Episode Transcript
[00:00:04] Speaker A: You're listening to Technado.
Welcome to another episode of Tech NATO, sponsored by ACI Learning, the folks behind it pro. You can use that code, Technado 30, for a discount on your it pro membership. I'm Sophie. This is Daniel.
[00:00:17] Speaker B: I'm looking for an ACI logo behind us. I thought we had one.
[00:00:21] Speaker A: We've got, like, a cup back here.
[00:00:22] Speaker B: Yeah, there's a cup over here somewhere.
[00:00:23] Speaker A: Behind me that has an ACi logo on it, but it's, you know, it's enough for us to say it.
[00:00:27] Speaker B: We work there. It's fun.
[00:00:28] Speaker A: We work there. You know that. It's our day job.
[00:00:31] Speaker B: Check it out.
[00:00:31] Speaker A: It's common knowledge at this point.
[00:00:32] Speaker B: You need some cyber training or other. It tech.
[00:00:35] Speaker A: Audit it.
[00:00:36] Speaker B: Yeah. We'll hook you up.
[00:00:37] Speaker A: That's the place to go. We actually got to the. My very first course is a smee should be in the library soon, so I'm looking forward to that.
[00:00:44] Speaker B: How was that experience for you?
[00:00:46] Speaker A: It was better than I thought. It definitely, like, it wasn't easy, but I didn't expect it to be easy.
[00:00:49] Speaker B: Yeah.
[00:00:49] Speaker A: And I liked having the challenge of, like, okay, this is a new thing.
[00:00:53] Speaker B: That I have to do. I got to host for Safiya in.
[00:00:55] Speaker A: Quite a few episodes, which was terrifying.
[00:00:58] Speaker B: It was so fun going into it.
[00:00:59] Speaker A: Doing cyber security, and he's the cybersecurity guy here.
[00:01:02] Speaker B: So, like, staring her down the whole time. You can't see me off camera. I'm just like.
[00:01:06] Speaker A: I'm like, so this is what this means. I think she did.
[00:01:10] Speaker B: I thought you did a phenomenal job.
[00:01:11] Speaker A: I'm glad you think so. Thank you. So, hey, if you. If you are a member of that. Of ACI learning, Iz Pro, and you want to check that out, cybersecurity fundamentals should be in the library soon, and. Yeah, should be fun. But speaking of fun, we got some great news today.
[00:01:24] Speaker B: It's technado time.
[00:01:25] Speaker A: We got some breaking news. We got some not so breaking news. Last week, obviously, was a technical gaming edition. Cause I was out of the office. But we are back in better than ever. So, without further ado, people like that gaming thing, it did not do well.
[00:01:38] Speaker B: It didn't do well.
[00:01:39] Speaker A: It didn't do well.
[00:01:39] Speaker B: The people that watch it. I'm gonna blame it on the algorithm.
[00:01:42] Speaker A: Because I think that's right. The folks that watched it commented, seemed to enjoy it, so we enjoyed it.
[00:01:46] Speaker B: It was fun.
[00:01:47] Speaker A: It was fun to do. So it's not gonna be something we do.
[00:01:49] Speaker B: No, it's not. The normal format that we're going to or nothing.
[00:01:51] Speaker A: Sometimes you gotta do what you gotta do.
[00:01:52] Speaker B: You gotta. You gotta pit, you gotta punt. Right?
[00:01:55] Speaker A: Yeah, sure. Pivot, punt, whatever. Whatever else.
[00:01:58] Speaker B: Pull an audible.
[00:01:58] Speaker A: But, yeah, football terms.
[00:02:00] Speaker B: We're gonna keep going with a football announcement.
[00:02:02] Speaker A: I know you're the biggest football fan, but this makes me like football. Do you? We used to play, didn't you?
[00:02:07] Speaker B: Yeah.
[00:02:08] Speaker A: Okay, so football, the sport you enjoy, you're just not like a big viewer.
[00:02:11] Speaker B: The problem is the whole idea of teams. And then it gets very tribal and then it does. Right?
[00:02:17] Speaker A: Yeah.
[00:02:18] Speaker B: I have a problem with this.
[00:02:19] Speaker A: It's travel until your team sucks so much that you give up.
[00:02:21] Speaker B: Yeah. You have. You either embrace it. You embrace the suck.
[00:02:25] Speaker A: Yeah.
[00:02:25] Speaker B: Or you just give up.
[00:02:27] Speaker A: Speaking as a gator fan, are they sucking right now?
I've accepted it. We're not the Florida that we once were. It's, you know, it's fine. But we're back to our normal formula this week.
[00:02:38] Speaker B: Yeah.
[00:02:38] Speaker A: So we are going to go ahead and we'll jump right into it. To start off, we've got a breaking news.
[00:02:45] Speaker B: Breaking news.
[00:02:48] Speaker A: Thank you, Christopher.
[00:02:49] Speaker B: It's not for her. That's. I just looked at the shot. It looked like I was pointing at you.
[00:02:54] Speaker A: He's threatening me.
We're in a courtroom. That man.
[00:02:58] Speaker B: That man right there.
That's her. This is pointing at you. That's pointing at the screen.
[00:03:04] Speaker A: Well, speaking of courtrooms, in our breaking news this week, somebody's in trouble.
[00:03:09] Speaker B: Uh oh.
[00:03:10] Speaker A: Belarusian or Belarusian? I'm not quite sure how you'd pronounce that. Belarusian ukrainian hacker was extradited to the US for ransomware and cybercrime charges. Ooh.
[00:03:19] Speaker B: That is not something that happens every day.
[00:03:20] Speaker A: No, this is rare occurrence.
[00:03:23] Speaker B: That means somebody picked you up in your. Wherever the heck you were that wasn't here. And they said, we have a plane ticket for you. You're going to enjoy the ride.
[00:03:32] Speaker A: One way.
[00:03:32] Speaker B: Yeah.
[00:03:33] Speaker A: Non option.
[00:03:33] Speaker B: Worry. You don't have to come here. Just leave your stuff. You don't need it. You don't need it.
[00:03:37] Speaker A: This is gonna be all expenses paid. Well, vacation permanently.
[00:03:40] Speaker B: Yes. Yes.
[00:03:40] Speaker A: So yes, it was a coalition of law enforcement agencies that arrested and extradited this guy believed to be associated with russian speaking cybercrime groups. His name is Maksim Silkonov or Silkonov. Went by the online monikers JP Morgan, Triple X, xxx. However he wants to pronounce that. Like triple xxxx. Yeah. And I don't know if that's Lansky or Ianski or Iansk.
[00:04:01] Speaker B: Jansky.
I would, I would go with Jansky.
[00:04:04] Speaker A: Jansky. I feel like that makes more sense. Yeah. He's an extra ed from Poland.
[00:04:08] Speaker B: This past year, they did make all the x's lowercase, so it could be like stylized thing.
[00:04:12] Speaker A: Yeah, kind of like how blink 182 is lower case, but it's like a stylization thing. Yeah. Charges related to international computer hacking and wire fraud schemes. This guy's gonna probably, hopefully pay for his crimes.
[00:04:23] Speaker B: I hear they frown on those things. Yeah, yeah. It's not accepted in polite society for you to wire fraud and hack with your computer.
[00:04:32] Speaker A: No, it's generally not looked upon with faith.
[00:04:34] Speaker B: So they said russian speaking cybercrime groups. Did they actually tell us what groups they were?
[00:04:39] Speaker A: I did not see anything listed. I also thought it was interesting they specified russian speaking.
[00:04:44] Speaker B: So definitely ransomware, though.
[00:04:45] Speaker A: Yeah, yeah, definitely.
[00:04:47] Speaker B: Reviton and Ransom Cartel, as well as exploit kits like angler. Reviton, introduced in 2011, has been described as the first ever ransomware as a service business model. They were, they were groundbreaking in taking ransomware to the masses as. Are you having trouble creating your own ransomware? Forget that noise. Just.
[00:05:09] Speaker A: I do think it's funny that raiders are standing by. In some of the statements about this guy, they refer to him as one of his monikers, JP Morgan. So they say, like, JP Morgan and his associates are elite cybercriminals. But, like, there is a JP Morgan. That's not that. So I wonder if the bank is like, oh, hang on. And they're like, putting out statements.
[00:05:25] Speaker B: That's not us.
[00:05:27] Speaker A: You see a headline.
[00:05:28] Speaker B: I mean, we're criminals as well, but not that criminal.
[00:05:31] Speaker A: Yeah. You know, depending on your definition of crime. But the other thing I did see is that if he does end up getting, like, they convicted, he's convicted. He faces more than 50 years in prison. And this is not the first time.
[00:05:44] Speaker B: Not 550 years, 50.
[00:05:46] Speaker A: And this is not his first run in with the law. He was arrested in Estepona. Estep. Estepena. I don't know how you pronounce that.
[00:05:53] Speaker B: Estopina. Yeah, yeah, Estopina.
[00:05:55] Speaker A: Esteponia. Yes.
[00:05:57] Speaker B: We're really good at reading a place.
[00:05:59] Speaker A: In Spain in July of last year. So he's no stranger.
[00:06:03] Speaker B: He didn't learn his lesson, huh?
[00:06:04] Speaker A: Evidently he did not.
[00:06:05] Speaker B: Maybe Spain has like, these, you know, white collar resorts that he was like, oh, yeah, I'll go back.
[00:06:10] Speaker A: Yeah, yeah, why not?
[00:06:12] Speaker B: I'm just, I don't know, maybe.
[00:06:13] Speaker A: Who knows? Who knows? But this is, I mean, it's breaking this. We just saw this this morning. This article just posted this morning. So, yeah, not a lot of details for us other than this article, other than just that he was extradited.
[00:06:23] Speaker B: So he was allegedly established and maintained a hidden website where he and his co conspirators could monitor and control ransomware attacks, communicate with each other, communicate with victims, including sending and negotiating payment demands, and manage distribution of funds between co conspirators. This sounds like an advertisement. Yeah, like. Like, don't add for the dude.
