Episode Transcript
[00:00:04] Speaker A: You're listening to Technado. Welcome back to another riveting, exciting, wonderful episode of Technado, sponsored by ACI learning. The folks behind it pro reminder that you can use that code, Technado 30 for a discount on your it pro membership.
[00:00:16] Speaker B: That's as good as money.
[00:00:17] Speaker A: That's as good as money. It is. 30% off is basically less free.
[00:00:20] Speaker B: That's free. That's a joke.
[00:00:21] Speaker A: It's basically free.
[00:00:22] Speaker B: It's basically free.
[00:00:23] Speaker A: When you think about it, the value for, you know. Basically.
[00:00:27] Speaker B: Yeah.
[00:00:28] Speaker A: Well, Daniel, I did say this was going to be a riveting, exciting, wonderful episode of Tech NATO, which every episode is. I always enjoy our time here, but we do have some, some fun stuff, a lot of, like, behind bars type stuff today. We've got arrests, we've got legal issues. Like.
[00:00:43] Speaker B: Yeah, it was. There was a. Okay, so a lot of times we'll come in here and go, there was some slim pickings. It was a difficult thing to pick because they're, you know. Yeah. New malware variants. Yeah. You know, some of the run of the mill stuff that you see every week. It's not really that spectacular of news. And you kind of go, meh.
[00:01:01] Speaker A: Yeah.
[00:01:01] Speaker B: This week it was like, what do we choose from? There's so many things.
[00:01:05] Speaker A: Yeah. Yeah. We did have to narrow it down quite a bit, but still have plenty to talk about. And it was not slim pickings this week, as you said. So, of course, we love to start with one of our favorite segments that's relatively new to the show. So we'll get right into it. This is breaking news.
[00:01:20] Speaker B: Breaking news.
[00:01:23] Speaker A: Thank you, Christian. That was beautiful.
[00:01:24] Speaker B: Contribution is always lovely.
[00:01:27] Speaker A: We have a couple articles as a reminder. This is stuff that literally we just saw this morning. It just came out this morning. So forgive us if we're a little, if we're a little bit trying to work our way through this stuff. South korean spies exploit WPS office zero day. So we saw that. I mean, anytime you see zero day in a headline, it's like, oh, but I wasn't familiar with what WP office is.
[00:01:47] Speaker B: Neither was I. But apparently we are behind the eight ball on this.
[00:01:51] Speaker A: Supposedly. Yeah.
[00:01:52] Speaker B: 500 million active users.
[00:01:55] Speaker A: Wow.
[00:01:56] Speaker B: Half a bill. Half a bill.
[00:01:58] Speaker A: That's. That's at least four.
[00:02:00] Speaker B: That's at least crazy.
I think they're going to make it. I think they're going to make it.
[00:02:04] Speaker A: I think they're going to make it. So this, this cyber espionage campaign, as it's being called, was linked to a south korean apt, advanced, persistent threat involves a remote code execution vulnerability. Those are always a fun favorite. And it was exploited for the hackers. Yes. It was exploited to deploy a custom backdoor. Oh isn't that fun?
[00:02:24] Speaker B: So surprise, surprise what backdoor isn't custom at this point. Right. Apts aren't in the, in the game of going, I mean I guess I'll use this.
[00:02:33] Speaker A: Yeah, off the shelf.
[00:02:34] Speaker B: I mean they kind of do, but they always customize that stuff. They kind of use it as their base or whatever.
[00:02:38] Speaker A: You just go like in the sims and you just change it.
[00:02:40] Speaker B: It's a variant of.
[00:02:42] Speaker A: Yeah, yeah. So if there, if this is half a million users I would imagine that quite a few people are worried about this, especially considering it is a zero day that is actively being exploited. To my knowledge, looking through this, I didn't see anything about like a workaround or anything like that or any kind of a fix yet. So scary. But this did just get published.
[00:03:02] Speaker B: So yeah, this, hopefully they're coming out with a fix really quickly. So I did go to WPS's website and check them out. Basically what they are, it's an office suite. Right. Much like Microsoft office.
[00:03:15] Speaker A: Okay.
[00:03:16] Speaker B: The cool thing about them, much like you know, openoffice. Okay I think they are open office at this point. They used to have a different name or they are that different name, I can't remember it now. But they are also like office, like Microsoft Office compliant.
[00:03:32] Speaker A: Oh okay.
[00:03:33] Speaker B: I can open a docX file in WPS office.
[00:03:37] Speaker A: So the file types are compatible.
[00:03:39] Speaker B: Yes, they go oh I understand that, I can talk that language. And a lot of people still like having an installed client now a lot. You can still do that with Microsoft Office if I'm not mistaken. You can.
If you have a Microsoft 365 account you are still, if, if I'm not mistaken, fact check me, the last time I checked you could still download and install software locally to your computer and have those, those things installed like PowerPoint and stuff. Right? Like PowerPoint, Outlook, you name it.
[00:04:13] Speaker A: So I have fun. Yeah.
[00:04:16] Speaker B: You don't have to use the web version. Yeah, okay, right. But maybe that's not, for whatever reason, your cup of tea maybe, maybe that's what's up. Maybe you don't actually have an Office 365 account or Microsoft 365. They change things. Stop changing stuff. Microsoft intra id and Micro, I mean like come on. I don't know who your marketing people are but you need to talk to them. I'm just saying, just saying anywho you feel so inclined, apparently 500 million people did.
[00:04:45] Speaker A: Yeah.
[00:04:45] Speaker B: Feel so inclined this worked for again. I'm new to WPS office. I don't do a lot of office.
I don't know about you Sophia.
[00:04:54] Speaker A: I know you don't.
[00:04:56] Speaker B: She's like, oh I'm well aware.
[00:04:58] Speaker A: I have like locally just because this is my work, you know, computer on my personal computer I don't have a Microsoft, you know, I don't care enough. But I do have like I use PowerPoint for making like slides for classes and things like that. Outlook locally installed, all that stuff. So I do enjoy it. But it is nice to have the web option like if I am working from home and I got to use a different machine or something like that.
[00:05:18] Speaker B: See I always prefer using a cloud solution because doesn't matter what machine I go sit at. There's my stuff.
[00:05:25] Speaker A: Yeah right.
[00:05:26] Speaker B: I don't have to install anything on my co I came from the time where hard drive, space, Ram and all the resources were at a premium and it's. I didn't want my cpu vying for well you know, office doing an update right now. So that's why you're getting a slow performance.
[00:05:43] Speaker A: And it's like, that's true.
[00:05:44] Speaker B: So I'm like cool. I just open a browser and do that.
[00:05:48] Speaker A: Yeah, I can definitely see the benefit of using a cloud based solution like that. And same with this WPS office. Obviously it worked for a lot of people as.
[00:05:55] Speaker B: Yeah, apparently it works a little too.
[00:05:56] Speaker A: Well as far as this particular zero day, which is CVE 2024 7262. So we'll look that up in a second. Cause I'm curious to see where that falls on the scale like how severe it is. But it was silently patched by WPS office developer Kingsoft. But researchers discovered it had not fully remediated the issue and there was a subsequent vulnerability that could enable hackers to basically do the same thing. So working on it now, but not a full, there's not a full fix available. Totally prevent this just yet.
[00:06:28] Speaker B: And no proof of concept on this out there.
[00:06:31] Speaker A: Not that I could see. Specific bug, not that I could see, but again, I didn't look very hard so I could be wrong.
[00:06:37] Speaker B: Sometimes they put it in the articles like there's you know, known proof of concept for these things. That's always interesting to look at to kind of see how the. Or if there's like a technical write up. Yeah, the organization. Who was it? Eset. The researchers that discovered it.
[00:06:51] Speaker A: Yes, Eset.
[00:06:52] Speaker B: So maybe ESET has like a technical blog or something that would be cool to look at.
[00:06:55] Speaker A: So the. The first one that was patched was 9.3. So critical.
[00:07:01] Speaker B: Okay, that's a problem.
[00:07:02] Speaker A: And then this next one that they found. Oh, this vulnerability could allow them to do the same thing. Also a 9.3.
[00:07:07] Speaker B: Okay. So both of those cvss stuff. It's right there. It says vector.
[00:07:14] Speaker A: So this is the. This is the first one.
[00:07:17] Speaker B: Yeah. Just. Just kind of zoom in so I can see it. Everybody can see it. Everybody would like. There you go. So. All right. Attack vector is low. Attack complexity is low. I'm not familiar with ATV because that's a 4.0 thing. Pr as privileges required is none. User interaction is p. Which is what? Passive?
[00:07:36] Speaker A: Yeah, yeah, passive down here.
[00:07:39] Speaker B: That's probably why it's a 9.3, because it's not just like super easy. Grab across the board. You're. You're really having a good time.
[00:07:45] Speaker A: I can only zoom in so far because I have to hover. I have to hover to bring up this stuff. And so if I zoom in too far, it, like, cuts off. So. But yes.
[00:07:53] Speaker B: Now you know why I run only a Mac in a studio.
[00:07:56] Speaker A: Well, I can still, like, do this. That's great. But. Because I have to hover.
[00:08:00] Speaker B: Yeah.
[00:08:01] Speaker A: And then there we go.
[00:08:02] Speaker B: You see over here? Follows my mouse around.
[00:08:05] Speaker A: I'm happy for you.
[00:08:05] Speaker B: That's what I'm telling you. The right tool for the right job for the most part. I could. I could set a fire on Mac.
[00:08:13] Speaker A: You could set a Mac on fire. You absolutely could.
[00:08:14] Speaker B: I kind of have.
[00:08:16] Speaker A: Anyway, well, we'll move on from this one. We do have one. One more breaking news piece we wanted to get into. Daniel found this 1 second apache of biz.
[00:08:25] Speaker B: Or of biz.
[00:08:26] Speaker A: Different kind of.
[00:08:26] Speaker B: Of vulnerability, which is the joke. So funny. The reason I kind of brought this up.
