Episode Transcript
[00:00:04] Speaker A: You're listening to Technado.
Welcome to another thrilling episode of Technado. We should probably rebrand as, like, Twister or something for that movie coming out. Keep in mind that Technado is sponsored by ACI learning, the folks behind it pro. And you can use that code, Technado 30 for a discount on your it pro membership. Now back to twisters.
[00:00:21] Speaker B: That's as good as money.
[00:00:22] Speaker A: I am wondering, before we get into the tech, of all of all the things going on this week, I wanna know what y'all think about that new movie, twisters. Cause I'm thinking about seeing it, and I don't know if it's worth it because I never saw the original.
[00:00:33] Speaker B: Really?
[00:00:33] Speaker A: And the social media, I'm not surprised. Advertising is getting to me. I kinda wanna go see it now.
[00:00:38] Speaker B: She's never seen these things we call television.
[00:00:40] Speaker A: Yeah, yeah, no, she's like, what's. Papa forbade the telly in the house.
[00:00:46] Speaker B: What is that square box on your wall?
[00:00:48] Speaker A: Lest I fall victim to entertainment.
[00:00:50] Speaker B: Yeah.
[00:00:50] Speaker A: So anyway, just curious what y'all think of that, but I. Here on Technato this week, we have got a lot to talk about. I'm sure you can probably guess some of the stuff we're going to go over this week.
[00:00:59] Speaker B: Stare into your magic windows, ladies and gentlemen, and see.
[00:01:01] Speaker A: Yeah. Your magical boxes.
[00:01:03] Speaker B: What is this?
[00:01:05] Speaker A: The glowing box? Yes. We will talk about what happened with crowdstrike and try to break down exactly what went wrong and stuff.
[00:01:13] Speaker B: I don't know if we're gonna go that far.
[00:01:14] Speaker A: No.
[00:01:14] Speaker B: Yeah.
[00:01:15] Speaker A: Not gonna analyze it.
[00:01:17] Speaker B: It's probably at this point, been kind of hit to death.
[00:01:20] Speaker A: Yeah, that's true. Things move so fast, we're gonna.
[00:01:22] Speaker B: We're gonna move into more of kind of like the bigger picture philosophically.
[00:01:25] Speaker A: And there's still issues arising. Cool information as a result of what happened. There's people taking advantage of it. So we will talk about that in just a moment, I promise. But we do have some breaking news that we want to talk about first. So without further ado, breaking news.
First up we were looking through, this is from chibi hackers. We were looking through these this morning, and this one really stood out to us. Pentagon IT service provider hacked us. Government secrets exposed. Now that is a headline. Way to get attention, man.
[00:01:52] Speaker B: It's early in the morning. Here we are staring down the barrel of the government getting destroyed. It's always a good time had by all. Now, correct me if I'm wrong, this seems to be a bit of a.
Is it a supply chain? Attack, I guess it is so light off.
[00:02:08] Speaker A: Right?
[00:02:08] Speaker B: It was through light.
[00:02:09] Speaker A: US Lighthouse holdings. Yes. Which is a key provider of IT services to the us government. Um, so Department of Defense, Homeland Security, NASA. So several agencies that you may or may not have heard of. Three and four letter agencies. But it was an issue with Lighthouse, but it was. It was one of their providers that they use. So it's.
[00:02:28] Speaker B: Oh, so it's like the Matryoshka doll. The layers go deep with this thing. So. Right. Light. It was using some sort of software for analytics or something, or application of cloud based kind of statistical analysis, and I believe.
[00:02:45] Speaker A: So this was a bre. It technically happened in 2022, but the documents are just now becoming. It's just now becoming a company called Diligent Corp.
[00:02:53] Speaker B: Diligent Corp. I know it was a d something.
[00:02:55] Speaker A: Which is a platform lighthouse uses. So we kind of. I guess the question here is, okay, so they may be vetted. Light us or lighthouse or whatever, and decided, hey, this is good. We're comfortable using them. But didn't vet the platforms that Leidos was using, or Leidos didn't vet their platforms properly.
[00:03:12] Speaker B: Yeah. Well, I mean, this is. So this is where we start to get into the security of it. Yeah, breaches happen all the time.
[00:03:16] Speaker A: Sure.
[00:03:16] Speaker B: Obviously, it's super bad when it happens to our governments because of the secrets and things that are involved with government interworkings and the people that are involved with it, and we want to keep all those things kind of much more private than open data breaches.
[00:03:29] Speaker A: Right.
[00:03:29] Speaker B: Uh, so that. That's definitely noteworthy by itself. But the bigger picture conversation, maybe, is the idea that our government is contracting to companies like lightos, and light us is contracting to companies like. Sorry, what was it again? Diligent dirty. Right, Diligent corp. Yeah, Diligent corp. And maybe even farther down the chain, that is continuing to happen again and again. And now is really difficult to kind of say that we were doing all our due diligence on Diligent Corp and light us and, of course, our own systems, as the government is. Right. Say, I'm the Department of Homeland Security. All our systems are being patched. We're doing all our right things.
Tomorrow, when a zero day gets found in any of those systems. Right. And then, of course, there's trust between those systems. So especially if it's kind of downstream, like it was here.
At any given day, you could wake up to your. You went from secure to insecure. Right. So that's why it's important for us to have contingencies for what do we do? Not necessarily if that happens, but when that happens.
[00:04:39] Speaker A: Yeah.
[00:04:40] Speaker B: Because chances are the longer you stay up and running, that will occur. Right. It's going to catch you. So this is kind of just pointing out the difficulty of security. Now, we don't have the details, or at least a lot of them around going on. We. We just read this article this morning. So the hot take is giving them the benefit of the doubt that they're doing security as best as you can.
Any given day you could wake up and this is your life.
[00:05:05] Speaker A: Yeah. Like you said, it's not a matter of if, it's when. Yeah, it's eventually going to happen.
[00:05:09] Speaker B: Now, if they weren't doing their due diligence, that's when it gets fun.
[00:05:13] Speaker A: That is true.
[00:05:14] Speaker B: And I'll put quotes around fun because I doubt highly that you had fun.
[00:05:21] Speaker A: And especially when it's something like this where it's like the us government that immediately is like, oh, it sets off alarm bells.
[00:05:26] Speaker B: Right.
[00:05:26] Speaker A: So whether it's. You're talking about a private company or something like this, it's. This, I feel like concerns me a little more because I hear US government and I'm like, well, that might mean that it affects me. So how does this affect me? Maybe, you know, indirectly, but. But, yeah, it's just interesting that it can go back pretty far. It can be kind of like, far removed from the original. It's not like the Department of Defense had a breach of their. But it was a company that did. They did.
[00:05:53] Speaker B: But it wasn't like them directly.
[00:05:55] Speaker A: Right. It was a company that they were using. That was using a company that had a breach.
Yeah.
[00:06:00] Speaker B: Well, and honestly, these supply chain type of attacks are very popular.
[00:06:04] Speaker A: Right.
[00:06:05] Speaker B: Because.
Right. Whereas the us government, let's just say, is. Is very security minded. Like, never got hacked. Right after they tell people like, hey, look out for this avanti thing.
[00:06:18] Speaker A: Good point.
[00:06:19] Speaker B: Not us. Not us.
[00:06:20] Speaker A: Never.
[00:06:20] Speaker B: You should totally be aware.
Let's just say they were completely hardened. The best way to go if you've never seen the movie hackers, right?
[00:06:29] Speaker A: I have not.
[00:06:29] Speaker B: Totally. I know you heard it here first, folks. She has not seen the movie hackers. I'm gonna give you a list of, like, hacker movies and stuff to watch. You just gotta do it. Another one right here is another one. War games.
I'm probably forgetting a bunch of stuff right now, but obviously there, I'll curate a list for you.
[00:06:49] Speaker A: Oh, thank you.
[00:06:49] Speaker B: And you just do some power watching, okay. Because if you're gonna be in the security space. You have to. This.
[00:06:55] Speaker A: This is a requirement.
[00:06:56] Speaker B: It's a requirement for common, you know, points of contact.
[00:06:58] Speaker A: I can't be an edutainer till I've seen it.
[00:07:00] Speaker B: Exactly right. You don't get to get that moniker until that happens.
[00:07:03] Speaker A: Okay, that's fair. I will accept that.
[00:07:05] Speaker B: Where was I going? What was I saying? Now you got me.
[00:07:07] Speaker A: Oh, the movie hackers.
[00:07:09] Speaker B: You take the side door. You don't go at the front gate where all the fortifications are. You find someone who has less security, who has a trust with somebody that has great security.
[00:07:20] Speaker A: Yeah.
[00:07:20] Speaker B: And now you get to inherit that trust.
[00:07:24] Speaker A: Isn't that nice?
[00:07:25] Speaker B: It's style.
[00:07:25] Speaker A: The world so in that. Nice. Yeah, well, that was definitely a big one. Just as, as of this morning that we saw another one. Bluestacks emulator for Windows flaw exposes millions of game bluestacks emulator for Windows flaw exposes millions of gamers to attack. I gotta. My reading comprehension is just plummeting as we speak. Yeah, but this is. I had not heard of bluestacks. I had not either, and that is because this is an emulator that allows Android applications to run on devices running Microsoft Windows or Mac OS. I don't run Mac OS. I also don't use Android applications. It's just not something that I would have ever come across. But if this is used against a victim, it gives attackers complete access to the machine.
[00:08:04] Speaker B: That's. That's bad, isn't it? Right. We don't. Complete access thing is a real kick in the, you know, midsection.
[00:08:11] Speaker A: Yeah, we'll just leave it there.
[00:08:13] Speaker B: Yeah, we don't like it when it happens. So bluestacks again, I've done a bit with Android emulation, but not with bluestacks. I've used, like, genymotion and the Android AdK, if I'm not mistaken, also has the ability to do that. So if I don't do it a lot, obviously I am not an Android developer. Or if I need to do something on Android, I pick up my phone and I do it.
[00:08:36] Speaker A: I. Sure.
[00:08:37] Speaker B: But every now and then I find reasons. So the fact that that's, that's why bluestacks, if you're able to get, you know, uh, some sort of access through bluestacks, obviously it would give you a lot of access because it is going to need access. It's an emulator, so it's going to need access to things like hardware. I think it runs as, like, a virtual machine.
