Episode Transcript
[00:00:04] Speaker A: You're listening to Technado. Welcome to another episode of Technado.
I just totally had a brain fart. What am I supposed to say after that?
[00:00:13] Speaker B: Oh, stuff.
[00:00:13] Speaker A: Stuff. Something about I literally, like, the words were in my mouth and I lost them. We're sponsored by ACI learning, the folks behind it pro. You can use the code Technato 30 for a discount on your it pro membership if you so choose. We're not going to force you. But, hey, alarm twisting, the decent option.
[00:00:32] Speaker B: That's right.
[00:00:33] Speaker A: I was about to just start going into our first article, and then I remembered there's, like, I have to. I have to do that beforehand, so. And also there. This is a segment, so I can't just, like, launch into it. You got to introduce a segment. So it's an off day for me, guys, we're prepping for a hurricane right now in good old, usually sunny Florida, and there's just a lot happening.
[00:00:50] Speaker B: She's checked out mentally. That's all there is.
[00:00:52] Speaker A: So you can see I'm lacking my usual Celsius.
[00:00:55] Speaker B: She does not have the salesius.
[00:00:56] Speaker A: Not bring it today. I was driving here, and I was like, it's in my fridge at home.
[00:00:59] Speaker B: I go get you a monster right now.
[00:01:01] Speaker A: No, thank you.
[00:01:01] Speaker B: Come on.
[00:01:02] Speaker A: I don't like the fizzy ones. Be like that when I get Celsius.
[00:01:04] Speaker B: It's.
[00:01:05] Speaker A: It's. It's flat. It's non fizzy.
[00:01:07] Speaker B: I hear you.
[00:01:07] Speaker A: Peach green tea.
[00:01:08] Speaker B: So, listen, I. I do not. I don't like drinking soda a lot because I get really bloated really quickly, and I drink these and I drink the whole thing, and it does not do that to me.
[00:01:17] Speaker A: It's not really. So I'm not really. The bite of the, like, soda's fine in certain contexts. I just don't like. For whatever reason, it's like, that's too much for me.
[00:01:25] Speaker B: Really.
[00:01:25] Speaker A: I don't know why.
[00:01:27] Speaker B: Diet Coke, specifically. That junk is, like, super fizzy.
[00:01:31] Speaker A: Interesting.
[00:01:32] Speaker B: Super fizz.
[00:01:33] Speaker A: No, no. I avoided Celsius for a long time until I found that specific flavor, and now I'm hooked on it, so I forgot it today.
[00:01:38] Speaker B: I've never had one. I have tried.
[00:01:39] Speaker A: Yeah, I prefer that one. The peach green tea. Mango is, I would say the goat, to use a sports term.
[00:01:45] Speaker B: I hear you. It's like we're doing a commercial for these things. We are not endorsing.
[00:01:49] Speaker A: We're not sponsored by any energy drink.
[00:01:51] Speaker B: Talk to your doctor to find out which energy drink is wrong for you.
[00:01:55] Speaker A: And do not drink too many of them, they will kill you. So anyway, we have some fun stuff to get into today. We were kind of looking through our newsfeed and initially we were like, well, we're having a hard time finding stuff, but I did find a few things that stood out to me. You know, I'm gonna put my tinfoil hat on for today, so it should be interesting. But before we get into all that, we have the segment that we introduced a couple months ago that's been kind of our, our leader of these shows is breaking news.
[00:02:19] Speaker B: Breaking news.
[00:02:21] Speaker A: Awesome. Thank you, Christian. Love the sound effects. Sisa, sisa, C I S A. However you choose to pronounce it, flags critical avanti VTM vulnerability amid active exploitation concerns. Now, active exploitation, that's a little scary.
[00:02:35] Speaker B: Yeah. That means that like, it's actively being exploited.
[00:02:38] Speaker A: No?
[00:02:38] Speaker B: Yeah, I know, I know. It's hard to believe.
[00:02:40] Speaker A: So odd. 9.8 cvss score. That's fun.
[00:02:44] Speaker B: So yes, yes, always a good time when we see the nine point. Anything like nine and above really kind of should perk you up to go.
[00:02:54] Speaker A: Sets off some alarm bells.
[00:02:56] Speaker B: Tell me more. Yeah, I'd like to hear about this. Maybe I'm running some sort of avanti system.
[00:03:02] Speaker A: Could be.
[00:03:03] Speaker B: And this might be impacting me. So always. And of course it's a good reminder that we're not staying on top of our software doing assets, discovery and curation where you know exactly all the software that you're using, versions they're on, and staying abreast of what updates need to be applied and patches need to be applied and working with. If you're not doing that management, you're just basically asking because fun fact, this Avanti vulnerability has been out for some time.
[00:03:37] Speaker A: Oh really?
[00:03:38] Speaker B: And yet today as of. Right. Correct me if I'm wrong, September 25. There it is, right there. September 25, active exploitation. So this has been out a hot minute. There's the vulnerability in question, CVE 2024 7593, with a score of 9.8, which allows a remote attacker to bypass the authentication of the admin panel and create rogue administrative users. And then you can have all sorts of fun when you've got a rogue admin, you can kicking around in your system.
[00:04:12] Speaker A: It's possible. Yeah, yeah. It does sound like something that would, that would be of interest. So I guess it says there is a patch for. It is, as it was in several Avanti VTM versions that are listed here in August of 2024.
[00:04:25] Speaker B: So here we are in September.
[00:04:27] Speaker A: Yeah, I guess it's just people not patching right again.
