Episode Transcript
[00:00:04] Speaker A: You're listening to Technado.
Welcome and thanks for joining us for this episode of Technato, brought to you by ACI Learning. The folks behind it pro, remember that you can use that code, Technato 30 for a discount on your IT pro membership if you so choose.
[00:00:18] Speaker B: Why leave money on the table?
[00:00:19] Speaker A: Why leave money on the table? As we said, it's basically free.
[00:00:23] Speaker B: There's no way an endorsement of this being actually free.
[00:00:26] Speaker A: But we like making those episodes. They're super fun. And so we hope that you'll check them out in the ACI learning library. And why not do it at a discount? We have some great stuff, I think, on the docket today. There was not a shortage of stuff this week, I didn't think.
[00:00:39] Speaker B: Plenty, plenty of cyber news this week for us to sift through. Lots of malware, lots of updates and patches that were released this week. We cannot cover them all, but we will do our best to cover what we do cover.
[00:00:51] Speaker A: We'll do our best, which is very subjective, but we will do our best. We got Apple stuff.
[00:00:55] Speaker B: We got world's best cup of coffee.
Congratulations.
[00:00:59] Speaker A: You did it.
[00:00:59] Speaker B: You did it.
[00:01:01] Speaker A: And we also, of course, have some AI stuff we'll talk about later in the episode because of course we do. It wouldn't be a tech podcast without some mention of AI. Cause it's permeated our society and we can't get rid of it. Can you tell I'm upset?
[00:01:12] Speaker B: I wish I could.
[00:01:13] Speaker A: I really wish.
[00:01:13] Speaker B: I mean, in some ways, in some ways it's nice.
[00:01:15] Speaker A: I've started reading this book.
[00:01:17] Speaker B: Yeah, you told me about this book.
[00:01:19] Speaker A: Your face belongs to us. And of course, you know, there's some bias in there, which of course, it's written by a reporter and she does a good job of like, reporting the facts. But of course there's gonna be a little bias in there because she's human. But it is.
[00:01:30] Speaker B: She should have had AI write it for her.
[00:01:32] Speaker A: Yeah, I think it came out relatively, like in the last year or two, so it's not like it's a terribly old book.
[00:01:37] Speaker B: Can you rewrite my book without my bias?
[00:01:39] Speaker A: Yeah.
[00:01:40] Speaker B: Yeah.
[00:01:40] Speaker A: If you've chat GPT four, it can totally do it. Yeah, but it's, it's kind of about the history, I guess, of Clearview AI and kind of how it came to be. And of course, we talked about Clearview last week and how they're kind of in some hot water right now with some dutch regulation group. So it has been an interesting read. I'm only about 70, 80 pages in, but a little scary.
[00:01:58] Speaker B: So scary.
[00:01:59] Speaker A: I will. Yeah. Updates to come.
[00:02:01] Speaker B: But that's why I'm a little. Mama said, AI is the devil.
[00:02:05] Speaker A: Bobby Boucher.
[00:02:06] Speaker B: Bobby Boucher.
[00:02:08] Speaker A: All right. Well, we've successfully spent two minutes.
[00:02:12] Speaker B: You're wrong, Colonel Sanders.
[00:02:14] Speaker A: Wow.
[00:02:14] Speaker B: I'm just going deep into it.
[00:02:16] Speaker A: That's a deep cut.
[00:02:16] Speaker B: Yeah, that's it.
[00:02:17] Speaker A: Well, thank you for that.
[00:02:18] Speaker B: That movie was funny.
[00:02:19] Speaker A: Thank you for that sprinkle of. Was that water boy?
[00:02:21] Speaker B: Yeah.
[00:02:21] Speaker A: Waterboy sprinkle of pop culture references. But of course, it wouldn't be a technado without one of our favorite segments that we love to start the show with. This is breaking news.
Breaking news.
[00:02:33] Speaker B: I broke it.
[00:02:34] Speaker A: You're a superhero.
[00:02:35] Speaker B: Yeah.
[00:02:35] Speaker A: Okay. Daniel pulled this one up before we got started, and I'm glad that he did because, oh, boy, this is gonna be fun. So avanti releases urgent security updates for endpoint manager vulnerabilities. And Daniel, could you remind me, what exactly was the vulnerability score for this one? What was the CVSS?
[00:02:53] Speaker B: What was it? A ten.
[00:02:54] Speaker A: A ten? Wow.
[00:02:57] Speaker B: Ten in ten.
[00:03:00] Speaker A: So that's nothing to sneeze at.
[00:03:02] Speaker B: Oh, no, no, that's a problem.
[00:03:03] Speaker A: And that was just one of those ten flaws that were. That were updated.
[00:03:10] Speaker B: Yeah.
[00:03:10] Speaker A: So they have been, there has been updates released. So I guess that's the main thing.
[00:03:13] Speaker B: Patch unspecified SQL injection vulnerabilities that allow remote authenticated attacker with admin privileges to achieve remote code execution. That's an issue. Those are nine point ones. But this bad boy right here, cvss, score of ten. Done, right?
[00:03:32] Speaker A: Wow.
[00:03:33] Speaker B: Right? A deserialization attack. That's fun. Of untrusted data vulnerability that allows a remote on unauthenticated attacker to achieve code execution. Man, I'd love to see the details on this.
[00:03:44] Speaker A: Yeah, that would be awesome. So I'm assuming because this is relatively. I mean, obviously this breaking. Maybe there will be more details to follow.
[00:03:52] Speaker B: I will be following the sea. Yes. This kind of thing really tickles my fancy.
[00:03:56] Speaker A: So maybe over the next week we'll hopefully come out on this. But of course, the main thing is that it says they released updates, urgent security updates for these. So that's good. It's not like this is a ten and there's no patch for it and it's being exploited and you're doomed. It's, you know, you definitely should make sure that you've got those updates. If this is stuff that you're using, it impacts a couple of versions, EPM versions 2024 and 2022 and earlier, it looks like so they list out, you know, the people that are impacted.
[00:04:21] Speaker B: What's really cool about this article is it talks about, it says, the company said that has ramped up its internal scanning, manual exploitation and testing capabilities, and then it made improvements to responsible disclosure process to swiftly discover and address potential issues. And quote, this has caused a spike in discovery and disclosure in the company, which is a good thing. So that's awesome that they are like, you know what, we need to do more security testing. And because of that, they're having more findings. But that's great. Hopefully that eventually permeates its way into the backend where the coders are developing and going, man, we got to stop doing this and this and that and be more diligent and find those before they become an issue. Doing more like SAS and is testing with this stuff.
[00:05:05] Speaker A: That is interesting that I'm glad you mentioned that. Like, okay, there's being, there's more vulnerabilities and stuff being discovered and closed, but that is a good thing because it's not like before, there just were no vulnerabilities there. It's just that they weren't being discovered as quickly or as efficiently.
[00:05:18] Speaker B: And it keeps the security researchers known as threat actors.
[00:05:21] Speaker A: Right.
[00:05:23] Speaker B: You know how we found out? You know how they disclosed it? By hacking into servers and pilfering your pockets.
Right. That's how you don't want to find out about these kind of flaws.
[00:05:33] Speaker A: Let's just like, if you see an increase in, like arrests for bank robbers or something, it's not that bank robberies necessarily increased. It could just be that, well, the robberies have stayed the same. It's just that now we're better at catching them. And so it's a good thing overall. Um, so I think that's, I think that's a great thing. Like you said, the spike in discovery and disclosure. Glad that they're taking measures to find this stuff and address it and release those updates.
And they just say, no evidence of these being exploited in the wild yet, so. Or at all, hopefully. So that is good.
[00:06:00] Speaker B: That's right.
[00:06:00] Speaker A: Hopefully stays away. That's what we like to see. But that was, I think, the only thing we had today for breaking news because keep in mind we do record these a little bit in advance because it gives us time to make sure that our editor has time to go in and upload and everything. So, uh, if there's anything else that comes out, of course, feel free to leave a comment. Let us know. What you want to see is cover next week and we will do our best to get to that, but we have plenty of stuff that's not quite breaking, but still just as fun and important to cover. And of course, one of my favorite things that happened this past week, I believe it was just on the 9th, which was Monday of this week, was, of course, Apple's glow time event, I think is what they called it, which.
[00:06:34] Speaker B: That sounds dumb.
[00:06:35] Speaker A: Very cute. Very cute. Apple iPhone 16 event. Everything announced. See, nobody's even calling it glow time. They give it like a cheeky little name and it's like, nobody's gonna call it that.
[00:06:42] Speaker B: Yeah. Because who wants to be the person calling it glow time?
[00:06:44] Speaker A: Yeah. Did you watch glow time? I'm sorry. New on Nickelodeon. What are you talking about? So quite a few things. And now, I mean, of course, there's the iPhone 16 and iPhone 16 Pro, which everybody knew that was just like, what?
[00:06:55] Speaker B: 17 cameras on the back, right?
[00:06:57] Speaker A: Yeah, that was like, one of the major updates was, first of all, there's a new, like, a haptic type button, kind of like a Mac touchpad or whatever, but it's specifically for the camera. Supposed to act as a camera shutter, more like a camera shutter does. You know how, like, if you just slightly press, you know, so it'll behave more like a camera. Supposed to have better lenses for like, distance shooting and macro photography.
[00:07:17] Speaker B: Yeah, yeah, yeah.
[00:07:17] Speaker A: That'll be interesting. You looked like you had something you wanted to say.
[00:07:19] Speaker B: Well, I just, I always find it interesting, like, what's the impetus behind needing a haptic button for a camera shutter?
We've been using touchscreens for a while on, on taking photos, I guess. What was, where was, where was the call for action on that? They were like, you know what we need? Everybody's pissed off that we don't have haptic feedback on shutter action camera, I guess.
[00:07:42] Speaker A: Yeah. I'm not as much of a. If you could question for like a Brad, because I'm not as much of a photographer.
Our good, close friend Brad, who we work with, is an avid photographer, but I'm not as into it. I take photos with my phone, so it would be interesting to talk to somebody that does take photos for a living.
[00:07:57] Speaker B: I now fear that my cameras on my phone are yesterday's news.
[00:08:02] Speaker A: Well, something tells me, I mean, if. Cause yours already does, like, macro photography.
[00:08:06] Speaker B: It does. It does a lot of different, like, photography stuff.