Right. What do virtual machines need? Access to? Hardware. What do you need to have access to hardware. That's right. That kernel level. Right. You got to be able to reach down into the guts of the device and say, hey, I need network, I need some graphics, I need all this stuff. And it goes through the drivers and everything. So if you are messing around with bluestacks, is there an update? Did they tell. Is there, like, something we can do, or is just the oh, crap. Moment?
[00:09:24] Speaker A: So they did detail, like, how the vulnerability works, but there's nothing that I can see on whether or not there is any kind of fix or anything that you should be doing to circumvent this or anything like that. There is. If. If we look at the. The detail on this CVE, the deets, it does have a base score of 9.8. And. And that is. That is critical. So that's a little scary. And I'm not seeing anything. Okay. Yeah. So the rest of this is just going to be more information on it, but I'm not. Yeah, I don't see anything about a patch or anything like that.
[00:09:58] Speaker B: So if you're using bluestacks, be on the lookout.
[00:10:01] Speaker A: Be on the lookout.
[00:10:02] Speaker B: Hopefully that comes out soon.
[00:10:03] Speaker A: Yes, let's hope. We can only hope that's going to do it for our breaking news and now. Yes, I know, I know we said we were going to talk about the crosstrek stuff, so it's the moment you've been waiting for. We have a special report. I believe we are calling this boot loops.
[00:10:16] Speaker B: Yep.
[00:10:17] Speaker A: Boot loops. And I think our lovely director, Christianity.
[00:10:22] Speaker B: Tell me that's not amazing.
[00:10:24] Speaker A: Isn't it beautiful?
[00:10:24] Speaker B: He is a talented man.
[00:10:26] Speaker A: That's wonderful. It looks. It really does look like.
[00:10:28] Speaker B: Really captures.
[00:10:30] Speaker A: Like, it's not. If I did that, it'd be like in Snapchat and it would just be rudimentary. Like, I'd type the BT and, like, it would just look awful. And that's chef's kiss. So getting into this, I'm sure you've already heard, but, yes, there was a bit of. A. Bit of an outage last week.
[00:10:44] Speaker B: Only a few snafu over at old.
[00:10:46] Speaker A: Crowdstrike affected a few people. Few million. So Microsoft says that 8.5 million devices were affected by this bug, but that's less than 1% of all Windows devices, which I think puts it in perspective because we were seeing, like, flights had to be grounded. Like, all of these are still being.
[00:11:04] Speaker B: Affected to this day.
[00:11:05] Speaker A: Yeah, there's still people stranded. Like, that. Can't get home.
[00:11:07] Speaker B: If you're watching this on Thursday, which is tomorrow for us, that's what, almost a week? Six days. Yeah, six days. And this thing is still causing people issues.
[00:11:17] Speaker A: I think it was impacting, like there were certain people having trouble, like calling 911, things like that. Emergency services were impacted.
[00:11:22] Speaker B: Market was impacted.
[00:11:23] Speaker A: Yeah, yeah.
[00:11:24] Speaker B: Because all their, all their trading, I said all of it. There was a lot of the trading things that they used, the computerized systems running windows that had Crowdstrike on it, and it went and reboot blue screen, reboot blue screen, reboot.
[00:11:36] Speaker A: There was, yeah. And you had to manually go in and like that was, that was the initial fix. So I think it just puts it in perspective that if this is less than 1% of all Windows devices and it had this big of an impact worldwide, I can only imagine if there was any bigger of an outage that happens and the implications of that and how much longer it would take to recover if we're still feeling the effects of it almost a week later just for this relatively small amount of devices.
[00:12:02] Speaker B: And if you go into read this article, a lot of it just kind of goes into, hey, Crowdstrike had a problem. There was an update that was pushed. And that update, it was a null pointer that caused an issue with memory, which crashed the machine because it had kernel level access. Obviously, kernel level of access from time to time can cause some problems if you're pushing janky code, which they apparently did, and now we're in the boot loop cycle. So all the normal information that you've probably already heard of by now is in this article about what happened. But I think they really buried the lead, even though they put it in the headline, said it affected less than 1%.
Now, again, going back to what Sophia said, this puts it in perspective. This is the perspective we should be thinking about if this is what less than 1% of outages did.
Holy crap.
If I'm an attacker, I am now looking to exploit this. If I want to take my enemies down, if I really want to cause havoc and chaos, obviously this is the kind of thing I'm looking for. They did in one day with an accident what I've been trying to do my entire attacking career. Right. As the, as the quote unquote attacker out there.
[00:13:21] Speaker A: Yes. Right.
[00:13:22] Speaker B: I'm not actually attacking things. Don't get me wrong. I'm not like, yes, can't wait to get home and bring the government to its knees or whatever the case is. Right. But there are people out there that would absolutely wish to see that happend. So less than 1%. What do you think about that?
[00:13:37] Speaker A: Like I was thinking about this because when it, when I first saw it, I think it was, I guess it would have been on Friday, last Friday, I saw people talking about how, like, I'm completely unaffected by this because if, if you weren't currently traveling by plane, if you weren't trying to get to the emergency services, if you weren't working for a company that was running into this issue, services like, like social media was fine. Websites, YouTube, things like that, that people were trying to access seemed fine. Like everything was.
[00:14:03] Speaker B: They were on Linux.
[00:14:04] Speaker A: There you go. Yeah. So if you were somebody that, like, if I didn't work here and I never paid attention to the news, it probably, I would have been like, what? Sweet talking about, everything's fine.
[00:14:12] Speaker B: Yeah.
[00:14:13] Speaker A: So I guess in that sense, it doesn't surprise me that, oh, it was only 1% of devices, but at the same, because like, all these other services weren't affected.
[00:14:20] Speaker B: Right.
[00:14:21] Speaker A: But at the same time, the 1% of devices that were affected were some of the critical, like, things that we needed to. I think one of the.
[00:14:28] Speaker B: Did it say in the article, like. Cause it says that less than 1%.
[00:14:32] Speaker A: Yes.
[00:14:32] Speaker B: Like how less than 1%?
[00:14:34] Speaker A: That's a good point.
[00:14:35] Speaker B: Was it like a 9.97? Was it 0.80.7? Like, what are we, what are we talking about here?
[00:14:43] Speaker A: Around 1.5 billion is a recent or a reasonable ballpark estimate of the number of PCs currently running Windows. That was in 2017, though, right? So I actually, I don't know.
[00:14:53] Speaker B: It says you just look up like, Windows market share.
[00:14:56] Speaker A: Windows market share.
[00:14:58] Speaker B: And it might tell you interesting. In more, more better numbers and more better.
[00:15:03] Speaker A: I like to say that, okay, Microsoft Windows is the most used for desktop computers and laptops at 72.22%.
[00:15:10] Speaker B: And does it give an overall number of how many?
[00:15:12] Speaker A: Good question.
[00:15:12] Speaker B: Laptops. Anyway, a lot of math going on there.
[00:15:14] Speaker A: I'll see if I can find it.
[00:15:15] Speaker B: But the fact that this was less, that's really the important part. This was less than 1%, obviously, if 72% of all those desktop computers, that's just desktop, that's not even servers. Right. Was it desktops and servers or was.
[00:15:27] Speaker A: It just desktops for the outage, for.
[00:15:30] Speaker B: The market share that you were looking at?
[00:15:32] Speaker A: Oh, the figure that I saw was just desktop computers and laptops.
[00:15:36] Speaker B: So that wasn't even inclusing servers. Like, that is a huge chunk of a lot of stuff that's going on out there.
This is why this is a problem. We're so obviously entrenched into technology such as windows, that went. And then, of course, less diversification, like, when we put all our eggs in one basket of, you know, we're only using crowdstrike falcon, and we're only using windows because we like windows. And I get it there. It has a lot.
But the lack of competition and a lack of diversification of those systems. No backups. Running alternative things to where. You know what I mean? Like, maybe we should start rethinking the way that we do business as far as what a, what a backup looks like.
[00:16:27] Speaker A: Yeah.
[00:16:28] Speaker B: Right.
[00:16:28] Speaker A: Because when you think about backups, it's, it's. I don't know that I've ever heard it talked about, like, on a totally different operating system.
[00:16:33] Speaker B: Right.
[00:16:34] Speaker A: It's. It's good to have backups, but. Yeah, that's not something you would necessarily consider.
[00:16:38] Speaker B: Right.
[00:16:39] Speaker A: But an issue like this, even if you had a backup that was also running windows, it wouldn't matter because it might run into the very same issue.
[00:16:44] Speaker B: Exactly.
[00:16:44] Speaker A: So it is. Is a, it's a little, the implications of a larger outage are a little scary.
Obviously. I don't think this was like a, hopefully. I would hope this wasn't like a huge, like, loss of life and limb kind of deal. It. It could have been.
[00:16:58] Speaker B: I mean, hospitals.
[00:16:59] Speaker A: If it. Yeah. Impacted hospitals, impacted people's abilities, 911 capabilities.
[00:17:03] Speaker B: Yeah.
[00:17:03] Speaker A: Emergency services and stuff like that. And again, just 1%. So I think it would be, the implication would be a little bit scarier. Um, you may have noticed we have a little friend here. This is cozy bear. This is cozy bear.
I've talked about him before. I went to black hat last year, went to Crowdstrike's booth. They had a thing going on. You could get a figurine if you talk to a bunch of people. This is the figurine that I got. And they just thought that maybe we should put him here as a special guest since we are going to be talking about crowdstrike so much.
[00:17:29] Speaker B: He's over there going, and they say I'm the problem.
[00:17:31] Speaker A: Yeah, no, look at me. I just work here. I don't know what you're talking about. So we just wanted to quickly, before we get into some of this other stuff, talk about what exactly happened and put it in perspective as far as, hey, this was a relatively small amount of devices compared to the total amount of Windows devices in the world, even.
[00:17:46] Speaker B: Though it cost massive issues.