[00:06:44] Speaker A: Well, I would not recommend utilizing their services. We'll have to see what happens. Happen with this.
[00:06:50] Speaker B: And how long is his co conspirators gonna be like, use the. The discount code of the hacker News 20?
Hey, I saw the article on the Hacker News. Or.
[00:07:01] Speaker A: Yeah, this article is sponsored by. They're going to become like a commentary youtuber.
[00:07:05] Speaker B: Exactly.
[00:07:05] Speaker A: Hey, it's sponsored by. So we'll have to see if he does end up getting convicted and how much time he ends up facing for that. So maybe that'll be a deja news segment in the future.
I feel like that's kind of a. Kind of fits into one of our segments. And this next article, I feel moving on from breaking news, I feel this next article also kind of fits into this segment. So we'll call it what it is. I think this is a behind bars.
[00:07:33] Speaker B: Break the law. Pretty sure Christian just had a stroke or maybe like a grand mile seizure.
[00:07:39] Speaker A: He sounded like he was starting to do like an Alex Jones.
[00:07:41] Speaker B: I'm gonna go ahead and run out and, you know, just check on his mouth or something. Keep him from swallowing his tongue.
[00:07:46] Speaker A: Turn him on his side.
So this next one, it's not quite a breaking news, but it is something that happened earlier this week. The Department of Justice charged a Nashville man for helping North Koreans get us tech jobs. Now, my mom texted me about this this morning, so I know that even if you're not, like, you know, paying a lot of attention to what's going on in tech and cyber news, you probably have heard about this, and this is, this is a novel idea, I will say, having a laptop farm that you're running to help get North Koreans remote jobs with american and british companies. Just some random dude in Tennessee.
[00:08:19] Speaker B: Yeah. What's funny is, like, we just reported not last week, but I think was a week before on the know. Before. Yeah, they had hired a north korean guy, and they all immediately realized he was trying to install improper software. And, you know, kind of got on top of that really quickly like this. This is obviously a problem. This is obviously something that if you are an organization that in tech, you. You really need our critical infrastructure or any other thing that could possibly be levied against the United States or whatever country. You gotta be on the lookout for these people as well as what are they doing with the money? Because they're making butt tons of money.
[00:09:01] Speaker A: Yeah.
[00:09:02] Speaker B: By the way, a button is an actual unit of measurement.
[00:09:05] Speaker A: That is a. That is a measurement.
[00:09:07] Speaker B: Is a fluid unit, if I'm not mistaken, typically associated with wine.
[00:09:12] Speaker A: Is it spelled that way?
[00:09:13] Speaker B: Yeah. B u t t, just look up. But a.
[00:09:17] Speaker A: But is an actual unit of measurement. Before measurements were standardized, the imperial system was used and this was. Wow. How much?
[00:09:23] Speaker B: And a big wine.
[00:09:25] Speaker A: Wow. That is interesting. Thank you for that fun fact.
[00:09:28] Speaker B: You know, I'm full of them. I'm full of a lot.
[00:09:30] Speaker A: I can always rely on you for like arse related fun facts.
[00:09:34] Speaker B: That's like anything that's just completely weird and awesome.
Like a sponge.
[00:09:40] Speaker A: Asinine, literally, put it.
[00:09:42] Speaker B: Yeah, I see what you did.
[00:09:43] Speaker A: Yeah. Putting the root word in that word.
[00:09:44] Speaker B: Take it. I'll take it. Yeah. Anyway, back to the article.
[00:09:47] Speaker A: But you're right in the same vein as what we talked about a few weeks ago.
[00:09:49] Speaker B: Such an interesting thing that this is the new attack vector of if we can't hack in, we'll just get hired in and then booyah. This insider threat thing is way easier than trying to find some exploit.
[00:10:02] Speaker A: Yeah.
[00:10:02] Speaker B: Cause developing malware.
[00:10:04] Speaker A: Cause it's not like just. Well, they just wanna get jobs. It's like. It is a security concern of like. Right, okay, sure. You have a job. That's great. And now, like, the guy from a few weeks ago using it to, you know, extra information or whatever the case may be, so facing quite a few counts. This guy is. His name is Matthew Isaac Newt. Which I think is a funny name. K n o o T. Yeah, I'd.
[00:10:21] Speaker B: Love to know the Knut origins.
[00:10:23] Speaker A: Yeah.
[00:10:24] Speaker B: Of that.
[00:10:25] Speaker A: Where are you from, Matthew?
[00:10:26] Speaker B: Yeah.
[00:10:26] Speaker A: Tennessee, I guess. Evidently.
[00:10:27] Speaker B: Sir named Newt.
[00:10:28] Speaker A: Yes. He's. Dude, he's literally Sir Isaac amongst yourselves. He's. He's Sir Isaac Newt.
[00:10:34] Speaker B: Newt.
[00:10:34] Speaker A: That's his name. That's crazy.
So he is facing charges of conspiracy to cause damage to protected computers as a whole list. Conspiracy to commit wire fraud, damage to protected computers. It looks like the big one here is aggravated identity theft. He's going to face a maximum penalty if convicted of 20 years in prison, but he'll have to serve a mandatory minimum of two years in prison specifically for that aggravated identity theft count.
[00:10:57] Speaker B: That's a bummer.
[00:10:58] Speaker A: So that is it seems like the heavy hitter down for him.
[00:11:02] Speaker B: Show my screen, Christian.
[00:11:03] Speaker A: Oh, boy.
Nothing.
[00:11:07] Speaker B: Nothing. I got nothing. Is it made up? Like, wow. Completely contrived for the purposes of.
[00:11:14] Speaker A: That's his secret agent.
[00:11:16] Speaker B: There's nothing on this.
[00:11:19] Speaker A: Yeah, because if you try to look it up. Oh, wait here.
[00:11:21] Speaker B: Wait a minute. You got something?
[00:11:21] Speaker A: Okay, top name. I looked up newt surname. I didn't use the word origin.
[00:11:25] Speaker B: Okay? I wanted to know where it came from.
[00:11:27] Speaker A: Where's my last name from? Newt name meaning misspelled surname from Middle English. Okay, protuberance or small hill.
[00:11:35] Speaker B: That was my fault. I misspelled the word surname.
[00:11:39] Speaker A: That is interesting.
[00:11:39] Speaker B: If I add newt's surname. Yeah, I get that. Can I be origin?
[00:11:43] Speaker A: That is very interesting. This guy, like, broke so many laws, he's facing time in prison, and we're like, I wonder what his name means. That's the. The real heavy hitting piece of this.
[00:11:52] Speaker B: Yeah. So what is european?
[00:11:53] Speaker A: A protuberance. Yeah, that was in the definition. A protuberance of small hill.
[00:11:58] Speaker B: That's just a fun word.
[00:11:59] Speaker A: I. Protein.
So, uh. So, yeah, this guy's gonna probably.
[00:12:04] Speaker B: Most likely 20 years, right? That's what they're looking at.
[00:12:07] Speaker A: Maximum of 20 years. No joke. No joke. Uh, and this is, like you said, in the last couple of weeks, the second time this has come up, I wonder if we'll start to see more cases like this pop up.
[00:12:16] Speaker B: Well, it just tells us what we gotta be doing, right. Which is increase our scrutiny when it comes to employee background checks. Like, really start amping that stuff up. Do your due diligence. Checking socials, like, everything. I know they can be really good at creating sock puppet accounts, but maybe we need to start monitoring, because if he's running a laptop farm, that VPN's into North Korea.
[00:12:42] Speaker A: Well, he did it for, like, a year.
[00:12:43] Speaker B: Right? I mean, so as someone who worked in a space. I worked for an insurance company, and we had, like, a golden image or whatever for the laptops that went out to the employees of the. Of the insurance company.
[00:12:55] Speaker A: Sure.
[00:12:56] Speaker B: And they had admin access to the local machine so they can install other software.
And that was quote unquote. Okay. We didn't like it, but they would complain. And they had a good case because they actually paid for the laptops. So there was this weird, I don't know, jurisdictional, for lack of a better term, kind of pissing contest on what they could do and what they couldn't do, but it just goes to show you, like, what we ended up wanting to do was going to a kind of a. Instead of giving them laptops, we gave them basically dumb terminals.
Your eyebrows, referring terminals or dump a dumb, dumb, dumb, dumb, dumb. Is it doesn't, it doesn't have any operating system or anything on it. It connects to the Internet. It gives you. Or network. I say it connects to the Internet. It connects to a network or networks. It also has like a keyboard, mouse and monitor.
And what happens is it boots to a network image.
So there's, there's technically like a remote desktop that you get. So if you install something like malware, cool. Reboot. Because the policy is that when you reboot, it gives you the golden image. Right.
Maybe we go to more of a. That kind of thing. Smart, right. So that it doesn't matter if they install their north korean software VPN's, all the other stuff they're doing to give them access. As soon as they reboot. They could never reboot that machine. Or it's like, you don't have access to do that anyway. You don't have. You can't really install because you can do whatever you want with that dumb terminal. Yep. You own it. It's yours. The only thing it accesses is our servers.
And we give you access to other things. We become the proxy by which you access your line of business software and the Internet and other things like that. So we have much more, we had much more control over what they could and couldn't do.
[00:14:58] Speaker A: Better safe than sorry.
[00:14:59] Speaker B: Correct.
And again, that was ten years ago. Now it's been a hot minute.
[00:15:07] Speaker A: How the time flies.
[00:15:08] Speaker B: I've done that kind of stuff. But we need some sort of solution to where they would be less effective at doing this. Especially with. I don't know how you do it with a lot of remote work.
[00:15:17] Speaker A: Yeah.
[00:15:18] Speaker B: You know, of just very locked down laptops that you would have to send out.
I don't know. But we got to obviously do something.
[00:15:27] Speaker A: I mean, even being in the office, there's a lot that I can't do on my own machine. I've been employed here how many years? And it's. I need to get like admin permission and whether that me I had to do this morning. Whether that me and. Yeah, I was like, what, pissed in.
[00:15:38] Speaker B: Your cornflakes with this this morning?