[00:08:08] Speaker A: So this phone is not gonna be outd. I think maybe you can pre order it now or maybe you can order it now. I'm not sure. But just now they're getting to? Oh, we've got this ultra wide lens. It allows more light macro photography. Just now all this stuff that phones like yours have had for however long. So, you know, a little behind the eight ball, but that's okay. Exciting new.
[00:08:25] Speaker B: Well, I mean that's how it works, right? It's like one company comes up with something, the next company comes out with their six months later, invests it or.
[00:08:31] Speaker A: Trying to match it. Yeah.
[00:08:32] Speaker B: Right. It's always, you know, this cat and mouse game back and forth. So I just don't like being, I like being in the front.
[00:08:37] Speaker A: Right.
[00:08:38] Speaker B: I like early adopters. I like winning.
[00:08:40] Speaker A: Yeah, of course, of course. Fair enough.
[00:08:42] Speaker B: Now, I mean I'm taking silver and.
[00:08:45] Speaker A: Beyond just the, the camera. Supposedly some improvements for people that game on the iPhone. I don't know a ton of people that do. But I know that especially now with Apple Arcade and stuff, there are a lot more people that game a little more seriously on, on the iPhone. So better gpu performance, supposedly a better cooling system for. They do heat up intense gaming sessions, I guess.
[00:09:04] Speaker B: Yeah, I've had, I've slot. I've looked at a couple of like attachment handhelds to turn your phone until it's basically like a switch style. Yeah. Thing. And some of them come with coolers.
[00:09:15] Speaker A: Interesting.
[00:09:15] Speaker B: Because when you're cooking that cpu, it will get hot.
[00:09:19] Speaker A: Yeah, I don't even use my phone. The game really. I'll just like have it on maps when I'm driving. Yeah, and it'll be warm.
[00:09:24] Speaker B: Yeah.
[00:09:25] Speaker A: And it's like even just that and then playing music, it's like I pick it up and it's like, yeah, your screen won't stay on because it needs to cool down. I'm like, huh? I'm doing two things. We talking about? You're supposed to be like a supercomputer or whatever. So that'll be interesting if you use your iPhone to game. Curious to know if this is something that you're excited about. Bigger battery, better display, ideally new a 18 chip, which of course is the big thing because. Oh, it can power Apple intelligence. At which those updates won't be out until later in the fall. So the phones will come out, but the Apple intelligence stuff is not going to roll out until probably closer to thanksgiving, I think.
[00:09:54] Speaker B: Well, says Apple has also refreshed their AirPods Max a bit.
[00:09:57] Speaker A: Yes.
[00:09:57] Speaker B: Adding new colorways and a USB charging option. Very nice. And are still starting at $549.
[00:10:05] Speaker A: Insane to me for headphones.
[00:10:06] Speaker B: Listen, bro, I don't need headphones that much.
[00:10:09] Speaker A: Plus it's the over the ear headphones, which are great and they look cool, but it's like, do they. They're, they're less convenient, I think.
[00:10:14] Speaker B: Oh, right. Because they're difficult to carry around.
[00:10:16] Speaker A: It's like that, you know. Oh, that kind of cool.
[00:10:18] Speaker B: If you like, you want to have.
[00:10:19] Speaker A: That like that look of like, yeah.
[00:10:21] Speaker B: You get your head hoodie on with your headphones and.
[00:10:24] Speaker A: Yeah, around a boombox or something. Like you have that look, but yeah, I don't. Almost $600 for headphones. No, thank you. And even the AirPods, of course, I mean, the price is still nothing to sneeze at. AirPods four, that's going to be a new thing, AirPods Pro two. So some updates to those starting at 129 and 249 respectively. The thing I thought that was neat about the AirPods Pro two is supposedly they will have an option with a new software update that's going to roll out. You can use them as clinical grade hearing aids, which I think is super cool.
[00:10:52] Speaker B: Wow.
[00:10:52] Speaker A: Because I know people that have hearing.
[00:10:54] Speaker B: Loss that could totally be worth it for that.
[00:10:57] Speaker A: Absolutely.
[00:10:58] Speaker B: I'm down with that.
[00:10:59] Speaker A: Even if for no other reason than just aesthetically a pride thing. I know people that have hearing loss that don't really want to buy hearing aids because they're on the younger side and it's like, I'm not buying hearing aids. I don't need them. It's like, well, but you do. So something like this maybe would encourage them like, oh, well, airpods. I mean, everybody wears airpods around all the time. Five airpods, right?
[00:11:15] Speaker B: You can kind of like, yeah, it's.
[00:11:17] Speaker A: I can use.
[00:11:17] Speaker B: Just look like you're using your airpods.
[00:11:19] Speaker A: And use them to enhance your hearing. So mild to moderate hearing loss. Supposedly that'll be a thing that you can do and you can do like hearing tests at home on your phone.
[00:11:24] Speaker B: I know I'm gonna need them because.
[00:11:26] Speaker A: So I'm thinking about maybe upgrading. Cause I don't think I have major hearing loss, but I guess if people were saying I did, I wouldn't be able to hear them.
[00:11:32] Speaker B: Fun fact, kids, when you play heavy metal music for ten years of your life and you stand right next to the amps that causes hearing loss, you.
[00:11:41] Speaker A: Don'T say, yeah, I always thought it.
[00:11:42] Speaker B: Was weird when I come out of a show or a practice and everything sounded muffled.
[00:11:47] Speaker A: Yeah, yeah. That's interesting.
[00:11:50] Speaker B: Yeah, I'll be like, oh, that goes away after a while.
[00:11:52] Speaker A: The quality of life is a bit blurry.
[00:11:54] Speaker B: The things you do in your twenties.
[00:11:56] Speaker A: Yeah, yeah. And then the only other, I guess, hardware update, you could call it new Apple Watch, series ten, coming out starting at 399. So, of course, crazy expensive, but, you know, actually, that's not bad for me. It's expensive. I think that's expensive, but that's just. Cause I wouldn't be able to get the full use out of it. I'd be like, great, it's a watch, but other people use it for everything.
[00:12:17] Speaker B: All the things it can do. Yeah, it's. And I don't think that's too bad.
[00:12:20] Speaker A: This, I think, is interesting. It's, of course, you know, oh, bigger, brighter display, it's thinner. And all this stuff, the things that we usually see with these devices. But new s ten system on a chip is going to be incorporated to better handle AI workloads, I'm assuming, to go with the Apple intelligence stuff that's coming out, but it's supposed to be better at detecting falls, calling emergency services, and that's something I hadn't really considered. You remember life alert? Like the thing that you wore around your neck, and it's like, press the button, I fall in and I can't get up. So I don't know how easy it would be to convince folks that are maybe a little bit older to wear something like this, but.
[00:12:51] Speaker B: Well, so is this a separate thing from the phone?
[00:12:55] Speaker A: The Apple Watch is a separate thing from the phone.
[00:12:57] Speaker B: Oh, it's in the watch.
[00:12:57] Speaker A: It's in the watch, yeah. So if you're wearing it and you fall or you have some kind of.
[00:13:01] Speaker B: Just buy grandma an Apple Watch and go, there you go. Enjoy.
[00:13:05] Speaker A: Well, and the same thing. If it's a pride thing, if it's somebody like, doesn't want to use something like a life alert, tell them that. Just. Here you go. And. And even for folks that aren't, you know, older, but maybe you've got. Maybe you have epilepsy, seizures, things like that. I've got family that has that. So it just. I thought that was a neat thing that they incorporated. Of course, it's another one of these AI things that. It's like it knows what you're doing, right?
[00:13:25] Speaker B: It's checking your heart rate and doing all this stuff. Like, man, there's pros and cons to all this. Monitoring me and sending that information to something that I don't control.
[00:13:35] Speaker A: Oh, no, it's anonymized. Don't worry. Sure it is. It's anonymized until in five years, we find out that it's not. So I'm kidding, I'm kidding. I'm not trying to make any statements.
[00:13:43] Speaker B: On behalf of that, not yet anyway.
[00:13:44] Speaker A: But quite a bit of stuff that was announced that of course those iPhones available in the 16, the 16 plus, the 16 Pro and the 1616 Pro Max, because one iPhone is just not enough and they're all hundreds of dollars to buy. So if you have that money or if you're looking to update your phone, there you go. Coming out soon.
[00:13:59] Speaker B: Could be phone time.
[00:14:00] Speaker A: Could be phone time. So that's all that I had on the Apple stuff. But that was kind of the big like event announcement that happened this week. We've got other stuff though that's maybe a little bit less on the positive side. Critical sonicware SSL VPN bug exploited by ransomware actors. Awesome. I hate to see the word exploited in a headline like that.
[00:14:21] Speaker B: Yeah, you do. Unfortunately, Olsonic Wall, something that is meant to help you with your security and privacy, is having a little bit of trouble with your security and privacy because we all struggle an exploit. This is more just one of those informational things like this is breaking now. This is something that most news outlets are covering. I saw in just about every cybersecurity news outlet that I look at on a day on a regular basis. They were all posting about this, and for good reason. Most companies use VPN's. Sonic Wall is a very popular option for that. If you're running it, you might want to go ahead and hit that update now button. Yeah, and that's, that's kind of where we're at with that. It says that this issue affects Sonic wall, gen five, gen six devices, as well as gen seven devices running Sonic OS 701-5035 and older versions. Vulnerability is potentially being exploited in the wild as we speak. So please apply the patch as soon as possible for affected products. And ultimately it comes down to, okay, cool. We all know you got to update, gotta do your thing patch when that happens.
But are you doing that right? Are you watching your feeds for the software and hardware that you are running in your environment? And if so, what is your patching policy look like? You got to make sure those things are up to snuff. You know, it's, it's the dry, droll work of a security person, but without it, you're, you're basically begging to get breached. At that point, you, you have to do these things. It has to be a part of your daily ritual. And one of the reasons I bring up articles like this in the show is to bring awareness to the fact that you may not have seen this, and if you haven't, please go fix your issue. Right.
[00:16:11] Speaker A: Yeah, it's like that phrase that. What is it? A ounce of prevention. Prevention is worth a pound of cursor.
[00:16:15] Speaker B: Yeah.
[00:16:16] Speaker A: So if you have a system in place to address stuff like this or monitor stuff like this, keep an eye out. Then when something does come up, it's like, it's easier to address. I would think maybe try to curb it early.