[00:17:48] Speaker A: Havoc. Yes, absolutely. So another one that Daniel brought up this point. Administrators are learning some lessons from this crowdstrike outage update lessons specifically. So, Daniel, I guess beyond like what you said about maybe changing the way we think about backups and all that stuff. What lessons are there to be learned from this?
[00:18:05] Speaker B: So this was an interesting article talking about backup strategies. I, at first, the register really let me down, so I.
Because the title here says administrators have update lessons to learn from the crowd. Okay. They changed it. It used to be a little weird.
[00:18:20] Speaker A: Oh, yeah.
[00:18:20] Speaker B: The way they had. Yeah. I guess they saw there was a snafu in the article. It wasn't worded well and it didn't make any sense in the english language.
So they must have caught their error and changed it. As of now, that said, talking about backups. Right. So they were explaining in this article how in a backup strategy. Right. Or update strategy. Let me put it this way. It's not backups. I'm sorry, I should be saying updates. You got me on thinking about backups. It's about updates. So the update strategy is going to be very common for you to do. N minus one, n minus two. These are very common update strategies. So one update off of the most current, two updates off the most current. And typically you run non critical systems in n minus one, and you run more critical systems in n minus two. That way, if something janky goes on, you can go, well, cool. My production servers aren't going to get that update, so I can triage the non critical stuff. We can roll back. You can do that, have a lot of fun, and it's a great day had by everyone where we're doing rollbacks and having a great time putting out those fires. But it's no big deal because critical systems were not affected.
The problem here was as that the update that they received was a definitional upgrade to. It was not a product update, if I'm not mistaken. Right. It was a definition upgrade or update to the signatures of Crowdstrike Falcon looking for x, y and z, things that they had, you know, with c two communications named pipes and other stuff. So it was a definition on how Crowdstrike looks at stuff, not to the product itself. Right. The underlying code that runs the product.
[00:20:08] Speaker A: Sure.
[00:20:08] Speaker B: It was just definitional, which bypasses all your update strategies. Right. And this is common practice as well when you're talking about AV Edrdemen, these systems, we want them to be on the bleeding edge so that we can more effectively triage and be as close to safe as we can with these systems. So that wasn't out of the realm of like, being bad practice.
[00:20:35] Speaker A: Yeah.
[00:20:36] Speaker B: Right.
Do we now adjust?
Is there an adjustment we can make this is the conversation that this opens up is what do we do now that we're kind of through those Pandora's boxes opened up and we see, oh, this can be a problem as well.
[00:20:51] Speaker A: Yeah. If this is not an issue we would have considered previously, it's not something that ever would have even crossed our minds that this might go wrong. And now it has gone wrong. Do we do anything going forward to try to prevent against that in the future?
[00:21:02] Speaker B: And if so, what do we do?
Do we now have the ability, do we clamor and clang a symbol and rabble, rabble, rabble about? I need the ability to better control when we get definition updates so that I can have an n minus one strategy and n minus two strategy along with that. Maybe we do. Maybe. Maybe that's what this takes us to. But it's an interesting conversation. I would be interested for those of you running, it's been a while since I've been someone that did that as my job. So I'd be interested in contemporary people out there that are running updates and doing patching. That that is your bread and butter. What say you on this comment below? I'd love to hear it conversation going.
[00:21:45] Speaker A: I'd be curious to hear from people that were directly affected, like folks that work in IT departments and things like that, that were having to go and correct this. And I was seeing all these like memes about like my boyfriend just got a call and his face turned white. He's the only it guy for his entire company and he just left. I'm like, oh man, I got, I.
[00:22:04] Speaker B: Got multiple DM's and like text messages from people that work in it and they're like, so did you have to go crazy on this crowdstrike thing? I was like, nope. A, we use sophos and b, I'm not on the IT team. So ha ha ha.
[00:22:19] Speaker A: I did my time.
[00:22:20] Speaker B: Yeah, not my problem.
[00:22:22] Speaker A: Yeah. I would be curious to hear your, your tale of trauma from last week and what you had to go through.
[00:22:27] Speaker B: And fence your frustration.
[00:22:30] Speaker A: We are here for you. I have to wonder if somebody, a lot of times when stuff happens, it seems like there's like, like somebody ends, even if it wasn't their fault.
I was interested to learn that the CEO of Crowdstrike has this is not the first rodeo for him as far as having a global tech outage. And I'm getting now a pop up that says I have to create an account to keep reading so I will fix that in.
[00:22:54] Speaker B: Guess what? I've got it on mine oh, really?
[00:22:55] Speaker A: Okay, well, then you just have to trust us. I'll.
[00:22:57] Speaker B: I do not have to take an. Oh, I got a plug in. He can put the article up.
[00:23:00] Speaker A: Yeah, that's true. That's true. So this is the second time that Crowdstrike's CEO has been at the center of a global tech failure. His name is George Kurtz. With a K and a Z. That is a fun name. But he previously worked for.
Who did. Who was. He was the CTO.
[00:23:15] Speaker B: Right? Cto for McAfee.
[00:23:16] Speaker A: Ten years ago.
[00:23:17] Speaker B: Guess what happened ten years ago when he was CTO? McAfee pushed a janky update to their software, and it crashed and boot looped a bunch of windows machines.
[00:23:28] Speaker A: Ah. Don't we love it.
[00:23:30] Speaker B: Ah. You know, they. They say history doesn't necessarily repeat itself at rhymes, but every now and then.
[00:23:37] Speaker A: You know, like, it's the spitting image.
[00:23:39] Speaker B: I'm like, didn't we do this? What's this? Is this. Hold on. And it was the same guy.
[00:23:46] Speaker A: It is interesting because it's not like he's in a position to where. Oh, well, he was the guy supposed to be doing the code review. He was the chief technical officer. He's the chief executive officer. So he's maybe the one giving, like, the final. Okay. But he's not necessarily, like, doing the code reviews or checking these updates himself. It's just that he. Do you think it's like a. It just is bad luck.
[00:24:06] Speaker B: Bad luck? Like he's been cursed by the it gods and hurts has been cursed. Yes.
[00:24:11] Speaker A: That should have.
[00:24:12] Speaker B: Last night. Was it cursed? I mean.
[00:24:14] Speaker A: Kurtz history doesn't repeat itself. It arrives. Yeah, there you go. That's what should have been their headlines.
[00:24:18] Speaker B: That's it. That's.
[00:24:19] Speaker A: But that was. That was an interesting point.
[00:24:21] Speaker B: That is an interesting point. Right.
[00:24:22] Speaker A: The last guy.
[00:24:23] Speaker B: Can we lay blame at his feet? Like, I. Probably not directly, but. But he does have some, like, um, influence. Obviously, I say some. Obviously, he can influence everything that he wants, as either the CTO or the CEO of both of these companies to say, this is how we do things, develop strategies at that level. His job is to go, we need a good strategy for creating patches and updates and then delivering patches and updates and making sure they get tested and validated and everything before anything gets pushed. So at that level, it definitely falls at his feet.
[00:25:04] Speaker A: Yes.
[00:25:05] Speaker B: Now, if they had that in place and it just wasn't followed, somebody didn't do what they were supposed to do.
He's less culpable.
[00:25:15] Speaker A: Right.
[00:25:16] Speaker B: To a very smaller. A much more, smaller extent to the fact that how did this person get to. If they did that, how long have they been doing that?
And b, how come. No, if they had been doing it for a while, why were they never sanctioned for this?
[00:25:31] Speaker A: You know, what did it take until now?
[00:25:32] Speaker B: You obviously need much more. And the details on the who and the how have been scarce. Yeah.
[00:25:41] Speaker A: But to this guy's credit, to George's credit. Say it like we're besties. George, my buddy.
[00:25:45] Speaker B: Yeah. I called G up, and I'm like, good old GK. Yeah.
[00:25:49] Speaker A: To Mister Kurtz's credit. We talk sometimes about how when something goes wrong, whether it's a breach or whether it's just something like this, where it's a mishap, some kind of a snafu, there's almost never a, like, acceptance of responsibility or blame. There's almost never an apology. And he put out a statement last week, I think, on, like, Saturday. And the first line of this statement is, I want to sincerely apologize directly for today's outage, like, directly from him. He is taking full responsibility. So that was a little bit. I don't know that I was expecting that for him to be apologetic.
[00:26:20] Speaker B: I would never expect that.
[00:26:21] Speaker A: Because you apologize, and now you're accepting.
[00:26:23] Speaker B: That is not the playbook that we see from ctos, CiSos.
[00:26:28] Speaker A: I guess CEO's, when it's on such a massive global scale, where everybody sees that this is going wrong, it's kind of hard to deny, deny, deny. You basically have to be like, all right, yeah, yeah, we messed up.
[00:26:39] Speaker B: This was us.
[00:26:40] Speaker A: And he didn't say we said, I bet. I thought that was also. He didn't say what he took responsibility directly. He said, I want to apologize. Something that we don't see very often.
[00:26:48] Speaker B: Yeah, I give credit where credit's due. You know, I've said it once, I will say it again. I believe in paths to redemption and forgiveness.
[00:26:57] Speaker A: Yeah.
[00:26:57] Speaker B: That doesn't necessarily mean that I'm going to just wholesale trust. Crowdstrike out of the gate now. There's obviously going to be a mourning period of mistrust and untrust and go, is this going to happen again? I got. We got to build the trust back up.
[00:27:15] Speaker A: Right? Yeah.
[00:27:16] Speaker B: Right.
[00:27:16] Speaker A: Yeah, that's true.
[00:27:17] Speaker B: Crowdstrike has been for years, obviously delivering a high quality product.
[00:27:22] Speaker A: Right. There's a reason there's such a big name.
[00:27:24] Speaker B: There's a reason they're such a big name.
[00:27:26] Speaker A: Yeah.
[00:27:27] Speaker B: And then, yeah, I think without further evidence, you can't say bad luck just caught their butts. This time.
[00:27:33] Speaker A: Sure.
[00:27:33] Speaker B: Like, I want to see more evidence. It could just been negligence and bad business practices that caught. And that's quote unquote bad luck, right? You kind of made your own bad luck at that point, if that is the case. But I don't know. I haven't seen more detail. If you have more details on that, please comment below, because that's the great part of the comment section here. It's not for you to come in here and tell us how much you hate our guts and how bad we do our jobs. Even though that's always fun to read.