[00:08:31] Speaker A: Yeah.
[00:08:31] Speaker B: Was I. I have a YouTube channel. I did a YouTube video two weeks.
[00:08:38] Speaker A: Ago to advertise your. Of. Yes.
[00:08:39] Speaker B: Oh, yeah. My. Of biz.
[00:08:43] Speaker A: Joking.
[00:08:44] Speaker B: Joking. That's not real.
[00:08:45] Speaker A: It's not real.
[00:08:47] Speaker B: But it was on this vulnerable. This. This specific vulnerability because I saw it in some article a couple of weeks ago. I was like, oh, that's interesting. And it was a technical blog. And I'm like, I wonder if I can recreate. They weren't telling you necessarily how to do it, but I extrapolated enough information from their blog posts and I was able to figure it out. And. And I. Look what I have. A whole YouTube thing. Right? That's the thing here.
[00:09:14] Speaker A: I'll go to YouTube bonus content.com.
[00:09:16] Speaker B: Oh, it's not.com, daniel. But it's YouTube.
[00:09:19] Speaker A: You did your best.
[00:09:20] Speaker B: Yeah. For whatever reason, it's not letting me put my name on the evan anymore. I don't know why they do that, but there it is right there. Booyah. Apache of biz cve 2024-3856 walk you through how to get to the shell.
[00:09:36] Speaker A: He was on this show with weeks ago.
[00:09:39] Speaker B: Two weeks ago. That's what it says right there. Two weeks.
[00:09:41] Speaker A: And that was just when it was uploaded. You were working on this before that?
[00:09:45] Speaker B: And it took me like a couple hours to figure this out.
[00:09:48] Speaker A: Oh, okay. Yeah, it's just a couple hours. No big deal.
[00:09:50] Speaker B: It really wasn't that difficult. This is a. But I think there's PoC now available.
[00:09:54] Speaker A: For that first one.
[00:09:55] Speaker B: One or for this one? This is the second one.
[00:09:57] Speaker A: That's for the second one.
[00:09:58] Speaker B: This is the second one they. Okay, you look at right. And that what the article says. Tell me about if I'm wrong. I could be mistaken.
[00:10:04] Speaker A: His second vulnerability exploited in attacks which is tracked as. And it was CVE 202-438-8556 that's it. Wow. So they just added this on Tuesday to the Kev.
[00:10:15] Speaker B: The Kev. That's because it's known. Exploited, huh? Right. It's being exploited, yeah.
[00:10:20] Speaker A: Interesting. Okay, so.
[00:10:22] Speaker B: Or exploitable. It's exploitable.
[00:10:24] Speaker A: And. Okay, so there is a fixed version, 1812 15 of Apache of biz includes a fix for this. So that's good news. Yeah. And so it says second Apache of visible.
[00:10:35] Speaker B: No, first one was.
It was an LFI. Yeah, it was an lFI to Rce.
[00:10:44] Speaker A: Oh, oh, okay.
[00:10:46] Speaker B: So this is a modified version of that. That kind of they. So what happened was Apache ofbiz, it was a project that was like all by itself for a long time that you could run in Apache and it's for businesses to do.
It's an ep, I don't remember the name of enterprise something, tracking kind of software. You're basically kind of like looking at all the stuff that you want to do and kind of make. Make a plan for how you're going to run your business. So that's why it's called ofbiz. Open for business is what it stands for.
[00:11:21] Speaker A: Oh, okay.
[00:11:22] Speaker B: And. Yeah.
And it became a part of the Apache project officially a while back.
And so there was a discovery of this LFI and that you could walk that into an RCE.
And so they patched it as they should. Researchers from Sonic Wall, I believe it was Sonicwallen said, well, let's kick around with a little bit and see what's going on here and other stuff. And they went, huh. You know what's interesting? If I take out the lfI character, that causes the new fix to kind of kick in and go, oh, you're not allowed to do that.
It works.
They basically like, right? They shot themselves in the foot a little bit.
[00:12:05] Speaker A: Yeah.
[00:12:06] Speaker B: Right. And it just took someone to go, well, what happens if I remove the thing that you're filtering?
[00:12:10] Speaker A: What happens if I do this?
[00:12:12] Speaker B: I'll go, oh, that's what happens. Anything I want. And you're able to get it to execute remote code or commands.
Technically, it is remote code because it's Java.
You send it Java. And in that Java is a system command. Run the system command. But you do it in Java code. It is executing a system command as a command injection through remote code execution.
[00:12:41] Speaker A: Wow.
[00:12:42] Speaker B: Yeah. It's complex, but scary stuff. It was crazy. And then when I saw this morning, I'm like, is this wrong? Am I reading today's date? Yep, that's today's date. August 28. August 28. Yes. We're in. August 28.
[00:12:57] Speaker A: We are in. Yeah. As of recording this, I'm neither a.
[00:12:59] Speaker B: Prophet nor the son of a prophet, but I saw the writing on the wall. This one a while back.
[00:13:06] Speaker A: He's the second cousin's sister's dogs, friends, neighbors.
[00:13:09] Speaker B: Solid, 200 some odd views.
Happy for you because, you know, it's very niche.
[00:13:15] Speaker A: Sure, sure. But it's neat because you kind of. You kind of got ahead of it. So this is now in the cab, as. As I'm glad you do, as was stated, and there's a fix for it. So that's good news. And that is all we've got for breaking news today. Let's know if there's anything else that came up that you want to hear talked about on Technato in the future, because, again, this is just stuff that we're pulling right as we see it. But we do have some other articles from throughout the last week since our last episode that we want to get into. This one I actually got a notification for that was like, hey, make sure if you're using Chrome, you better update new Google Chrome. Deadline 21 days to update or delete your browser. Now, I don't love this headline. It's a little misleading. That applies to, like, federal employees.
[00:13:52] Speaker B: That's correct.
[00:13:53] Speaker A: That's not like the chrome is gonna come after you.
[00:13:56] Speaker B: That's what we like to call clickbait.
[00:13:58] Speaker A: Yes. That's why I clicked on it, and.
[00:14:00] Speaker B: Then I read through this what? Who was this again?
[00:14:02] Speaker A: This is Forbes. Are we surprised?
[00:14:05] Speaker B: Known for their journalistic integrity?
[00:14:07] Speaker A: Yes. Yes. For the second time in three months, the us government has warned the world's most popular browser is known to be under attack. So if you're a federal employee, you've got three weeks to update your browser or stop using it. Also, one thing I wanted to point out is that I did not initially realize. I guess it didn't occur to me because I was like, I don't use chrome. Doesn't matter, because if you use a chromium based browser, you could still be susceptible to this particular vulnerability.
[00:14:30] Speaker B: 900% of the browsers.
[00:14:31] Speaker A: Exactly. Use a chromium if you're using edge.
[00:14:35] Speaker B: Or are you using a chromium based browser?
[00:14:37] Speaker A: I'm using firefox.
[00:14:38] Speaker B: That is not a chromium based browser.
[00:14:39] Speaker A: I should be. Okay.
[00:14:40] Speaker B: You are solid as a rock on that.
[00:14:42] Speaker A: I don't. Yeah, I don't use Microsoft edge, sorry, but I just can't get behind it.
[00:14:46] Speaker B: You know? There's just something about. Ever since it came out, I know they talk about how it's the fastest, it's the most secure, it's the most distant, the other. And maybe all those things are true. There's just something about it I can't get down with. I gotta be honest.
[00:14:58] Speaker A: I just don't like it.
[00:15:00] Speaker B: It's new. Ick unlocked. Right.
[00:15:03] Speaker A: It's like when there's a person that, like, you just have a bad feeling about, and everybody else is like, no, they're great. And you're like, I don't know what it is. Just. There's something about them that's Microsoft edge.
[00:15:12] Speaker B: Something about it I just don't.
[00:15:14] Speaker A: Just can't get behind.
[00:15:15] Speaker B: I have no rational reason for this.
[00:15:18] Speaker A: It's just a gut feeling.
So.
Poor Daniel. So this vulnerability, CV 2024 7971, has a base score of 8.8. So that is high severity. And then we have these. These lovely little things Daniel was reading off a second ago.
[00:15:35] Speaker B: Yeah. Yeah, that's right. You hover over and it shows you all the.
[00:15:38] Speaker A: That's just it. That's what I was doing.
[00:15:39] Speaker B: And that's what you were trying to do.
[00:15:41] Speaker A: That's why I couldn't zoom in too far. It's just looking at it because it disappears.
[00:15:45] Speaker B: Listen, our audience doesn't need to help. We can just.
[00:15:48] Speaker A: Yeah, yeah. You could just squint about that. So, yeah, this contains a type confusion vulnerability. So maybe you can. Maybe you can explain this to me in layman's terms. A little bit. A type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page.
[00:16:05] Speaker B: Heap corruption, listen, that's neither here nor there. What's important is, yeah, so it's the heap in the code, like the memory heap.
It's a very, like, I am not a huge exploit developer guy. If we had all Mister Swinzy in here.
[00:16:24] Speaker A: Oh yeah.
[00:16:25] Speaker B: Jacob could really lay down the law on this stuff. But ultimately it's basically buffer overflow stuff.
[00:16:32] Speaker A: Okay. So if you are running chrome or a chromium based browser, just update your browser. We were kind of talking about this earlier, that browsers tend to update themselves.
[00:16:39] Speaker B: Well at least they, they, they update and then they go, hey, right, you get the little thing at the top says update your browser.
[00:16:45] Speaker A: Yeah.
[00:16:46] Speaker B: And you just have to restart. And with today's all the browsers I've seen, you can just go restore session.
[00:16:52] Speaker A: Yeah.
[00:16:53] Speaker B: Right. So it's not even inconvenient if I got like a thousand tabs open, which I'm sure no one does.
Right. Don't look at me, don't look at me, I'm hideous.
[00:17:04] Speaker A: I like twelve tabs open just right now.