[00:04:29] Speaker B: That's why I thought this a. It was something that I was a headline from today, and as soon as I saw it, I said, wait, what? I read about this.
[00:04:37] Speaker A: Like, I vaguely remember this.
[00:04:39] Speaker B: Not only did I read about this, I actually did a video on this on my YouTube channel, bada bing. Right there. Critical Avantivon.
[00:04:48] Speaker A: Wow.
[00:04:49] Speaker B: One month ago, right there, where I actually demonstrate how this works and how you can do the by the auth bypass against this system. It's like, why. Why is this what? Huh? Yeah, why are we talking about how this is actively being exploited still?
[00:05:06] Speaker A: Especially if you're one of the hundreds that viewed Daniel's video. You have no excuse.
[00:05:09] Speaker B: Yeah, yeah.
[00:05:10] Speaker A: You knew. You knew.
[00:05:11] Speaker B: All three of you.
[00:05:13] Speaker A: 300.
[00:05:14] Speaker B: Excuse me. Oh, I'm sorry. Yeah, yeah.
[00:05:15] Speaker A: 348, I believe, was the.
[00:05:17] Speaker B: God bless every last one of you for watching.
[00:05:19] Speaker A: Yeah, that's more views than I did on a table.
[00:05:21] Speaker B: That was the problem. Maybe not enough people were aware. Right? Again, it goes back to awareness. If you didn't know there was a critical vulnerability to your system, a, you gotta revamp your whole security mindset, right? Your operational security, because it's out there. You just gotta go update and do the update thing.
[00:05:41] Speaker A: Ignorance of the flaw is no excuse.
[00:05:43] Speaker B: Right. All right, you gotta do the thing. So if this is the first time you're hearing about this, it's been around for a while. Don't be a victim. Go do your updates now.
[00:05:51] Speaker A: This is round two.
[00:05:52] Speaker B: And, you know, of us talking about this and they mentioned this as well as like, in recent months, several flaws of affecting avanti devices have come to come under active exploitation in the wild. So it seems like they're really being targeted. Targeted.
It's become some threat actors hobby horse, I'm assuming some chinese threat actor, right? Hey, them are Russians. It's always them or the Russians.
[00:06:14] Speaker A: They just camp out.
[00:06:15] Speaker B: We see North Korea kick their.
[00:06:16] Speaker A: That's true. That's true.
[00:06:17] Speaker B: Kick their name in the ring.
[00:06:19] Speaker A: And we are gonna, I think, talk more about some. Some chinese attacks going on, some russian attacks going on later in the episode. You're right, it's always the same, like, there's like four or five nation states that it's like. It just comes down.
You never hear about like, you know, some random, like, oh, an interesting, you know, French, like, it's just not the French.
[00:06:38] Speaker B: Apt. Les incompetent.
[00:06:42] Speaker A: You never hear about that. You never hear about that. It's always, yeah, chinese, russian, maybe sometimes Iran, but yeah, it's rare to hear, like, Thailand apt. It just, you don't hear it. So anyway, that was our breaking news for today. This is now our second time talking about this flaw. So if you haven't patched, there's really, there's really no excuse for it. We do have some other.
I'm curious to see how you feel about this. Daniel Telegram has agreed to share user data with authorities for criminal investigations. Now, if you remember, Telegram came up, I think, recently, in the last few.
[00:07:13] Speaker B: Weeks because people was arrested in France.
[00:07:16] Speaker A: And people were saying that lazy, competent was very upset he was not doing his due diligence. Was their argument that his app was not doing his due diligence by encrypting this stuff, there could be criminal activity going on.
[00:07:27] Speaker B: What they were saying was, if I read it correctly, was that they did not like the fact that they didn't have any access to the encrypted stuff because it was encrypted.
[00:07:37] Speaker A: So there could be criminal activity going on. And that was the argument was you could be protected.
[00:07:40] Speaker B: Somebody told me, like, I think it was in the comments and when we covered that story, someone said, if you think the Telegram app is encrypted, think again. And then I did read articles that was like, well, it is, because if you go to their website, if you go to Telegram's website is like, it is encrypted.
[00:07:56] Speaker A: Yeah.
[00:07:56] Speaker B: And then I read a couple of articles that said, well, yeah, but. And then trying to make a case for it not being cryptid. It was, it was a lot of very semantics to why it wasn't encrypted. And maybe that's true. It was hard to follow. Not everybody's a great writer, and that's cool.
And now here we are talking about them again. And then they came out, I think it said, we're adding more encryption.
Right. It was, it's been a, it's been a wild ride over at the telegram office, I think so.
[00:08:27] Speaker A: They have always said that, at least for, you know, a long time, they said that they'll turn over data or whatever, or communications or user information, I guess, if there is a suspect terrorist threat. If there's a terrorist threat, that was previously the standard. Now it's a valid legal request or a valid order from judicial authorities that confirm you're a suspect in a case involving criminal activities.
[00:08:49] Speaker B: So that's called obeying the law.
[00:08:51] Speaker A: Right.
[00:08:53] Speaker B: If the current legal system that you are under, that has jurisdiction over you, if they provide you with subpoena or a warrant for the information that you have, you have to comply.
[00:09:04] Speaker A: Yeah, right.
[00:09:05] Speaker B: That's. That's just how it works. If you don't, now you are aiding and abetting and in some capacity. I don't know what the legal ramifications technically would be. I'm not a lawyer, but if. If a legal entity comes to you with legal documentation saying, you are required by law to give me information that you have, I don't know how this wasn't always their stance.