[00:28:00] Speaker A: That's what the forums are for.
[00:28:02] Speaker B: It is to have good conversation. And basically further what we're talking about here, for everybody that watches this after the fact, to lend to the conversation, don't just use it.
[00:28:13] Speaker A: This is a community.
[00:28:14] Speaker B: Yes.
[00:28:14] Speaker A: Everybody can contribute.
[00:28:15] Speaker B: Be a part of the solution, not the problem.
[00:28:17] Speaker A: Absolutely. And correct us when we're wrong.
[00:28:18] Speaker B: Yeah.
[00:28:18] Speaker A: Because a lot of times I say stuff, and maybe I'm not sure. And so it's nice to hear, like.
[00:28:23] Speaker B: I doubt sometimes when I say, hi, I'm Daniel. I'm like, is that true? Well, I could not. I might be wrong.
[00:28:29] Speaker A: Speak for yourself. All right. I had an episode where I thought I was Kevin Finnerty for a few weeks. So you gotta, you gotta give me, give me some grace here. But for better or for worse, this outage did happen. Obviously, it was affected quite a few people, quite a few businesses and companies and things, but the consequences of this are not necessarily over, because anytime a big thing like this happens, of course there's gonna be bad guys that try to take advantage of it. And so we have seen this going on, people exploiting. I saw one that was like, oh, they sent out like, oh, there was a word document that was going around that was instructions for how to fix your machine. If you were getting this blue screen instructions. And of course, there's then a malicious macro in the document, and so you're screwed if you open it.
[00:29:07] Speaker B: But, hey, if you had crowdstrike, and so.
[00:29:09] Speaker A: Right. Yeah.
[00:29:11] Speaker B: The hell is this?
[00:29:13] Speaker A: So Crowdstrike had a blog post of, this is Falcon censor content issue from July 19, likely used to target crowdstrike customers. So, of course there's always going to be folks that are taking advantage of this stuff for bad activity.
[00:29:25] Speaker B: You know, the bad guys always say, never let a good catastrophe go to waste.
[00:29:29] Speaker A: Yeah, right. Never waste a tragedy.
[00:29:31] Speaker B: That's right. Don't waste a tragedy, man. We can do this. We can use this to put money in our pockets and fleece the general public.
[00:29:38] Speaker A: True.
[00:29:38] Speaker B: And so party on, Wayne.
And that's exactly what they were doing. I actually, on my LinkedIn I saw someone the day that this was happening. Immediately they had a handful of URL's of saying, hey, be on the lookout for this. His name was Dave something. And so I reposted that. I was like, yes, do not let your guard down because you're in panic mode.
[00:30:02] Speaker A: Yeah.
[00:30:03] Speaker B: Because people will absolutely take advantage of the situation and you have to keep your guard up. So make sure you're looking. And again, kudos to Crowdstrike for saying yes, this is a problem. Our article comes straight from Crowdstrike. They got a whole list of URL's that you need to keep an eye out for and going, hey, if, tell your user base, if you see this, this is not right. This is not us. Do not follow these things. We will be the ones that implement any fixes. It will come straight from us. And don't trust, always verify everything when it comes to this.
[00:30:41] Speaker A: Never trust, always verify.
[00:30:42] Speaker B: Yes. Zero trust, zero trust environment.
[00:30:45] Speaker A: Now, I wanted to the, you mentioned that person on LinkedIn that had shared.
[00:30:49] Speaker B: Thank you for bringing that up.
[00:30:50] Speaker A: It was David Garcia. And Daniel did repost it to his LinkedIn. So there it is. Apt. Using the crowdstrike outage to spin up new domains. Watch out. And he's got the list here. So.
[00:30:59] Speaker B: And obviously that's a smaller list than the one on the Crowdstrike article. Cause if you look at the one on the Crowdstrike article, it's about twice that size now you can see, there you go.
[00:31:08] Speaker A: In less than a week.
[00:31:10] Speaker B: Booyah.
[00:31:10] Speaker A: Oh, don't. We love it.
[00:31:11] Speaker B: And of course, they look like you got Crowdstrike o'Day. You've got crowdstrikebluestring.com crowdstrike BSod. I love this one. Crowdstrike update. Right? That looks legit right there, man. Like, that would very easily trip up many people. Yeah, that's a very legit one looking one.
Fix crowdstrike.
Microsoft Crowdstrike.
[00:31:36] Speaker A: Crowdstrike fix.
[00:31:37] Speaker B: Right.
[00:31:37] Speaker A: Crowdstrike down. The only one that stands out here is one that I'd be like is Crowdstrike O day. Because I feel like companies. Yeah, I don't know that they put that in the URL and acknowledge that, like, yeah, this was an O day. I think that would be the only.
[00:31:48] Speaker B: One that, I mean, it's gonna catch a handful of people.
[00:31:50] Speaker A: Oh, sure. Absolutely. Well, yeah, it's just the cast a wide enough net, people are going to fall for it at some point. So.
[00:31:55] Speaker B: So be on the lookout.
[00:31:56] Speaker A: Be on the lookout.
[00:31:57] Speaker B: Stay safe.
[00:31:58] Speaker A: Yeah. Thank you for bringing that up, Daniel. Appreciate that. And like you said, that was directly from Crowdstrike's blog, so you know you are getting it right from the source.
[00:32:04] Speaker B: Yeah.
[00:32:04] Speaker A: That's all we've got for this lovely Crowdstrike catastrophe that's been going on over the last week.
[00:32:10] Speaker B: It has been a dumpster fire.
[00:32:11] Speaker A: It has been so fun to watch unfold, especially because we've been relatively unaffected by it. So if you were affected by it, if you're stranded somewhere, stuck in an airport, we hope that you're doing okay and that you get home and get where you need to be soon. Cause we knew a few people that got stuck traveling because flights were grounded and they were stuck in other states.
[00:32:27] Speaker B: Still stuck.
[00:32:28] Speaker A: Still stuck, yes, still stuck. We are hoping. Yeah, they're doing like they're fine. They're not.
[00:32:34] Speaker B: It's just they've just learned to accept their new life as basically Tom Hanks from the terminal.
[00:32:39] Speaker A: Yeah. Fun living in Alaska, so we hope y'all are doing okay. That said, we are gonna take a quick break because we're not just talking about Crowdstrike. We got a whole bunch more stuff that we want to get into, some gaming things. It's gonna be a lot of fun, so don't go away. We've got more coming up here on Technado. Anthony, what are we going to be talking about?
[00:32:55] Speaker B: We are talking about our newest and most excellent cloud plus course.
[00:33:01] Speaker A: This course really does an amazing job.
[00:33:03] Speaker B: Of taking the learner from the very fundamental aspects of cloud and then walking them through some of the more advanced topics.
[00:33:13] Speaker A: They're going to learn about how to.
[00:33:15] Speaker B: Secure the cloud, how to optimize the cloud, how to save costs with the cloud. So this is not a course with complete bias to AWS or Google Cloud platform or Microsoft Azure. We breathe life into this material by doing demonstrations across all of the big three cloud vendors.
[00:33:39] Speaker A: We have a lot of fun in cloud and we know that you will too. Come check it out.
Welcome back. Thanks for sticking with us through that lovely little commercial break. Hopefully it wasn't too long and hopefully not.
[00:33:54] Speaker B: It's pretty short.
[00:33:55] Speaker A: It's like less than a minute, I think. So hopefully you didn't miss us too much. We'll get right into it. We have got, I know we don't often do like a whole ton of segments on here anymore, but when we can do them, I do enjoy them. So this segment is called behind bars.
It is a jam, that one. And the deja vu one, I think, are my favorites. So this might also kind of be a deja vu, because we talked about the MGM attack that happened several months ago.
[00:34:26] Speaker B: You got to pick a segment, right?
[00:34:28] Speaker A: We got to pick a segment, yeah.
[00:34:29] Speaker B: Is it the deja vu or. It's this one?
[00:34:31] Speaker A: Right? In this case, I think behind bars is a better fit, only because there was an arrest made, which is great. So.
[00:34:36] Speaker B: Yeah, we don't always get that, do we?
[00:34:38] Speaker A: Don't always get that. We don't always get that. That follow up.
[00:34:40] Speaker B: That's right. Closure.
[00:34:42] Speaker A: Yeah, closure. That's the word I was looking for. They've arrested a scattered spider hacker linked to the MGM attack. And you can see this AI generated spider here. It's always great. That's, like, a requirement. Now they gotta have an AI generated image in their. In their article, but it was a 17 year old boy suspected of being involved in that ransomware attack that happened last year. I think it was, like, last summer around that time.
[00:35:00] Speaker B: I think it was, yeah.
[00:35:01] Speaker A: So they've made an arrest, I think, yeah. He's out on bail now, but they are still investigating, and we can hope that somebody will pay the price for this heinous crime.
[00:35:10] Speaker B: That's right. The debt must be repaid. You have wronged us, sir.
[00:35:14] Speaker A: Davey Jones.
[00:35:15] Speaker B: Yeah, I guess. I don't know.
[00:35:16] Speaker A: Or something. Or Barbossa or something like that.
So he was arrested in connection with scattered spider. So obviously, you know, scattered spider is a bigger group, a bigger entity. But if this was the kid that was. I would almost be a little impressed if it was this kid, because wasn't this the one that it was? All they had to do was, like, social engineer somebody, and they were able to, bing, bang, boom, cause all these problems they, like.
[00:35:38] Speaker B: You know, I don't remember exactly what their initial access was, so it's quite possible and probable even that. That's exactly the initial, because I would love to see a pie chart or a graph or something that shows initial access vectors.
[00:35:56] Speaker A: Yeah.
[00:35:57] Speaker B: Threat actors. To see what is the most common. And how much is it the most common. I would assume that phishing is in social engineering. High on the list.
[00:36:09] Speaker A: It looks like scattered spider is known for vishing fraudulent phone calls to employees and help desks to phish for login credentials.
[00:36:16] Speaker B: You need access to a system, you just call and ask them for it.
[00:36:18] Speaker A: Yeah.
[00:36:19] Speaker B: Hey, by the way, what's your creds?