[00:17:06] Speaker B: I know I keep so many tabs open, but so I love the fact that each one of them I have, I Yolo update every time it tells me to. Right. Because. Yeah, and then restore.
[00:17:17] Speaker A: Yeah.
[00:17:18] Speaker B: The chromium browser that I do tend to use is brave.
[00:17:21] Speaker A: Okay.
[00:17:22] Speaker B: Yeah, brave. Just kind of like auto does it. Firefox is a little more like, well, I mean I got it for if you want it, but you got to kind of tell it. I want that. Maybe there's a setting I can make that auto.
[00:17:32] Speaker A: Yeah, but which I guess I don't hate that. Only because it's like, what if I'm like, well just give me a second, let me make sure. Because sometimes updates roll out and there's stuff in them that's not so great. And so maybe I want to just wait a little bit so I don't personally have like a super strong opinion. One where the others I tend to.
[00:17:46] Speaker B: Just like go, whatever. Yeah, you know, updates are fine, it's happened.
[00:17:49] Speaker A: Yeah, yeah. So if you are using a chromium based browser, make sure you update. I know I will if I ever.
[00:17:55] Speaker B: This is like their chrome has had a run of zero days here lately, right?
[00:18:01] Speaker A: Yeah. Like, yeah, you I think. Yeah. Busy month for such warning.
[00:18:06] Speaker B: How many, how many zero days?
[00:18:09] Speaker A: Let's see. Well, so it has listed in the article, of course it has listed multiple windows, zero days and an Android zero day, but nothing about the rest of the Chrome zero days. But you're right, it does seem like that's come up quite a bit in recent headlines and such.
Are you? Oh, are you?
[00:18:23] Speaker B: This is the 10th zero day in 2024. Exploited zero day in the wild in 2024. And that's not just me that's bleeping computer breaking records.
[00:18:33] Speaker A: Right, there you go.
[00:18:34] Speaker B: Days ago.
[00:18:35] Speaker A: You go, right.
[00:18:37] Speaker B: Google revealed that it patched the 10th zero day exploited in the wild in 2024 by attackers, security researchers, during hacking contests two days ago. Booyah.
[00:18:48] Speaker A: Well, at least they're patching them.
[00:18:50] Speaker B: Get your ish together, Google.
[00:18:52] Speaker A: Break some records. It's great.
[00:18:53] Speaker B: Yeah, they did it.
[00:18:56] Speaker A: Well, the first kind of half of our show today is kind of vulnerability and flaw theme. It kind of worked out that because this next one is kind of along the same lines. Cve. I'm not going to read out those CVE numbers, but a couple.
[00:19:09] Speaker B: It's always 2024.
[00:19:10] Speaker A: If it's now CVE 202-42-8986 and CVE 202-42-8987 how about that follow up? New SolarWinds hotfix addresses critical vulnerabilities in web help desk. And didn't one of these, I think, was disclosed last week, but there was one that was super recent. It was like a couple days ago.
[00:19:28] Speaker B: Yeah, this week.
[00:19:29] Speaker A: Okay, so this kind of rolls up both of them and gives us a little summary.
[00:19:32] Speaker B: Yeah, this is more of a. Hey, fun fact. If you're running Solarwinds help desk, you might want to hit the panic button if you haven't heard of this yet. So just trying to get you, you know, with. This is what we do. It's news. News you can use. Go update now. Now, they did a couple of bad things.
The first of these lovely little cve's is Rce.
It's like a day without sunshine. Right? If we don't get an arce at least once a week, then we're just not doing our jobs.
[00:20:07] Speaker A: So true.
[00:20:08] Speaker B: And the second one, which is really what kind of caught my eye, is. Wait for it.
Ready? Hard coded creds, hard coded credits that had been, uh. Oh, a classic. It was disclosed credentials. It was one of the two. I want to say it was hard coded.
[00:20:27] Speaker A: I'll see.
[00:20:28] Speaker B: What do we got here?
[00:20:29] Speaker A: What is it? 87.
[00:20:30] Speaker B: No proof of concept has been published for either of these vulnerabilities.
[00:20:33] Speaker A: That's good, right?
[00:20:34] Speaker B: So let's see what does close the previous week and fix this function. Blah, blah, blah.
[00:20:39] Speaker A: That's the RCE score of 9.1, use of hard coded credentials. The weakness enumeration on NIST's database here. So, yeah, that's always fun, Daniel. I mean, I would think.
[00:20:53] Speaker B: Hit me.
[00:20:54] Speaker A: Hit me. I'm no. Like, I'm not. I'm not involved with solarwinds. I don't use their stuff. I'm not. So it's not like I'm any big important whatever. But even for me, I feel like avoiding the use of hard coded credentials is. I feel like avoiding hard coded credentials, hard coding, anything like that.
[00:21:11] Speaker B: It's kind of like in today's day and age, you know, you don't run with scissors, you don't spit into the wind, and you don't hard code creds. This is like childlike logic when it comes. Like, we teach this to babies.
[00:21:24] Speaker A: Yeah.
[00:21:25] Speaker B: So, yes. Little baby. No.
[00:21:26] Speaker A: No.
[00:21:26] Speaker B: You don't put them creds in that code. You don't do it. I know. It's convenient. Yeah, but no, sir. Right? And we do that because while wildly convenient, it's wildly convenient if anybody is smart enough to look and see if there's anything in there that might be useful. Which. Which makes me wonder. Okay, we got Solarwinds here, right? Big company, right there. There are no fly by night. Mom and pop. Stop right now.
[00:21:51] Speaker A: Pretty big deal.
[00:21:52] Speaker B: They're kind of a big deal. They've been around a hot minute. They make some massive software.
[00:21:56] Speaker A: They've come up once or twice.
[00:21:57] Speaker B: How the hell did this ever pass testing or whatever?
[00:22:03] Speaker A: Yeah, right. Interesting.
[00:22:04] Speaker B: How did this get past their internal mechanisms for security? Or do they not have.
[00:22:11] Speaker A: Yeah, right.
[00:22:11] Speaker B: What was the. I would love to be privy to be that fly on the wall.
[00:22:17] Speaker A: And what was the conversation that happened after this came out?
[00:22:20] Speaker B: Like, all right, where's Carl?
[00:22:22] Speaker A: Who did it? Who did it?
[00:22:23] Speaker B: Where's Carl? Cause this stinks. A Carl?
[00:22:27] Speaker A: It wasn't me. Well, the username is Carl. 123.
[00:22:29] Speaker B: Yeah. So I don't know what Carl did this.
[00:22:32] Speaker A: That's just my. And the password is Carl. Rules. Exclamation .1 pound sign.
[00:22:37] Speaker B: Yeah, Carl hates his job.
94392. So I'm going with. It was Carl. It's just a gut feeling.
So, yeah. How the heck did this make it into the actual production software that was sold to customers?
[00:22:54] Speaker A: I found myself thinking that with some of the stuff we've talked about in the last few months, I don't remember exactly what the issue was, but something happened with Microsoft where there was some issue that got past testing and everything. And it was like, how did you like this? Seems like it would have been real.
[00:23:09] Speaker B: Such a big red machine.
[00:23:11] Speaker A: Yeah.
[00:23:12] Speaker B: That there are cracks and crevices that things can slip through.
[00:23:16] Speaker A: Yeah.
[00:23:16] Speaker B: And that's how these things make their way into. I'm gonna go with, that's probably the answer.
[00:23:20] Speaker A: Yeah.
[00:23:20] Speaker B: Right. You get deadlines. You got bosses coming at you and smacking you in the back of the head going, when's that gonna be done? We gotta ship, we got a deadline, we gotta meet this blah, blah, blah, blah. If I'm gonna get my, you know, my KPI and I'm going to get my bonus, blah, blah, blah, blah, blah. And so done is better than perfect.
[00:23:36] Speaker A: Yeah.
[00:23:37] Speaker B: And stuff makes it to market with fingies crossed. We'll fix it in post.
[00:23:42] Speaker A: Have you seen the. Probably not there, there's this probably not. There's this meme that's, I don't watch.
[00:23:48] Speaker B: A lot of care bears, but go ahead.
[00:23:51] Speaker A: There's this meme that's like, been going around. Meme, comic, whatever. Yeah, I, and it's basically the difference between, like, the different kinds of employees. And so I have it up, but it's like circle in the triangle factory. I've never seen such a thing. I have to inquire about this. And the second guy's like, oh, I guess we're doing circles now.
It's like somebody's working.
[00:24:13] Speaker B: That is very true.
[00:24:14] Speaker A: And one person's like, hard coded credentials. This looks bizarre. And Carl's just like, I guess we're doing hard coded credentials.
[00:24:18] Speaker B: That's what wins this.
[00:24:19] Speaker A: Just send it in.
[00:24:20] Speaker B: Cool.
[00:24:20] Speaker A: Just fired off.
[00:24:21] Speaker B: Ain't my job, but my pay grade, you know, act your wage.
[00:24:24] Speaker A: That's right, exactly. All right, circles. Cool beans. I'm nothing reporting this.
Yes, there are hotfixes for both of these. I'm glad you, glad you brought this up because SolarWinds is a pretty big player and it's nothing to, nothing to take lightly.
[00:24:41] Speaker B: Indeed.
[00:24:42] Speaker A: But we still have one more thing that we want to talk about concerning flaws. And this, I mean, this will make quick work of this WordPress plugin flaw exposes 1 million WordPress sites to remote code attacks. So, you know, this is kind of something that comes out about three times a week. We have an issue with WordPress plugins doing something or other. And the reason that I, we kind of wanted to bring this up is because it's like, okay, yes, there's, there's remote code attacks happening through these plugins. It's not the first time we've seen something like this WordPress is a, one of the most popular, if not the most popular website people use for web design, right?
[00:25:14] Speaker B: It's, it's, I think it is the.
[00:25:15] Speaker A: Most popular, but something like some crazy.