[00:09:33] Speaker A: And that's the thing is. Yeah.
Previously it was just, if you are a terrorist suspect, we may disclose your ip address and phone number to relevant authorities. And now it's. If we even get a request, I guess that would be a subpoena. They never used the word subpoena.
[00:09:46] Speaker B: So what you're saying is that before they were basically like, we're not giving you anything about anything unless we feel like it.
[00:09:52] Speaker A: Unless a court order confirms you're a terror suspect, specifically.
[00:09:54] Speaker B: So. Okay, so it was a court order.
[00:09:56] Speaker A: That confirms you're a terror suspect.
[00:09:57] Speaker B: Okay.
[00:09:58] Speaker A: Which to me is more.
[00:09:59] Speaker B: That's like.
[00:10:00] Speaker A: But to me, that's a little more serious than just a case involving criminal activity.
[00:10:04] Speaker B: A court order confirming that doesn't make any sense.
[00:10:08] Speaker A: That's the wording that they use.
[00:10:09] Speaker B: Yeah. That's really weird language. A court order confirming that you're a terrorist suspect. I don't know if that's just the writer of this article or is that like a clipped out of something?
[00:10:20] Speaker A: Previous version of its policy limited user information to sharing two cases involving terrorists. Right here it says. Yeah, it says it's in quotes.
[00:10:27] Speaker B: Pull that up.
[00:10:28] Speaker A: Previous version. Yeah, it's right here. A previous version of it.
[00:10:30] Speaker B: I can't see it.
[00:10:31] Speaker A: No, no, I know. I'm saying, I'm saying I got it highlighted so it's easier to see.
[00:10:34] Speaker B: Yeah, yeah, yeah.
[00:10:35] Speaker A: A previous version of its policy. So this is tell one of Telegram's previous.
[00:10:38] Speaker B: If Telegram receives a court order confirms your terror suspect, we may disclose your ip and your phone number. So this was the previous version.
[00:10:48] Speaker A: This was a previous version of its policy.
[00:10:50] Speaker B: So now doesn't seem to be much different this other than if they receive.
[00:10:53] Speaker A: A valid order that confirms you're a suspect in a case involving criminal activity.
[00:10:57] Speaker B: So I don't know how this wasn't always their policy.
[00:11:00] Speaker A: Well, I'm just. I wonder how exactly. What does that mean, criminal activity? It says that violate the terms of service. So I don't know. I mean, if they suspect that I, like, shoplifted and, you know, sent a message to somebody about it, does that mean that I'm a suspect involved in criminal, like, you know, something like that, where it's maybe not as serious of a crime.
[00:11:18] Speaker B: Honestly, I only know how us like, to very low extent how us law works, which is if you are suspected of a crime and they want to gain evidence that would normally be protected, they have to go to a judge, right? Present the evidence that you have, you. So you have to have some types of evidence that connects you with said crime. And then a judge would say, okay, there seems to be enough evidence for you to obtain a wiretap or go and gain logs, server logs from communications channels that they used. And now you can present that to the provider. The provider now is compelled by law to turn that over. But you have to prove it's not just like, hey, we suspect them, right? That's not how it works. Not here, at least not since I was supposed to.
[00:12:02] Speaker A: Well, right, like getting a warrant to search somebody's place.
[00:12:04] Speaker B: Like a warrant.
[00:12:06] Speaker A: You can't just say, we want a warrant to search this guy's place and he's just Joe Schmo just coming home from work. Like, you can't, you can't do that. There has to be some reason, provided, I guess, unless you're a corrupt judge issuing the warrant. But like, which is possible. But yeah, in this case, it doesn't seem like it's much different than a virtual version of that, where you've got.
[00:12:22] Speaker B: To be able to justify, and this article is kind of languaged in a way to say like, haha, now telegrams less secure or whatever. I don't know if it is or isn't. All I know is that if they've been compelled by law, how do you find fault with them?
[00:12:40] Speaker A: Well, yeah, there is a section that talks about, basically frames it as saying that it's a haven for cybercrime. It says, this is a major thing for the company that has refused to police the platform for years, turning it into a major haven for cyber crime.
[00:12:52] Speaker B: So almost saying like right there, the refuse to police the platform.
[00:12:56] Speaker A: It's a journalist.
[00:12:57] Speaker B: I mean, I get you, but hey, this is the article we're dealing with. So if they are building a platform that is designed for the purposes of creating a haven for criminal activity, then yeah, you gotta shut them down, right? That's a problem if they just have an encrypted platform and you don't like it because criminals abuse the platform and you want that owner of said platform to basically violate their own principles of privacy for their users because you're like, well, there's terrorists in here and there's people using it. Yes, I'm sure there is. Get a warrant for those people and I will give you that information.
[00:13:35] Speaker A: All right. You could make that argument about, like, I don't know, pedophiles use Roblox. They get.
[00:13:40] Speaker B: Absolutely do. Yeah.
[00:13:41] Speaker A: Roblox getting shut down, it's like, that's not. You're gonna have, you know, bad people.
[00:13:46] Speaker B: Roblox doesn't say that they.
[00:13:48] Speaker A: Right.
[00:13:48] Speaker B: You know, saying.
[00:13:49] Speaker A: Right. Yeah. Well, any. Yeah. Like social media, there's a haven for it. Yeah, yeah, that's true. If it is, you could, you could, in theory, use any platform to do bad stuff.
[00:13:58] Speaker B: Yeah. Why are they being targeted specifically? Yeah, because it's common. Is it common, like, again, what's the proof to this? I'm not saying there isn't any.