[00:15:39] Speaker A: Well, it was like this. I'm like, what the heck? Because.
[00:15:42] Speaker B: Yeah, anyway, because we have a very locked down policy.
[00:15:44] Speaker A: It's a policy thing. Like, even though it's not like, no, we don't trust you. Da da da. It's literally just. Doesn't matter what you're downloading, doesn't matter if it's a work application, you have to talk to like an admin on the IT team and they have to then approve it. And I feel like that's, if that's applied across the board, then, okay, you're not. Maybe it's inconvenient because it's like, okay, now every time I want to do something I gotta reach out and get ahold of somebody. But the alternative is, okay, we don't implement that and then somebody downloads something even accidentally.
[00:16:11] Speaker B: I mean, I guess this where you got. If you get really good at role based, like configurations like this is your role. In our organization, we have been vetting this role quite extensively and we feel like you have everything you need to do your job and now it should be rare that you come to us.
[00:16:32] Speaker A: Yes.
[00:16:32] Speaker B: As the administrators with something that's out of that scope. Like. Yeah, is a new tool come out is what. Like make the case for why this is necessary.
[00:16:41] Speaker A: Sure.
[00:16:41] Speaker B: And if it is, not only do you get it, but everybody should get it. Because if you're in that role, then.
[00:16:47] Speaker A: The other folks in that role, the.
[00:16:48] Speaker B: Other folks will eventually also need that.
[00:16:49] Speaker A: Yeah, yeah, yeah.
[00:16:51] Speaker B: And then we make. Right, we do the change, change management.
[00:16:54] Speaker A: Mm hmm.
[00:16:55] Speaker B: We follow the procedure, update the policy, update the pot and there you go.
[00:16:58] Speaker A: Yeah, that makes sense. But yeah, in this case with remote workers, you know, in, you know, the hundreds of thousands of miles away or however far away they are, it's, you know, that they can. That they're just able to do this and it wasn't hard. And this guy was able to carry this out for a year. Impressive. If it wasn't so seedy and bad for him to do that. So it's been a while, Daniel, since we have had a discussion about password managers. On this show. We used to talk about one very specific password manager quite a bit.
[00:17:25] Speaker B: It made the rounds.
[00:17:26] Speaker A: It lived it in for me on this show. I probably don't need to name it.
[00:17:29] Speaker B: The deja news of the Dejae news, man. It was the archetype it was.
[00:17:33] Speaker A: And we haven't to talk about them in a while. And that's good. No news is good news. Some news on a different password manager front though. One password has some news. One password is warning Mac users to patch to stop their vaults being accessed by hackers. Specifically. Specifically Mac users may run into this issue. So this is the first time that I'm sure it's not the first time it's ever happened, but it's the first time I've personally seen an article like this come up and it has to do with password manager. That's not Lastpass. I just go ahead and say it, that's not Lastpass. So it's good that they're being like, hey, you know, they're letting people know they're being upfront, make sure you patch, you know, otherwise you could be subject to this, to this bad stuff that's going on.
[00:18:13] Speaker B: Yeah, it is. It's interesting that this is happening and apparently it's, it's actually kind of a weird shoehorned invulnerability from a chrome vulnerability with webp images. Don't get me started on how much I hate webp.
I would rather chew my own fingers off than use webp. It's such a pain. Just give me the damn image in an image format that everything understands because I can't tell how many times I've downloaded an image off of Google or.
[00:18:46] Speaker A: Whatever and it says it's a webp. Just give me a jpEg.
[00:18:50] Speaker B: Son of a. Yes, just give me it. Why are we reinventing like what is the purpose of WebP? Do you know?
[00:18:57] Speaker A: I don't know, I just know that it moved over. Is it like anytime I like save an image and it saves as a webp I just immediately delete it. I'm like screw it, it's not worth it.
[00:19:04] Speaker B: The purpose of it is to cause me a hassle apparently. Yeah, yeah, because it works with nothing. It's supposed like if I'm, if I'm not wrong, it's supposed to be more web friendly presenting but, or something to that effect. All I know is it sucks and it has a wicked vulnerability apparently. Remote code execution. Yeah, because that's what's going on here is again, it gets shoehorned in from the, you know, 3 seconds I took to read this article. This is the takeaway.
[00:19:31] Speaker A: But if the flaws successfully exploited. Yeah, hackers could steal entire password vaults specifically for Mac OS users that are.
[00:19:37] Speaker B: I mean if I'm wrong, that is bad.
[00:19:40] Speaker A: Pretty bad. Okay, pretty bad to my understanding. I mean what do I know? But yeah, I would imagine it's not ideal. Uh, it is cve 2024, 42 to 19. Let me see if I can look at the rating. Okay, base score of 7.8. So pretty high, pretty high, pretty high. And then as far as not crazy high. But what are the metrics on this local attack vector? Low attack complexity, low privileges.
[00:20:05] Speaker B: Definitely. 420 friendly, huh? Oh, apparently so.
[00:20:11] Speaker A: Are you loading? It's. Look, I'm tired. I need another one of these.
[00:20:16] Speaker B: At the brick. At the brick?
[00:20:18] Speaker A: Yeah, I gotta wait.
[00:20:18] Speaker B: Get you one.
[00:20:19] Speaker A: But yes. So 7.8, nothing to sneeze at.
[00:20:22] Speaker B: Pretty much rce though.
[00:20:24] Speaker A: But high.
[00:20:25] Speaker B: Yeah, absolutely. Es nobueno.
[00:20:27] Speaker A: Esnobueno. And I'm not personally a Mac enjoyer. I know you are, but I don't think either of us are super.
[00:20:34] Speaker B: Like, I wouldn't go as far as.
[00:20:35] Speaker A: To say not a Mac enjoyer. A Mac user when it's necessary. Yes. As evidence.
[00:20:39] Speaker B: A tool.
[00:20:40] Speaker A: It is a tool for what you need to do. But I also am not super familiar with one password. I'm not a one password user, so neither am I. Luckily neither of us are vulnerable to this.
[00:20:48] Speaker B: No. And since I'm fortunate that this has kind of hit them, it does also. So one password is telling their users to upgrade. Right. There's a patch.
[00:20:58] Speaker A: Yes.
[00:20:59] Speaker B: Or a fixed version like the latest version has the fix built in and so they want you to upgrade to the latest version, which is kind of an interesting thing. I wonder if the enterprise version of one pass is affected. Say in the article, do you remember?
[00:21:15] Speaker A: I don't believe so.
[00:21:18] Speaker B: It. Can I as an admin just push updates?
[00:21:23] Speaker A: Yeah. To make sure that everybody's covered.
[00:21:25] Speaker B: Maybe I can do that with some third party, not password manager, but patch management software or whatever application.
[00:21:35] Speaker A: It's a good question.
[00:21:35] Speaker B: A lot of times you can do that. This is what I hate about software. Updates can be very difficult because of all the third party stuff. So Zoom recently also had a flaw. I think it was zero day or something.
And you fire zoom and it goes checking for updates. There's an update. Applying updates.
[00:21:59] Speaker A: Yeah, it just does it.
[00:22:00] Speaker B: It just kind of does it. Right? That's a good thing, right? Yes. That can break things. And I get it. You're in enterprise environment. Been there, done that, got the t shirt.
But I like that it's trying to be a little, especially for your average everyday user. It's being proactive at you need the update, it's just going to apply it. Why do I got to wait for you to approve that? Most end users, they will be happy to just sit there and never shut off anything.
Your browser, right? My browsers, both of them brave and Firefox, they go, hey, it's time to update. You got the little thing over here telling you it's time to update. But it never just does it. They both have the ability to recreate whatever session you were in.
So just update.
[00:22:47] Speaker A: Why can you not just re fire.
[00:22:48] Speaker B: It off and bring my sessions back up? Don't bother me with it, just do it.
Yeah, right.
[00:22:54] Speaker A: What are you here for if not to do it for?
[00:22:55] Speaker B: No, don't get me wrong. Put it, put a thing in there, like in the settings that say, hey, I don't want auto updates because I'm a power user.
[00:23:01] Speaker A: Sure.
[00:23:02] Speaker B: And I might be doing x, y or z. I don't want that to happen for Joe and Jane out there.
Fire and forget. Just do it. Just update.
[00:23:12] Speaker A: Yeah.
[00:23:12] Speaker B: If I'm a one password user, I shouldn't have to deal with it. You found the flaw, you fixed the flaw.
Help me enjoy it. Because there are definitely a non zero sum of people and users out there of one password that will just not do it for whatever reason, even if you prompt them, you should update, critical flaw, blah, blah, it's fine.
[00:23:34] Speaker A: Yeah, right. Just surely it won't affect me.
[00:23:37] Speaker B: Update. Yeah, yeah. I don't get it.
[00:23:41] Speaker A: You would think. You would think it would be a common sense thing.
[00:23:42] Speaker B: You would think, you would think I'm smacking the mic.
[00:23:45] Speaker A: No. Good for you. I understand you're angry, so take it.
[00:23:47] Speaker B: Out of my anger. It's just like, it's weird. Weird to me.
[00:23:50] Speaker A: Take it out on the mic. Tell us how you really feel.
[00:23:51] Speaker B: Stupid.
[00:23:51] Speaker A: Mike, this issue does affect. You were asking about like enterprise or whatever. Yeah, I couldn't find anything about whether it affects like enterprise versions or whether there's a way to just like, just patch it, you know, push out this patch. But it does affect all versions of one password. Eight for Mac before eight, dot, one dot, three, six. So any subsequent versions have been patched. So if you're running a subsequent version, that's great, and you're good. And I guess they just presented this. Defcon was like last week, the week before. So it was security researchers at Robinhood that found this and then presented their findings at Defcon in Las Vegas. And one pass was like, hey, thanks. So I thought that was pretty neat. They.
[00:24:25] Speaker B: Heap buff overflow. There you go.
[00:24:26] Speaker A: Yeah. Heap buff overflow. Yeah. Sounds like you're speaking a different language, but yeah. So good to know. If you're running a version that hasn't been updated yet, maybe you should update if you are a one pass user on Mac. Moving on, moving on, moving on.