[00:36:23] Speaker A: The people that are working at MGM are more worried about like, the security issues that might be happening. Right. Of them and like, the. On the gambling floor or whatever, and they're not even thinking about. Oh, yeah, no, no, no problem. I'll just give you my credits. It's no big deal. So this kid, if he was. If they do their. Their investigation does result in turning up some. Some evidence that says, yes, this kid was responsible, I guess. Do you think he'll, uh. Do you think I'll have to, like, be tried as an adult? Because, I mean, he's 17.
[00:36:46] Speaker B: Yeah.
[00:36:46] Speaker A: So. Yeah. You think so?
[00:36:47] Speaker B: Yeah, I would assume so.
[00:36:48] Speaker A: You don't surf time and juvie for, like, major cyber attacks.
[00:36:51] Speaker B: If he was younger. I mean. Yeah, the crimes occurred when he was probably, like, 16.
[00:36:58] Speaker A: Yeah, probably.
[00:36:59] Speaker B: Maybe just turned 17 and then.
But at the fact that now that we're arresting you and by the time trial happens, it's like, it's a good probability they'll just try him as an adult and maybe. Is he in the UK? Yeah, yeah. In the UK, what is the. Isn't 18 and 18 is adult here, but isn't maybe they have a younger.
I'm not sure about that because I.
[00:37:21] Speaker A: Know there's rules about, like, when you're a UK citizen, I know there's different, like, you can drink at 18, whereas here it's 21.
[00:37:27] Speaker B: So there's some differences there. I know.
[00:37:29] Speaker A: So I think. Okay, so I think 18 is still the age where you're legally an adult. It's just that certain things like gambling and things like that, they have different ages.
[00:37:40] Speaker B: Lower bar for them.
[00:37:41] Speaker A: In England, Wales and Northern Ireland, a child can be held criminally responsible for a crime and be tried in a court of law as young as ten years old.
[00:37:49] Speaker B: What?
[00:37:50] Speaker A: That's crazy.
[00:37:52] Speaker B: That it seems young. I've got a ten year old and trust me, they are not responsible for their actions for the most part.
[00:37:59] Speaker A: You can go to a pub at age 14, you can drink at age 16, get married.
[00:38:03] Speaker B: Wow.
[00:38:04] Speaker A: Get a license to drive a moped.
[00:38:05] Speaker B: Okay, well, you can get married pretty young here, too.
[00:38:08] Speaker A: That's true. Oh, with parents permission. In Scotland, though, you don't need parent permission. You can just go get buck wild.
[00:38:12] Speaker B: That's the Scots.
[00:38:13] Speaker A: Those Scots.
[00:38:13] Speaker B: Yeah, man.
[00:38:16] Speaker A: But 18 is the legal age of majority there. So I guess in this case, by the time this actually gets to a point where they're like, yes, we are going to court and all this. Maybe he will be 18.
[00:38:26] Speaker B: I guarantee it. They're going to get him as adult. I will say, I think for me, the broader conversation, the more interesting conversation to have is I can. I can hear the LinkedIn crowd, I can hear the professionals out there in the cybersecurity space going, because I see this a lot, because I haunt LinkedIn quite often, is how many cybersecurity certifications did he have to be able to take down MGM?
[00:38:52] Speaker A: It wouldn't surprise me if the answer was none.
[00:38:54] Speaker B: Correct.
Now, the question then becomes, what do I need cyber security certifications for? Obviously, I can learn to. Or this is why you need. So there's like, these philosophical differences on whether or not cybersecurity certifications are actually worth it, and if so, how much they are worth it. It's a really interesting conversation to have. I would love to hear what you have to say about that comment below.
I love these articles today. They give me a lot of. I want to hear your take on this.
[00:39:25] Speaker A: Well, you got me thinking now, because I feel like the argument to be made for cyber security certifications a lot of the time is that it makes you more hireable that then it's some kind of a document of proof you have, especially the certifications or the exams that require you to do more hands on stuff like labs and things like that.
It's, hey, I've got hands on experience.
If this guy's a scattered spider gang member, I doubt he's actively.
[00:39:49] Speaker B: Well, then you've got the. So let me devil's advocate that, right? You've got the cybersecurity Cert X, right? I've hired plenty of people with a cybersecurity secured x, and they suck.
[00:40:02] Speaker A: Yeah.
[00:40:04] Speaker B: This guy ain't got a single thing he's able to. Right? So that's the. That's the argument on one side, right?
[00:40:09] Speaker A: Yeah.
[00:40:10] Speaker B: So then it becomes like, okay, which cybersecurity certifications are worth their weights, right? And which aren't? Which ones are actually providing me with skills I can use and knowledge I can use.
[00:40:23] Speaker A: Yeah.
[00:40:23] Speaker B: And that's why I was like, when we're. When we're trying to do even penetration tests and red teams, how close to threats do we emulate?
[00:40:32] Speaker A: Yeah.
[00:40:33] Speaker B: Right. Is it really? Because obviously we can't do. Oh, I'm not saying we can't do it. It's. It's not normal for your clients to have the appetite for ddos, especially against production.
[00:40:47] Speaker A: Yeah.
[00:40:47] Speaker B: Every now and then, and blue moon's like, yeah, yolo get Buck wild. But most of the time, they're like, production does not go down. Right. Production is not going down. That's not how we do things. Right. And you put it in your documentation too when you see works and scopes and all that. Yes. Roes that we don't touch production during X, Y and Z times. If that happens, we got. This is how we escalate in our point of contacts and X, Y and Z. So.
Yeah, but it is interesting to see these are your attackers out there. And this isn't uncommon to see younger people being able to completely own a network of some organizations that probably have decent security going on.
[00:41:32] Speaker A: Yeah, I think.
[00:41:33] Speaker B: How are we addressing that is my question.
[00:41:36] Speaker A: Yeah, that's true.
[00:41:37] Speaker B: What are we doing to make them less effective?
Are pen tests doing it? Are red teams doing it? Is VA doing it? By that I mean vulnerability assessments and vulnerability management. Is that right? Are we doing all of them? Is it security awareness training? Is it. And how do we make that more effective? That becomes the question, are the cybersecurity certs that we are? You start to get where.
[00:42:02] Speaker A: Sure.
[00:42:02] Speaker B: I think there's are, you know, good arguments to be had on both side of that equation.
[00:42:05] Speaker A: Absolutely. I think whether it's a knowledge based certification or experience based or whatever, there's good to come of it. And I think especially you're doing things the right way. You're not trying to hack into actual companies and cause damage and whatever just to get your experience. This guy, I imagine could care less.
Yeah. He's hacking it MGM or doing whatever he's doing and carrying out these attacks. So he's getting.
[00:42:25] Speaker B: He has no constraints.
[00:42:26] Speaker A: He's getting a ton of hands on experience. He's just breaking the law in the process. And it's not going to matter because he's probably going to do some time. So, you know, it's like.
[00:42:34] Speaker B: And then does that become the new cybersecurity? I was a black hat for a while.
[00:42:38] Speaker A: Yeah.
[00:42:39] Speaker B: Like there's a. So there's a guy on LinkedIn, his name is Daniel Kelly and he was a black cat. I believe he was arrested for it and everything served as time. And now he has gone legit.
[00:42:50] Speaker A: Yeah.
[00:42:51] Speaker B: Kevin Mitnick turned over.
[00:42:52] Speaker A: You leave. Yeah.
[00:42:53] Speaker B: Do you then trust them? And I. I think he's had trouble getting work because of his past.
[00:42:59] Speaker A: Yeah.
[00:43:00] Speaker B: Even though he's very vocal on LinkedIn about now being a part of solution and not the problem.
[00:43:04] Speaker A: Sure.
[00:43:04] Speaker B: His insights are probably priceless because he's been. That was doing the black hat stuff.
[00:43:10] Speaker A: Yeah.
[00:43:11] Speaker B: And, you know, it's just. It's an interesting conundrum.
[00:43:15] Speaker A: Yeah.
[00:43:15] Speaker B: Right. It's a real paradox.
I don't know. That I know the answer to it, but it is an interesting conversation.
[00:43:21] Speaker A: That's probably is an ongoing conversation that will continue. Like, it just. Yeah, I don't know that there's a one solid answer, but it is an interesting conversation.
[00:43:28] Speaker B: Absolutely.
[00:43:29] Speaker A: So, yeah, we'll see if this guy ends up doing some time or he's been arrested, but we'll see if he actually gets convicted of what he's been accused of. So obviously, no name is given because he is a minor.
[00:43:39] Speaker B: Yeah. So you get busted, man. Kick someone's ass the first day.
[00:43:43] Speaker A: Yeah, yeah, yeah. Establish yourself.
[00:43:46] Speaker B: Yes.
[00:43:48] Speaker A: Oh, man. So that's. That's it for our behind bars segment for the day.
I don't know if we'd call this a deja news, but I'm gonna say that it's not. I'm just gonna skip over it. Google has changed its mind about dropping support for third party cookies in Chrome after years of trying to make it happen. And Daniel says that we have talked about this on Technato before. My memory is terrible, so I don't remember. But you're giggling.
[00:44:10] Speaker B: I'm giggling because I will admit I have seen a bunch of movies that you probably wouldn't expect that I have seen, like, mean girls.
[00:44:19] Speaker A: Okay.
[00:44:19] Speaker B: Right.
Stop trying to make fetch a thing.
Right. That just popped into my head. So, yes, I've seen mean girls. I have girls in my house.
[00:44:29] Speaker A: That's true.
[00:44:30] Speaker B: I have watched this movie.
[00:44:31] Speaker A: Yeah, but you have nice girls in your house.
[00:44:32] Speaker B: I do.
[00:44:32] Speaker A: You have, like, you're.
[00:44:34] Speaker B: I will admit it was an entertaining movie.
[00:44:36] Speaker A: It's. Yeah, it's a decent flick.
[00:44:37] Speaker B: I didn't hate it.
[00:44:39] Speaker A: Oh, well, that's.
[00:44:40] Speaker B: It was funny.
[00:44:40] Speaker A: Tina face. Pretty funny.
[00:44:41] Speaker B: Yeah.
[00:44:42] Speaker A: I enjoy some of her work.