[00:16:24] Speaker B: Well, you know, what ends up happening is a lot of organizations, they'll say, you know, we can't bring the production stuff down that, okay, so what becomes the new option? And yes, there's always going to be these edge cases, but in general, are we able to, you know, purchase two of these things so the one stays up while we update the other? Or do we have a backup that we can utilize for the purposes of just right now and let our people know where we need to perform a backups? I worked in this space where I had to perform security updates and patches, uh, and out of band times.
And guess what? We're it.
We tell you, not the other way around. And we had a lot of people trying to tell us, but we just, we just stood fast and buried ourselves in the sand like, uh, uh, you know, put our roots in the ground like an oak tree.
[00:17:16] Speaker A: Yeah.
[00:17:16] Speaker B: And said, we will not be moved on this. This affects the security of our system. And you guys just have to deal with the 30 minutes outage that we're going to have at 02:00 a.m. this morning. Yeah, I know you have a ton of work that needs to be done.
[00:17:30] Speaker A: Sure. But would you rather deal with an outage or deal with something more major and sinister down the line?
[00:17:34] Speaker B: Welcome to the cost of doing business. Yeah, it's just. What's up? I hate to tell you, but we've tried to make it as convenient as possible.
At the end of the day, it's just sometimes not convenient, and we just got to deal with it. But we did not hold back. And guess what? When we had security audits, pen tests and all that, and regular security audits, things of that nature, vulnerability assessments, we passed with flying colors. I remember one time they told us, we literally have no, nothing to report.
For our group, our infrastructure crew, Dev was a different story.
And things that we didn't have control over, that wasn't us, but our group, our infrastructure group. We ran the servers, we ran the network, and they were like, we got nothing. We were like, yeah, that's what's up.
[00:18:20] Speaker A: Yeah, we knew you were gonna say that.
[00:18:21] Speaker B: Yeah, no big deal.
[00:18:23] Speaker A: All in a day's work for us. Yeah, on a day's work. But yeah, you're right. I mean, it's like when I'm driving in the morning and I'm on these roads that have all these potholes in them and I'm annoyed. I'm like, fix the potholes. Dang it. What am I, what am I paying taxes for? And then as soon as I come out to fix the pothole, it's annoying because it's like, oh, well, now half the road's blocked off and we gotta wait. And there's cones up everywhere and I can't. But, okay, I deal with that for a day or whatever and the pothole's fixed. So it's like, would I rather deal with that or wait until I accidentally hit a pothole and blow a tire or something? Like you gotta take. Sometimes you gotta wait and do these things and maintenance and whatever. And it's worth the waiter, it's worth the minor inconvenience to prevent a bigger issue down the line.
[00:18:58] Speaker B: Now, what's interesting as well, in this article, if we can take a look here, it also says that in each instance, the compromise. So this is actively being compromised. Right. The compromised accounts were local to the devices themselves rather than being integrated with a centralized authentication solution such as Microsoft Active directory. Additionally, multifactor was disabled for all compromised accounts and the sonic OS firmware on the effective device were within the versions known to be vulnerable. Right.
This tends to be the right. I remember the first time I realized this is an issue. Right. It was two things that really kicked it off in my mind. I read a book by John Strand.
[00:19:40] Speaker A: Who was freaky genius.
[00:19:43] Speaker B: Yes, a freaky genius and so much experience in the space. I highly recommend you follow anything Black Hills and anything he does specifically as well.
But it was. And he was talking about how being a pen tester, one of the common things that he saw was the organizations that were his clients did not have a regular patching schedule. They had no set schedule for doing patching and updates both in and out of band.
What the hell?
And then step two was the Equifax breach with the Apache struts issue. It was like that. That's been a known vulnerability for quite some time. What do you mean you haven't updated that yet? That's how they got in was.
So as someone who has both been a cybersecurity student and a cybersecurity trainer, I remember going, but if I have everything patched. You're not going to be able to get into this, right.
Unless we compromise some account. Yeah. Like, technologically, we're probably not getting it.
[00:20:46] Speaker A: Yeah.
[00:20:47] Speaker B: Right. Because, right, you've applied all your patches. So it's like, why isn't everybody doing this? Well, here's the thing. It's like, no, here's not the thing. That's the stupid thing.
That should be a rare thing and not equifax.
Right? Yeah. So I like to. I like to beat this drum from time to time, update, do. Do updates.
[00:21:08] Speaker A: Right, because you're right. I mean, you could tell people, update, patch, implement, MFA. All this stuff, you can lead a horse to water, but you can't make a drink. Right.
[00:21:14] Speaker B: Exactly. Right.
[00:21:15] Speaker A: This is maybe the standard practice, but if you're not gonna do it, then it's like, okay. Like, the tools were there. You could have prevented this. I know. It's not. It's never gonna be a perfect system, and, of course, there's always gonna be things that go through the cracks, but. Yeah. Especially when it's a big organization like that, it's like, ooh, that's. That's a. Yikes. But in this case, it looks like there is a patch. Right. For this. So the. The whole idea, I guess, is. Yeah, patch. Patch. Now, that seems to always be the consensus at the end of these articles, so thank you, Daniel, for bringing that up, because that is important stuff. This next one is a little bit. A little bit of a different thing than what we usually cover, high school.
[00:21:48] Speaker B: Which is why I chose it.
[00:21:49] Speaker A: I'm glad you did. I'm glad you did. High school in London was forced to send students home following a ransomware attack, which, I guess, of all the reasons, as a student, that you could be told, you need to leave immediately. I. I'd rather it be a ransomware attack than, like, oh, by the way, there's been a threat or something. So it's like, okay, you know, at least there's no, like, immediate threat to life and limb, but this is still pretty crazy.
[00:22:12] Speaker B: So, again, the reason I brought this up was more for the conversation. It's like, ultimately, at the end of the day, this is a. An article that says, school got ransomware, attacked. School sent kids home because they had to, you know, deal with it. They couldn't. Couldn't really do, quote unquote business.
[00:22:27] Speaker A: Yeah.
[00:22:27] Speaker B: That day, it was difficult to operate as a school because they couldn't access their data. They couldn't, you know, plans and all the stuff we run on computers now, man. It ain't on paper and pencil anymore.
[00:22:38] Speaker A: Why does my Chromebook have all these padlocks on its files?
[00:22:41] Speaker B: You know what the first thing I thought was? Some kid did this.
[00:22:44] Speaker A: Really?
[00:22:45] Speaker B: Yeah. And I'm thinking that would be interesting. What a weird world we live in. That it's quite possible that one of the students did this. Now it could be, you know, just regular threat actor. Honestly didn't even look and see if they attributed this to any threat actor.
So you tell me if that is the case. But when you were in school, did you ever get asked to leave school?
[00:23:10] Speaker A: Me, individually or as a group?
[00:23:11] Speaker B: No, as a group, as everyone. You need to go home.
[00:23:14] Speaker A: When I was in elementary school, I was in and out of homeschooling. But when I was in a school, in elementary school, there was a bomb threat that got called in, and that's the only time.
[00:23:23] Speaker B: So when I was in high school, that was like, every other week.
[00:23:26] Speaker A: Really?
[00:23:26] Speaker B: That was like, the number. They would go to the payphone that was in the school, explode.
[00:23:34] Speaker A: Wow. Yeah, they were caught.
[00:23:36] Speaker B: Everybody was like, yeah, you catch them from time to time. But even if, you know, sometimes, what are they gonna do? They expel them? You're out of school now. You're not gonna worry about coming to school anymore. The test that you're gonna miss or whatever. Cause you're gonna miss them all.
[00:23:48] Speaker A: Yeah.
[00:23:48] Speaker B: Cause you're done and you gotta leave. And they would go spend time at, like, I think there was like a. Like a juvenile school facility for kids that didn't have any school to go to because they were so bad.
[00:24:01] Speaker A: Yeah. Like a. Correct.
[00:24:02] Speaker B: And if you spent enough time there and showed reversals, then you could go back to, like, a school. Right. But that happened a lot. And that's why I thought, this is. This is this generation's, you know, bomb threat. Yeah, I just ran somewhere when probably.
[00:24:18] Speaker A: Is a. Yeah, if it was a kid that was behind this, because I don't think they just refer to them as the cybercriminals behind the attack. So there's no official attribution of, like, oh, it was this group, it was this gang, or it was some kid or some kids. But yeah, as a kid, I guess if you wanted to pull something like that, you might look at this as almost a lower risk option for you. Because it's like, well, if I call in, like, a bomb, there was no.
[00:24:39] Speaker B: Life and limit at stake.
[00:24:41] Speaker A: Yeah.
[00:24:41] Speaker B: Even. Even theoretically. Yeah, it was just. Your computer systems aren't usable. Yeah, maybe I can make some money.
[00:24:48] Speaker A: It's interesting, though, that it's a ransomware attack, which makes me think that either it is a student, that this wasn't just they wanted to get out of school, they want some money out of this, or that it's not a student only because, like, maybe I was just a dumb kid, but if that was me, I would just be focused on how do I shut everything down so that I can get out of school. I don't really care if I get any money out of it. I just get to go home and, you know, play video games or whatever.
[00:25:09] Speaker B: Yeah.
[00:25:09] Speaker A: So interesting that they're demanding a ransomware. I wonder how much they're asking for.
[00:25:13] Speaker B: Who knows?
[00:25:13] Speaker A: It doesn't say the Charles Darwin school. Ironic, because it fell victim London.
[00:25:18] Speaker B: Right. And it's England somewhere.
[00:25:19] Speaker A: Yeah, well, it wasn't Charles Darwin. The guy that did like, the theory of natural selection and stuff like that.
[00:25:23] Speaker B: Yes, he is.
[00:25:23] Speaker A: So obviously, this school did not adapt HMS Beagle.
Yes.
[00:25:29] Speaker B: But I guess their cybersecurity procedure and structure needs to evolve.
[00:25:35] Speaker A: Yeah. They did not adapt.
[00:25:37] Speaker B: No, they did not.
[00:25:37] Speaker A: So they did not survive the survival of the fittest.
[00:25:40] Speaker B: They'll roll it back, unfortunately. Unfortunately, you know, they left themselves open and this was a good case. Again, nobody got hurt. But sure, ransomware is no day at the park, that's for sure.
[00:25:50] Speaker A: Yeah, yeah. And I guess, too, the other concern would be if. If it wasn't a student, if it was actually some ransomware gang or group.
[00:25:56] Speaker B: Yeah.
[00:25:57] Speaker A: Well, now, do they have access to, like, student data, student personal information?