So in the same vein as patches and stuff, you might remember that this week was patch Tuesday from Microsoft. Happy patch Tuesday. Yay. They do it once a month. It's great. Microsoft August 2024 Patch Tuesday fixed 90 days, six of which were being exploited and I believe they are still working on a fix or an update for a 10th publicly disclosed zero day that I don't believe is being actively exploited but it's out there. So Microsoft still working on that. But beyond those zero days and the six that are exploited. There we go. Patch Tuesday graphic. There were also 89 updates for security flaws.
[00:25:18] Speaker B: So look at them. They are really no small potatoes finding the flaws. No small potatoes getting them fixed. I do always enjoyed like underneath each one of these CvE's that they're showing here.
I think every one of them says Microsoft has not shared who disclosed the flaw and how it was exploited under every single one of them I guess, which they don't, they ever do this. They do not like sharing any kind of vulnerability, technical detail.
[00:25:45] Speaker A: Yeah, I mean I can kind of understand not wanting to share like how it was exploited or whatever because then in the event that somebody that has poor intentions, you know, limit I guess the details that you release.
[00:25:57] Speaker B: So it's a double edged sword, right? We learn about how things get exploited through seeing how they've been exploited like going oh, and that can increase secure coding practices. Like oh, we should not do that. We've totally been falling down on the job on how we're building applications because I do that all the time. So if there's no technical details out there for security vendors, it doesn't just affect Microsoft like holistically.
Obviously the flaws are specific to a Microsoft environment, but how those flaws get introduced is probably common to all software. Like we didn't do X, Y and Zenith and that's what allowed for the flaw.
So how do we get coders to do a better job of that other than going hey, that's got to be a part of your environment, how you live as a coder. You need to be looking at what good security coding practices are and making them part of your workflow.
So exposing them to it and making them kind of like see that and hate that. Like oh, I'm never going to do that because I see it too many times from my fellow coders out there that are building applications.
They're falling, they're falling into this trap too often and I don't want to be the next person going, oh, our software totally got popped because I did the same thing they did. So there's a double edged sword. Yes, bad guys could use it, but if they already have patches, I totally agree with responsible disclosure where we don't disclose this stuff until there is a patch ready. But once there's a patch ready and maybe even some lead time for people to get those patches installed at some point in time, it's like, you know, I don't mind telling you that in the 6th sense, Bruce Willis is dead the entire time without saying, spoiler alert. That movie's been out for like 20 years.
[00:27:53] Speaker A: Yeah.
If you haven't seen it yet, like, come on. Yeah, you can't really get mad, right?
[00:28:01] Speaker B: And it's a part of everyday culture.
You know, at some point it's like, cool, let's talk about these flaws. Let's talk about why they are there, how that happened, and what we can do to avoid it. If we all keep it under lock and key over here, no one really learns anything, right?
[00:28:19] Speaker A: No.
[00:28:19] Speaker B: The only people that learn anything from it are the very people that are directly, the very few people that have access to it.
Right. That's good points. My hot take on that.
[00:28:29] Speaker A: I think that's a good point.
Especially when it's like, okay, it's already been patched. There's no. Not that there's no risk, but like.
[00:28:36] Speaker B: Okay, there is a risk. Right? There's a nonsense.
[00:28:38] Speaker A: Yeah, but it's not like, oh, this is actively being exploited. We have no fix for it. Here's all the details on how it works.
[00:28:43] Speaker B: Right.
[00:28:43] Speaker A: That, to me, I felt, okay, well, maybe we go, hold up a second. Like, as far as just publicly disclosing.
[00:28:48] Speaker B: Especially if there was no patch, right?
[00:28:50] Speaker A: If there's no fix for, this was.
[00:28:51] Speaker B: A zero day, and they're just throwing the detail, oh, that is dumb. Yeah, don't do that.
[00:28:56] Speaker A: Fix it first.
[00:28:57] Speaker B: Fix it first. And now tell us all about it.
[00:28:59] Speaker A: I'm not gonna be like, by the way, I have no door on my house right now. Cause it got broken on it.
[00:29:03] Speaker B: But here's how you exploit this.
[00:29:05] Speaker A: Right, exactly.
[00:29:06] Speaker B: No, that's. That seems backwards.
[00:29:08] Speaker A: Wait till I have a new door installed with a deadbolt.
[00:29:09] Speaker B: Right?
[00:29:09] Speaker A: And I'll be like, oh, yeah, that.
[00:29:10] Speaker B: Old door don't work no more.
[00:29:12] Speaker A: Right.
[00:29:12] Speaker B: You and all the doors are freely available. You just have to change the door out. All you gotta do is a button push and you got new door at that point. It's like the whole, you know, equifax thing, right? Apache struts. There were months out of, like, this has been patched for months. Why aren't you installing the patches? And if you can't install the patch for whatever x, y or z reason, why aren't you using some other security control to protect against.
[00:29:38] Speaker A: Yeah, you know what?
[00:29:39] Speaker B: It looks like it's out here. We.
[00:29:44] Speaker A: He's about to explode.
[00:29:45] Speaker B: I don't get it.
[00:29:47] Speaker A: He's gonna combusthe.
[00:29:48] Speaker B: I was in charge of that stuff at one point. Yeah, I get, I literally had Windows updates break production software on me and people. My phone ringing. Hey, none of this is working. What's the problem? Like, oh, last night was patch night. Shit.
All right, hold on and I'll roll the patch back.
[00:30:10] Speaker A: Yeah.
[00:30:11] Speaker B: And then go, well, how do we get around? Okay, because I need these production servers up, but we literally can't install this patch, which is critical.
All right, let's start looking. Okay, well, it's a web thing, so let's stand up. A firewall rule that says if you see a web request that looks like that, that goes to this endpoint, they shut it up. Yeah. You do other stuff. You isolate, you can find, you build fences, you build detections and you go about your business.
[00:30:40] Speaker A: Yep.
[00:30:41] Speaker B: And you start looking for, hopefully, like we reach out to the vendor of that software that it affected and say, hey, this Microsoft patch is affecting your software.
How do we, what are we going to do? Are you guys working on it? And they'll say, yes, we're working on that. We understand this affected XYZ percentage of our customers and we're going to work on a patch for our side so that that patch can be applied.
This is, this is the ecosystem we live in, ladies and gentlemen.
[00:31:11] Speaker A: The circle of life.
[00:31:12] Speaker B: Anyway, moving on.
[00:31:14] Speaker A: The only, the only other thing of note here that I thought was the one that has not yet been updated. There's not a patch for it yet. It is a Windows update stack elevation of update stack elevation of privilege vulnerability.
Base score of 7.3. So high.
[00:31:29] Speaker B: Okay.
[00:31:29] Speaker A: Nothing to sneeze at, but not a ton of detail about it yet. And there's not a, probably because there's not a fix for it yet. This is, Microsoft is actively working, actively developing a security update to mitigate that threat, but it's not yet available. So that's the only one listed here that there's not a.
[00:31:46] Speaker B: Talking about. I saw something about NTLM hashes. Go back to that.
[00:31:49] Speaker A: On the, on this.
[00:31:51] Speaker B: I don't know. There, you had it on the screen, literally.
[00:31:53] Speaker A: Okay, well, whatever was this?
[00:31:55] Speaker B: Yeah. Okay, so this is Microsoft. This is a pre, okay, that's not the cv.
[00:31:59] Speaker A: This is, it's this one here. This, let me highlight. Oh no, that's something.
This is the one that has not been patched. Everything else there were nine others that were. And then obviously the 80 something others that were, that were fixed as well. Okay. And then they have a list of updates from other companies, which is great. And one of those we are going to talk about right now, if it's okay with you. Moving on from patch Tuesday, you might have heard something about an o dot zero dot zero dot zero day, or zero, however you want to pronounce it. It's an 18 year old vulnerability that can allow attackers to bypass all browser security. Not. Daniel.
[00:32:31] Speaker B: Yeah.
[00:32:32] Speaker A: Is this, this sounds like cause for concern and alarm. Is this a sensationalized thing or is this genuinely. Yeah, we should be.
[00:32:39] Speaker B: That's a general concern. Think. Okay, so I think what's going on here, if I've read the articles correctly and understood them, they are saying it's not technically a vulnerability.
Right. This is a feature that can be abused. Okay, so what do we do about that? I don't know.
I think in some of the articles they talked about the. What's it called here that some of the browsers implement certain things. Hey, by the way, if you're running windows, this does not affect you.
[00:33:19] Speaker A: Yay.
Look at me. I'm finally benefiting from that.
[00:33:24] Speaker B: They definitely got something right here. Yeah, and it's because. So zero dot zero dot zero dot zero.
This is kind of the catch all for the addresses that are on your system. So if I want to open up.
Ssh.
[00:33:44] Speaker A: Okay.
[00:33:45] Speaker B: And I don't care what IP it's coming to in the machine, so 1212-7001 or one. My internal lan address 192 maybe. I'm multi home and I've got a 192 and a 10.0 thing, but I want all of those IP addresses to have port 22 open and ready and waiting for anyone or. Yeah, I say anyone, anyone with authorization to access that machine.
Oda. Oh, if I, if I open port 22 on zero dot zero dot zero dot zero, all of those IP addresses will answer to port 22, right, okay, that makes sense.
[00:34:23] Speaker A: Yeah.
[00:34:24] Speaker B: Right, so hold on, here we go. I got a terminal open on my machine, I'll show you.
[00:34:28] Speaker A: Oh boy.
[00:34:29] Speaker B: So just, just really quickly, Python.
I'll just start a web server, right? Python three m HTTP server bing fired off. You'll see. And it gives us, this is the IPV six right here, a kind of version of this. But this is kind of showing this catch all. Now, if I were to open up a new tab and I do, can I do net stat here? Netstat net stat.
Dash antennae ant up and I'll pipe grep for 0.0 dot zero dot zero.
I don't have some of these options.