[00:25:17] Speaker B: Amount of websites or it's like a, it's like a drop in if you want to easily create a website, right. WordPress, Joomla Drupal, all these things, they give you the easy button for that.
[00:25:29] Speaker A: And some crazy amount of websites that.
[00:25:31] Speaker B: Exist now 40 something percent of the Internet are, is a WordPress site. Yeah.
[00:25:35] Speaker A: And so of course, at least the last time I checked, people use different plugins and stuff on their site and there's nothing inherently bad about that. But this is the kind of thing where it's like there's no easy, like there's no way you can totally avoid this kind of a thing if you're designing your own website and stuff. And we were kind of talking about this, the only way to really curb this kind of stuff is if you're running the website, you have to be checking regularly about the stuff you're using on your site, plugins or whatever.
[00:26:00] Speaker B: Absolutely. That is your job. You run that, you stood it up.
The onus of responsibility is on you to verify. Now you might have a person that does that or it might be you, but either way, if you're not regularly scheduling checks for updates and then installation for those updates and patches and fixes and that kind of stuff, you're just asking for trouble. Now let's, let's walk back a few steps really quick. I want to just, fun fact, this is a total clickbait title, right? Right. Because it says WordPress plugin flaw exposes a million WordPress sites to remote code attacks.
[00:26:41] Speaker A: Right.
[00:26:42] Speaker B: From what I understand, there is not being exploited in the wild and that this was discovered by researchers and now there is fixes. Right? There's cool. This is how security works. We're never going to get away as long as we write code. There's going to be flaws in said code. We're just not perfect people. Maybe AI, one day the AI messiah will deliver us from bad code and we'll never have that again.
Okay, I guess that's a non zero possibility. The AI messiah, I probably won't live to see it, but maybe I will.
Yeah, AI Jesus will just descend from heaven and go, yeah, instead of JavaScript, it's Jesus script. He'll be writing, you know, a pale.
[00:27:26] Speaker A: Code chat God, that's his name.
[00:27:30] Speaker B: I love it, I love it. This is what we're going with we're creating all sorts of blasphemous monikers.
Yeah, I gotta go repent in a little bit.
[00:27:39] Speaker A: But to your point, yeah, unless there's no, like, easy, you know, like you said, till the AI messiah or whatever automates this kind of stuff, it's our.
[00:27:47] Speaker B: Job to just do our due diligence, make sure we have those things scheduled constantly, security feeds for the software that we run so that we can stay on top of these things that are happening. So if you don't have a good threat feed going on for how. I don't care how small or large your business is, you're doing yourself a disservice. Basically asking, you know, I don't want to victim blame here, all right? I want to go that far into it. But don't. Don't give them the opportunity. Do not give the devil a foothold.
We stick with our biblical theme here, into your corporation, into your organization. Just don't do it. And the same thing kind of does apply in a really weird way to just average Joe and Jane out there. Right? You see, I know that windows kind of updates for you. Awesome. A lot of these systems now for the consumer update on themselves, and you just kind of go, oh, I restart my phone. I have to. Oh, I see my computer restarted last night. Must be update time, because they're not tech people and they weren't good when we gave them the option to apply updates so on their end of the spectrum. But there are still some of those things that you install that are third party and so on and so forth that do not do that.
And so we got to do things like make sure you have a good antivirus system running and that that is doing automatic updates and so on and so forth. So this is just standard cybersecurity practice.
This is the baseline, right? This is the minimum stuff that we do that if we're not doing, then.
[00:29:19] Speaker A: What are we doing?
[00:29:19] Speaker B: Right? What am I supposed to say when you come to me crying, yeah. And go, where are we going?
It's like, okay, okay, come here. Daddy's here now. It's okay.
But did you do what I told you to do and brush your teeth? And that's now why you had to get five cavities filled?
[00:29:43] Speaker A: Yeah, right.
[00:29:44] Speaker B: You gotta do the thing. You gotta be responsible.
[00:29:46] Speaker A: I told you not to ride your dirt bike off the ramp, and now you broke your leg.
[00:29:49] Speaker B: You see how that foot is up by your chin?
[00:29:51] Speaker A: I tried to tell you, no, we're not going to the hospital. You brought this on yourself.
This had a base score of 9.9, which is part of why I threw it in there, because it's a pretty high up there. But you're right. I mean, at the end of the day, it's about stay vigilant. Says Bat. Damn. So there you go. That's.
[00:30:06] Speaker B: Yeah. Woke up this morning, right, and you ask yourself, if I could be anybody I want today. Who should I be?
[00:30:12] Speaker A: Yeah.
[00:30:12] Speaker B: And as I hear, if you can be anyone, you be Batman.
[00:30:15] Speaker A: Yeah.
[00:30:16] Speaker B: I came out of my bedroom, and my son was already up, and he went, daddy, you got that shirt, too?
I got Batman's shirt. I said, yeah, you do. It's cool, huh?
[00:30:27] Speaker A: Is he matching you today?
[00:30:28] Speaker B: No, he's really into ninja turtles right now.
[00:30:31] Speaker A: Oh, okay. That's fine.
[00:30:31] Speaker B: Which. I also have a ninja turtle shirt. Maybe I'll wear that next week.
[00:30:34] Speaker A: I think you should. I think you should. That's valid. Your son's valid for that.
[00:30:37] Speaker B: Yeah, I see no flaw in his logic.
[00:30:39] Speaker A: I know we're coming up on the halfway point here. Maybe we'll try to squeeze one more in before we take a break.
[00:30:44] Speaker B: Want to?
[00:30:45] Speaker A: Yeah, I think we can.
[00:30:46] Speaker B: Feeling strong?
[00:30:46] Speaker A: Unless you think this is gonna lead to a conversation.
[00:30:49] Speaker B: Where are we at? Here?
[00:30:50] Speaker A: We are at the uber stuff. Uber stuff.
[00:30:53] Speaker B: Um, yeah. Yeah. Let's leave it to that.
[00:30:55] Speaker A: I like that. All right.
[00:30:56] Speaker B: Cliffhanger?
[00:30:57] Speaker A: Well, yeah. Cliffhanger for our 12 seconds. And then it keeps all of our legal stuff on the other side of the.
[00:31:01] Speaker B: Exactly.
[00:31:02] Speaker A: I think that's smart. So we will take a quick break. I'm gonna go eat some more barbecue lays chips, and we'll be right back here on Technato. Hey, I'm Sophie Goodwin, edutainer at ACi learning and subject matter expert for our new course, cybersecurity fundamentals. If you're new to cybersecurity, this is the course for you. Anyone from high school students to professional switching careers. These episodes are designed for you as an introduction to essential security terms and concepts. So we'll walk through security principles, governance, risk and compliance, access controls, threats and attacks, incident response, network security, and we'll look at some best practices for security operations. Security doesn't have to be scary. Check out cybersecurity fundamentals in the ACI learning course library.
Welcome back. Thanks so much for sticking with us through that break. Feel free to leave a comment. Let us know what you like about this episode, what you want to see in the future. Like it if you are enjoying it, and subscribe so you never miss an episode of Technado in the future, as promised, we are going to get into some fun legal jail time type beat fines and regulations and it's going to be great. I know it doesn't sound. Fines and regulations don't always sound exciting, but this is going to be really interesting and I'm excited to talk about it. So let's jump right into it.
[00:32:16] Speaker B: Let's do it.
[00:32:17] Speaker A: Let's get into it. Dutch regulator fines Uber 290 million. Is that euros? Euros for GDPR violations.
[00:32:24] Speaker B: $325 million.
[00:32:25] Speaker A: I think so.
[00:32:26] Speaker B: Somewhere around there.
[00:32:27] Speaker A: I think so. Because of some data transfers to the US that occurred. So Uber is going to have to pay up.
[00:32:34] Speaker B: They are fighting against necessarily.
[00:32:37] Speaker A: They are. Well, if they don't, if they didn't argue it, I guess maybe they'd have to. But they're making an argument.
[00:32:41] Speaker B: Hey, they are.
[00:32:41] Speaker A: No, no, no. We didn't violate anything.
[00:32:43] Speaker B: No money has to transfer hands until all legal avenues are exhausted.
[00:32:48] Speaker A: Right, exactly. So this is the Dutch data protection Authority that filed this and they're saying that Uber allegedly failed to comply with EU data protection standards. And would that, that would be the GDPR?
[00:32:59] Speaker B: I guess that would be the GDPR. Yep.
[00:33:01] Speaker A: A serious violation of GDPR. Serious.
[00:33:04] Speaker B: So the dutch protection authority data. Dutch data protection Authority, from what I understand, is like a watchdog.
[00:33:10] Speaker A: Okay. Yeah.
[00:33:12] Speaker B: I don't know if they're necessarily a government entity or not.
Hadn't really said. But I do know that, that they're, they're kind of like stock and trade is to go.
Are you violating GDPR? If so, we're gonna sue you, I guess, specifically in Amsterdam.
[00:33:29] Speaker A: I guess you need people to do that because, yeah, supposedly these regulations are in place to protect consumers and stuff. And so, yeah, you want.
[00:33:35] Speaker B: That's not the first time they've sued Uber.
[00:33:38] Speaker A: Really?
[00:33:38] Speaker B: Yeah, a while back they got him for $10 million.
[00:33:41] Speaker A: Oh.
[00:33:42] Speaker B: And it's like, you know what's a good way we can make some money?
That's what it kind of feels like.
We'll set up a watchdog group and every time almost like, what are those?
Copyright trolls?
[00:33:57] Speaker A: Oh, yeah.
[00:33:58] Speaker B: Yeah. You know what a copyright troll is? I don't think so. It's. It's basically people that are either lawyers or have a lawyer that have figured out that they can go and grab copyrights from old and esoteric spaces. And then anytime you use it because you think it's in the public space, they sue you.
And if you, if you want, you can just settle out of court, which they're happy to do, and then they make money, of course, doing all these. So. Because now if you don't, you gotta get a lawyer. And I know the ins and outs of all.
[00:34:28] Speaker A: Nobody wants to deal with.