[00:26:00] Speaker B: Yep.
[00:26:00] Speaker A: That kind of thing. And as a parent, I'd be pissed. I'd be concerned, like how.
[00:26:04] Speaker B: Absolutely.
[00:26:04] Speaker A: Right.
[00:26:04] Speaker B: Because you got a bunch of minors.
[00:26:06] Speaker A: Yeah.
[00:26:07] Speaker B: You know, not Cole hat, Minecraft, younger people. And you definitely don't want them exposed to the dangers of the Internet. So. Yeah, that I would be upset myself. Why? Why were you guys not more prepared for something like this? Justin was telling me that his, I think his hometown in West Virginia got hit with a ransomware attack, but because they were kind of on top of things, it only spread to, like, two machines.
[00:26:31] Speaker A: Oh.
[00:26:32] Speaker B: And they were like, eat it.
[00:26:34] Speaker A: Interesting.
[00:26:34] Speaker B: Yeah. And they just rolled those machines back to backup and they were good to go for them. Yeah.
Right.
[00:26:41] Speaker A: Yeah.
[00:26:42] Speaker B: Somebody, round of applause, was paying attention on what you should do to keep this thing from being a problem.
[00:26:47] Speaker A: Yeah. Wonder if that guy got a good pat on the back.
Yeah. So they said they'll be updating parents and students through the school's Twitter or x account. So that's yeah, just holding our.
[00:26:58] Speaker B: Twitter's not a thing anymore.
[00:26:59] Speaker A: Let you know. Well, it says Twitter in the article, which is why.
[00:27:00] Speaker B: Course it does.
[00:27:01] Speaker A: Okay. We're not, we're not, we're not going down this road because we'll be here for an hour.
[00:27:05] Speaker B: I just don't change.
[00:27:08] Speaker A: It's not Twitter, it's X. Barry, Twitter call.
[00:27:10] Speaker B: It's dead now. It's over.
[00:27:11] Speaker A: Just read what the page said.
[00:27:13] Speaker B: Called X.
[00:27:13] Speaker A: They called it Twitter.
[00:27:14] Speaker B: I don't care whether it's called X. The fact is that is what it is.
[00:27:18] Speaker A: Yes, yes.
[00:27:18] Speaker B: That is what it is, is I have no emotional investment in Twitter because I never had a Twitter account.
[00:27:24] Speaker A: Yeah.
[00:27:24] Speaker B: So I don't really care that it got changed in name.
[00:27:29] Speaker A: That's valid. That's fair enough.
[00:27:30] Speaker B: Not my problem.
[00:27:31] Speaker A: That's fair enough.
[00:27:32] Speaker B: Yeah.
[00:27:32] Speaker A: Well, we hope the Charles Darwin school recovers from this ransomware tax and it'll be interesting to see who actually is behind it. And if it is a cheeky student, that'll be interesting to see. Going back a little bit to the hardware stuff. This is going to be fun. Sony announced the PS five pro this week. $700 graphical upgrade available November 7. But the interesting $700 $700 so that's the conversations going on around this right now because there were updates to like the, the abilities of this machine. So higher framework, higher frame rate, double the storage of the original PS five. The OG was 1 tb. This has two better resolutions. A lot of the games are going to be, that are already exist in the library. Will be able to be enhanced by this, um, no disk drive though, which I guess is not totally abnormal because the, you know, dvd's and disc games are kind of going by the wayside. Anyway, a lot of it is digital. Now me personally, I still like to get use out of my disc drive in my old Xbox. So I'm a little bit like, oh, but don't worry, you can buy it as an accessory for $80 if you want to spend more money. Yes, but the thing I thought was interesting was that people are talking about like, is this now going to be the console that can be a competitor to like PCs? Because a lot of PC gamers will be like, old consoles, can't compare.
[00:28:43] Speaker B: You want the best in graphics, right? You have to go PC, PC.
[00:28:47] Speaker A: So would this be the answer to that of like, okay, here's a, here's a console.
[00:28:51] Speaker B: Hundred bucks, right?
[00:28:52] Speaker A: For $700.
[00:28:54] Speaker B: Law of diminishing returns is kicking in.
[00:28:55] Speaker A: Here at that point. Get a PC, right?
[00:28:57] Speaker B: I mean, honestly. Well a put a PS four or the latest ps five.
[00:29:03] Speaker A: Yeah.
[00:29:03] Speaker B: Next to the PS five pro. How much more are you really getting, graphically, right, for your $700 versus what's the PS five running, like 550?
[00:29:13] Speaker A: Still 500, I think 500.
[00:29:16] Speaker B: So an extra $200.
Right. Is it really worth that much now, if you haven't already invested in a PS five, honestly, I would venture a guess that even a PS four, it would not be.
It would be better.
[00:29:35] Speaker A: It wouldn't be worth what the additional cost is.
[00:29:38] Speaker B: Right. If I had a PS four, I'm probably waiting for the PS six.
[00:29:41] Speaker A: Yeah.
[00:29:42] Speaker B: Right.
[00:29:43] Speaker A: Well, it kind of. It kind of reminds me of going back to, like, the phones. Like, if you have an iPhone 15, you're probably not looking at getting an iPhone 16 unless you are like, somebody that's just right.
[00:29:52] Speaker B: I gotta be on the edge and.
[00:29:53] Speaker A: You get the newest one every single time.
[00:29:54] Speaker B: And I get those people. I mean, we got to have this because they're doing reviews and giving you the quality and stuff like that. And that's really helpful to the industry to be able to say, hey, I'm just an end user and I like staying on the bleeding edge so that I can tell you whether or not it's worth you to spend your money.
[00:30:10] Speaker A: But in the case of, like, phones, I have a 15. If I really decided I wanted to go get the 16, I'm not going to, but if I did, I would go trade in my 15. Realistically, get a 16, hopefully then have some value that goes towards the price of the 16. Right. And then this is something I use every single day in a lot of what I do. A game console, though, if you bought the PS five and now, hey, here's the PS five pro, or maybe you'll go try to trade in your PS five. I don't know what the trade in value would be for that.
And maybe that goes towards your PS five pro. It's not something you're probably guessing.
[00:30:40] Speaker B: The PS five is probably holding its value pretty well right now.
[00:30:42] Speaker A: It's. Well, yeah, it's still. The price has not dropped at all as far as what they're charging.
[00:30:46] Speaker B: Well, what's the used market?
[00:30:47] Speaker A: So. Yeah, that's true. That is true.
[00:30:48] Speaker B: I can still get 450 bones for a. A used PS five and it's selling 500 new.
[00:30:54] Speaker A: Yeah.
[00:30:55] Speaker B: Well, then that's not bad. Now I've really only invested $250. But again, is that juice worth the squeeze? For me personally, I would really want to see them side by side.
[00:31:05] Speaker A: Yeah.
[00:31:06] Speaker B: To compare. I think there's a comparison video here, but it's all compressed going through YouTube and whatnot. I would want to have them in place, two screens, looking, playing the same games, doing the same things, and making sure that it was really worth my extra money.
I somehow, for me, I somehow doubted it. Sure.
[00:31:29] Speaker A: Well, you know, and I'm kind of in the same boat where, I mean, I'm not a PlayStation girly, I have an Xbox. But if I were a PlayStation fan and that was like a console that I. I was super committed to, and ps five is my guy, PlayStations are my console. I don't know that I would be the kind of person that would. This would be worth it for me. I would be curious to know. I don't know if we have anybody that watches that is like, into gaming competitively, but if this is the kind of thing where it'd be like, no, no, no, it's totally worth it for me, because even if it's just a slight difference in the speed or the graphics, that makes all the difference when I'm competing at the competitive level.
[00:31:59] Speaker B: Yeah, that makes sense.
[00:32:00] Speaker A: And maybe you prefer to play on a console instead of a PC for whatever reason, you know, maybe that's at the competitive level.
[00:32:04] Speaker B: Every edge is.
[00:32:06] Speaker A: It makes a huge difference. Yeah. So I'd be curious to know what y'all's opinion would be on that or even if you're not a competitive gamer.
[00:32:11] Speaker B: So crazy that we're sitting here talking about competitive gaming.
[00:32:16] Speaker A: It's a big deal.
[00:32:17] Speaker B: It is a big deal.
[00:32:18] Speaker A: They're considering incorporating it into the next olympics, if they haven't already.
[00:32:21] Speaker B: Please stop. Olympics, come on.
[00:32:23] Speaker A: Yeah, it's. It's a thing. I mean, hey, it's not you.
[00:32:28] Speaker B: No, no.
[00:32:29] Speaker A: That's where you draw the line.
[00:32:30] Speaker B: No, no, listen.
No, stop.
[00:32:35] Speaker A: Old man yelled, how did it work.
[00:32:36] Speaker B: Out for you this year, by the way? How'd it work out? Yeah, well, we brought in breakdancing and that was a lot of fun. Wasn't it real? The only real was Ray gun was like. Yeah, the crazy kangaroo dance. Right?
[00:32:50] Speaker A: Because she's Australia.
[00:32:51] Speaker B: That was the only. That's what I heard it was called. Cuz she was bouncing around like.
[00:32:55] Speaker A: Oh, that's what you're calling it?
[00:32:55] Speaker B: Yeah.
[00:32:56] Speaker A: Okay.
[00:32:57] Speaker B: I didn't realize she was australian.
[00:32:59] Speaker A: She is australian.
[00:33:00] Speaker B: Yeah.
[00:33:01] Speaker A: She supposedly was like a researcher or something, and so she was trying to.
[00:33:04] Speaker B: Prove that, like thesis of she had.
[00:33:06] Speaker A: Like a PhD in breakdance or something, right?
[00:33:08] Speaker B: That breakdancing is an artistic expression and not a sport.
[00:33:12] Speaker A: You can't make it a competitive thing because it removes the art from it.
[00:33:15] Speaker B: The art from it. I think that there's a point to that. She could make an argument for this, but I like how she made her point. It was funny.
[00:33:22] Speaker A: It provided entertainment.
[00:33:23] Speaker B: Very entertaining. It was one of the most entertaining things about this year's olympics.
[00:33:27] Speaker A: Guarantee that will be one of the top Halloween costumes is ray gun, especially.
[00:33:30] Speaker B: In real time as it's happening. You don't know these things. You're just going to. What is this chick doing?
[00:33:36] Speaker A: Is she serious?