Well anyway I'm usually working in Linux and then the BSD stuff with Mac isn't normally it'll show me because I just got the net stat wrong. I guess I can get rid of some of this.
Let's just fire the netstat pipe grip. Zero dot zero dot zero dot zero.
And I got nothing running even though I should. I guess it's using ipv six and ipv four. Thanks Apple, thanks for being on our demo here.
But ultimately at the end of the day that's what's going on. It's trying to catch all. Everything.
[00:35:41] Speaker A: Yeah.
[00:35:41] Speaker B: So the vulnerability lies in if I create a phishing link or something that you click on and it's one, two, seven, 0.1, most of the browsers will go, you're not allowed to access that. That's an internal thing and it'll stop it. We do this with CSRF and a couple other mechanisms, cores I think as well cross origin resource sharing stuff that you get in your web requests. All this is meant to go, hey, you're not from the internal network or you're not on the local host. That's not where this request came from. So I'm not going to allow you to quote unquote access that.
[00:36:25] Speaker A: Okay, that makes sense.
[00:36:26] Speaker B: Fun fact. Zero dot zero dot zero dot zero is not on that list.
This is the 18 year old vulnerability that are in these web browsers.
[00:36:35] Speaker A: So it's not inherently a like, oh, this is a big problem then we need to patch it. It's more like, okay, well that's what it's supposed to do.
[00:36:44] Speaker B: It is supposed to do that, but the argument is that it shouldn't be allowed by the browser.
So zero dot zero dot zero is working the way it should, but the browser should see any request to that as invalid because it's reaching back into internal resources because it only attaches to the IP addresses. Unless you've got a. Your laptop has an Internet facing address, which God knows why you would do that. That's usually your router.
Now you have an internal ip scheme and it's natting out to the Internet using DNAt or whatever.
Probably not a static nat, but it's possible.
That's typically how we're doing things with zero dot zero dot zero dot zero. If I create a link that says go to this web URL which is zero dot zero dot zero dot zero slash pwned, then it will do it. It will not get blocked.
That's the problem.
Right. So it says this critical flaws allows public websites to override the browser protections and access local network services, which can result in remote code execution. How the hell is that, you might ask?
Right, so what do they mean by public websites? That means Internet websites. Okay.
[00:38:17] Speaker A: Okay. Makes sense.
[00:38:18] Speaker B: Overrides the browser protections, which is this PNA thing, this private network access standard. Okay, okay, which says you can't go 127001 or any 192-1680 something, any of those private ip addresses.
If I ran a website on the Internet and I made a link that had 192168, it would go, yeah, you can't do that. Not doing it right. If I did 12701 in the link. Nope. Not doing that. Right. You cannot go to that endpoint. Yeah, these are protected. These are built into the browsers to protect you against that. Zero dot, zero dot, zero dot zero does not have those protections. It doesn't. It's not on that list. Right.
Okay, so, right, this says p the PNA standard, which does not consider Oda auto as a private ip address.
[00:39:06] Speaker A: I wonder why.
[00:39:07] Speaker B: That's the question that we're asking here in this article.
[00:39:09] Speaker A: Is there a legitimate reason why? So, like, okay. If they were to implement some kind of a.
[00:39:13] Speaker B: You got me.
[00:39:14] Speaker A: Hey, we're gonna update something so that this is not. Is no longer a risk. Would there be people that would be like, well, hey, that affects my. Like, I'm doing this for legitimate reasons. What the heck am I supposed to do now? Is there a downside?
[00:39:24] Speaker B: I can't see any reason. Because think of it. I'm in a public website. You're some rando Internet user that landed on my website. How would I know what services you have running on the back end that are at Oda? Oda, Oda. Oh, and the endpoints that it would lead to.
Yeah, it doesn't make sense. The only purpose for this would be for nefarious stuff. Well, so there. I'm gonna get this right, because I can. I can hear the Internet people out there right now going, well, actually, Daniel.
[00:39:58] Speaker A: Yeah, yeah.
[00:39:59] Speaker B: Right? So I want to be able to use zero dot zero dot, zero dot zero. Right? Can we call it something else, like quato or.
[00:40:08] Speaker A: Qua zero or something?
[00:40:09] Speaker B: Yeah, I'm thinking total recall. Quato. The little guy that lived in the dude's stomach.
[00:40:15] Speaker A: Okay.
[00:40:15] Speaker B: Yeah, he's like a mutant. It was fun. It's a lot of fun. He's a crazy creature.
[00:40:19] Speaker A: Oh, you saw something. Oh, I remember this. Okay. Yeah, yeah, yeah, yeah.
[00:40:22] Speaker B: Never mind.
It can be used internally. Right. But that's because I know about these endpoints, I know what services I'm in control of. These things where it shouldn't be able to be done is from an external network.
Any external network it should. So if you see in the cores that it comes from an external place, it should go. Not, you don't have access to that.
[00:40:49] Speaker A: Right.
[00:40:49] Speaker B: But if it comes from an internal ip, it goes, you're cool, go for it.
[00:40:53] Speaker A: Okay.
[00:40:53] Speaker B: Right. So you just set that up and I guess maybe that's their argument is that you can go set that up. Yeah, the argument is made. Why do I have to, there's no good reason for anybody to use 0.00 from an external source. So it should just be that way out of the gate.
[00:41:08] Speaker A: Sure.
[00:41:10] Speaker B: I went to EC two, stood up a web server, created a single webpage with a link on it that said click here. And when you click here, if you are running any internal services like a web server, which many applications that you install, what do they do? They give you a web administration portal. So you're probably running a service with a web administration portal. If I know what those portals are, and I know they have, you know, RCE vulnerabilities, I can now just start searching the Internet and sending phishing links targeted to those people that I know were running those services. And when they click that link, it runs that RCE that's normally just internally accessed. It's not exposed to the outside world. So they were safe and now they're not safe because I can get you to click a link that executes that remote code execution vulnerability which now reaches out to download my malware.
[00:42:09] Speaker A: And people do love to click links.
[00:42:10] Speaker B: They do. Especially because it doesn't tell them anything about it being unsafe.
[00:42:14] Speaker A: Yeah, because it's not like it's malware, it's not like it's inherently like if it's technically, that's what it's supposed to do, then yeah, that would be the.
[00:42:23] Speaker B: That'S the problem, that's the concern.
[00:42:25] Speaker A: And because it's not technically, it's not like, oh, there's a patch because this is a cv. But they do list some recommendations, recommendations of stuff that you can do to try to mitigate, prevent against this kind of thing. So that's good. We do appreciate GB hackers for listing that stuff out, one of them being use HTTPs, which I feel like most browsers now won't let you use anything different. It's like, no, if you try to visit a website that is HTTP and there's no secure connection. No, no, no, no. So maybe some of this is like, maybe it's not likely I would run into this kind of an issue because there's already safeguards in place.
[00:42:59] Speaker B: Yeah. Yeah. Rando user out on the street is probably not going to be a problem. Maybe that's another reason they're not really concerned too much about it.
[00:43:05] Speaker A: But it's something to think about.
[00:43:06] Speaker B: But it is definitely.
[00:43:07] Speaker A: Even if it's not, I mean, it.
[00:43:09] Speaker B: Fired off right away. I was like, well, that's fun.
[00:43:12] Speaker A: Even if it's not immediately a huge, glaring da da da. Like, you just never know.
[00:43:16] Speaker B: Yeah.
[00:43:16] Speaker A: So good to talk about. I think though for the first half of the show, that's, that's probably going to do it. I'm going to take a bio break. Yeah. I'm going to take a five minute nap. But don't worry, we have more coming up here on Technato, so don't go away. We'll be back after the break.
Anthony, what are we going to be talking about?
[00:43:31] Speaker B: We are talking about our newest and most excellent cloud plus course. This course really does an amazing job of taking the load learner from the very fundamental aspects of cloud and then walking them through some of the more advanced topics. They're going to learn about how to secure the cloud, how to optimize the cloud, how to save costs with the cloud. So this is not a course with complete bias to AWS or Google Cloud platform or Microsoft Azure. We breathe life into this material by doing demonstrations across all of the big three cloud vendors.
[00:44:16] Speaker A: We have a lot of fun in cloud and we know that you will too. So come check it out.
Welcome back for more tech Nado. Thanks for sticking with us through that break. If you're enjoying the episode so far, feel free to subscribe so you never miss an episode in the future. Leave a like if you haven't already and comment. Let us know what you're enjoying and what you want to see more of in the future. We do have a couple more stories we want to get through on this week's episode. We got some AI stuff. We got some news from NIST, which is always fun. And of course we'll have a little bit of gaming news at the end. Couldn't forget. So what?
[00:44:49] Speaker B: You're so professional.
[00:44:50] Speaker A: Thank you. Thank you. I do my best.
I have to balance it out. So as I mentioned, we do have some AI related stuff which is always fun. Isn't that always fun to hear about? Microsoft's Azure AI health bot was infected with some critical vulnerabilities, privesque flaws that I believe have since been patched but could have allowed for unauthorized cross tenant access. That's never fun.
Like, it's delicious. Cross tenant access.
[00:45:17] Speaker B: I love some good cross tenant. That stuff is delicious.
[00:45:21] Speaker A: Oh, that server side request forgery, tasty stuff. And that is what the platform was open to with these escalation issues. So that is scary.
[00:45:30] Speaker B: It's very common with cloud platforms with the whole SSRF, where they'll use the SSRF to access the internal metadata service of whatever cloud platform. And from there, well, Sky's the limit, right, because you're probably going to be able to access some API tokens that will give you further access.
[00:45:48] Speaker A: Oh boy.
[00:45:49] Speaker B: Like, you know, other tenants and that's bad. We don't like that. So that's what they found in here. It was a little dumpster fire.
[00:45:56] Speaker A: Yeah, it was, it was tenable research that found those. So they were quickly patched by Microsoft. These vulnerabilities were. But the, the point this article is ISdev putting forth here is that these vulnerabilities showcase inherent concerns about chatbot risks. Specifically, what's your take on?
[00:46:12] Speaker B: Well, this was specifically in the healthcare sphere.