[00:14:09] Speaker A: Well, you just wanna see it.
[00:14:10] Speaker B: You know what I mean? This, I hate articles like this, honestly.
[00:14:13] Speaker A: Well, and if it's almost like a telegram in the past has been like, well, no, we're not gonna, you know, this. We're gonna protect our users information. Cause this is what we said we're gonna do. Oh, well, what are you hiding then? Well, why do you want to, why do you want to protect if you have something to hide? And it's like, that's not really a valid argument.
[00:14:28] Speaker B: It's because once I just start ripping the privacy off of my users for any old whim that you might have, then it's not really a privacy platform at all, even in any sense. Right. That's like saying that was like when the government wanted to have.
So when PGP. PGP, pretty good privacy, right. When it was developed, the government wanted to say that it was illegal for people to encrypt their data because they couldn't see what it was and follow their activity. And they actually, like, I just listened to whole darknet diaries on this, actually. It was really crazy. They tried to make it basically like a weapon.
They basically called it like a weapon or something to that effect. And then there was legal cases, right, where the, the guy who created PGP published it in a book, the source code.
And that's what made it not a weapon. It was 800 pages. Yeah, it was crazy. Right? And that was how they won that fight with the government, because the government wants to read everything you do, and you can say, well, I don't have anything to hide until they decide whatever it is you thought was innocuous is illegal.
[00:15:40] Speaker A: Yeah.
[00:15:41] Speaker B: Right. Because that's never happened.
Right.
[00:15:44] Speaker A: Yeah.
[00:15:45] Speaker B: Right.
[00:15:46] Speaker A: Yeah, I think, like you said, it doesn't seem on its face to be that big of a revelation as far as like, well, yeah, if somebody's a suspected criminal and there's a subpoena that's issued and. Da, da, da. Of course you're gonna turn over that information if you're a, you know, a platform like this. But maybe because telegram has been at the center of so much recently and because they've always made it their thing to be like, no, this is encrypted. It's protected.
[00:16:06] Speaker B: Probably being mostly targeted because their guy is a Russian and they have offices in Russia.
I would assume there is some political bend to this.
[00:16:16] Speaker A: Yeah, yeah. Seems like that's always the case. There's always a chance that there's some kind of a. Yeah.
[00:16:21] Speaker B: And I'm not. I'm not either defending or.
[00:16:23] Speaker A: No, but it's just anything that majors.
[00:16:25] Speaker B: These are the fact, like, I'm trying to figure out the facts of this. Yeah, my. My feelings don't care about the facts.
[00:16:33] Speaker A: Well, we'll move on to the next one we've got here. This one's about a interesting spin on a phishing tactic hackers mimic as companies hr to trick employees. And this article kind of talks about, you know, you maybe receive an email says, hey, there's been an update to the company handbook and you got to go in and read this and da da da. And, I mean, if you're in a company that's maybe undergoing a lot of changes or whatever, I could see somebody being like, oh, crap, I better go in and sign this or I better click and read this and make sure I acknowledge that I saw it and not even thinking about it because it's not framed as the typical phishing emails we get about act now on this deal. Or, hey, you're, you know, the prince of Nigeria wants send you some money or whatever.
[00:17:11] Speaker B: You know, this is a very interesting article. A, it points out the fact that attackers out there are constantly evolving their tactics. They are constantly looking for. And what do they look for? They look for things that you're either going to implicitly trust or implicitly be afraid to not interact with. Right? And sometimes they get the double whammy. And both, like, I trust this comes from my company because everything looks legitimate except for the big yellow banner at the top that says, this came from outside of your company. Yeah, I don't know how we missed that.
[00:17:45] Speaker A: Oh, no, no, no. We changed services, that's why.
[00:17:46] Speaker B: Oh, yeah, it's no big deal.
[00:17:47] Speaker A: It used to be hosted on Glorp and now it's on goop. Yeah, it's the new website, so that's why it comes from outside the company.
[00:17:53] Speaker B: Just click the damn link, download the handbook, or you'll be fired.
Right. But to see them move to these tactics and of course, you know, they're, they're getting better at formulating and formatting their social engineering attack, their fish that they're using to make it look good, to have good grammar and everything, to actually really represent something that might actually come from your organization.
[00:18:21] Speaker A: The only thing I think that, I mean, obviously, if you look at the email address, I'm sure that would give some things away. But as far as the way it's phrased, I kind of skimmed through this and I couldn't note any glaring, you know, the typical things you look for, grammatical and spelling mistakes and things like that. The only thing that's a little weird to me is the warm regards, human resources. First of all, most human resources.
[00:18:42] Speaker B: Most human resources don't give a damn about you.
[00:18:44] Speaker A: Well, the fact that, yeah, it's not signed like I would think, and maybe this is just my limited experience, but I would think it would be signed by somebody that works in HR specifically that deals with this kind of stuff, or half the companies now, they're not even called human resources, it's people in culture or something like that. So it's a different name. So I have to wonder if we'll continue to see updates to formats like this to match the ever evolving world of human resources. But that was a little weird to me. Warm regards, human resources. Yeah, just very vague.
[00:19:09] Speaker B: And, you know, you bring up a good point though, is that when you're looking at emails that you receive that either legitimately or maybe illegitimately, and you're trying to discern, is this legitimate or nothing? Looking for any oddity in the language that's being used, is that normal to your workspace culture? Is that the thing? Maybe they're a really good threat actor and they've done their homework and it is. But if you're not paying attention to stuff like that and you just think, well, yeah, let's just conversate. I guess someone decided to say warm regards this time. You know, uh, have, have better optics with the rest of the company. Okay, that may be the case, but I honestly, this is a business where cynicism pays. Be cynical of everything you receive. I hear it a lot around here about how I don't check my team, I check them. I don't trust anything that comes in I gotta be honest with you.