[00:33:37] Speaker B: Is this for real? Am I watching what I'm watching? Yeah, yeah, no, she's. She's. Look at her bouncing. Hoppity hop.
[00:33:45] Speaker A: Look at her bouncing. Hey, good for her. Good for her. But, yeah. So that is a. That's a new console that's going to be coming out. It'll be available November 7. Curious to know if any of y'all are going to be making that investment, making that purchase. I will not be. But if you are, I'm happy for you and I'm excited for you. You want to try to fit in one more for the break, or you want to take a break now or.
[00:34:05] Speaker B: Let's see here. One, two, three. I'm looking at how many articles.
[00:34:07] Speaker A: Oh, yeah. No, no, no.
[00:34:08] Speaker B: Quite a few.
[00:34:08] Speaker A: We got 123456 left.
[00:34:10] Speaker B: Six left. Let's.
I'll leave it to you. I don't care.
[00:34:14] Speaker A: Okay. Okay.
[00:34:15] Speaker B: Dealer's choice.
[00:34:16] Speaker A: Um, let's push it off. All right, let's take a break now so I can go to the bathroom, and then we'll come back and. Yeah, I'm being selfish. Yes. We're gonna take our break now. Don't worry, though. We will be back in just a few minutes with more not break dancing news, more technato. Hey, I'm Sophie Goodwin, edutainer at ACI learning and subject matter expert for our new course, cybersecurity fundamentals. If you're new to cybersecurity, this is the course for you. Anyone from high school students to professional switching careers. These episodes are designed for you as an introduction to essential security terms and concepts. So we'll walk through security principles, governance, risk and compliance, access controls, threats and attacks, incident response, network security, and we'll look at some best practices for security operations. Security doesn't have to be scary. Check out cybersecurity fundamentals in the ACI learning course library.
Welcome back. Thanks so much for sticking with us through that break. It was sorely needed. I had to get up around and.
[00:35:18] Speaker B: Very fruitful as well.
[00:35:19] Speaker A: Very fruitful. We got some new information from our wonderful director, Christianity. He has a little bit of a scoop on that PS five stuff.
[00:35:27] Speaker B: We were talking about perspective, that perspective we do not have, which is he just got done building a gaming PC and he was saying if the PS five pro can do four k at sixty FPS at $700, that's a steal. So I looked it up and yeah, it's right here. It absolutely does more ray tracing and fluid four k and sixty frames per second gaming across the board for games that get pro upgraded. So yes, while your older games or games that aren't pro upgraded, obviously you're not going to have that. But the ones that do, and from now on, most likely are going to be at FPS. And yeah, it can. For those that are coming from the gaming PC side of things, this would actually be saving money.
So maybe if you're in a play, if you're PS five owner or PS four owner, might not be ready for you yet. But again, if you're just looking to have the latest and greatest at a great price, maybe the PS five is the way to go.
[00:36:26] Speaker A: And that's interesting. I wonder if that'll set, like you said, a new standard for these consoles now, if this 4k, you know, because with the PS five came out in like 2020. So four years later now, the PS five pro coming out in November, I think. So in a couple of years, if we see the PS six, I guess, or PSX, if they go the Xbox route, I wonder if then it'll just be like, from now on to pro or not. This is what comes with the console. So that will be interesting to see. So we do appreciate Christian's insight on that stuff. He's got. He's got his finger on the pulse a little bit more of the gaming stuff than we do. So, always appreciated. But getting into some of these other articles that we have here, this first one for the second half of our show, revival hijack, Popeye hijack technique, that's hard to say. Exploited in the wild, puts 22,000 packages at risk. Pie, pie hijack. That's a fun thing to say. Less fun to deal with, though.
[00:37:12] Speaker B: Yeah, less fun to deal with. And of course, that number is theoretical, that just the problem could possibly affect up to 22,000. Not that 22,000 PI PI projects are being affected right now. Right. So the issue is, is that, let's say you make a project, you stick it in pypy, you're like, cool, this is fun, you're working on it. You like your projects and eventually it gets kind of long in the tooth, you're sick of it and you kind of abandon it. After a while you go, you know what, I'm not doing this anymore. And the project kind of tombstones goes down. It, it really kind of dies in that system. Well, PI, PI project, apparently what they will do is it says right here is this attack. Give you the straight from the horses mouth. This attack technique involves hijacking pipy software packages by manipulating the option to re register them once they're removed from Popeyes index from the original owner technique we've dubbed revival hijack. So how, how is this a problem? That's the question. Problem is if I'm an attacker and you've got a project that has basically been removed, I can re register that name under you. This could be Microsoft, this could be, you know, well known projects that sundown, x, y or z reasons and now eyes, an attacker can re register them with the same name, the same endpoint and you just start pulling it in, assuming it's the same project, but it's not, it's got hacker code in it.
[00:38:42] Speaker A: Right. Okay.
[00:38:43] Speaker B: That's the problem.
[00:38:44] Speaker A: So you're just, you're making an adjustment to what's actually in it, but the wrapping on the outside looks the same.
[00:38:48] Speaker B: Yeah.
[00:38:49] Speaker A: Okay.
[00:38:49] Speaker B: Yeah.
[00:38:50] Speaker A: And somebody that's looking at it is just going to be like, oh hey, I didn't realize that was still around. Let me just go ahead and, go ahead and take a look at this. Thinking that it's just been revived for what? Hence the name revival I guess, but thinking that it's just been revived for some reason. Because why would you think to ask?
It looks like it's legit. Hey, it's Microsoft. Sure, why not? So yeah, that's kind of scary.
[00:39:06] Speaker B: Or think about a new developer who is trying to figure out whether or not how can I make my python script do X, Y or Z. And you're looking at forums and old stack overflow and you see, oh, grab this pypy project. Okay, let me grab that pypy project. You have no idea that it was once defunct and now has been re registered under some malicious actors name because it does exactly what it is you need it to do. And you don't have to reinvent the wheel, you just pull it on in and use it. Well, yeah, yeah you can, but unfortunately you might be pulling in more than you expect. Right. And that, that goes back to this is, this is a problem we have reported on these kind of things. Maybe not this specific type of attack, but the fact that these repositories, libraries and projects such as this and NPM and so on and so forth, that you have to be very very careful at what you import into your own projects. Because while yes, they can make your life a whole lot easier, it could also make your life a whole lot harder if you didn't do your due diligence on whether or not this was something you want to import and whether or not it could be malicious.
[00:40:16] Speaker A: Now it does say that this is the JFrog, or JFRog as I'm choosing to call them. Research team discovered this had recently been exploited in the wild. So I'm curious if there is a way to other than just I guess double and triple checking the stuff that you're using. But do you think there will be some kind of a permanent solution that comes along like, oh yeah, we fixed that, that's, that can't happen anymore? Or is this just going to be one of those things where it's like you just got to look out.
[00:40:39] Speaker B: Yeah, I wonder if they'll like maybe Pypy could say once you've registered something and it's been, you know, it's kind of died, we're not bringing it back.
You can't bring it back. Only the original register with the original email address and login form for whatever, for uploading that specific thing. Maybe say use some type of blockchain or something. A ledger that says this is owned by you and these are the transactions that are done. As far as whether or not it's an active project or a defunct project, maybe something that affects where if you did want to revive it later, it could only be by the person that originally started the project.
Other than that, it would just have to go, nope, you can't register that you are not this person.
[00:41:25] Speaker A: Yeah, right.
[00:41:26] Speaker B: I feel maybe that's, maybe that's something they could do. I don't know how feasible that is. At, on the back end at pypy.
[00:41:34] Speaker A: Sure.
Because there's a lot of, there's a lot of packages going on. I mean, I mean like I said, it could in theory impact what, 20 something thousand packages. So not, not exactly a small shock wave of impact that could come from this. And it did say that it was recently exploited in the wild. I didn't get a chance to look. Was there any detail about who or what? Or was it just, we know there's been exploitation of this technique and so here's the warning, here's the heads up and what you can try to do to maybe prevent against this. I don't think there was any detail on who or what was responsible.
[00:42:06] Speaker B: It was just, no, it's just like this is, this is a new attack vector through this specific type of attack. So be on the lookout, be diligent, do your due diligence. Don't just Willy nilly, grab stuff from pypy and think, I'm cool unless you know for sure that that project is what you think it is.
I know, everybody goes, well, how am I supposed to read all those lines of code, make sure it doesn't like, that's just how it goes. Slap it in AI and say, hey, is there anything malicious in here?
[00:42:36] Speaker A: They also mentioned that many CI CD machines are already set up to install these packages automatically. I didn't even think about that. It's not even that you're installing Willy nilly. It's just, well, I just thought it's just automatically gonna do it for me, which is convenient, but yeah, you might have to go in and not do that anymore.
[00:42:52] Speaker B: Find an alternative package, whatever the case is.
[00:42:55] Speaker A: Yeah, that's kind of scary. And they did, they've included all this information about how they carried it out because they reproduced the attack. So I like, I like blogs like this because they do go into detail. It takes me a little while to get through it and fully understand it. I would imagine that, I mean, we'll link all of these articles and stuff.
[00:43:08] Speaker B: Source.
[00:43:08] Speaker A: If you do want to go in and look at it in detail, we hope that you go ahead and do. So was there anything else that stood out about this news or was it more of just like a, hey, PSA, just so you know.
[00:43:17] Speaker B: Yeah, today's kind of PSA day for me.
[00:43:19] Speaker A: PSA day. Yeah, I can appreciate that. Yeah, it's like patch Tuesday, but different.
[00:43:23] Speaker B: Yeah.
[00:43:23] Speaker A: So there we just had, by the way, which we did just have like.
[00:43:27] Speaker B: 80 patches for Microsoft, a bunch of like zero days.
[00:43:30] Speaker A: That's interesting because there's so much, one.
[00:43:32] Speaker B: Was like, and this wasn't in our articles, but I, one was a downgrade attack where the attackers, through a flaw in an update, allowed them to remove updates that made you now susceptible to other attacks. Yeah. Crazy. Yeah.
[00:43:49] Speaker A: Interesting. Okay. Inception of the updates. Yeah. There was so much going on this week that didn't even, was not even a document of stuff.
[00:43:56] Speaker B: Patchy had zero days. I'm not, sorry, not Apache. Adobe.
[00:43:59] Speaker A: Yeah. Yeah.
[00:44:00] Speaker B: Dobie had some zero days, some critical flaws.