[00:44:42] Speaker B: Yeah.
[00:44:43] Speaker A: But in this case, yeah, I guess support for third party cookies is. It is going to be happening. It is going to be ongoing. Even though Google has talked about in the past that they were going to drop support for ad tracking third party cookies ever since, I think, 2019. They said that was their long term goal. And now they've said, well. Well, I mean, we said it, but did we really mean that?
[00:45:04] Speaker B: Oh, they absolutely meant it. Yeah, they absolutely meant.
So the question is, why are they backing down now when obviously, as this article says, for years it has been attempting to make this thing a thing.
[00:45:19] Speaker A: Yeah.
[00:45:20] Speaker B: What is it? People have spoken and said, no, thank you.
I don't need you to help me do this. What I need you to do is give me the same controls that the other browsers have given me for years.
[00:45:34] Speaker A: That's true.
[00:45:35] Speaker B: Just allow me to handle my own security and I don't need you doing it for me. So what's the problem here? The problem is Google is a large company.
Google has a lot of power and influence based off of their, just like Microsoft, just like Apple, just like all these other big tech companies. We rely on them for our everyday lives.
They got enough of our of control over us. If we cannot give them more. That seems reasonable. So you start worrying about antitrust.
[00:46:05] Speaker A: Sure.
[00:46:06] Speaker B: And things of that nature with like, everything being glommed into one thing.
Hmm.
What did we learn about Crowdstrike?
Right. Putting all your eggs in one basket.
[00:46:20] Speaker A: Yeah.
[00:46:21] Speaker B: Can be convenient. But it can also, if the s hits the fan, be a problem.
[00:46:27] Speaker A: Even the strongest basket is not only so much. Yeah.
[00:46:31] Speaker B: Right.
I don't necessarily trust Google. I don't know about you. I don't want them doing this stuff.
[00:46:39] Speaker A: Yeah. So, yeah, I myself switched from Chrome to Firefox and I've been quite happy with it. So a few years ago, this is proud. I know you're gonna, you're gonna start crying. I have not made the jump and try it out brave or anything like that yet.
[00:46:51] Speaker B: I'm still, I go side by side.
[00:46:53] Speaker A: Yeah.
[00:46:53] Speaker B: Because there are some things that Firefox, it's not Firefox's issue necessarily. Some, a lot of times it's the fact that developers are just assuming you're in a chromium based browser.
[00:47:05] Speaker A: Yeah.
[00:47:06] Speaker B: And going, Firefox, that's an afterthought. So every now and then you run into that and you're like, ah. And then Brave has some really good features as well, even though it is also chromium based. But, yeah, that's neither. It's not really discussing what's going on here. I don't see brave clamoring to control your cookies.
[00:47:21] Speaker A: No. That would be kind of antithetical to what they're all about. Right.
[00:47:25] Speaker B: Seems to be the opposite of what they're trying to do.
[00:47:27] Speaker A: Yeah, that would be an interesting choice for me.
[00:47:29] Speaker B: I like having both. Like, how about that? Diversifying.
[00:47:33] Speaker A: Yeah. Giving yourself some options.
[00:47:35] Speaker B: I need to have. I love options. That to me is the best way to go. I want to be able to go. I want this on. I want that. I'm the person that gets down on the minutiae of stuff and goes and reads eulas and knows what it is I'm signing when I say yeah. And I go, is this worth it? That's really gonna weigh the pros and cons here. Before I click. Yeah. Next. Next.
So that's just me, this one guy. But guess what has kept me out of the weeds a lot.
[00:48:05] Speaker A: Yeah. In my life evidently. And like, like you were saying earlier, it's don't do it for me, just give me the option. Yeah, opt out of this stuff. And that's what Google's doing. That's what Chrome is gonna be doing.
[00:48:17] Speaker B: You've installed some virtual machines haven't you?
[00:48:19] Speaker A: It's been a while, but.
[00:48:20] Speaker B: Yeah, but you've done it. A lot of them have this easy install option. So if you say I'm installing windows and it'll default, check the easy install option, I'm the guy that goes, nope, let me customize. Stop it. No thank you. But you know what, I appreciate that that button is there.
[00:48:40] Speaker A: Sure. For people that want it.
[00:48:41] Speaker B: That is the kind of options I'm looking for. Right. Because every now and then in a blue moon I go, yeah, I'm just spinning this thing up and I'm just going to blow it away here in about 5 seconds. So get crazy. Yeah, easy install.
[00:48:52] Speaker A: Yeah. It makes it easier for you.
[00:48:53] Speaker B: In that case, speeds up time every now and then. Give me the option right to yes or no this.
[00:49:01] Speaker A: Yeah, I think that's what most people want in a lot of things. I think in general people don't like when you take away their choices and their options like well I was going to do this anyway but now you're telling me I have to. I don't like that. And so give me the option to customize and do what it is that I want to do.
[00:49:15] Speaker B: I do take umbrage of the fact that they default me into it.
[00:49:18] Speaker A: Yeah.
[00:49:18] Speaker B: Right. I think everything should I say everything to you know of course I get to reasonable arbitrate that yeah. The degree in which reasonable is right. But I think we can come to a consensus in in the world on what that is reasonable and then go yeah, this is what's reasonable. And here is so reasonable could be easily established by without this the thing don't work.
[00:49:44] Speaker A: Yeah. So it'd be reasonable to opt into that.
[00:49:47] Speaker B: Opt into those things.
I have said yes, implicitly go I've downloaded and installed or I'm running, I've.
[00:49:54] Speaker A: Browsed to you agree to that by.
[00:49:56] Speaker B: Nature of just using obviously I want to use the product in some way. So to a certain level I have agreed and then when it comes to all the bells and whistles just give me those options.
[00:50:06] Speaker A: Yeah, give me the choice, let me be the arbiter, make the final decision.
[00:50:09] Speaker B: I'll get off my soapbox. Next article.
[00:50:11] Speaker A: Yeah. How dare you. Well, we're not quite done talking about Google. There was a recent deal that was in talks, Wiz and Google. We're going to join forces in some way. And Wiz has chosen to walk away from that 23 billion with a b dollar Google deal. It's a cloud security giant called Wiz that walk away.
Oh, okay.
[00:50:32] Speaker B: Those of you, if you know, you know.
[00:50:34] Speaker A: Okay, well, I'll leave it at that then. I had not heard of Wiz before hearing about this story, but they are a cloud security giant and they are sticking to the plan of pursuing an IPo instead of striking that deal with Google. So, walking away from a lot of money, I guess what would be the. Because this. I've been seeing stuff about this for like the last week.
[00:50:52] Speaker B: Yeah.
[00:50:52] Speaker A: As far as. Yeah. Oh, this deal is gonna happen. This deal is gonna happen. And now they've decided no. For what?
[00:50:59] Speaker B: I would only assume that they feel like, I would think if it were me on the top of that pyramid is most likely the fact that they value control over that company and the money that they believe that they're going to make long term will far exceed the money they'll make in the short term by selling out to Google. I would also assume under the. Near the top of that pyramid is going to be the.
Like Google already. Again, Google already has enough control over a lot of stuff.
[00:51:34] Speaker A: Yeah, right.
[00:51:35] Speaker B: They're already a very big company. Maybe we do not want to contribute to Google's overall control over.
So Wiz is a very popular and useful piece of security software. So now it's a Google product.
[00:51:52] Speaker A: Right.
[00:51:52] Speaker B: What else is a Google product? What else are they. So Microsoft does this as well, where they fire every really, really good stuff and they just buy it.
[00:51:58] Speaker A: Yeah.
[00:51:59] Speaker B: Right. I don't want to compete with you. So they just throw a bunch of money at the problem and it goes away.
[00:52:04] Speaker A: Yeah.
Yeah. This would have been their biggest acquisition to date.
[00:52:09] Speaker B: That's a big.
[00:52:09] Speaker A: And 23 billion. Not hard to believe.
[00:52:11] Speaker B: Yeah, that would be a billion dollars. That's huge, Manda.
[00:52:14] Speaker A: So they've decided that, yeah, the deal's off. They're going to pursue an initial public offering. And so they sent out a memo to employees being like, hey, we know we said that this was going to happen, but we've changed our minds. And honestly, yeah. From a perspective of not contributing to Google or Alphabet, I guess the parent company being this big conglomerate that just sucks in everything that it wants. Like it. Yeah. I can appreciate that they're stepping away and they're going to go their own way.
[00:52:39] Speaker B: I would assume that the. That the numbers are making sense because it says Wiz is backed by a prominent venture capital outfits like Adreessen, Horowitz, Greylock and Sequoia Capital. That's, like, right around here. Right. They've already raised $1.9 billion of several funding rounds and was most recently valued at a $12 billion company. So almost twice what they're valued at was the offering, because those investment firms are a part of the equation.
They have influence on whether or not. So they have a financial responsibility to kind of, like, run that up the flagpole. So. Which is why we've been seeing. If you've been following the story, it's not like one day we woke up and saw Wiz says no to Google for $23.
[00:53:25] Speaker A: Right.
[00:53:26] Speaker B: They've been in talks, and they definitely were considering going this route because that is an extremely large amount of money. Everybody in this system would have made a lot of small fortunes. Not small, big fortunes. They would have been. They would have been a king's ransom. Right. For all of this stuff.
And they. They decided, no, you know, let's do an IPO instead.
Right. So that is interesting to me. This should be interesting to you, the fact that. You know what?
I think that they probably believe if Google and Microsoft and Apple can be all these big companies, why can't we?
[00:54:05] Speaker A: Yeah.
[00:54:05] Speaker B: If they're wanting to buy us, we've obviously got it in our DNA.
[00:54:10] Speaker A: We must be a big dog if you're going to pay 23 billion to.
[00:54:14] Speaker B: Be seat at the exclusive table.
[00:54:16] Speaker A: Yeah.
[00:54:18] Speaker B: Why not go for the group? The not even brass ring at this point. This is a diamond encrusted platinum ring.
[00:54:25] Speaker A: Yeah.
[00:54:26] Speaker B: Right. Go get it.
[00:54:28] Speaker A: Well, good for Wiz.