[00:46:16] Speaker A: Well, it was Microsoft's Azure AI health bot.
[00:46:19] Speaker B: So. Right. This chatbot and I guess in other areas as well. But this one was specifically really dangerous because it accesses health sensitive.
[00:46:28] Speaker A: Yeah, yeah.
[00:46:30] Speaker B: And health information is one of the brass rings that hackers go for out there because it can be utilized for identity theft and just pilfering the pocket support people out there just trying to make their way through the world. You got some asshole in Russia or whatever using that ph I to take what little you already got. So I don't really enjoy that. That is something that they do. Please stop, please stop, please stop.
[00:46:54] Speaker A: Good way to put it.
[00:46:55] Speaker B: Um, nothing else I can do about it. You know, it's just, yeah, please hopefully reach into whatever little bit of soul they have left and appeal to it.
[00:47:06] Speaker A: I mean, I guess this is, if you're, there's going to be a flaw of vulnerabilities. Like this is the best case scenario in that as far as we know, there was, nobody exploited it, there was no exploitation.
[00:47:14] Speaker B: Right. This was discovered by secure tenable.
[00:47:16] Speaker A: Yeah.
[00:47:16] Speaker B: Who creates nessus tenable I o all the other great products that are out there. Gold standard industry stuff.
[00:47:22] Speaker A: But, but I guess the concern was that if they had been exploited, they would have had management capabilities for hundreds of resources belonging to other azure customers. And like you said, that's already not a good thing. But specifically in this case, having access to healthcare data, it makes it an even bigger issue.
[00:47:38] Speaker B: Big whammy. Big whammy.
[00:47:39] Speaker A: Yeah.
[00:47:40] Speaker B: I do love how they go in this article to discuss the idea of rushed AI development is risky. That's absolutely right. And then I kind of poked fun at the tenable guy in good fun and good fun because he says, I assume it says Seabree is all the name I get. So they say instead of prioritizing being first to market, businesses must prioritize taking the time to ensure their products security and customer security. And I said, you are living in a dream world because that is. Well, yes, they are correct that they should do this. Companies should prioritize security over being first to market. That's never going to happen.
[00:48:27] Speaker A: Yeah.
[00:48:29] Speaker B: I say I'm being hyperbolic.
[00:48:31] Speaker A: Sure. But I mean, based on history, it's.
[00:48:35] Speaker B: Not likely like, the large majority of businesses are going to throw the double birds up at that because they know they can get away with it. There's no real repercussions for not doing it that way other than making a butt ton of money.
[00:48:50] Speaker A: Yeah.
[00:48:51] Speaker B: Right.
[00:48:52] Speaker A: Yeah.
[00:48:52] Speaker B: It's, if I can get a product out and get you to buy it and get hooked on it, you like it, it works. I can worry about the security issues later. And you're not going to divest from, into another product.
The chances of that happening are very.
[00:49:08] Speaker A: You're already hooked on it.
[00:49:09] Speaker B: And so I can make the argument like, well, all software has security issues and we're working on it constantly. We're constantly evolving. This software changes all the time anyway. And we're constantly having to look for new vulnerabilities that crop up in the new versions of the software. So what does it matter that we released it with issues?
[00:49:28] Speaker A: I mean, yes, that's true. That new stuff's gonna crop up all the time and you're constantly gonna have to be performing patches and all that stuff. But, yeah, to release it with stuff in it that's already.
[00:49:37] Speaker B: Well, what I'm saying is that's their argument for doing that.
[00:49:40] Speaker A: Is that. What does it matter?
[00:49:40] Speaker B: Right? What does it matter?
[00:49:42] Speaker A: Yeah.
[00:49:42] Speaker B: Right.
[00:49:43] Speaker A: Yeah. It does seem like there is the payout for them.
[00:49:47] Speaker B: The ends justify the means.
[00:49:49] Speaker A: Sure. Yeah. If we can just get this product out there as quickly as possible. I don't want to generalize too much. I don't want to come off as like super cynical, but it does, it does seem like sometimes there is this attitude of like, as long as we are in compliance and we're not breaking any laws. That's our security standard is that we're, we're meeting all of those expectations, and so therefore we're fine. And it's like, that's not really enough. Like, that's enough to keep you out of legal trouble.
[00:50:14] Speaker B: But I think you're hitting on a phenomenal topic or that this brings up, which is average. You know, Joe and Jane out there, they don't understand that compliance does not necessarily mean security. Right. Because what can a company do? They can say, we're soc two compliant ISO 27,001. We do secure coding practices.
[00:50:39] Speaker A: Cool.
[00:50:40] Speaker B: Sounds like they're doing their due diligence and maybe they are. And those are all good things.
Right. But what does that really mean? Talk to a pen tester and go, hey, if I'm soc two compliant ISO 27,001 compliant, and I'm certified in both of those things, and we do our best to have SCLC that's secure, are we secure? They're going to.
No, probably not.
[00:51:07] Speaker A: It's. It's sort of like, this is maybe more of a simplistic example, but it kind of reminds me of like, how there will be password guidelines in place when you go to create a password for website. And it'll be like, has to be twelve characters minimum. Has to have at least one number and at least one special character. I can technically be compliant with that password policy and create a password that is twelve characters with a number and a special character. And it's like Garfield the cat. Exclamation. .1. And that's still not a strong password or it's not as strong as it probably needs to be. Yes, maybe. It's difficult to guess. Yes, maybe it's better than what it, you know, than spring 2024.
[00:51:39] Speaker B: Well, do you know what it would be if you didn't have any guidelines?
[00:51:42] Speaker A: Password.
[00:51:43] Speaker B: It would be password or nothing.
[00:51:45] Speaker A: Right.
[00:51:45] Speaker B: Or, you know, one. One, one. Or Abcdefg.
[00:51:49] Speaker A: Right.
[00:51:49] Speaker B: 123456, which are in the wild, still allowed.
[00:51:54] Speaker A: Yeah. A lot of passwords.
[00:51:55] Speaker B: There are many systems that will allow you to create that password.
[00:51:57] Speaker A: Yeah.
[00:51:58] Speaker B: And if you do the whole Google of. Well, let's have some fun. Let's go to Google.
[00:52:03] Speaker A: Oh, boy.
[00:52:05] Speaker B: Google.com.
and most use or most common passwords. 2024.
There they are. Tadae, let that seek in. Right. So when we don't make constraints around security. So it is a good thing that sock two and ISO 27,001 are standards and that those certifications actually do mean something or that if you're. There's regulation out there, you know, sarbanes Oxley, Gram bleach.
Yeah, I can never do it.
[00:52:44] Speaker A: Yeah, Gram leech Bliley or something like.
[00:52:46] Speaker B: You, Graham Leach Bliley act out there, all this stuff, HIPAA, those are all good things and we should be compliant with them. But their intention is to basically set a standard of this is the bare minimum.
[00:52:58] Speaker A: Right.
[00:52:59] Speaker B: And sometimes they go beyond that and that's always awesome. Or give you like very direct instruction on what you should and should not be doing and how you should and shall not be doing it.
But typically, again, ask any security professional out there if I can check off my compliance box. Does that mean I'm secure? They're going to say probably not.
Like you're more secure than not, but that doesn't make you secure necessarily.
[00:53:28] Speaker A: And I think too, the fact that a lot of these regulations and things that are in place, like you give the example, ISO 27,001, that kind of stuff, like, okay, it's not necessarily enough security wise to just be in compliance, but I think having it as a baseline, like ISO 27,001, can't necessarily get super, super, super specific because it's meant to be something that applies to a lot of different companies and stuff. And so then based on your needs and your company, it would then be your responsibility.
[00:53:54] Speaker B: That's why we, okay, so not only ISO 27,001, but I'm also PCI DSs, right. And I'm also this. And we need to start creating more focused standards for industry.
And Opus is kind of doing a really good job on that. Maybe not necessarily on industry, but specifically with like, theyre coming out with more and more cool top tens for mobile API and things of that nature. Right. So they are trying to focus down a whole lot more. And the more we can focus in on stuff and they give people more direct guidelines for whats going on in their industries and it just takes time and people, and not a lot of us have that. Right. So that's always the catch 22 is what it is.
But that brings us back to the executives making the decision on whether or not to go to market and how much does security play into that.
[00:54:54] Speaker A: Right, right.
[00:54:55] Speaker B: They don't really go, okay, yeah, we've got a working viable product, but how's the security on that? And that's really all we're asking is give me that, give me that time. Go. Hey, have we really done some testing on the security? Have we done SAS and Das and Iaas testing on our product before we go ahead and ship this?
And if we have. To what extent was it very preliminary or did we really kind of put this thing through the wringer and see what would happen before we hit. It's on the shelf, right? That's where the people like the person at tenable, myself, anybody that's watching would go, hey, we really appreciate that as consumers and security professionals that are concerned with concern, with the concern with the security of just the world at large.
Please, just please, again, I'm appealing to you.
[00:55:54] Speaker A: Yeah.
[00:55:55] Speaker B: Whatever good nature you have, I beg, please.
And I don't want to completely make them off to all be these, you know, sure. Cloven hooves, fork tail, you know, pitchfork wielding executives out there. I'm making money.
[00:56:09] Speaker A: Right. But they do have a bottom line. They gotta meet.
[00:56:12] Speaker B: They do. And there's something they got. They got people they have to employ and get those, you know, they got to make payroll. They got to do a lot of stuff. I totally get their pressures as well, but more often than not, we do see, they just. They don't care.
[00:56:28] Speaker A: Yeah. Bullies and displaying disregard for that kind of stuff. So I.
[00:56:30] Speaker B: My experience, let me put it that way. Sure.
[00:56:32] Speaker A: But I think you're right. This is researcher tenable. I was able to find him. His name is James, but he goes by Jimmy, so it is he. I think he raised a good point, and perhaps.
[00:56:40] Speaker B: I love that he goes by Jimmy.
[00:56:42] Speaker A: J I m. I, too.
[00:56:43] Speaker B: Oh, that was Jimi Hendrix. Jimmy.