[00:20:09] Speaker A: Yeah.
[00:20:09] Speaker B: I trust nothing. I click. No links. I'll do any of that. I just don't do it. It's a simple way. It's garbage. Just, yeah, if it's important, I'll hear about it throughout the company. Everybody will be like, oh, yeah, we got that meeting on Thursday.
[00:20:25] Speaker A: Right?
[00:20:25] Speaker B: That was legit. Cool. I guess I'll see you on that meeting on Thursday.
[00:20:29] Speaker A: One. Anytime that, at least for us. I know. Anytime there's any kind of an email somebody receives that does look a little odd.
[00:20:33] Speaker B: Yeah.
[00:20:33] Speaker A: People are. We have, like a channel set up here to where you can send, hey, here's a screenshot of this. Is this legit?
[00:20:37] Speaker B: This real?
[00:20:38] Speaker A: And more often than not, it's like, yeah, no, that's phishing or whatever. Or, yeah, you can ignore that, delete it. It's spam or whatever. I. But sometimes it is like, yes, that's. We're working with a new company to do X, Y, and z. I'd rather be like, a little annoying in double checking this stuff than click on something and be like, by the way, we're compromising. It's my fault. Like, you just never know.
[00:20:55] Speaker B: Amen, sister. Right? Like, I totally. I love hearing what all of that that's coming out of you. Set up a channel for confirmation. So anything that you receive, you can say, here's a screenshot. Not the actual thing.
[00:21:07] Speaker A: Right?
[00:21:07] Speaker B: There's a screenshot of something I received. A text message, a teams message, an email. Is this legitimate? And then everybody can just kind of check that throughout their day or. And see, oh, yeah. Oh, yeah, I sent that. Especially the people that are going to be in charge of things like HR, finance, that kind of stuff. It should be part of their job description to monitor for those things. They should get an alert saying, hey, someone put something in that channel and you can't turn those alerts off. Yeah, that should be policy that those alerts are coming to you and you cannot ignore them. You must put eyes on it. And like, I saw this.
[00:21:43] Speaker A: Yeah, it has to register, you know, red at 315 or whatever.
[00:21:46] Speaker B: Correct. Yeah, correct. This is going to be helpful because, listen, look up.
What is the number one way? What is the most common way in which a data breach occurs? I see Sophia is fervently typing. Let's see. I'm going to. I'm going to. I'm going to throw money on the table. That has something to do with people, that the attacks come through people. Right.
[00:22:09] Speaker A: Number one is weak and stolen credentials. So if you're making your.
[00:22:14] Speaker B: So who makes these creds?
[00:22:15] Speaker A: People.
[00:22:16] Speaker B: People. Right.
[00:22:17] Speaker A: Then backdoor application vulnerabilities, malware and social engineering are the next ones.
[00:22:21] Speaker B: Right.
[00:22:22] Speaker A: And then too many permissions. So a lot of stuff that's either directly caused by employees or users or configured, you know, if you've got weak permissions or too many permissions, a backdoor.
[00:22:31] Speaker B: Application, how's that going to install a person? A person goes, I want to install this. Yeah, right?
[00:22:36] Speaker A: Yeah.
[00:22:37] Speaker B: So we have to basically put rubber bumpers around all the sharp edges and plugs in the light sockets and foam the floor and foam the walls so that our users can bounce around as safely as possible because they are. Anybody out there that's got a toddler, right. You know, if you stick that toddler in a room and they've started to walk, they now have mobility.
You could have toys in this corner and, you know, cocomelon or whatever going on in that corner and then an open light socket over in that corner that's kind of obscure and you can't even really see it. They have the 6th sense and they scan the room and go, cool, that'll kill me, and then make a beeline for it. I don't know how they have this, but this is. Anyone with a toddler can detest that. This is empirical fact, right? They do not care about the toys or the videos or all the stuff you set for them that is safe. They find the thing that will hurt them and make a beeline for it. Our users are no different. So we, as the parents in the it and security departments, have to make the most safe environment possible for them.
So setting up a channel and touch telling them, hey, anything, I know you're not going to be perfect at that. And it's okay if you're not, right? We're going to continue to try to teach you and mature you in this.
And we're never going to blame, we're never going to victim blame on this. All we're going to do is make it a learning opportunity so you are in a safe space here to fail your way forward. Hopefully, though, the learning is going to take in. Don't just be stupid, obviously, don't be whatever, and live that life.
But we've tried to give you avenues to confirm this is legit. Don't just click things.
[00:24:34] Speaker A: And if something happens, like you said, it's not like we're gonna throw you in the stocks and publicly shame you. You click the link.
[00:24:39] Speaker B: We've got work to do.
[00:24:40] Speaker A: Maybe you get some training or something. But we're not gonna, like, publicly point and laugh. Point and laugh.
It's more important that we're concerned about learning and protecting the, you know, our organization or protecting our people. So I think. I think we've got time for one more before our break. You think?
[00:24:58] Speaker B: Yeah. Yeah, we got time.
[00:24:59] Speaker A: This, this one, I had some fun. This one.
[00:25:03] Speaker B: So hot take, baby.