[00:34:29] Speaker B: Nobody wants to deal with it. So they just get a bunch of money by suing people over copyright. So that's what a copyright troll is. It feels. I don't know if that's how it's going down, but in some. Now, that said, I do like watchdogs for, hey, you're not doing the right thing. And GDPR has been a fairly solid piece of legislature to protect you and me and our data. If we lived in the Eudez. Like, they. They really take it seriously, and I applaud them for that.
[00:35:01] Speaker A: I appreciate that.
[00:35:01] Speaker B: Yeah, I absolutely appreciate that. That you have rights over your data.
[00:35:07] Speaker A: Sure, of course.
[00:35:08] Speaker B: Right. How it's transferred, where it goes, what happens when it moves, and so on and so forth. So it's fine that Uber wants to retrieve data that it's collecting in the. And I think that's why the dutch government got involved. Or the. Yeah. Is because Uber's headquarters is in the Netherlands.
[00:35:28] Speaker A: Really? I did not know that. But I guess that was why headquarters.
[00:35:31] Speaker B: Is in the Netherlands.
American headquarters is probably in San Francisco or something.
[00:35:36] Speaker A: Okay. Yeah.
[00:35:37] Speaker B: So once they were retrieving data that they were collecting from their drivers in the EU and it came over to the US.
Now you've got to be on the ball, because if you want to do business in the EU, you have to follow GDPR.
[00:35:53] Speaker A: Yeah.
[00:35:54] Speaker B: And that's where this gets weird.
So are you familiar what happened in 2020 ish with Uber, with the GDPR and the foreign governments and big tech?
[00:36:10] Speaker A: I don't think so. The only. The only GDPR, like, big news that really stood out to me when all that was going on is that when. When Brexit happened, and so they had to have. They had to create their own regulations. Basically, GDPR was in tweaks, but he.
[00:36:23] Speaker B: Just said it's the British version, GDPR.
[00:36:25] Speaker A: Beyond that. Yeah, no clue.
[00:36:27] Speaker B: Okay, so big tech, right?
[00:36:29] Speaker A: Sure.
[00:36:29] Speaker B: They got a lot. They're global, right? You name the big company, they're a global company.
Now all of a sudden they got this GDPR thing.
Well, you're basically telling us we got to change how we do all business to be compliant with this thing. That's not going to be a quick transition.
So they passed this, like, data privacy shield idea to kind of give them some time to get into compliance. If I'm reading it correctly, that's what it was. All about, okay, Uber was operating under this amendment, this kind of help.
So during the time from 2020 until, I want to say, did it tell us in the article where. How long it went? 2021.
Right up until August of 2021, they were operating under that. That got kind of sundown or. Or something like. And they came up with a new standard for that. I think it was called the data privacy standard or something. And then once that changed, they started operating under that to help them transition into fully GDPR.
[00:37:36] Speaker A: Sure.
[00:37:36] Speaker B: Again, I am. I am not an expert in this.
[00:37:39] Speaker A: Right.
[00:37:39] Speaker B: But based on clients stuff, it makes me want to chew glass and tinfoil at the same time.
[00:37:44] Speaker A: You can chew glass if you want.
[00:37:45] Speaker B: But I would rather is what I mean.
But if I'm. If I'm reading this correctly in the way this works. So that's what happened. And that's what these. This watchdog group is suing over. They're saying a court in the EU recently said that that data privacy shield is a bunch of bullshit and it wasn't valid.
And because you were operating under that during that time, you weren't GDPR compliant. Bam, we got you, sucker, and we're coming for you for $325 million.
[00:38:16] Speaker A: Wow.
[00:38:17] Speaker B: And Uber's like, well, hold up. Swallowed up.
Now, that don't seem fair because at the time, it was the legal requirement and we were functioning legally in that. That framework.
So how can you sue us? And by the way, where were you helping us transition during that time? Where were your helps of saying, hey, I'm trying to become compliant with GDPR? Why weren't you helping us instead of just sitting around on your hands?
[00:38:50] Speaker A: Yeah.
[00:38:51] Speaker B: Again, I'm not. I'm not advocating for either GDPR or the DPA.
[00:38:56] Speaker A: Sure.
[00:38:57] Speaker B: Right. What I'm saying is these are their arguments.
[00:39:00] Speaker A: Right, exactly. Cause you're right. They did. In Ubers response, it wasn't just like, well, it's fine. We're, you know, we're justified and we didn't violate the GDPR. It's. No, no, no. Actually, the GDPR we are under, I think it's article three of the GDPR able to do what we're doing. It's already.
What is it? Their regulations protection has already been extended under the GDPR. So their argument is, no, actually, we are. We are in compliance. And you're a big, fat liar. You're a big stuff, stinky liar.
[00:39:25] Speaker B: And this is why this is going to courts.
[00:39:27] Speaker A: Yes, because it. Yeah, then that organization was like, we reject that. And so they're now gonna have to battle it out and we'll have to see what comes of that.
[00:39:35] Speaker B: Very interesting, though. Like, yeah, that does seem to be a very gray thing that occurred. If all the facts are true of. As far as, like, there was the data privacy shield and that was okay, but has recently been called uncon, I say unconstitutional because I'm an americana. But ultimately that's the idea is like, no, this is, this is not good. Their argument on why they struck down the data privacy shield enclave, for lack of a better term, is because if I'm an EU organization or I have data that's in the EU and I bring it into the US, there's no law against the US on spying on that data.
[00:40:16] Speaker A: Yeah.
[00:40:16] Speaker B: So in GDPR it says that you, because that can happen, you must do more protections to avoid that from occurring. But if you're under the data privacy shield thing, it kind of was a little, it lets you be more lax with that for the reasons of transitioning in, into GDPR compliance with like a grace period.
Once that period, that grace period was deemed to be technically illegal or undead, unusable.
[00:40:48] Speaker A: Right.
[00:40:48] Speaker B: Not, not a valid invalid. That's what I'm looking for.
[00:40:52] Speaker A: Not supported by.
[00:40:53] Speaker B: So at that time you were not GDPR compliant. Booyaka shah. We got you, sucker. Give me that money.
[00:40:58] Speaker A: Yeah, right.
[00:40:59] Speaker B: Yeah, that seems a bit like.
[00:41:01] Speaker A: A bit like, yeah, I don't love that.
[00:41:04] Speaker B: Don't love that.
[00:41:04] Speaker A: I do jet. Like, I don't.
[00:41:05] Speaker B: I get there. They want to keep their data safe. I get.
[00:41:08] Speaker A: Of course, of course. And I don't, I mean, I obviously don't live anywhere in the European Union. I live in the States. It's not a secret. But I do tend to lean more towards the side of, like, individual liberties, personal, you know, consumer privacy, all that stuff. As opposed.
[00:41:22] Speaker B: No sovereign here.
[00:41:23] Speaker A: Right.
As opposed to benefiting a big corporation or whatever. But I do also understand sometimes the law can overreach a little bit. And so it will be.
[00:41:32] Speaker B: There's a balancing act.
[00:41:33] Speaker A: There's a balance. Right. And so it will be interesting to see how this plays out and who ends up coming out on top.
[00:41:37] Speaker B: It will be. And if they do, because that's gonna set some precedence.
[00:41:39] Speaker A: Yeah, yeah, yeah. And we'll have to see if Uber does end up having to fork over that. What is 325 million USD. Yeah, that's no small potatoes. And continuing with some more interesting legal stuff that if you're familiar with Georgia tech, it's a university here in the States, Georgia Tech was sued over alleged false cybersecurity reports to win DoD contracts. They supposedly submitted a false and fraudulent cybersecurity.
[00:42:01] Speaker B: Oh, yeah. You rearranged the article.
[00:42:03] Speaker A: Yeah, I did.
[00:42:03] Speaker B: It's not in my feed.
[00:42:04] Speaker A: Not in your feed. Oh, it should be in the. In the list. Check the general feed.
[00:42:09] Speaker B: It is. I am in the general feed.
It didn't rearrange.
[00:42:13] Speaker A: It should be in the list.
[00:42:14] Speaker B: Weird.
[00:42:14] Speaker A: I have a lovely little list for you.
[00:42:16] Speaker B: I have the list. It's just not in this order.
[00:42:18] Speaker A: Oh, okay. Well, just. Can you like.
[00:42:21] Speaker B: Oh, we're skipping one.
[00:42:22] Speaker A: No, yeah, it's. It's in there.
[00:42:23] Speaker B: We had rearranged the articles.
[00:42:25] Speaker A: Yeah.
[00:42:25] Speaker B: Sorry, everyone.
[00:42:26] Speaker A: Sorry. Yeah, we switched some stuff up to kind of keep the. Keep certain.
[00:42:29] Speaker B: We want to keep categorize there.
[00:42:31] Speaker A: Yeah. Do you need it? Do you need.
[00:42:33] Speaker B: No, no, it's fine.
[00:42:33] Speaker A: Oh, you've got it. Okay, fine. And then I can adjust. Yeah, I'm sure you will. So, yes, Georgia Tech was sued because they were.
What was that?
[00:42:43] Speaker B: Nothing. Continue.
[00:42:45] Speaker A: I just sent it so you'll have it. Because they submitted false cybersecurity reports to win Department of Defense contracts. So the US is intervening. There was a whistleblower suit that was brought against the Georgia Institute of Technology or Georgia Tech over alleged failure to meet cybersecurity requirements. Christopher Craig and Kyle Koza. Those are some lovely alliterative names.
[00:43:05] Speaker B: Listen, Georgia Tech is the mit of the southeast.
[00:43:08] Speaker A: Yes.
[00:43:08] Speaker B: And that's not an exaggeration.
[00:43:10] Speaker A: No, I get it. Yeah.
[00:43:11] Speaker B: It's just a very prestigious, very well respected.
[00:43:13] Speaker A: Yeah.
[00:43:13] Speaker B: Very well respected technology school.