[00:56:45] Speaker A: Yeah, yeah. That was in the article. That's what he was credited as. So, yeah. Shout out to Jimmy over at tenable enough.
[00:56:51] Speaker B: Jimmy's in the world nowadays.
[00:56:52] Speaker A: Spelled specifically like that with JMI. Yeah, absolutely. I agree. But I think it was a good point that he made, like, oh, it'd be great if companies could start doing this. Perhaps a tad optimistic, but I'm with you.
[00:57:02] Speaker B: Hey, honestly, if we don't start pushing for those things and, like, clamoring for it, there will be no change.
[00:57:07] Speaker A: So change begins with us.
[00:57:09] Speaker B: That's right. Be the change you wish to see in the world.
[00:57:10] Speaker A: The cost of a cup of coffee a day. You, too, you, too.
[00:57:13] Speaker B: Increase the security.
[00:57:15] Speaker A: Yeah, be secure. That's our new motto. Continuing on the. Since that article is about, you know, this AI chat bot having these issues, we've got another article about the concerns of AI chat. GPT unexpectedly began speaking in a user's cloned voice during testing. Unexpectedly unprompted. They did not ask it to do this.
[00:57:34] Speaker B: Right. Didn't say in the user's voice.
[00:57:36] Speaker A: Yeah, it just did it. And that would be so unnerving to be like working on this and like, oh, let's do this, let's do that. And then all of a sudden it starts talking back to you in your voice.
[00:57:45] Speaker B: If that happened, if I'm legit, like, hey, speak to me, chat GPT and tell me, you know, tell me a story. And all of a sudden it switched to my voice. I'd be like, what the hell? What is going on? Like I would freak out. Like I would, I would feel hollow inside going, okay, yeah, we've done it. Here we are. I'm gonna go get my plasma rifle and start fighting the machines.
[00:58:11] Speaker A: I'll be in my bunker if you need me.
[00:58:14] Speaker B: This is where the end of the world has begun. This is just crazy that this would do this.
[00:58:19] Speaker A: They're testing this. This is supposedly going to be something that becomes part of, you'll be able to use it's advanced voice mode, but it unintentionally imitates users voices. That permission, or it did without permission, or it did so during testing.
[00:58:33] Speaker B: Maybe they didn't think about permission, like because they didn't think that it was going to do it.
[00:58:38] Speaker A: Yeah.
[00:58:38] Speaker B: So there is no permission to allow or deny its ability to mimic the end users voice. Yeah, from what I understand, AI is basically like a black box of voodoo and witchcraft that they dont really understand whats going on under the hood, they just know, hey, we told you to do things and its constantly evolving itself and creating functions and things. Its super crazy. I remember my friend Justin. Justin, he was saying how they, they told it to create a conversation between Bob and Alice, and then there's another person. So they had two AI's, Bob and Alice. Then they had a third AI, we'll call it Josh and Bob and Alice's job was to have a conversation that Josh could not understand. So they started encrypting their communications with each other. They would devise an encryption method and agree to it with each other. And then Josh's whole existence was to eavesdrop on bob analysis conversation. And it got to where Josh could not eavesdrop, nor could the developers.
They could not see what it was doing. It created an encryption algorithm and scheme that even they were unable to crack and see into at all. They were like, we have no idea what they're talking about. Like, this is scary as hell. They could be plotting to overthrow the earth right now. Yeah, and we would have no idea that that's happening. So like AI is kind of scary in that capacity and the better it gets, I mean I just saw new AI image creation and generation images. No finger problems, no hand problems, no, no problems. Legit look like real photos. And I've seen some really good, like mid journey stuff where you say, you know, create x, y or z people and they look really good, but there's always like, you know, almost like a plasticky look or like a flower, just.
[01:00:34] Speaker A: Slightly cartoony, a little uncanny, slightly too.
[01:00:36] Speaker B: Shiny or too whatever that the human eye is really good at kind of picking up on. Looks phenomenal. Still, don't get me wrong, we've gone beyond that now. We are now at photorealistic in the, in the highest sense.
It was scary as hell.
[01:00:55] Speaker A: That's unfortunate because AI can be used for a lot of good stuff. It can be used for, literally used.
[01:01:00] Speaker B: It yesterday to help me solve a coding problem. I was trying to compile the C code and it wasn't filing. I'm like, why is this not working? And I was like, let me just feed the errors over here to chat GPT. I'm like, what is this? Like, oh, you don't have this installed. Do apt get blah blah blah. I'm like, huh?
How about that?
[01:01:19] Speaker A: Yeah, right.
[01:01:20] Speaker B: Because it looked like I had it installed, but I needed like the dev version of it or whatever, have the right version.
[01:01:25] Speaker A: And it was able to tell you that?
[01:01:27] Speaker B: Oh, yeah. As soon as I installed that stuff, it was like compile and was like, boom.
[01:01:31] Speaker A: So it can be used.
[01:01:32] Speaker B: This is a good tool.
[01:01:33] Speaker A: Yeah, it can be as a tool. And I think that's the whole thing is like, it's a tool. How you use it is.
[01:01:38] Speaker B: What kind of the question becomes, is like how evolved do we need it to be?
[01:01:44] Speaker A: Yeah, right.
[01:01:46] Speaker B: Yeah, let's go ahead and just go ahead and set the fence.
It doesn't really need to go beyond this.
[01:01:51] Speaker A: Yeah. Cause other than just, it's cool. Some of the stuff that we're seeing AI doing, it's like, what is the practical purpose for this? Is this something we actually need AI to be doing? Is this really going to have a widespread practical purpose?
[01:02:01] Speaker B: Question, why do we need AI to be able to clone my voice?
[01:02:06] Speaker A: Exactly, because I think that the only thing that I could possibly think of would be, for instance, like in voiceover stuff. Like, let's just say I can't be here to record a voiceover. And so ACI learning uses my voice to. Hey, but I don't like that.
[01:02:19] Speaker B: Well, here's the thing. You own the rights to your voice, right? Right.
[01:02:23] Speaker A: So that's what I'm saying.
[01:02:24] Speaker B: I think if they clone it. They've now violated your right to your voice.
[01:02:29] Speaker A: Like, I'm sure there's, because if they.
[01:02:31] Speaker B: Create that, they now own that and they can just fire you and use your voice.
[01:02:36] Speaker A: So that's what I'm saying. I'm sure there's benefits with air quotes.
[01:02:40] Speaker B: Right. But none of them are, like, necessary.
[01:02:42] Speaker A: Exactly.
[01:02:42] Speaker B: Right. For you to be out of the office one day is an inconvenience, but it's not going to, like, shut up the doors of Aci.
[01:02:49] Speaker A: I don't know about. That's what I'm saying. It's, it's a convenience thing. Unnecessarily and beyond, like, oh, that's cool. It sounds just like me. Beyond that. What's the point?
[01:02:58] Speaker B: Right? The novelty of it is neat and to make funny stuff and things of that nature. But, like, if they're using it for the purposes of, like, yeah. Parody is one thing, satire is one thing, and maybe you can make an argument for that, but for you to, like, straight up pass that off like it was me.
[01:03:16] Speaker A: Mm hmm.
[01:03:17] Speaker B: Mm hmm. Now we got an issue.
[01:03:21] Speaker A: Yeah.
[01:03:21] Speaker B: There's a, so there is no reason. And you can, and again, I can, I could come back and go, well, I can just hire a voice actor that's, can mimic your voice.
[01:03:30] Speaker A: Right.
[01:03:31] Speaker B: Shane Gillis does a phenomenal Donald Trump. So if I needed someone to do a parody sketch or whatever, I'll go hire him.
Right. You don't need AI for that. There are solutions that don't completely unnecessary in the world we live in.
[01:03:45] Speaker A: I would agree. Yes.
[01:03:47] Speaker B: So we should say, well, we're going to take that out. We don't, we don't need it to do that. Let's remove that functionality. It's unnecessary.
[01:03:57] Speaker A: I would agree. I wonder, though, if you, I don't know that you can enforce that, like, somebody.
Oh, yeah. I don't know. I guess then it gets into a discussion of, is it a ethical or right to then enforce that? Like, should we stop then? Oh, well, it's, you know, it's human invention. It's progress. We're da da da da. We're inventing all this new stuff, and it's great.
Is there any way to enforce, like, no, no, no. Beyond this point?
[01:04:22] Speaker B: Well, we don't open now.
[01:04:24] Speaker A: Yeah.
[01:04:25] Speaker B: Right. What we have to do is create laws to say if you do it, you get sanctioned.
Right. And then there's, that's, that's a slippery slip as well. Like, yeah, it can, like, who's in control of making those laws, right.
[01:04:39] Speaker A: Exactly.
[01:04:39] Speaker B: Yes. I'm not going to sit here and tell you it's not a complex issue. The problem is, is that how fast AI ramped up and got to where it is now was well ahead of our capability of dealing with it.
[01:04:53] Speaker A: Yeah.
[01:04:53] Speaker B: And now it's like, oh, no's.
[01:04:56] Speaker A: Yeah.
[01:04:57] Speaker B: We now have no choice but to just deal with the fallout of this. And here we are staring down, it's doing things on its own that could lead to real problems.
Right. Totally. Enjoy AI. I think it's great. I think it's so cool. I love the technology of it. I love the practical application of it of like, helping me solve coding problems or giving me ideas that I can then use and spark my creativity.
But for us to just kind of let it become an entity that we cannot like, it should never become our master. And it seems like it's on its way because it is kicking, it is kicking the boundaries out of the way, just doing its own thing all the time.
[01:05:45] Speaker A: It's still so relatively new and developing so quickly that there's not regulations or standards or anything like that in place to try to help us navigate.
[01:05:53] Speaker B: They would have had to seen it coming.
[01:05:55] Speaker A: Yeah.
[01:05:55] Speaker B: And knew that it would do this. But they didn't. Maybe they did. Maybe there were like people, you know, with the. The end is nice signs.
[01:06:02] Speaker A: Yeah.
[01:06:03] Speaker B: Going, hey, you're nuts.