Yeah, it was, it was a dumpster fire.
[00:44:05] Speaker A: It was a dumpster fire of a week, cybersecurity. We love it.
[00:44:08] Speaker B: It's fun.
[00:44:09] Speaker A: But jumping overseas here for the next couple of articles. What's going on over there? Chinese hackers exploit visual studio code in southeast asian cyber attacks. All right. Cyber espionage, fun in theory and in movies, but not really in practice.
[00:44:22] Speaker B: Well I mean that's one part of the story, right? Is that, yeah, look at these chinese threat actors doing what chinese threat actors do, right? Going to town, having a good time. But how they did it was very interesting and it was funny as I had seen some articles earlier in the week. This one's a little closer to when we're filming than what I had been seeing, which was a few days ago.
And it was about how visual studio code could be exploited for c two traffic and it would mask it because it's all done through Microsoft's technology, its all done through their infrastructure.
So when you looked at it at the packet level, you would go oh yeah, heres some traffic coming from this machine. Oh its Microsoft. Yep. Visual studio code apparently is quite noisy to begin with. So its fairly, its a good channel to hide your nefarious activities if you are a threat actor.
So yeah, so apparently there's this function inside of visual studio code that allows you to create a tunnel for remote access to the device. Yeah. And some, some directors go a tunnel you say tell me more of a stream of information that is kind of within a protected pipe. That's what you see?
Yeah. Tell me more. I'm interested. You've piqued my curiosity. And then of course was it yesterday or day before? There's this China linked advanced persistent threat group known as Mustang Panda observed weaponizing the visual studio code software as part of their espionage operations targeting government entities in Southeast Asia. Right. Says the threat actor uses the versus code embedded reverse shell feature to gain a foothold in target networks. Shout out to Palo Alto networks, uniform too because they do amazing work. This is crazy. I did see, it was funny. I was putting articles in yesterday. You know, I got my YouTube feed going on and everything. I see John Hammond and he is showing you how, how this gets exploited, how, how they use this proceed to in a very simplistic way was you know, short video. But John, you know, he's, he's a, he's awesome.
[00:46:42] Speaker A: He's, that dude is quick.
[00:46:43] Speaker B: Yeah, he is on the money. You gotta bring your a game if you wanna beat him to the punch.
[00:46:47] Speaker A: Yeah. This group is like you said, mustang panda but it's of course they always have like 17 different names, of course. It's Camaro Dragon, which I've heard you.
[00:46:55] Speaker B: Mention that like, I love Camaro Dragon. You know, not what they do, but.
[00:46:58] Speaker A: The name, the name. Cause every time the names come up I'm like, call him Diaper boy and maybe he won't do it, he's doing anymore, but it's always a cool name. Red Delta.
[00:47:04] Speaker B: Yeah, come on.
[00:47:05] Speaker A: Aero Dragon, bronze president, which is interesting. That's like the Douchey McDouche face.
[00:47:10] Speaker B: Sounds like a better name.
[00:47:12] Speaker A: Yeah, yeah. Pee pee pants. That's the new threat actor name.
[00:47:15] Speaker B: What is bed till nine.
[00:47:19] Speaker A: With the hyphens in between? That's his new name. Yeah. His bed till nine.
[00:47:23] Speaker B: Yeah, that's right.
[00:47:24] Speaker A: On next.
[00:47:26] Speaker B: Sucked his thumb till twelve.
[00:47:27] Speaker A: He puts the p in apt.
[00:47:29] Speaker B: That's right.
[00:47:30] Speaker A: So did they in this article go through kind of how it works? It kind of looks like they have a little graphical thing here that shows.
[00:47:37] Speaker B: A little bit through it. They just kind of give it a.
[00:47:39] Speaker A: Little bit, not in super detail, but.
[00:47:40] Speaker B: There'S a little mostly like just a flow chart of how the works. It does look like it does have some, it's a very bad graphic, gonna be honest. It's, it's very, look at that is kind of fuzzy. Yeah, but they show you there's a rar here. Unique. Blah blah blah blah. This is kind of where it starts here. The previous campaign of this. What is it? Please move out of the way. Visual studio code box of doom. Golly. Tone shell.
Yeah. Stately Taurus.
[00:48:11] Speaker A: Huh?
[00:48:13] Speaker B: And there's SshD exe. Apparently you do have to have already have some access to the machine for this to work. So this would be more of a post compromise thing, but that would mask all your c two traffic and exfil data that's happening. And that's really what you're looking for. Most threat actors, once they gain, I say most generally speaking, from what I've seen in my experience, when you gain access into a machine, you're not sitting there with reverse shell all day long doing hands on keyboard stuff, just like, cool, I'm in. You establish persistence, you install your backdoor and whenever you need it, it's there for you.
[00:48:51] Speaker A: Right. You go back to it every so often like, oh, it's Tuesday, I'll go check on that thing.
[00:48:54] Speaker B: It's collecting data and exfiltrating for you from at a cadence, beaconing out, doing all the fun stuff, right. You're not just sitting there going, I'm using this machine like it's my personal machine that doesn't happen all day every day.
[00:49:07] Speaker A: Sure.
[00:49:07] Speaker B: So. But when you do that stuff or you are exfilling data, you want that stuff to not get picked up on. And this is a great way to make that happen.
[00:49:17] Speaker A: Well, then this is an interesting one. Thank you for that. P's again, PSA day. So we'll have to see if there's any more development because it says that it seems like maybe it's a continuation of a previously documented attack from like last year. Yeah. On a unnamed southeast asian government entity in. Yeah, literally like a year ago.
[00:49:33] Speaker B: Yeah.
[00:49:33] Speaker A: Because it's September. So crazy to the day. Oh, and speaking of, this is unrelated to the story, but the coal fire stuff that comes up sometimes.
[00:49:40] Speaker B: Oh, yeah.
[00:49:41] Speaker A: About how they were arrested when they were just doing a pen test and it was like, sorry, you have permission, but you don't. It's the five year anniversary of that, this week of that happening. So they went on talking about your psa. So I haven't had a chance to listen yet. But they did dark reading, did another episode on it and brought them back on the show and like, talked them about like, hey, five years later, like, walk us through that and what's the update and everything. So. So I haven't had a chance to finish it yet, but would recommend going and listening to that, especially if you haven't, if you've not already heard that story or listened to how that went down. I'm quite interesting, a little scary, but continuing our journey overseas here, jumping over to Europe, I guess. Technically it's Eurasia, I guess, Wix to block russian user users starting September 12. And this article does have the kind of the main point of it, which is that due to new regulations, Wix, if you don't know, is an israeli based company. So it's owned by an israeli firm rather. But starting on September 12. So the day this episode releases, Wix said, hey, new regulations in place. We have to restrict access to Wix services for russian residents starting on the 12th. And Wix is a. It's a website builder, kind of like WordPress.
[00:50:44] Speaker B: This is the Moscow Times.
[00:50:46] Speaker A: So. So I grabbed. I did grab that one. So the one I'm looking at is from bleeping computer, but I grabbed the Moscow Times ones as well, only because it had more specifically information about, like, had the implications of okay. For russian residents. Cause it's not like if you're living in America and you were born in America, but you're of russian descent, it's not like they're gonna track you down and do a DNA test and say, you can't use wix. This is for like, geographically. If you were a russian resident, you are not permitted to access it. And they were pretty vague, I thought, in the Wix announcement about this, it just said due to new regulations. So I was like, okay, if they're not talking about the us sanctions, are they? Was there new israeli regulations that got introduced? Like, what? What was it? So that's why I grabbed the Moscow Times one, because it looks like that gives a little more context of. It comes after the US introduced those new sanctions against Moscow over the stuff going on, like in between them and Ukraine. So it's all this like geopolitical crazy stuff going on. But Wix has said as a result, hey, unfortunately, like, we are bound by these restrictions.
[00:51:44] Speaker B: See their little message they got here. Dear readers, we are facing unprecedented challenges. Russia's prosecutor general's office has designated the Moscow Times as an undesirable organization, criminalizing our work and putting our staff at risk of prosecution. This follows our earlier unjust labeling as a, quote, foreign agent.
[00:52:02] Speaker A: Wow.
[00:52:04] Speaker B: Actions are direct attempt to silence independent journalism in Russia. The authorities claim our work, quote, discredits the decisions of the russian leadership. We see things differently. We strive to provide accurate, unbiased reporting on Russia.
Wow, interesting.
[00:52:19] Speaker A: I didn't even see that part because I'm just focusing on, like, what's going on.
[00:52:22] Speaker B: I just happened to scroll past.
[00:52:24] Speaker A: That's, wow.
[00:52:24] Speaker B: I was like, what's this?
[00:52:25] Speaker A: I see stuff like that and it makes me so glad that I live here. Like, I just, it, you feel like you take for granted, like, the freedoms that we have. And it's just nice to know that, like, we can talk about this stuff and we don't have to worry for now about hedge my bets here. Who knows where we'll be in ten years?
But it makes me grateful for that. But anyway, so because Wix is a, I mean, I used to use Wix for my own. I had like a website I use for acting stuff and school stuff. And so it just is interesting to me since we talked about how, like, okay, Kaspersky is now out of the US, can't do business here because of all of the tensions between Russia and other nations right now. Now it's like, okay, it's not just russian government organizations or cybersecurity organizations like Kaspersky. It's like, as a russian resident, if you want to build a website, great.
[00:53:07] Speaker B: Can't use our service using Wix to do it.
[00:53:09] Speaker A: And if you've got a Wix website now. You basically have. They announced this on Tuesday. So they gave you effectively two, maybe three days to move all of your stuff over to WordPress or somewhere else. So I was just like, dang, that would really suck. You've got this whole website built out and now it's like, surprise.
[00:53:23] Speaker B: You're just random Joe in Russia, Jane.
[00:53:26] Speaker A: You'Re running a website on, like, different kinds of plants.
[00:53:28] Speaker B: I want to say, yeah, I want to sell, like, sweaters for kittens, but because Putin's a d bag.
[00:53:35] Speaker A: Yeah, I will have to shut down kittens. And starting today, has to go. Estugal has to go. So I really do hope that for those russian residents that have wix websites, they can find a solution. But just, I just was like, oh, just VPN. So this is just gonna keep pushing back and saying, nope, no, you can't access this.
[00:53:52] Speaker B: You can't access wix the same way they access Netflix.
[00:53:56] Speaker A: The same way they watch Love Island a day early. Yes.