[00:43:16] Speaker A: Mm hmm.
[00:43:17] Speaker B: And.
Okay. I don't think about foosball.
[00:43:21] Speaker A: It's just they beat FSU, so they're all written my book.
[00:43:24] Speaker B: Okay.
[00:43:24] Speaker A: But, yes. Yeah, you're right. They're very well respected in that.
[00:43:26] Speaker B: So for them to pull this crap.
[00:43:28] Speaker A: Yeah, it's a shame.
[00:43:29] Speaker B: Wow, man. And that. Yeah. Wow, bruh.
[00:43:33] Speaker A: It's a real shame.
[00:43:34] Speaker B: Were you thinking? Right, so let's see here. What did they do? What was their thing? So they lied to the DoD. Right.
It says that they were they since 2019. From. Since 2019. I didn't see that part.
[00:43:50] Speaker A: Since at least 2019, the two entities, Georgia Tech and their, failed to implement.
[00:43:53] Speaker B: The controls that they said that they were implementing.
[00:43:56] Speaker A: They did not enforce federal cybersecurity, regulate regulations regarding those contracts.
[00:44:00] Speaker B: Yeah. And then lied the DoD about it. Right. It says, according to the complaint filed against Georgia Tech and GTRC, since 2019, the two entities did not enforce federal cybersecurity regularly regulations regarding DoD contracts and gave into the demands of researchers who secured large government contracts. Yeah, you know, you hate to see that happen. You hate to see that happen. Quid pro quo going on the complaint. Oh, yes. It's exactly what that is. The complaint also alleges that even the system security plan implemented in 2020 to comply with DoD security requirements did not include all applicable systems and was never updated as required by existing regulation.
And then they said. Additionally, the complaint alleges that they submitted a false and fraudulent cybersecurity security assessment score for the Georgia Tech campus, which did not reflect the status of compliance with cybersecurity requirements applicable to the systems used to score or assessed covered defense information.
This is not good.
[00:45:02] Speaker A: That's the part that submitting the fraudulent score, that is pretty clearly seems intentional because the stuff before that where it's like, okay, they didn't, you know, comply with these or they didn't update their regulations to Matt. That could very well. It's not good, but it very well could have just been ignorance. It just, they just were lazy about it or they didn't update it when they should have. And maybe it wasn't intentional, but it's still bad. But that submitting a score of 98 when you're very clearly not in compliance and not secure.
[00:45:25] Speaker B: Yeah.
[00:45:26] Speaker A: How does that happen? By accident?
[00:45:27] Speaker B: Yeah, that doesn't.
[00:45:28] Speaker A: I don't think it does.
[00:45:28] Speaker B: It does not. And so apparently there's going to be some information also known as proof to the fun, to the fact that they knowingly did this, purposefully did this.
[00:45:40] Speaker A: Some information also known as crazy to me.
[00:45:42] Speaker B: Yeah.
[00:45:43] Speaker A: Yeah. That is crazy.
[00:45:45] Speaker B: You like that? Did you?
[00:45:46] Speaker A: I did enjoy that, yes. Especially considering it's not like Georgia Tech is. It's not like this is some random, like you said, they're very well respected. This isn't some rinky dink. Not to disparage any university, but, you know, there are universities that are super well known for stuff, and then the universities that, they're just a little bit smaller. They're just a little bit more. They're a little guy. And that's not a bad thing. No, but Georgia Tech is definitely, they're famous for a reason, so it is disappointing.
[00:46:11] Speaker B: And it's the fact that it was from pressure from their researchers.
[00:46:14] Speaker A: Yeah, right.
[00:46:15] Speaker B: That's like, you know, I want names, you know? Justin. Right. So, Justin, a friend of mine used to work here.
He was a research scientist for a while for UF.
[00:46:26] Speaker A: Oh, yeah.
[00:46:27] Speaker B: And he talks to me a lot about how a lot of research that gets published and used as, quote unquote, proof or a lot of things is cherry picked, is curated in a way that is favorable to whoever granted the research scientists the grant money to do. He's like, this is not an uncommon practice. If I've got a pharmaceutical company who wants me to do research on x, y, or z components, they go with the research that tells them that everything's cool, and they try to actively squash the stuff that would put them in a negative light or put anything in a negative light.
[00:47:11] Speaker A: Pretty unethical.
[00:47:12] Speaker B: That is exactly what that is. Yes. You're on point today with definitions.
[00:47:16] Speaker A: I'm on point today with very obvious statements of fact.
Very on point with just defining things. But, yes, you're right. It's very, uh. It's just disheartening. It's just unfortunate, you know?
[00:47:27] Speaker B: I love the way they wrote this, though. The defendant submitted a summary level score of 98, which the lawsuit alleges was fraudulent because. You ready? Because it was for a fictitious environment not specifically associated with Georgia Tech.
[00:47:41] Speaker A: That's crazy, right? The length they went to, basically just.
[00:47:45] Speaker B: A made up thing to carry this out.
[00:47:48] Speaker A: Like, you had to put an effort to lie.
[00:47:50] Speaker B: Yeah.
[00:47:50] Speaker A: You had to, like, really, really spin a web here. It just. That's unfortunate. It's unfortunate.
[00:47:55] Speaker B: Yeah.
[00:47:55] Speaker A: Man, I'm glad I'm not a Georgia tech graduate, because I would be hanging my head in shame today. Shame on you. I'm gonna get some Georgia tech fan in my comments. Like, how dare you?
[00:48:02] Speaker B: My alma mater will come after you.
[00:48:04] Speaker A: Don't make assumptions based on.
[00:48:06] Speaker B: You will quake in your boots.
[00:48:08] Speaker A: Oh, shit.
[00:48:08] Speaker B: For me timbers writing academic blogs, you have to pay $70 to read.
[00:48:19] Speaker A: I can read the first two sentences, and it's like, want more? Support me. And I'm like, dude, I don't know you. I'm sorry. I'm not paying $70 for that. So that. Actually, I forgot we were going to do a segment for that one. But this next article kind of falls under this segment, too. We're going to call this a pork chop sandwiches. Pork chop sandwiches.
Pork chop sandwiches.
[00:48:39] Speaker B: Pretty sure that Christian is having a seizure.
[00:48:41] Speaker A: Yes. Here. Evidence. I like when he adds his sound into the actual techno episode. He did it for the last one. He was like, oh, blind bars. And it just gave me a giggle.
[00:48:50] Speaker B: Gave me a chuckle.
[00:48:50] Speaker A: Gave me a chuckle. So this next one again is, of course, a bit of a what the heck? Moment. Pulaski county man sentenced for cyber intrusion and aggravated identity theft, which, okay. On its own, is like, ooh, okay, that's interesting. But to my understanding, the reason he did this was because he owed, like, 100 grand in child support, and he didn't want to pay it.
[00:49:08] Speaker B: That is basically what it boiled down to.
[00:49:11] Speaker A: That's pretty crazy.
[00:49:12] Speaker B: He's like, man, that child support is really kicking my butt. How about. How about this? I'm dead.
[00:49:21] Speaker A: Fake your own death.
[00:49:23] Speaker B: This is what he used. And, you know, we. It's kind of overblown. It might seem like he was some elite hacker, and that's what he did. Stock and trade. And he used his cybersecurity skills to manipulate the system, gain access, and, you know, change himself into some sort of. Yeah, that he was dead.
[00:49:40] Speaker A: Right.
[00:49:41] Speaker B: He was no longer with us.
What he did was he had some credentials from a doctor that he knew, and he used them to log into the, like, the death authority or whatever, of Hawaii. Right. And it's just funny.
[00:49:59] Speaker A: He used Hawaii. Like, just. Yeah, he lives in Kentucky.
[00:50:02] Speaker B: And issued himself a death certificate.
[00:50:05] Speaker A: That's pretty crazy. It was in back in January of last year. Yeah. He accessed the Hawaii death registry system and created a case for his own death. Completed a death certificate worksheet, which sounds like a homework assignment, and then was registered as a deceased person. Deceased. Not deceased in many government databases to avoid child support obligations, at least in part. That is pretty insane. I couldn't see myself going to that trouble to fake my own death, even if I, like, was on the. On the lamb from the law. Like, even if it was, like, so that's no joke.
[00:50:36] Speaker B: Like, he. He might have actually been looking down the barrel of some legal course for not paying his child support.
[00:50:45] Speaker A: He's going to jail anyway now.
[00:50:47] Speaker B: So he's like, whatever. In for a penny, in for a pound. Might as well just do whatever I can to try to avoid this if.
[00:50:53] Speaker A: I'm already going to jail. But now he owes, I think, almost double what he did before in fines, in fees to further child support, but then also. Yeah. Governmental and corporate computer systems that he damaged in the process.
[00:51:05] Speaker B: What does that say? The bigger the risk, the bigger the reward, I guess.
But if you fail.
[00:51:10] Speaker A: I'm curious what his plan was if he had somehow pulled this off for an extended amount of time. What were you gonna go? Were you gonna like.
[00:51:18] Speaker B: A great question right now? It's a phenomenal question because. Okay, so he issues himself a death certificate, the legal system somehow. Oh, well, he's dead. We now take him off the rolls of whatever that is. The issues his child support because that's no longer a valid thing. Because he's a dead person. Yeah, he's still living.
He's still. His ex wife is going to know he's not dead. Was he going to continue with the ruse into some sort of physical, like by a burial plot and wreck his car with a cadaver in it, you know, snatch all his teeth out and stick him in the car, pour his own blood all over everything?
Like, what was the depths and lengths that he was going to go to this masquerade? Was this just step one of a more elaborate scheme?
It was dang son.
[00:52:08] Speaker A: He's gonna flee to like South America and start a new life. Like, I just. Yeah, I don't know. What did you think that through all the way? Of course he can't answer that question because he's going to jail. So he was sentenced to 81 months on Monday by us district judge Robert wire Weir. I'm not sure how to pronounce that, but 81 months, w I e r, which of course is how women give the age of their babies. So how. What does anyone wants in years? Quick maths.