[00:54:29] Speaker B: Yeah.
[00:54:29] Speaker A: I'm happy for them. I hope they. I was gonna say, I hope they see success. Obviously, they've already seen success.
[00:54:34] Speaker B: Yeah.
[00:54:34] Speaker A: Obviously they're doing fine. But I hope this works out for them. That's neat. That's neat to hear. So, moving on from Google. We are done talking about Google, I promise. Probably. This article comes to us from bleeping Computer. We are getting a little bit more into gaming territory now. Hamster combat's 250 million players targeted in malware attacks. Now, you might take issue with me saying that this is a gaming thing, because this is one of those games where you just tap, tap, tap, tap, tap. It's a clicker game. Like cookie clicker from Android game.
[00:55:00] Speaker B: Right.
[00:55:01] Speaker A: Yes. It's an Android game, clicker mobile game for Android. You earn fictional currency primarily by tapping the screen and other simple tasks. But it is possible for an attacker to take advantage of something here and maybe gain some access that they shouldn't have, to my understanding. And that's always dangerous.
[00:55:18] Speaker B: Yeah, this seems to be a problem. It's got 250 million players that are, that are playing this game. And now if we scrolling here, isn't there like a whole, is there cvss or anything around this about.
And there's like a crypto miner. It's, it's complete chaos. If you basically, I think the way this works is, if I'm remembering correctly, bad actors out there went, let's make a copy of this game and put some bullshit in it.
And never mind that kids, right. So what they're doing is they're preying on the popularity of the game to people that go, oh, I've heard of this, this hamster click game. That sounds fun. Hamster combat. Yeah. So they name it something similar.
But when you go in and you start going, yeah, I want to be a part of the fun. Everybody's having a great time clicking hamsters for whatever reason.
Obviously I don't play this game.
I want the game. So you go look for it and uh, oh, I've now installed the bad version of the hamster game.
[00:56:25] Speaker A: Yeah.
[00:56:26] Speaker B: And I've got a crypto miner. I given, I'm giving access to bad actors tracking, control all the fun stuff you don't want. Right.
[00:56:34] Speaker A: Well, and yeah, I didn't realize it's telegram based. So if you want to join, you have to join the channel on Telegram. It's getting a QR code. So the one time, the one and only time that I have, at least in recent history that I've had an interaction with somebody that I was like, oh, this is a scam. Was on telegram. And it was very easy when I was like, oh, you're, this is definitely like you're a scammer. Immediately all of the history of our conversation was gone. Their profile appeared to be gone. They had blocked me, whatever. And there was no way for me to get that back. So I would imagine that then, because it's only available on telegram or you have to go through telegram if somebody wants to then play hamster combat. Oh, easy pickings then for scammers and cybercriminals and stuff. So kind of, I guess if you really want to play the hamster combat game that badly, no judgment.
[00:57:18] Speaker B: No, that's cool. Sure.
[00:57:19] Speaker A: It's very fun. Play the game, but just be careful.
[00:57:22] Speaker B: Yeah. Do some due diligence. And ultimately, when it comes to security, anything that's popular is obviously going to become a target for attackers to use and utilize as an attack vector, either through the application or platform itself or by mimicking it.
[00:57:40] Speaker A: Yeah.
[00:57:40] Speaker B: Pretending like, go back to the crowdstrike articles. Right? What a crowdstrike. Tell you what were people saying right after the crowd strike. Obviously crowdstrike is very popular. Therefore, if I can capitalize on any weakness around that as an attacker, that's exactly what I'm going to do. There is no time, as with you on the Internet and your Internet experience, are you allowed to put your guard down ever? Not one time. You can never trust the link. You can never trust the fact that you just read this article and it's true. You have to fact check every single thing that is said, look at it with a jaundiced eye and go, is it really that if it's true, I should be able to find this easily? When you start doing, you never trust that it is taking you to the thing. Always through official channels, always on official websites.
That way you know that if I got something bad, it was because they've been hacked.
[00:58:38] Speaker A: Yeah. It's also interesting that the, even the legitimate, official genuine game that you get through its channel on Telegram or its website has not itself been scrutinized for security because it's not on the app store, it's not on Google Play, whatever. So even if you're getting the genuine article, that's great. But still, treat it with a little bit of caution again.
[00:58:55] Speaker B: Right. So consider the source. Okay. I got it in some telegram. Yeah, it's the official telegram or hamster combat. That's cool. But how do I know they haven't had a supply chain attack? Not that. Not that anybody can't fault this supply chain attacks. They can, but usually as, as you get farther down the ladder of, I don't know, official things, I guess is lack of a better term, probably there's going to be less scrutiny, security, so on and so forth. Just.
[00:59:25] Speaker A: Right.
[00:59:26] Speaker B: Sandboxes. Right. We, the onus is on us in a lot of ways to do our due diligence and make sure that we're in secure environments, that we're doing things securely.
[00:59:36] Speaker A: Yeah, absolutely.
[00:59:37] Speaker B: Just want to put that out there, be safe.
[00:59:38] Speaker A: This has been a PSA.
[00:59:39] Speaker B: That's right.
[00:59:40] Speaker A: Only you can work cyber scams or something.
[00:59:43] Speaker B: Hit my mic as you barely got it.
[00:59:47] Speaker A: This is technatus, mister. That's that's the new, that's the new segment. This next article.
That's kind of creepy. We are getting ready to wrap things up here, I promise. But real quick, couple articles having to do with some of the FTC's recent activity. The FTC is pushing back against Xbox game past price increases. So you're not the only one that's mad about those price increases. The FTC says, uh, uh, that's a little sus. Why are you doing that? Uh, saying that? I believe it was. They said product degradation or degradation was the, the words that were used. Uh, there's a filing that they, I guess it was end of last week to the US Court of Appeals for the 9th Circuit. Microsoft has decided they've got a new tier for their game pass, $15 monthly subscription. And then all. There's the game pass ultimate. And that's price is going to be raised from 17 to 20. Game pass core is raising the early stuff from 60 to 75. PC game Pass is going up. Prices are increasing. It's not an uncommon thing that we see even just like with streaming services and stuff. Netflix is doing it in this academy, right. Netflix has basically said like, hey, if you have the standard plan, you're gonna lose access to Netflix unless you upgrade because we're, we're deprecating that plan or depreciating or whatever. It's not gonna be a thing anymore because we need more money from you. So I get it. It happens. It's.
[01:01:01] Speaker B: But he's got their hand out nowadays, don't they?
[01:01:03] Speaker A: Yeah, no kidding. So that initial 1099 game pass for console is not gonna be available to new subscribers. So in the same way that Netflix is doing it, you're gonna be locked out if you don't change your.
[01:01:13] Speaker B: It's an Xbox Game pass as a human right.
[01:01:19] Speaker A: I should have access.
[01:01:21] Speaker B: That's right.
[01:01:21] Speaker A: Drinking water governance, game pass.
[01:01:24] Speaker B: That's right.
[01:01:25] Speaker A: They are going the direction of. Microsoft is going the direction of console less gaming to where you will be able to buy a fire stick and stream Xbox games to that fire stick. You don't even need a console easy, you just need a controller. They've got like a bundle on Amazon where it's a fire stick, a controller, and maybe like.
[01:01:39] Speaker B: So that means all that game, all the processing is done on the Microsoft things.
[01:01:45] Speaker A: Yeah, it's cloud, it's just, you're just streaming the game. So you don't even need an Xbox to play Xbox games. So they are going that way. But the FTC has blasted their discontinuation of that tier saying that. Yeah.
[01:01:55] Speaker B: What's the problem with them?
[01:01:56] Speaker A: They are saying that this is a degraded product. The Game pass standards a degraded product because it excludes day one releases, costs 36% more than console game pass and withholds one day releases. So they're removing the most valuable games from this new service and combined with the price increase, it's consumer harm is what they're saying. So that's why the FTC is upset. And they're saying that this was the consumer harm that they alleged would happen as a result of the acquisition Activision Blizzard merger that happened.
[01:02:26] Speaker B: Seems like I don't see the issue and maybe I'm just missing something. I'm not in gaming, just, this is a true hot take here.
[01:02:33] Speaker A: Well, and I don't blame you.
[01:02:35] Speaker B: I mean, are they not allowed to just go, this is the prices for my stuff and I think that's fair.
[01:02:39] Speaker A: Sure. I mean, private company, they can do what they want as far as, why.
[01:02:42] Speaker B: Does the FTC give a crap?
[01:02:44] Speaker A: That's why I was like, that's. I do, I would not have expected the FTC to be like Microsoft pulling.
[01:02:49] Speaker B: Out that slim shady. The FTC won't let me.
[01:02:54] Speaker A: That's. Yeah, yeah, that's a good point. It's. Why, why does the FTC raising this.
[01:02:58] Speaker B: Issue, how are they saying, like, under what legal precedents? Yeah, are they saying that this is a dead, like who, even if it is a degradation in service, they're not allowed to point their cannons toward the bow of their ship and shoot right through it?
[01:03:13] Speaker A: I mean, yeah, I guess they're saying that it, during that whole trial that happened last year with Activision that Microsoft said this acquisition is going to benefit consumers and they're saying that it does not benefit consumers.
[01:03:25] Speaker B: I thought the, I thought the argument then was that they were going to basically kind of block out anybody that wasn't on Xbox or like for Call of Duty. Yeah, Call of Duty, right. Like you had to be an Xbox user if you play Call of Duty and they weren't going to release it for any of the other platforms. That's what they were worried about. And they were like, no, no, no, we're not going to do that.
[01:03:49] Speaker A: Yeah, we're like, here's your unfounded.
[01:03:51] Speaker B: If you're. Yeah, if you're a Sony PlayStation user, your money's green and we'll take it. So buy the game above. I thought that was the argument they were making at that point, not that they would make shitty tiered subscription models.
[01:04:05] Speaker A: They promised that it would benefit consumers making this game called Duty, in this case, available on the Game pass on the day it's released on console with no price increase for the service. And these post merger actions vindicate the Congress. There's a lot of big words. Vindicate congressional design of preliminary halting mergers.
[01:04:21] Speaker B: Legal speak, right?