[00:25:04] Speaker A: Yeah. So, yeah, y'all probably remember us talking about Kaspersky several times in the past, especially in the past few months on this show, because recently, if you didn't know, it was banned, I guess, in the US, right? I. Due to potential security concerns. So in the latest development, Kaspersky deletes itself and installs Ultra av antivirus without warning. Now this, I believe, applies to Windows users and for Mac and Android users, they're supposed to get an email that tells them how to install this new one. So Ultra AV is supposed to be the replacement. Kaspersky is selected, since you can't have Kaspersky software on it anymore if you've got a us license. So starting Thursday, they deleted their own software. Self self uninstalled, right? And then suddenly there's this new software on your computer. So people were logging in the next morning and, oh, well, that's weird. Ultra AV, I didn't download that. Let me uninstall that. And in some cases it worked. And in some cases, they would then reboot and it would be reinstalled. So they couldn't even uninstall it. So they're thinking that's a problem. Oh, God. This is malware, right? This is. It looks like antivirus, but it's malware. It's not. But this is still weird to me. I was starting to read a little bit about Ultra AV because I've never heard of it. Ultra antivirus, new to me, but maybe I just don't know, right? Says Ultra AV, owned by a company called Tango group Pango. And I was like, I never heard of either of those things. Maybe I'm stupid, right? Maybe I just missed the boat on that one. Tried to find some information, didn't have a ton of luck. Um, I did find. I also found, like, several forums where people were like, what the hell just happened? Why did this happen? And most people were like, this sucks. Uninstall it. I'm not speaking for ultra Av. I've never used it, so maybe it's great, I don't know. But the general consensus from people that had this forcibly installed on their machines, they were like, this sucks. Like, they should have gone with Bitdefender. I'm uninstalling it and going with Bitdefender. Don't keep it. Not worth it. So this is a little weird to me, Daniel. It's. Is this normal? Like, does this seem speaker zero? No, I didn't think so.
[00:26:54] Speaker B: Well, there's a lot of not normal around the story. Like the fact that Kaspersky has been sanctioned by the us government to say you can't do business here. That is. I'm not saying it's right or wrong. What I'm saying is it's nothing. It's not normal.
[00:27:06] Speaker A: Yeah.
[00:27:07] Speaker B: That is not the average thing that occurs. It does happen from time to time. It has happened in this case. So it is a bit of an oddity.
What's really not normal is Kaspersky's plan right to go.
Let's just kind of assume Kaspersky has pure motives because they have said we didn't want to leave our customers without a witness. Right. They. They wanted to make sure that when the sanctions finally took place and fully and completely, that they were not left unprotected, that their intention was to just put something on there that they thought was good as a viable alternative to the thing.
Cool. Right. We can applaud that.
Well, you know, what do they say about the road to hell?
[00:28:05] Speaker A: Pave with good intentions.
[00:28:06] Speaker B: Paved with good intentions. Right. So while that is commendable, that you don't want your customers to have a gap in coverage for their systems to be vulnerable at any given time, because you. You really value them.
You don't force that.
What you do is you say you make a big campaign that they cannot get away from about. We will no longer be able to service you. Here is our suggested replacement. Should totally. Let me show you how to go get that installed. You can go ahead and install Kaspersky now.
Don't wait.
We will not be able to cover you, so you should be migrating as we speak. If you don't like Ultra AV, that's totally fine. Go find a vendor that covers your bases and do it now because we will not be able to cover you. That seems like it would have been a better plan of action and not just Yolo. We got you, Joe.
Cool. You kind of do. But I don't really like Ultra AV or I can't get it uninstalled and there's. Or I can't install it at all. I mean, I would assume that the people that, you know, with the Mac OS users and that they couldn't auto install it?
[00:29:22] Speaker A: Probably not. Probably there were measures in place that prevented that from happening, maybe.
[00:29:26] Speaker B: Right? And so they were left with instructions for installing it.
[00:29:29] Speaker A: So supposedly these users got an email the first week of September that said, hey, Kaspersky is going bye bye, we're not gonna be, we're not allowed to be here anymore. We've been told to go home. So hey, Ultra av is here to help. And sometime later in like mid September, I think it gave a pretty vague deadline or timeline for it. This will be installed on your machine, but for Mac and Android users it was. You'll get another email that has a link that will take you to install it. Now if I got an email from an antivirus provider that I had never heard of that I tried to look in like archives and stuff for any kind of news article, any kind of a publication talking about Pango group, supposedly the owner or whatever, the parent company or this ultraviolet Ultra av Ultra VPN thing, could not find anything except this stuff about Kaspersky that's been coming out over the last couple days.
[00:30:16] Speaker B: Yeah.
[00:30:17] Speaker A: So that's odd. If I can't find any kind of paper trail on it, I've never heard of it. And every review that I can find of it is either very clearly manufactured or it's negative. I'm probably not gonna click the link in that email. Like, it just. None of this seems to make sense to me.
[00:30:30] Speaker B: Yeah, ultimately, I mean, what I would do is I would just look up Ultra AV and see what it was. Right.
[00:30:36] Speaker A: Right.
[00:30:37] Speaker B: Cool. Is it a legitimate piece of software?
[00:30:39] Speaker A: So there's also four people that had Kaspersky. There is a landing page that there was the link that was included to take them to Ultra secure AV is what the URL says. So it's not the same that's from.
[00:30:50] Speaker B: Kaspersky or that's Ultra av.
[00:30:52] Speaker A: This is Ultra Av. So this is something that came included in the messaging from Kaspersky. This is the. Hey, welcome Kaspersky users. Hey, don't worry. And part of the reason that they claimed that this is why they were transitioning or the company they were transitioning to is because the pricing would be the same, the billing would be the same.
