companies. [01:06:18] Speaker B: In other news, former president Gerald Ford. [01:06:22] Speaker A: That was pretty much all I had for news this week. Like I said, there wasn't a ton that I saw that was breaking, other than those patches that you brought up. So glad you brought those up. [01:06:29] Speaker B: Of course. [01:06:30] Speaker A: Was there anything else that I missed? I don't think so. [01:06:32] Speaker B: Man, I'm running out of voice, I gotta be honest. [01:06:34] Speaker A: Running out of voice. Yeah. It's getting close to our lunching hour as well, so. Our lunching. Well, our lunching hour. Maybe when you're watching this, it's not. [01:06:42] Speaker B: It's 03:00 a.m. it's lunching time. [01:06:45] Speaker A: Goblin. I will be having that. [01:06:47] Speaker B: Well, you did mention double, double toil and truck. Oh, yeah, right. [01:06:51] Speaker A: Good point. That's a good point. Well, yeah, then we're going witching hour. [01:06:55] Speaker B: Is what I think. [01:06:55] Speaker A: The witching hour. Yeah, we're going to go Goblin mode and go get some lunch in just a second. So thank you so much for joining us for this episode of Tech. NATO. Subscribe so you never miss an episode in the future and leave a like if you enjoyed this episode. But until then, we'll. We'll see you next week. [01:07:07] Speaker B: Asta. [01:07:08] Speaker A: Asta. Thanks for watching. If you enjoyed today's show, consider subscribing so you'll never miss a new episode.

Other Episodes

Episode

July 16, 2020 00:53:36
Episode Cover

Technado, Ep. 160: Covered 6's Lee McWhorter

Getting a CompTIA cert is a big accomplishment. Getting all of them? That’s podcast-worthy. In addition to holding all the current CompTIA certifications, this...

Listen

Episode 330

October 19, 2023 00:51:24
Episode Cover

330: Hackin' In The Wild West! (WWHF SPECIAL)

Reporting live from South Dakota, it's Technado: Deadwood Edition! Daniel, Sophie, and special guest Ronnie are on location at Wild West Hackin' Fest far...

Listen

Episode 357

May 02, 2024 01:10:52
Episode Cover

358: New Android Banking Malware! (It Tracks EVERYTHING)

Patches abound on this week's Technado! In our Rapid Fire segment, we kick things off with the UK ban on weak default passwords. Then,...

Listen