[00:52:30] Speaker B: I know. What are we? What are we? A baby? What is this? Not a baby.
[00:52:34] Speaker A: I can't do quick maths. It's 6.75 years. So almost seven years. Yeah. Specifically 81 months. I wonder what the reasoning was behind.
[00:52:40] Speaker B: Why did they do that? Stop with the eight, with the months.
[00:52:43] Speaker A: Jesse Kipf, he going to jail.
[00:52:45] Speaker B: Honestly, if you have a baby once they hit twelve months, you say they're a year old.
[00:52:49] Speaker A: They are a year old.
[00:52:50] Speaker B: They're not. They're not 18 months.
[00:52:52] Speaker A: Yeah.
[00:52:53] Speaker B: Why do we do this?
[00:52:54] Speaker A: Especially if you're talking about purpose for.
[00:52:55] Speaker B: It, but I don't know what it is and it seems ridiculous, especially if.
[00:52:58] Speaker A: You'Re just talking to like a stranger, if I don't know you and I'm just like, oh, cute baby. You don't need to tell me. He's 37 months old.
[00:53:02] Speaker B: Why are you like forcing me to do math?
[00:53:04] Speaker A: Yeah, just be like, I'm not good at math.
[00:53:06] Speaker B: It makes me feel bad about myself.
[00:53:08] Speaker A: I could see like, cuz I'm sure there is a very big developmental difference between a baby being twelve months old and being 23 months old. And so technically you're still.
[00:53:15] Speaker B: I would just go, yeah, they're basically two years old.
[00:53:17] Speaker A: Right, right.
[00:53:17] Speaker B: I'm rounding up.
[00:53:18] Speaker A: And so maybe like medically or within family or whatever, maybe that's important, but like, if you're talking.
[00:53:23] Speaker B: But why.
You know why we use months to age babies until they are two or however long? Please put that in the comments.
[00:53:31] Speaker A: I saw something once that was like, you use days until they hit two weeks. You use weeks until they hit two months.
[00:53:37] Speaker B: That's not the question. The question is why.
[00:53:39] Speaker A: Right? I'm just saying I think that's.
[00:53:40] Speaker B: You know, I ask this question a lot. People get angry with this.
[00:53:43] Speaker A: You ask why?
[00:53:44] Speaker B: I ask why a lot.
[00:53:45] Speaker A: Yeah.
[00:53:46] Speaker B: And that angers people like a toddler. Really pisses them off.
[00:53:49] Speaker A: He just.
[00:53:50] Speaker B: Because I don't just accept it. Like I understand what we're doing.
[00:53:54] Speaker A: Yeah.
[00:53:54] Speaker B: I don't understand why we're doing it.
[00:53:57] Speaker A: Maybe we'll get some answers. Maybe we'll get some neonatal nurses in the comments that know what's going on.
[00:54:02] Speaker B: I'm fully capable of accepting.
[00:54:05] Speaker A: Sure.
[00:54:05] Speaker B: The reason. I just don't know what it is.
[00:54:08] Speaker A: Right. Okay. Sure.
[00:54:09] Speaker B: I'm not asking you why, because I want to put you on the spot or whatever. I'm asking you why. Because I'm genuinely curious.
[00:54:16] Speaker A: Okay.
[00:54:16] Speaker B: It seems curious. Yeah.
[00:54:18] Speaker A: He's made of curry. We're gonna wrap up this. This technato. We've got a couple more articles. One more segment that we wanna. That we want to share today.
[00:54:25] Speaker B: Get it?
[00:54:26] Speaker A: This is of course an old favorite behind bars.
[00:54:35] Speaker B: I don't know if I mouthed it correctly.
[00:54:37] Speaker A: You did with the. I think Christian should leave it in there anyway.
[00:54:40] Speaker B: Yeah.
[00:54:40] Speaker A: I think he should do to you what he did to me last week. Which was publicly embarrassed me because he left in it. Maybe look like a crazy person cuz he like edited in the thing. I'm sorry.
[00:54:49] Speaker B: It wasn't a lot of work.
[00:54:50] Speaker A: I'm sure he edited in like made it so that the timing was correct, but then left in me going, oh my gosh. Did it just go off just now? Like two minutes later?
[00:55:03] Speaker B: My dog told me to do this.
[00:55:06] Speaker A: Stand back.
[00:55:07] Speaker B: Listen here, daughter of Sam get crazy.
[00:55:11] Speaker A: Yeah, it doesn't take a lot to make me look crazy. We do love behind bars here on Technato. And we got a couple articles that fall under that category. I guess the last one kind of did. Wow. I guess the last one kind of did too. You may have heard a little something about a certain CEO. The telegram. CEO Pavel. Pavel.
Mister Durov was arrested in France. Reports say he was arrested in France. He was a dual citizen, I think, of France and Russia. I'm pretty sure that's why when he got France, he was able to, or they were able to make that arrest. So there he is. I'm sure he doesn't look very happy right now, but that's an old picture. He's the co founder and chief executive of Telegram. And when I read this, it looked to me like the reason that he was, that he was being arrested, what he was being charged with, supposedly, is that you failed to mitigate on your platform, on telegram.
[00:55:58] Speaker B: Moderate, moderate.
[00:55:59] Speaker A: Sorry. You failed to crack down on this illegal activity that's going on, drug trafficking, terrorism, all that kind of stuff.
[00:56:04] Speaker B: Yeah.
[00:56:05] Speaker A: And my thought initially. Maybe I'm wrong. My thought initially was, well, telegram is like, it's kind of like discord, right? I'm not a big telegram user, but it's like a messaging kind of thing.
[00:56:14] Speaker B: It's a messaging app.
[00:56:16] Speaker A: Yeah.
[00:56:16] Speaker B: End to end encryption.
[00:56:17] Speaker A: Okay.
[00:56:17] Speaker B: But you can also create telegram channels, which is very similar to like discord.
[00:56:21] Speaker A: Okay.
[00:56:22] Speaker B: I think that's where you're probably getting that, where you can just spin up a telegram channel and you can invite people to join it and all that conversation is encrypted because.
[00:56:32] Speaker A: Yeah, I mean, I just, it's like, okay, if I put bad pictures, if I put like abuse material in an envelope and I send it to you in the mail, and then somebody finds out that I. Is the USP's then liable?
[00:56:44] Speaker B: That's a great question.
[00:56:45] Speaker A: Because they didn't like open mind. Yeah. Cuz they didn't. It's not their job to check every envelope that sent. They couldn't do that. They'd get in trouble if they did. Right. If I, if I found out they were open my mail, that'd be a bad thing. So that's kind of to me. I'm, I'm not saying the activity going on is not bad. Of course.
[00:56:59] Speaker B: No, it is. But how would he know, right. That that is without violating one of.
[00:57:05] Speaker A: The benefits of telegram, which is that encryption.
[00:57:07] Speaker B: Right. It just, he would then be like, would he not be violating his own eula at that point where. Or, and then lying to his customer base saying, we don't have the ability to look at your. Does telegram make that claim? That's. That they say, hey, you know what? You've got the encryption. We don't have the encryption keys. We can't see what's going on. Most of these like end to end encrypted applications make that claim that we don't have the encryption keys. You're the only one with the encryption keys. Right.
[00:57:37] Speaker A: We can't even look.
[00:57:38] Speaker B: We cannot look. So if we are subpoenaed, there's not a whole lot we can do. We, we have to comply with a subpoena, but we're going to give them there, there's their telegram channel and there's the information in it. It's all encrypted, right?
[00:57:52] Speaker A: Yeah.
[00:57:53] Speaker B: Am I wrong on this? Are you looking it up?
[00:57:55] Speaker A: So there was something else that occurred to me. It's a different part of the story, and I just want to pull up to double check. But. But, yeah, I think. I think that's correct. Or at the very least close to it. The whole idea is, even if we wanted to, we can. We can't at your stuff, and that's why people like it. And it's not a lot of people using it or not using it to do anything nefarious. It's just, I want my privacy. Same reason.
[00:58:16] Speaker B: Privacy.
[00:58:16] Speaker A: I used to use signal because you want that.
[00:58:18] Speaker B: We've reported in the past about. I think it was a phone carrier or something, but it was specifically designed for. And they. They. I think they tried to prove their case and did prove their case, that it was for the purposes of allowing for criminal activity.
[00:58:36] Speaker A: Yeah.
[00:58:37] Speaker B: And because the intent behind the platform was criminal, they were able to get, like, Rico or maybe this was EU or something to something similar. But I do remember subpoenas where they were able to gay, because it was.
[00:58:50] Speaker A: They could prove in tactics, it was proven ten very specifically for the purpose. If this had been an app that was called, like, do crime chat, and that was like, the explicit purpose was to. To do crimes, then. Then. Okay, sure.
[00:59:02] Speaker B: Or is this just a case of european governments and much like our own government in the US, wanting access, backdoor access, they want to have an ability to see what's going on in these things, and if you don't do it, they're going to sanction you. Is that what's going on here? You know, I don't know.
[00:59:21] Speaker A: Yeah. Be interesting.
[00:59:23] Speaker B: Right.
[00:59:24] Speaker A: One thing that it's not necessarily related to the idea of, you know, this is encrypted. That's the whole point. But they obviously arrested this guy when he touched down in France. And I had seen a bunch of stuff about how he was traveling with some influencer who's about my age.
[00:59:37] Speaker B: Yeah.
[00:59:37] Speaker A: And she had been posting pictures of, like, oh, we're here. Oh, we're here. This is. And that's how they were able to know where he was gonna be and how that he was gonna be in front of France. But she's now missing.
[00:59:46] Speaker B: I mean, that seems dubious, though. Like. Like, all his flights are going to be long. It's not like he's on black helicopters flying around Europe and no one knows where I am. He's like Lex Luthor.
[00:59:56] Speaker A: Right?