[00:31:05] Speaker B: Gotcha.
[00:31:06] Speaker A: And they said, oh, a lot of the services are the same or similar.
[00:31:09] Speaker B: Yeah.
[00:31:09] Speaker A: So they have a list somewhere down here. Oh, we also provide antivirus protection, application control, security. Now some of the stuff they don't provide, they don't have webcam protection, online payment protection. So if that's important to you, that's something to note.
[00:31:19] Speaker B: But there's a couple of things that do provide the Kaspersky does not.
[00:31:21] Speaker A: Identity theft insurance. Okay, cool. Some stuff that they have that. Yeah, Kaspersky didn't. But I can go to, like, you know, a steakhouse. Right.
[00:31:29] Speaker B: The question is, is ultra av a legitimate software suite?
[00:31:33] Speaker A: Is it. So it's. It's not like malware. I mean, it is.
[00:31:35] Speaker B: That's what you want to know, right. Step one.
[00:31:37] Speaker A: But I think it's. You can say that it provides the same service.
[00:31:41] Speaker B: Right.
[00:31:41] Speaker A: I could argue that going to a brazilian steakhouse. Well, they have the same food that I could get at cracker barrel. I could get a steak at the brazilian steakhouse, or I could go to cracker barrel and get a steak there. Is the steak at love cracker barrel. Is the steak at cracker barrel gonna be the same? No, it's the same product, but it's not. So that's kind of the sticking point with me is, yes, ultra AV provides all the same stuff as Kaspersky. But is it the same point of quality? Is my question.
[00:32:06] Speaker B: Good question. Well, you have to do your research. And that's why I. Step one from Kaspersky would have been the moment they were told by the us government, your Persona non grata, you can't work here anymore. They should have been massive campaign. I don't know whether they did or not, because I'm not Kaspersky.
I don't use their product. I have in the past when I did that kind of stuff. And I will say when I worked with it, it was awesome. So I would be very upset if I have a product that I liked and trusted, and now I got to go find another thing. But, hey, that is the world we live in. And go, okay. Kaspersky has told me I'm going to lose my service with them. I would immediately start looking at other vendors. I'd be looking at Sophos. I'll be looking at Symantec. I'd be looking at, you know, crowdstrike and all the other stuff out there and the pros and cons and figuring out, well, now that Kaspersky's off the table, yes, they have suggested ultra av. Let me take a look at them as well. And I'm going to do my own analysis.
[00:33:04] Speaker A: Right.
[00:33:05] Speaker B: And. But you don't push the software onto me and go, there you go. We helped you. Yeah.
How you help. Yeah, don't do that. That. That does not. That is not a helpful thing.
[00:33:20] Speaker A: It doesn't have the same reputation that, like, Kaspersky or Bitdefender or whatever has. So it's. Anything that I could find on it, any forums, there's like Reddit threads and stuff about it. Everybody is like, hmm, it's, you're better off using the windows, you know, defender stuff. This is not bad. It's a pos. Don't, don't, don't use it. So it just, I have to wonder, what was the impetus for Kaspersky to go with this specifically? Like, why?
[00:33:45] Speaker B: Yeah, what's the real question?
[00:33:47] Speaker A: What was the reason? What was the reason? So, yeah, I couldn't find anything else other than Pango's.
[00:33:51] Speaker B: It was probably price.
[00:33:52] Speaker A: You think so?
[00:33:53] Speaker B: Right. If I had, if I had to put my guess on anything, it would most likely be the price. And they offered similar services at the same price.
[00:34:00] Speaker A: Yeah, right.
[00:34:02] Speaker B: If, again, this is just a guess. Could be a Maria could be a part of it.
I'm. Maybe the other better defenses are much more expensive.
[00:34:15] Speaker A: Yeah, right. Could be. It could be.
[00:34:18] Speaker B: And was this like a trial version of Ultra AV or did they become Ultra AV customers?
[00:34:23] Speaker A: It's, it said all of your billing and stuff will transfer over. You don't have to do anything.
[00:34:28] Speaker B: It's all the same right there, man. I would not have been happy with.
[00:34:31] Speaker A: That because I agreed to share, if I'm a Kaspersky customer. I agreed to provide my billing information stuff to Kaspersky.
[00:34:38] Speaker B: I didn't agree to Ultra Av getting that stuff.
[00:34:41] Speaker A: So that's whether they had done Ultra Av or whether they'd done bitten or whatever, it doesn't matter. I don't have an agreement with them. So you have to let me know who that's. You can make your recommendations and you can provide instructions. Hey, if you want to go with this, this is what we recommend. But like you said, you shifted into.
[00:34:53] Speaker B: A new gear with that information. Okay, well, the fact that they took your information and gave it to another company installed and you are now being billed by them.
Uh uh. No, no. That's, that's not how we do things here. Uh, yeah, yeah. Again, this was just a bad move all the way around.
[00:35:13] Speaker A: I would agree. I would agree. The idea was that you wouldn't experience a gap in protection. But to me, it's like, that is.
[00:35:18] Speaker B: Not a good enough excuse.
[00:35:19] Speaker A: Then a month prior, you should have said, on this date, on this date, on this date, and they kind of did. They sent out a notice that Kaspersky was going to be.
[00:35:26] Speaker B: You know, honestly, I cannot think of an excuse that they could come up with that would justify this action.
[00:35:30] Speaker A: But I'm saying if their concern was a gap in protection, yeah, then, okay, then just inform me so that I.
[00:35:35] Speaker B: Can make sure there's no gap in my protection.