[00:53:59] Speaker B: Have you seen love island? Crazy.
[00:54:01] Speaker A: It's crazy. It's crazy. They got a text. It was amazing.
[00:54:04] Speaker B: That's right.
[00:54:05] Speaker A: Coming back over from overseas, back in the US, that's some what I think is good news. Us government is removing four year degree requirements for cybersecurity jobs. We do talk sometimes about how, like, you know, there are obviously four year degrees for cybersecurity and for it and everything. And I think that's awesome. And I think it can be a great solution for a lot of people. There's also certifications or, like, shorter individual programs that you can use. I think there are a lot of different solutions. And people get frustrated when they see, like, I've been working in this field for however many years, but because I don't have this formal degree, I can't, supposedly, I can't apply for this job. So I see this as a good thing.
[00:54:39] Speaker B: I agree. Totally agree. I think this is an absolutely a good thing. They. As long as they have very good vetting processes. Right. While, yes, certifications and things of that nature, you still have to go through some pretty good. I mean, we're talking about the government, right? We need the best, of course. So they obviously won't do that.
They're going to turn cyber security into the DMV, and that'll be fun for everyone. Right?
[00:55:06] Speaker A: Yeah.
[00:55:06] Speaker B: But at least at this point, they're now opening themselves up because they keep talking about all these cybersecurity jobs that are available, by the way. Go spend some time on LinkedIn and you'll see a lot of people despairing right now because of the tech layoffs. And if you've been in the business long enough, there's hills and valleys. Hills and valleys. Right. We just happen to be in a valley right now where there's a. A lot of layoffs that have been going on. So that. That puts the market for jobs.
Now you're competing with people with ten years experience.
[00:55:42] Speaker A: Yeah.
[00:55:43] Speaker B: Right. So if you're new to it, it can be really difficult, and that can be frustrating. I totally get it. But now with this, hopefully that kind of opens it up a little bit.
[00:55:51] Speaker A: Yeah.
[00:55:51] Speaker B: Moves that pipe to be a little bit wider and allow some room for maybe some more of the less seasoned of you out there trying to get a job, access to some work in the government space. So make sure you have the skills you need, make sure you have the certs that will apply, and you don't have to worry about getting that four year degree anymore to gain access into those systems. So, to me, I think this is a. This is a, for the most part, a positive.
[00:56:15] Speaker A: Absolutely. Especially because it's not like they're just saying, hey, if you are just random Joe off the street and, you know, your job has been doing whatever, you.
[00:56:24] Speaker B: Know, we're gonna watch them literally do that.
[00:56:26] Speaker A: Right? Yeah. You can't count to five.
[00:56:29] Speaker B: Cybersecurity person.
[00:56:30] Speaker A: Like. Like you said, there's still gonna be standards. There still be heavy vetting, even if it's just for. Because Steve's government security purposes. Like, you know, you have to have certain. If you have a certain background, like, maybe you're not able to get certain jobs. But it does mention that this is part of a push to fill half a million open cybersecurity jobs, which would seem to be in contrast with a lot of what you see people being like, I got laid off. I can't find a new job. And I don't disagree. I don't believe that that's not happening. I think it is truly a struggle for a lot of people to find a good fit, but it's somewhat encouraging, I guess, to see, like, oh, so there are a lot of open jobs. It's just that maybe the bar is a little bit too high or a little bit. It's like, okay, you've got all these jobs you need to fill. You can't then say, oh, but not you, sorry. You don't have this specific formal degree that we want. You just have four years experience on help desk or as a system admin or whatever.
[00:57:17] Speaker B: Hopefully this is arguably way more valuable.
[00:57:21] Speaker A: Than I've always thought that hands on experience is going to be so much better than. I mean, I think you can get a lot from education.
[00:57:28] Speaker B: You can get a great education. There's a lot of great schools that are out there. Obviously, do your research on what programs are out there that are valuable, because there's a lot that aren't. So you got to do that. But the ones that are valuable are valuable.
Experience, though, man. That's one of the best teachers on this earth. And for you to be able to say, oh, no, I didn't just take a class on that. I have worked in a production environment with that thing.
[00:57:53] Speaker A: It's part of why you see internships as, like, a big requirement.
[00:57:55] Speaker B: Exactly.
[00:57:56] Speaker A: Because it's like, you can take the classes, and that's awesome. And it'll maybe give you foundational knowledge and help prepare you. But until you're in it, it's hard to know what to do, especially when.
[00:58:05] Speaker B: You can put on that resume that you had your hands on it in production. In a production environment. It was alive at five thing, and it is still running. I didn't burn it.
[00:58:14] Speaker A: Mm hmm.
[00:58:15] Speaker B: You can trust me is what that says.
[00:58:18] Speaker A: Oh, yeah, right.
[00:58:19] Speaker B: I can keep a thing going, and that is. That is really difficult to beat on a resume.
[00:58:25] Speaker A: Yeah. Yeah. I would agree. I do think it's funny how you were like, hopefully they're not going to turn cyber security into, like, the DMV, picturing somebody, like, at their desk, and there's, like, some ransomware attack going on, and then, hey, did you see what's going on? And he's sitting there, like, hang on. And he's got solitaire open, or, like, galaga on his desktop. He's just like, give me a second. So, hopefully that doesn't happen. But I think this is encouraging. It's nice to see that this is. The doors are opening a little bit wider. There's not as much gatekeeping. Hopefully, that will. That will go on at this point. A couple of other articles, though, that we want to get through before we sign off today. The problem with remote access tool sprawl, and this is actually. This is a full, like, document. Uh, so I'm hoping, Daniel, you can maybe shed some light on this for me.
[00:59:03] Speaker B: Yeah, this was an interesting and crazy read.
Like pork chop sandwiches, where they even.
[00:59:10] Speaker A: Oh, I totally forgot. I totally forgot. Can we just do it, like, posthumously? Like, sure. It's dead. It's dead, but. Okay. Yeah. Hey, this is pork chop sandwiches. Pork chop sandwiches.
[00:59:21] Speaker B: Oh, we're having crazy time.
[00:59:23] Speaker A: I didn't mean to take that away from you.
[00:59:24] Speaker B: That was so funny.
[00:59:24] Speaker A: So sorry. But yes, continue with your explanation.
[00:59:27] Speaker B: So I was reading this. I kind of bounced around this and saw this. This is from clarity.
If you want access to this document, you can just go to clarity in their research area. And it's under. I think it's under research. And you fill out the form and you can get this PDF. But ultimately, crazy town is going on in OT environments. Like, what they found in this is beyond ridiculous. I don't know. Oh, that's because I'm on a Mac. That's right. Use the right keys to blow this thing up. So a couple of really interesting graphics in here, just with some key takeaways. So here we go. We did a data set of more than 50,000 remote access enabled devices on OT hardware. Remember, this is in the industrial space, the critical infrastructure space. The sprawl of remote access tools is excessive with some organizations, we discovered with 55% have four or more remote access tools in their OT environment.
33% of those organizations have six or more. Many of these tools are non enterprise grade security products lacking basic privilege access management capabilities. 79% of organizations have more than two of these non enterprise grade tools installed in devices running on their OT network, creating risky exposures. This was insane, right? They had crazy numbers of things that are going here. I'm going to find some more graphics for you.
So here's their number of remote access. Not only that, they don't have things like MFA. They're using tools like anydesk, which have. Are known to be targeted by threat actors, and it's just running rampant. Listen, I got nothing against people needing to do remote administration.
That's kind of the name and game in a lot of things. But when you're installing some bull crap that is not even really known and approved as something to be used for those purposes, you are doing it wrong.
[01:01:30] Speaker A: Yeah.
[01:01:31] Speaker B: And you, it's one thing for you to be like, well, yeah, I've got my, you know, my web store, and I'm yanking romantics. This is Ot. This is ICS. This is scatter. This is life and limb.
You can't, you know, roll the dice with this kind of stuff like you're doing. This is a sucker's bet to be doing this and that. This goes to tell you the state of our actual infrastructure. It is. I'm guaranteeing you wildly open for offensive action against it. And that scares me.
[01:02:07] Speaker A: I can understand why it would. It would scare you? I think you're valid in that observation.
I correct me if I'm wrong or steer me in the right direction here. Anytime that we talk in our episodes and stuff about ics stuff, right. One of the things that comes up is for some, sometimes in industrial situations, there are systems that maybe are pretty old. They're, I guess, outdated, for lack of a better word. And they can't really be updated because it's like, okay, well, we can't really take the system offline or we can't stop it to update it. So we just got to keep running this old version and we're just going to have to deal with that. And so as a result, then it's like, well, if we air gap it, nobody could touch it. Or if we make it so that, you know, whatever vulnerabilities are in this outdated software can't be accessed, then we should be okay. But then I feel like you've brought up the example before of like, well, what if somebody decides that they want to just check on this thing from the comfort of their home and so they set up some kind of remote tool so that they can check on it from there? That kind of defeats the purpose because now it's connected to the Internet and all this stuff. And so that is that kind of the direction that this could potentially go.
[01:03:06] Speaker B: So the problem is, is that we are continually connecting it to OT, right?
And it brings along all the IT problems, all the IT security issues on systems that were. A lot of them were never meant to be connected to it. They were just meant to be, like you said, an air gap standalone system that does its thing. You look at all the old protocols like Modbus and s seven stuff, and they have no security built into them at all. It's all clear text and everything like that. Now all of a sudden you've connected that to the Internet.
That's. That's a problem. Now, I don't work in the IT or the, the Ot space. I've never done ics. I've never done scale. I find it interesting. I find it fascinating. I find it fascinating that when I do read about it, it's stuff like this. It's like, hey, when you're connecting remote access tools to your OT systems that either can't be updated or have no security, and the thing you're connecting it to also does not have proper security that, yeah, you can. You can do this, but you're not doing it the right way. Yeah, like, what are you doing here? What are you doing here? Right to California.
[01:04:13] Speaker A: California.
[01:04:16] Speaker B: It. What are you doing here?
[01:04:22] Speaker A: That is a. But, yeah, that's. That's a good point. And at the very least, if you've got these tools in place, I guess maybe you'd be looking at, like, an attack surface issue, too.
[01:04:30] Speaker B: Like you're increasing the attack service. Exactly.