[01:04:22] Speaker A: Legal speak. I think essentially what they're saying is that, well, you said that there was going to be no price increase and that, and now look at this. And the whole thing about like, oh, we're not going to limit it to just Xbox users. Don't worry.
[01:04:33] Speaker B: Like, you know, they never get to current price increase. They were locked in. And that's what they, that's what the.
[01:04:38] Speaker A: Again, maybe because they're limiting access to these games from certain, like, if you don't have a certain tier and pay more for a certain level of Xbox Game pass, you don't get access.
[01:04:49] Speaker B: But once that game becomes certain amount of, like, aged, right. Then you do have access to it. So it's just a time thing. Yeah, I don't know that the FTZ got a leg to stand here. I mean, I'm using childlike logic here to maybe there again, if you're into this gaming stuff and you have more information, please, I would love to know more about this. Or at least give me there. Throw some links in the comments. I won't have you do the heavy lifting. Throw a couple of links in the. I want to learn a little more about this without having to do too. Google it for me. Google it for me.
[01:05:20] Speaker A: Do it for me. Please.
[01:05:21] Speaker B: Just throw those links in the comment section. I'll, I'll. I'll not click them.
[01:05:25] Speaker A: Well, the FCC has, has had a couple bones to pick this week. So obviously this one having to do specifically with these game pass price changes and tiers being eliminated. But FTC, the FTC is also investigating how companies are using AI to base pricing on consumer behavior. This stood out to me because I was like, what do you mean using AI to change price? Like, in what way? So evidently, there are a handful of companies that are offering AI powered surveillance service pricing.
And there's, the allegation here is that are they using artificial intelligence and other technology to change pricing based on consumer behavior and location and other personal data? So I don't know. I guess maybe a rudimentary example. If I live in Florida and I'm trying to buy a winter hat, does that mean that I'll pay $20 for that winter hat, but somebody that lives in like, Alaska is gonna have to pay more because they can see you're in Alaska and you probably need this hat a little more so we can charge them more. What does that mean? What's the implication there?
[01:06:19] Speaker B: How would you kind of like price gouging?
[01:06:22] Speaker A: I would think if you're, well, I.
[01:06:23] Speaker B: Mean, so price gouging is when, like, say, we have hurricanes right here in Florida, is all of a sudden now my bottled water went from, you know, $10 a case to $30 a case.
[01:06:32] Speaker A: Yeah.
[01:06:33] Speaker B: Right. Because all of a sudden a weird demand on those things has arisen. So you're trying to capitalize on that. So we make anti price gouging laws that you can't do that.
[01:06:44] Speaker A: Or even just, I wonder if it would be, I don't know if a company knows that people from a certain region or a certain country are willing to pay more for stuff. Like, you're right.
[01:06:53] Speaker B: I feel like maybe there's a GDPR might be coming into play here. Right. Even though this is the FTC. So this is the federal trade commission there. I don't know if they're finding this to be some sort of moral right.
[01:07:08] Speaker A: Like, is it wrong morally or is there actually, I guess it's personal data, like harvesting personal data with people's privacy at risk. And so then if they're using that data, you shouldn't have the data in the first place kind of a thing, or you shouldn't be harvesting it in the first place.
[01:07:21] Speaker B: So it says firms that harvest Americans personal data can put privacy, uh, people's privacy at risk. Now, firms could be exploiting this vast trove of personal information to charge people higher prices.
So, yeah, I guess it's, it's some, it'll become some weird form of discrimination.
[01:07:39] Speaker A: Yeah, right. Which you're right, would be almost like. Yeah, like price gouging. Like, you can't.
[01:07:43] Speaker B: Yeah. So I'm gonna increase your price because, you know, you don't do x, Y and z. Yeah, that, that's why, like, I, why aren't they after, like, car insurance companies? They do this.
[01:07:56] Speaker A: Yeah, that's true.
[01:07:57] Speaker B: Right. They have those plugins that you put in your car, and it monitors whether or not you're a safe driver. Define safe. How does it know whether or not someone just cut me off? And that's why I slammed on the brake or I had to get out of the way of a fire truck that was going to plow into me. And so I hit the gas real hard and they're being, you know, I'm actually doing the safe thing, but you don't know that. But your stupid thing doesn't know that because it just detects telemetry.
[01:08:21] Speaker A: Yeah, you just know that I slammed on the brakes.
[01:08:22] Speaker B: Right.
[01:08:23] Speaker A: And you're thinking that's unsafe. They do say that, like, oh, if you're. If your safe driving score is low, it won't increase your price, that you'll have a base price of, I don't know, let's just say $200, probably more than that. But let's just say, and if you're a safe driver, you get however much of a discount, and it's. So it's knocks $10 off the, your price of insurance. But if you get a horrible score for your safe driving, it's just going to stay at 200. It's not going to increase. Well, how can you prove that, right? Because you're the one that determines my brace, my base price. Anyway. Hey, your price is increased and now it's 250. Oh. Just changes in the market and your age changed, and there's a conflict of.
[01:08:54] Speaker B: Interest there to say, oh, we're going to let you gather your own data, and then you give it to us and we'll determine whether or not you were safe.
[01:09:01] Speaker A: Right, exactly.
[01:09:02] Speaker B: Guess what?
You were safe or you weren't safe because we decided to, like, you put, you put that information in the hands of them, and they can determine whether.
[01:09:11] Speaker A: You get to decide that they have.
[01:09:13] Speaker B: A vested interest in determining that certain people did. So they can use.
They can use a subset of the overall to go, oh, I'm. They're getting safe driver discounts, and then they become basically walking advertisements for. Hell, yeah, plug that thing in, man. My. My price went way down. Everybody goes, oh, hell yeah, I want to do that, too.
Where everybody. Yeah. Not that they're. I can't prove that that is happening or whatever. That's obviously a conspiracy theory. I'm making a logical leap without evidence, but it doesn't seem to be a big one.
[01:09:47] Speaker A: Yeah, right. Yeah.
[01:09:49] Speaker B: Because companies have never done janky crap. I just watched the big. I said I watched it again. I forgot how good of a movie it was. The big short.
[01:09:58] Speaker A: Oh, yeah.
[01:09:58] Speaker B: About the housing bubble in 2008.
Guess what. Guess what those companies were doing, those banks, everything, in their own self interest, and they were completely fraudulent and in, in self acting interest.
[01:10:15] Speaker A: Sure. Of course. Of course. I will. I will basically never believe that a corporation or company is only doing something exclusively out of the kindness of their hearts and because it's for the betterment, there's got to be, even if an overall net benefit for society, there's something in it for them. They're getting something out of it, and.
[01:10:31] Speaker B: I don't mind that. But when it becomes the only goal.
[01:10:35] Speaker A: Right.
[01:10:35] Speaker B: That they have even at the benefit themselves, customers, when it's detrimenting people. Yes.
[01:10:40] Speaker A: Yeah, absolutely. The companies that they're saying are experimenting with this AI surveillance pricing. It's companies like Mastercard, companies like JPMorgan Chase. So these are big names. It's not like, oh, there's a few companies that are kind of fringe. Like. These are, these are large companies that lots of people, you know, utilize their services or their products or whatever the case may be. So I will be interested to see what comes, they're investigating now. I'll be interested to see what comes of this and if there is any, hey, you're, you know, you're taking advantage of this. You're using this technology in a way that's unethical or whatever, or that's breaking some kind of regulation or law. Yeah, but just saw the headline and I was like, I'm sorry, who's doing this? I'm sorry. Are you going to change my pricing? Because you see that I'm a mid twenties woman and I'm more likely to do x, Y and z. Like, that's not fair.
[01:11:25] Speaker B: Yeah, you're discriminating me again based on age, my sex.
[01:11:29] Speaker A: That's not fair.
[01:11:30] Speaker B: Yeah. What are you doing here?
[01:11:31] Speaker A: And my browsing activity, I believe we.
[01:11:33] Speaker B: Have a civil rights act of 1964 I'm calling, it prohibits.
[01:11:38] Speaker A: This is ACLU or whatever. I'm calling the ACLU.
[01:11:41] Speaker B: That's right.
[01:11:42] Speaker A: So the FTC might have our back in this case, but that was just, that was the other FTC article I wanted to highlight. They have got a couple, couple torches they're carrying this week and a couple investigations that they're launching.
[01:11:51] Speaker B: Interesting.
[01:11:52] Speaker A: They are not happy the FTC won't let people be, but that's all I got for this week. Unless there was anything that came up that we missed. I think as far as stuff that came out today.
[01:12:01] Speaker B: Oh, I'm sure we missed stuff, too.
[01:12:02] Speaker A: Well, by the time this episode comes out. Yeah. There will be more stuff. There will be another crowdstrike outage or something. That is the day after the episode drops. Like last week.
[01:12:09] Speaker B: Yeah.
[01:12:09] Speaker A: And we'll miss it.
[01:12:10] Speaker B: Shout out to those that kind of like, feed us articles. They put them in the comments. Hit us up on LinkedIn.
[01:12:16] Speaker A: Somebody said something last week in our comments about something. Tells me you'll be talking about it was Friday. It was the day it happened.
[01:12:21] Speaker B: Yeah. It was the day it happened. They're like, I'm a prophet in our.
[01:12:24] Speaker A: Yeah. So thank you for that. Appreciate it. Keep in mind we've got, I believe, a webinar next week and all things cybersecurity webinar. A special guest come. Is it Michelle that's coming in? Michelle. So first time guests to the show. Super excited to have them on. And we're gonna have a good time.
[01:12:39] Speaker B: Oh, yeah.
[01:12:40] Speaker A: Phone's gonna be Abby. I'll bring your questions, but that'll be next week. August 1. Yeah. At 02:00 p.m. eastern Standard time. In addition to, of course, the technator that comes out next week. Other than that, Daniel, I hope you had fun today.
[01:12:50] Speaker B: I had a great time. Thank you. I hope you guys as well.
[01:12:52] Speaker A: It's almost lunchtime. We'll sign off. Thank you for joining us for this episode. Leave a like if you enjoyed it and subscribe so you never miss an episode in the future. And have a great day. Thanks for watching. If you enjoyed today's show, consider subscribing so you'll never miss a new episode.