[00:59:57] Speaker B: You know, with his own flying machines, having a good time. All his flights are going to be logged and registered and everything like that. It wouldn't have been difficult for them to fly. They wouldn't need to stalk, you know, cyber stock. Some 24 year old influencer. Where he was going or where he was. He's at.
[01:00:12] Speaker A: There was. There was different articles. Said the french authorities had issued a search warrant because it was part of an investigation into this. The billionaire in his telegram application.
And here, I'll zoom in a little bit. I hate that it pushes it off to the side like that. But the warrant was only valid once he landed on french soil. And so he had been traveling with this valley, Vavilova.
Why do they do that? Julie and a crypto coach. And now her family is like, where's she Athenae? Or at least they're saying that they can't locate her. You know, she's supposedly.
[01:00:42] Speaker B: I like how, like, she's so easy to find on one hand, right, and now she's flipping Carlos the jackal on the other.
[01:00:49] Speaker A: Maybe that's why her family was like, do you see what you did? No more social media for you.
[01:00:52] Speaker B: Maybe she was a government plant. Now we're really getting. Now it's tinfoil hats on.
[01:00:55] Speaker A: Yeah, right.
[01:00:58] Speaker B: She actually worked for the french government. Stay with me to follow this guy, dig up dirt and find anything they can. I don't know.
[01:01:06] Speaker A: Insider threat.
[01:01:06] Speaker B: Yeah.
[01:01:07] Speaker A: So I'd seen some people on some of our, like, contacts on LinkedIn talking about it, like, oh, you sure? You know, it's osint and all this stuff. And, like, this highlights the importance of being careful.
[01:01:15] Speaker B: What you post does highlight that stuff. I agree with that. I think that is a good case of, like, she is posting everything about what they're doing. That is bad opsec.
[01:01:24] Speaker A: Yes, it is.
[01:01:25] Speaker B: It's not.
[01:01:25] Speaker A: What we do kind of comes with the influencing territory. So, like, maybe, maybe just be careful.
[01:01:30] Speaker B: It does. It does. But your entire life.
[01:01:33] Speaker A: Well, right. And you can also be careful about, like, you know, if I'm going on vacation next week, I'm not. But if I'm going on vacation next week to Hawaii, I don't have to post while I'm in Hawaii as an influencer. I'm on vacation in Hawaii. Wait till the following week. Hey, I was in Hawaii last week. Not anymore. So that then it's like, people can't find you, you know? Anyway, we could have a whole conversation about that, but we've got one more behind bars piece that we want to cover. Before we sign off today, a former Verizon employee has pled guilty to conspiring to aid a chinese spy agency.
[01:02:02] Speaker B: He's so stupid.
[01:02:03] Speaker A: So the thing that stood out to me about this is that he was doing this for, like, 20 years. He was carrying this out and was an employee of Verizon before they were like, well, hang on a second. What's going on? What took so long? Was he that good or he she? Was this person that good at what they were doing, that it was just that difficult to catch them? So they pled guilty to conspiring to serve as an agent of the People's Republic of China.
[01:02:28] Speaker B: And honestly, would the CCP not reward him handsomely for his five years in prison to the service of. I'm sure the people's Republic could be right. I know Russia tended to do that a lot. I don't know if they still do that now, but they. They were doing it back in the day where you go to prison, you get a bonus.
[01:02:47] Speaker A: Yeah.
[01:02:48] Speaker B: And then. So they're. They remember they caught some operative trying to plant malware in Tesla. Oh, and the guy was like, oh, yeah, I've done this at many corporations. When they arrested him, he's like, yeah, I'll just do my time. It's only, like, two years.
So I'll do two years, and then I'll be rewarded for doing it. Yeah. So it's worth it.
[01:03:07] Speaker A: He is facing up to five years in prison. So that's the max, I guess. Up to five years. So, yeah, maybe you're right that he'll. He provided information on chinese dissidents, pro democracy advocates, and members of the Falun Gong religious movement. That's new to me. I don't think I've ever heard of that.
[01:03:20] Speaker B: I'm not aware of that either.
[01:03:21] Speaker A: I lived in Florida, so.
[01:03:23] Speaker B: Course he.
[01:03:23] Speaker A: Great, great. One on the books for Florida. Worked for Verizon for more than 20 years, according to his attorney, and exploited his position to provide that information. And he also traveled to China during that time, like, more than once.
So that is interesting. And this guy is going to serve some time. Not sure exactly how much, but he did plead guilty. He did plead guilty.
[01:03:42] Speaker B: So, see, that's what we like to call. I mean, is he. Is he a US national or is he a China, quote unquote expatriate speaker?
[01:03:50] Speaker A: One good question says Chinese born, Florida dwelling.
[01:03:52] Speaker B: So he's Chinese born. Okay, so he's a China national that came saying he's been here for 20 years.
[01:03:57] Speaker A: He has been. He's worked for Verizon for more than 20 years. Used that position to provide information here and traveled to China.
[01:04:05] Speaker B: Come on.
[01:04:06] Speaker A: Cyber scoop sent details.
[01:04:07] Speaker B: Where's the scoop?
[01:04:09] Speaker A: Yeah, what the heck, right?
[01:04:10] Speaker B: I need these details.
[01:04:12] Speaker A: He was charged on acting as an unregistered agent of a foreign government and conspiring to do so. If he was convicted on both charges, he would have served up to 15 years. But he was only charged or convicted, I think, on the conspiracy charges. So then it's a little bit of a later sentence. So he got his just desserts. Justice, sir.
[01:04:27] Speaker B: I wonder if the prison they put him in, the people there look kindly upon.
[01:04:32] Speaker A: Yeah, interesting.
[01:04:33] Speaker B: What I know, like, you land in prison, the first thing that happens is people come over and go, so what are you in for if they don't like what they hear? Bad things are not good for you.
[01:04:42] Speaker A: Because I know there's like, certain crimes that maybe, maybe you're, like, respected. There's certain crimes where it's like, oh, you're a piece of crap for doing that, and you're gonna pay for it here. I wonder if there are certain things where it's like, what'd you do? He's like, oh, I. I was a cyber spy. And they're like, huh, okay. And I wonder if they just leave it alone.
[01:04:55] Speaker B: Like, oh, we don't really respect run into there, man. Do you want to be locked up with a bunch of people that don't really care about the laws?
[01:05:02] Speaker A: I don't, but neither do I.
[01:05:04] Speaker B: Just wonder if the chance there.
Ping Lee.
[01:05:08] Speaker A: Ping Lee was the name. Yeah. It will be good to some white.
[01:05:13] Speaker B: Collar prison, you know of.
[01:05:15] Speaker A: It'll be like that scene in Goodfellas.
[01:05:16] Speaker B: Yeah.
[01:05:16] Speaker A: They're making the sauce and everything. That's going to be. That's going to be his life. So good luck, ping. But this is what happens when you break the law. I think that brings it for us today. That does it for us. I was going to mention like that the Nintendo, they had another direct thing they did the other day. It was like an indie game showcase. Nothing super crazy. Groundbreaking. There is a new dating sim coming out. You know, a dating sim is. It's like a dating simulator game where you can.
[01:05:40] Speaker B: Why the hell would I know?
[01:05:41] Speaker A: I see.
[01:05:42] Speaker B: That's why I dating sim.
[01:05:44] Speaker A: I didn't know.
[01:05:44] Speaker B: How would I want to simulate dating? Dating sucks.
[01:05:47] Speaker A: Well, there's a lot of lonely people.
[01:05:48] Speaker B: Out there, so go real date.
[01:05:51] Speaker A: I don't know. This is like if you mess up, you can just quit without saving. Go back and redo it. So there, there are a lot of dating sims out there.
[01:06:01] Speaker B: Dating sims.
[01:06:02] Speaker A: Usually it's very, sometimes it's like in a kind of a manga style art, anime style art, where they're very boosting imposter here.
Right. But this one is called date everything. And it's like you're in a house and every single thing in that house, the appliances, the furniture, whatever, they all have, like, a Persona. So when you go to, you can go talk to the vacuum cleaner and it turns into, like, a buff dude and you can date the vacuum cleaner.
[01:06:29] Speaker B: So this is how I know the human race is not long.
[01:06:32] Speaker A: I really wanted to share that with the world. I just, I figured that that would bother.
[01:06:36] Speaker B: We had a good run. Good run.
[01:06:38] Speaker A: I figured it would bother you. So I saw that, I was like, oh, Daniel's gonna leave the country after he sees this. He's gonna be done. He's gonna be like, I'm gonna go live in the woods. I'm done with this.
So. But nothing on the switch too. Nothing on the switch successor yet. So when they do make an announcement, we'll talk about it. But that's gonna do it for our news this week. So, Daniel, thank you for your patience with me, and I'm sorry I had to drop that piece of unfortunate news on you.
[01:07:01] Speaker B: I feel dead inside, so I'm good.
[01:07:04] Speaker A: That's my job. Thank you, of course, for joining us, us for this episode of Technato. Reminder, we have another all things cyber webinar coming up in just a few weeks. That's going to be with Jax, actually. Next week.
[01:07:12] Speaker B: Next week.
[01:07:12] Speaker A: Next week. Dang, that came. That came fast. Scott is going to be joining us. She is awesome. I've loved working with her. We met her at Wild west last year, and she's just great. She's super cool. So super excited to have her on. Make sure you join us.
[01:07:22] Speaker B: Wild west.
[01:07:23] Speaker A: Oh, wow. What's happened? Sorry. Which is coming up again.
[01:07:25] Speaker B: We tend to truncate that.
[01:07:26] Speaker A: We tend to truncate. We're just so used to it, you know, we're cool kids. But yeah, she's going to be on next week, so make sure you join us. That's going to be a webinar happening Thursday, September 5, I think, at 02:00 p.m. eastern time. We hope to see you there, but otherwise, thanks for joining us, and we'll see you next week for another episode of Technato. Thanks for watching. If you enjoyed today's show, consider subscribing so you'll never miss a new episode.