[01:06:05] Speaker A: It's never gonna happen.
[01:06:05] Speaker B: Yeah. Now I didn't see them though, but I, it wasn't in my space, you know, I'm just, I'm just looking at cybersecurity stuff all day long. I'm not.
[01:06:12] Speaker A: Yeah.
[01:06:13] Speaker B: I wasn't watching what AI was doing.
[01:06:14] Speaker A: But now it's becoming a potentially, before.
[01:06:17] Speaker B: This, it was all like the far, the farthest I saw AI was for be able to train your cybersecurity tools to spot, you know, threats, a way.
[01:06:29] Speaker A: That you can use it for good.
[01:06:30] Speaker B: Right. You go like, hey, we've got this box. It's got AI and ML. They've been preaching that gospel for the least ten years that I've been in the business of cybersecurity specifically.
[01:06:42] Speaker A: Yeah.
[01:06:42] Speaker B: Right. And then, you know, they were slapping in inside everything and that was the extent of it. But now it has grown so fast within the last, what, two years or so? Yeah, crazy.
[01:06:54] Speaker A: Everything's moving too fast. Stop it. Become an old man and start yelling at a cloud. Like.
[01:07:02] Speaker B: Yeah, I had to calculate uphill both ways.
[01:07:06] Speaker A: That's the way it was and we liked it.
[01:07:08] Speaker B: That's right.
[01:07:09] Speaker A: Yeah. It gets scary if you think about it. For too long. So that was an interesting story to read. I know we are coming up on the end of our time here. There were a couple other things that wanted to throw in here we won't dwell on. But NisT had formalized some new standards, world's first post quantum cryptography standards. Again, we won't get into the super specific technical stuff on that side of it.
[01:07:28] Speaker B: And why is that?
[01:07:29] Speaker A: Because I don't understand.
[01:07:30] Speaker B: You don't know them?
[01:07:31] Speaker A: I don't understand post quantum cryptography. I. Sorry, I'm not a cryptography, girly. But the reason that I wanted to at least mention this is because these are now they've been formalized by NIST, which, I mean, this is a pretty big name for a reason.
[01:07:46] Speaker B: Yeah. Are you saying that they're, that they're telling us that NIST has come up with an encryption standard that cannot be broken by quantum cryptography or quantum computing?
[01:07:56] Speaker A: They have finalized the algorithms and released, I believe, three different post quantum cryptography standards, the official post quantum cryptography standards, because they're saying quantum computers are predicted to develop to a stage where they can break any existing encryption algorithms in the next five to ten years. Which seems like a while, but it'll come quick.
[01:08:11] Speaker B: No, that's, that's super.
[01:08:13] Speaker A: They call that Q day. That's apparently what they refer to as Q day. So a couple different ones, long names. We'll link all of this stuff in the description for the YouTube video. So if you want to go through and look at the specifics of the algorithms, feel free.
[01:08:25] Speaker B: Yeah, I'm looking at the names right now.
[01:08:26] Speaker A: Yeah.
[01:08:27] Speaker B: If I tried to acronym, this would be like Mokim.
[01:08:31] Speaker A: Yeah.
And I think it's neat. The standards not only have the computer code for the encryption algorithms, but instructions for how to implement them and their intended uses so that companies can start to implement this stuff and get ahead of it. So that, that was pretty neat. Wanted to mention that. And again, if you're into quantum computing, feel free to go do a deep dive on that.
[01:08:49] Speaker B: Honestly, this is, this is. Even if you're not into quantum computing, we want to start implementing these standards as soon as possible so that when Q day comes. Right, you're good.
[01:09:01] Speaker A: I guess. I just mean if you're interested in knowing, like, the actual side of like, oh, what does this stuff look like?
[01:09:06] Speaker B: Oh, yeah, yeah, yeah. Check that out.
[01:09:08] Speaker A: Yeah, feel free to go check that. But I agree.
[01:09:09] Speaker B: I'm sure it is high math.
[01:09:11] Speaker A: The sooner the better on as far as, like, you know, implementing this stuff and then the last.
[01:09:15] Speaker B: That's what it is.
[01:09:16] Speaker A: Voodoo. Yeah. Don't know how they do the voodoo that they do.
[01:09:18] Speaker B: No, I do not.
[01:09:19] Speaker A: There was one more thing, like I said, kind of on the gaming side of things. Game Informer was a pretty big publication for gaming news, run by GameStop for 33 years. And now when you go to their website, it is redirecting to GameStop's closure statement. And I can show that here. Game Informer, if I go there, this is what it shows you. Now, the, I guess, thing that is getting people all riled up about this on my laptop just died.
[01:09:47] Speaker B: Really?
[01:09:48] Speaker A: Yeah, it just died right now. I said I had another half hour, but it lied to me. So the thing that is getting people riled up about this, luckily I read this enough that and I got antsy about it. So I can just recite it from memory. There were, I believe, 13 people left on the staff that had been running this for however long. Not only running the website and publishing those articles. Articles, but still rendering the physical publication, the magazine. They were not notified of this. They just. One day it was like the site was shut down. All their work was gone. They nuked the site.
[01:10:13] Speaker B: I love when that happens. Right.
[01:10:14] Speaker A: So all of their work for the past, however many years, gone, they don't have anything to show for it. So unless they've saved copies of it, they're out of luck.
[01:10:19] Speaker B: Sucks, man.
[01:10:20] Speaker A: And then on top of that, the statement. I know it disappeared, but the statement that they put up there, I guess people ran it through, like those things that'll tell you if it's a generated. Every single test they did on it said, this is an AI generated statement. And the staff came out and were like, we didn't write that. That wasn't our statement. So it's like they just nuked the website, shut down the publication, and then. Okay, so Daniel's got it pulled up, so I don't know, you take a look at it.
[01:10:42] Speaker B: 33 thrilling years of bringing you the latest news, reviews, and insights from the ever evolving world of gaming is with a heavy heart that we announced the closure of game informer. From the early days of pixelated adventures to today's immersive virtual realms, we've honored. We've been honored to share this incredible journey with you, our Laurel readers.
While our presses may stop, the passion for gaming that we've cultivated together will continue to live on. Thank you for being a part of our epic quest. And may your own gaming adventures never end.
[01:11:12] Speaker A: And it's like sometimes journalists do kind of write like that. So, like, if somebody came out and said, yeah, I wrote that, I believe them. But it also is pretty similar to how, like when you say, hey, Jack chat. GPT, write me a little summary for this course. It'll be like, embark on your journey through cybersecurity. And it's like, nobody talks like that. What are you doing?
[01:11:29] Speaker B: So it's like, well, you know why? Because it only reads like marketing shit.
[01:11:32] Speaker A: Yeah, right. That's what has to go off.
[01:11:34] Speaker B: Pulling it off the Internet. Everything is spoken to us by through marketers now.
[01:11:39] Speaker A: Yeah.
[01:11:39] Speaker B: So that's how it thinks. We. We talk.
[01:11:41] Speaker A: Yeah. And it just sounds unnatural.
[01:11:43] Speaker B: So we should have it read more like classic literature or something.
[01:11:46] Speaker A: Yeah, yeah. Recite it to me. Like, mark tweets or.
[01:11:49] Speaker B: No, no tweets.
[01:11:51] Speaker A: 180 characters or less.
[01:11:53] Speaker B: Just tweets and Facebook posts and.
Yeah, that's all it needs.
[01:11:58] Speaker A: That's all it needs. So anyway, I wanted to mention that because I literally, as I was looking through articles this week, that's one of the. For gaming news, I'll go to that one. Game rant is another one. There's a couple others, but that's one of the ones I have bookmarked. And I clicked on it and then went to that tab and I was like, well, that's weird. Did I click on the wrong thing? No. Any article that you click on that was from game Informer. Takes you here, takes you to that page. Everything else is gone. So end of an era. 33 years, nuke it from orbit.
[01:12:21] Speaker B: Only way to be sure.
[01:12:22] Speaker A: Nuke of morbid. And it is run by GameStop. And I mean, I'm sure you can guess GameStop's not exactly in its prime post.
[01:12:28] Speaker B: Need to put the audio clip of Hicks saying, game over, man.
[01:12:34] Speaker A: Oh, yeah, yeah, yeah. They're not exactly at the top of their game. It's not. They're not in their peak right now. So I'm not.
[01:12:41] Speaker B: I can never remember now the whole scene where he says, I'm Hudson, he's Hicks, or I'm Hicks, he's Hudson.
[01:12:47] Speaker A: Yeah.
[01:12:48] Speaker B: Now it gets me confused.
[01:12:49] Speaker A: I'm glad I saw that movie because now I can understand what it is the hell you're talking about. And my laptop is dead, so that's all I had. Unless there was anything I forgot from this week's news. I know, we. We obviously didn't have any news coverage last week because again, I was at office. So. Sorry.
[01:13:03] Speaker B: But she literally said, I can't stand our technato audience.
[01:13:07] Speaker A: Yeah, I dipped.
[01:13:08] Speaker B: I'm just taking off.
[01:13:09] Speaker A: Yeah, I got it. It was a great week. I got a niece and nephew. It was family stuff, so I'm. It was a good. I missed for a good reason. I promise. I left for a good reason.
[01:13:17] Speaker B: Bringing life into the world.
[01:13:19] Speaker A: I didn't, but, yeah, I get you.
[01:13:21] Speaker B: What'd you do? You welcomed it.
[01:13:23] Speaker A: Yeah.
[01:13:23] Speaker B: Welcome to the new life.
[01:13:25] Speaker A: I wasn't there when they were born, but, yeah, sure, I was on my way, so it was. It was a good week. But this week and going forward, I'll be here. We'll be here to deliver tech and cybersecurity news. That's all I've got, though, for this week. So, Daniel, thank you for humoring me on all of my many tangents today, and thank you, of course, for joining us for this episode.
Well, that's true. We do yap. We're a team of yappers. Thank you for joining us for today's episode, and we'll see you next week with another episode of Technado.
Thanks for watching. If you enjoyed today's show, consider subscribing so you'll never miss a. A new episode.