[01:04:32] Speaker A: That's just not good. It's just not good. It's nice that they include recommendations at the end about, hey, here's what you can do to kind of prevent this or combat this to help better adhere to the regulations. I do enjoy that. This is a nice little document, though. I mean, I think it's laid out really well. Obviously, it's an important topic, a serious topic. But I do like when they add visuals and stuff. Cause it makes it easier.
[01:04:49] Speaker B: I think clarity, their stock and trade is all, you know, the OT space.
[01:04:53] Speaker A: Yeah. So they're good at what they do. Surprisingly good for clarity. I'm glad you brought this up because this is interesting. Again, PSA day here on Technato.
I did promise earlier that we were going to be talking about some AI related stuff, and I'm a woman of my words, so Amazon is now allowing audible narrators to clone themselves with AI. I don't know if you know this, Daniel. I'm a voice actor.
[01:05:16] Speaker B: Yep.
[01:05:16] Speaker A: I do some voice talent stuff in my spare time for radio and stuff and web industrial videos and things like that.
[01:05:22] Speaker B: Word on the street and so.
[01:05:23] Speaker A: Yes, word on the street. And so the idea of here, just clone my voice and use it for a bunch of audiobooks in your library, I don't love that. From the perspective of. I just don't really like that AI is being used to do that kind of stuff. But also from the perspective of a voice actor of like, well, at what point do I cease to own my voice then?
[01:05:40] Speaker B: Right.
[01:05:41] Speaker A: Because they do say, don't worry, you'll get royalties for when we use these for the book, or you'll get paid every time we use it for a book.
At what point, though, are you gonna say you set the rates for using your voice? Right. Based on the time that it takes you. An audio book's no joke. Right. It takes a long time to record, and it's. It's taxing on the voice. So it takes a while.
[01:05:56] Speaker B: Yeah. What happens if you're, the books that you are audio voicing are voicing. They become popular.
[01:06:03] Speaker A: Yeah.
[01:06:04] Speaker B: And people want more, and they're making tons of money, and you're just getting, like, a little residual. You ever get to renegotiate that contract with the payment.
[01:06:11] Speaker A: Right. Or then do they get to a point where they start pushing the pricing down and saying, well, no, we're not going to pay you as much because you're not having to do anything. We're just using your voice.
[01:06:19] Speaker B: We already got what we needed. Thank you.
[01:06:20] Speaker A: Whereas before, maybe you're. I'm just going to pull a number out, may or may not be accurate, a do a certain type of audiobook. No, we'll give you 800 because you're not having to actually record, well, maybe 600. The other thing, too, is when you're doing it on a book by book basis, you obviously have control over what you voice. And you can look and say, there was stuff that I got like, hey, we want you to voice this audiobook. And I'd go and look and it was like 50 shades of grey type stuff. And I was 17 and I'm like, I could be 35 and I wouldn't want to do this, but much less at 17. Like, no, you can't be even a minor voice. Those kind of books.
[01:06:49] Speaker B: Yeah, that's would be crazy.
[01:06:50] Speaker A: So, no, I'm not doing that. If I were to go now, I mean, obviously I'm in my twenties now, but if I were to go in and say, yeah, you can clone my voice and that's fine. Use it for whatever. How good are they going to be about, hey, just so you know, here are the books we want to use your voice for. Go in and. Because then that my voice could be attached to some random, like, steamy book that I don't want to be associated with or a book that maybe is just like, it's mein Kampf. I don't want to narrate mein Kampf. You know, like, what if it's. I mean, that's, I mean, extreme, but it's true.
[01:07:19] Speaker B: Right? That's, that's a valid point.
[01:07:20] Speaker A: It just, I think.
[01:07:21] Speaker B: Plus, don't you feel like this is the kind of thing where we should really tread lightly and be very careful and probably over cautious, err on the side of extreme caution with giving rights to anything about ourselves.
Right. You got AI, go create your own voice. You don't need mine.
[01:07:42] Speaker A: Right.
[01:07:43] Speaker B: Right. What are you trying to get from me? I know you need to train your model. That's up to you. You got your voice. Use your voice and then train it to change your voice or do whatever the heck you're gonna do, but you don't necessarily need any kind of rights to mine.
Right. I think what it should be, if you're gonna use my voice. It's. You pay me money, I get a royalty. You don't get to clone it. Yeah, you don't get to clone it.
[01:08:04] Speaker A: Yeah. I would agree to agree with you on that. Yeah, this is definitely a, it's a push because it's like we have all these audiobooks or all these books in our Amazon Kindle, whatever library that don't have any audio narrations.
[01:08:15] Speaker B: Boo flippin boo.
[01:08:16] Speaker A: Right? We've got thousands of books and we just. This would really help us get it done a lot. Sorry, that sounds like a you problem.
[01:08:21] Speaker B: Hey, you know what? I hear a lot of people that could use some extra side hustle work, right? Be a great way to get, like, actual real voices of people.
[01:08:27] Speaker A: There's no shortage of voice actors. People that want to get into it. People that are trying to break into, especially narrating audiobooks, bro. Just give those people an opportunity to do. It's like using AI generated actors instead of looking for new actors that aren't Britney Spears and Emma Stone. Like, bring in new people to do this stuff.
[01:08:44] Speaker B: Get Britney Spears and Emma Stone to do this a lot.
[01:08:46] Speaker A: No, I'm just saying, like, I couldn't think of any other actor name. I'm trying to think of, like, famous people.
[01:08:49] Speaker B: I didn't know if this was a thing.
[01:08:50] Speaker A: Yeah, they are actually.
[01:08:51] Speaker B: The spokespeople, Emma Stone is taking all my work.
[01:08:54] Speaker A: Scrub like Johansson, I guess, would have been a more topical choice because she had the issue with OpenAI. They used, like, a very, very similar version of her voice and didn't check with her. They asked her. They said, hey, can we use your voice as our AI model? They were gonna call it sky, and it was gonna be like a chat thing that goes along with chat GPC. She said no. Okay, fine. We'll just get a sound alike that sounds a lot like you and kind of make it seem like it's you, but it's not you. And so I think she and her lawyers came against him and they had to just discontinue the project, but.
[01:09:21] Speaker B: Well, that's interesting, because if it's not her and it just sounds like her, it's not you. Technically, it is not you.
[01:09:28] Speaker A: I would imagine the argument was probably. You're very clearly intending this to, like, you came to me, asked for permission, I said no. And then you're trying to be sneaky about this.
[01:09:36] Speaker B: Anyway, that's a, that's an interesting. I feel like there's a lot of gray area in there, though, because what if I just happened to sound like somebody that's famous.
[01:09:44] Speaker A: Yeah.
[01:09:45] Speaker B: Are they not allowed. Am I not allowed to get work because I sound too much like somebody?
[01:09:51] Speaker A: Yeah.
[01:09:51] Speaker B: As long as they're not trying to, like, fool anyone.
As long as they're saying, hey, this is not James Earl Jones, God rest his soul. Right.
And I just have, I just happen to have that James Earl Jones type voice.
[01:10:05] Speaker A: Yeah.
[01:10:06] Speaker B: I now excluded from working as a voice actor because my voice is too similar to his.
[01:10:11] Speaker A: That is interesting, right? It's an interesting point. I know that in this case, open air basically was just like, okay, fine. So I wonder if it was just not worth it for them to fight it. And they're just like, okay, but they.
[01:10:22] Speaker B: Probably don't need the bad press, right? Sure.
[01:10:24] Speaker A: Well, yeah, that too, because obviously you have certain people that are not great big fans of this, of this stuff. It's like that thing that I think meta did where they got, like, Kendall Jenner and all these people to lend their faces and voices to these, like, yeah, AI. And they, it's, she's not Kendall Jenner. Her name's Billy, but it's Kendall Jenner. And she was like, yeah, go ahead, use my likeness. I'm like, you idiot. Why would you do that? I mean, you're, it's not to insult.
[01:10:47] Speaker B: The, you've made a foolish decision not.
[01:10:48] Speaker A: To insult the Kardashians, but it's just like, dude, for other people, maybe you're fine with it, but the implications of what that means for other actors and other, other people in general, it just, yeah, I could go on, but that's why I wanted to bring this up, because I know we talk a lot about AI, and I know there are a lot of great uses for it, but more and more, I feel like we're seeing it used for stuff that it's like, you don't need to be doing that. This is just a, let's get it done super, super quick and use AI for it because it's the hot topic thing and the implications of it and how it's going to play out, like, years down the line. Like, nobody's thinking about that or not. Nobody. But the people that are making the decisions are not thinking about that. It's just, how can we make more money? How can we get this done quick? And who knows what that's going to look like in 510 years? And just, yeah, as a voice actor and as somebody that's not a big fan of the direction AI is going, pisses me off. So that's all I had to say about that.
[01:11:33] Speaker B: Sugar coat it. Tell us how you really.
[01:11:34] Speaker A: That's how I had to say about that. Amazon. Come on now, do better. But yeah, that was pretty much it for me as far as this little.
[01:11:41] Speaker B: Heck of a tech NATO today.
[01:11:42] Speaker A: Been a hecknado.
[01:11:44] Speaker B: A hecknado.
[01:11:46] Speaker A: Ps. Psnato, I guess. PSA. I think that was pretty much it, though, for any of the news that we had this week. Of course, there was a. I'm sure there's other stuff that will come up over the next few days. And so anything you want to see us cover in the future, we would love to hear from you in the comments what you liked, what you didn't like. Leave a like if you enjoyed the episode, subscribe so you never miss one in the future. And of course, we'll have new episodes every, every Thursday. We've got Wild West Hack and fest coming up. We'll be doing technical from South South Dakota Deadwood in October, so got that to look forward to.
[01:12:13] Speaker B: I like to go to East Dakota, but heard West Dakota's pretty awesome as well.
[01:12:18] Speaker A: Yeah, yeah. West Dakota, Mountain mama.
[01:12:19] Speaker B: Northwest Dakota, though.
[01:12:21] Speaker A: Mmm.
[01:12:21] Speaker B: That's God's country.
[01:12:23] Speaker A: That I believe. That I believe. So we are looking forward to that. And that's something to get excited about. That's going to do it for us, though, I think. Daniel. Ok, got anything else? Daniel's got to get on the road. It's almost lunchtime for us. So thank you so much. He hungers. He hungers. If you couldn't tell. Thank you so much for joining us for this episode of Technado. We hope you enjoyed and we'll see you back here next week.
Thanks for watching. If you enjoyed today's show, consider subscribing so you'll never miss a new episode.