[00:35:37] Speaker A: Yeah, let me make sure there's no gap in my protection. And if I don't, then that's on me at the end of the day. So I thought it was weird. I could not find anything other than their official website, Pango's website and the Ultra AV website. There were no, like, formal reviews on it other than the ones listed on their site. That didn't take you to any kind of a page. It was just like, yeah, we got five stars, don't worry about it.
[00:35:55] Speaker B: So feels like this was them just throwing the double birds at the us government for doing what they did.
[00:36:01] Speaker A: And somebody even said they lived in Australia and that theirs was affected and they were like, well, I'm not a us customer.
[00:36:06] Speaker B: Yeah, but they're now lie and, yeah.
[00:36:08] Speaker A: Yeah, there you go.
[00:36:09] Speaker B: And so somebody in for a pound.
[00:36:11] Speaker A: There was some representative that responded that was like, well, maybe you're using a us license, who knows? So that could have been it. That could have been part of it. So anyway, that just the fact that Kaspersky deleted itself, I'm like, that's not really surprising. It was the new installation and the fact that there was like seemingly no information.
[00:36:24] Speaker B: That's weird.
[00:36:24] Speaker A: On the replacement. That stuck out to me.
[00:36:26] Speaker B: So I gave them their information.
[00:36:28] Speaker A: Yeah, told you we'd talk about russian stuff. I told you. Yeah, it would happen. I also don't know where Ultra AV originates. The pango whatever group. No clue where that company originates from and couldn't find anything on the site. So interesting stuff. A little bit shrouded in mystery. Anyway, so we've got 1234, we got five articles left. You want to wait and cover those after the break? Yeah, okay, cool. We'll take a quick break, maybe I'll go on Denis Celsius, who knows? But we'll be back with more tech news after this.
[00:36:52] Speaker B: There's a new CCNA in town, and.
[00:36:54] Speaker A: Here at ACI learning, we've got you.
[00:36:56] Speaker B: Covered with a brand new CCNA version.
[00:37:01] Speaker A: This course covers the theory that you need to succeed as well as the practical, hands on application of technologies. You're going to learn network fundamentals, network access technologies, IP connectivity, IP services. Don't waste any more time. Get signed up for the new CCNA here at ACI learning.
Thanks for sticking with us through that break. If you're enjoying the episode so far, maybe leave a like comment. Let us know what you're enjoying, what you want to see in future episodes. Give us your thoughts. We like to read them and maybe even consider subscribing so you never miss an episode of Technado in the future. That being said.
What?
[00:37:51] Speaker B: Funny the way you said it in the future.
[00:37:53] Speaker A: Yeah, well, you know, I mean, if.
[00:37:54] Speaker B: You like it, we're just talking about the future and apparently it's dumb. You might.
[00:37:58] Speaker A: Might as well tune in every week, right? I mean, if you're enjoying it now. Yeah, you might.
[00:38:02] Speaker B: Like, according to Jason X, the future.
[00:38:04] Speaker A: No way is bleak. He's not a. We're on. Kind of like a scary case.
[00:38:09] Speaker B: I know.
[00:38:10] Speaker A: I've got my skeleton shirt. He's got his right there. So. And he was talking about how he's been watching the Friday the 13th franchise anthology, so to speak. So maybe is Halloween next for you, you think?
[00:38:20] Speaker B: Yeah, I think Halloween is next.
[00:38:22] Speaker A: Yeah, it's about that time. It's almost October.
[00:38:23] Speaker B: And then I'll do nightmare on Elm street stuff.
[00:38:25] Speaker A: Yeah. Yeah. Okay. And maybe you'll revert back to predator and alien and stuff. Cause it's. They're still scary, but not like they're not horror films, slasher type.
[00:38:33] Speaker B: They're more. Right, like Sci-Fi suspense. Except for aliens, which is more of a. An action film.
[00:38:40] Speaker A: Oh, okay. Yeah, that's the one you had me watch, right? Yeah, I think so. Okay. Yeah. For that reason. Anyway.
[00:38:45] Speaker B: For that reason.
[00:38:46] Speaker A: So getting back to our tech and security news, chinese hackers exploit Geoserver flaw to target AIPAC nations with Eagledore malware. Eagledor in all caps. I mean, you have to yell it eagle door.
So it's like a matador, but for eagles, it's a suspected apt originating from China. We were just talking earlier about how a lot of these apts that pop up a lot seem to come from China, Russia, Iran. It's usually the same several places, but in this case, they are targeting AIPAC nations with a Geoserver flaw, so. Damn. Maybe you can expand on that a little.
[00:39:20] Speaker B: Asia Pacific.
[00:39:21] Speaker A: Asia Pacific. But Geoserver being. I don't know that I've heard of.
[00:39:25] Speaker B: That before, so you probably haven't. Geoserver is a software that allows you to kind of like, does like geolocationing. And so I messed around with it. Fun fact, I actually did a YouTube video on this.
[00:39:39] Speaker A: No way.
[00:39:39] Speaker B: I did. Like, how many days? I still have my YouTube up here. Twelve days ago. Geoserver Rce. There it is right there. Bada bing.
And I walk you through how to actually built a custom exploit for this using Python. And it was a lot of fun. Apparently 455 chinese people saw it and went we should do that.
Which I did not condone. I told them not to.
[00:40:07] Speaker A: You put the disclaimer I did, but.
[00:40:09] Speaker B: This is more of just proof of concept and understanding. But they went out and the only reason I made that video is because there was already poc on the, on the interwebs. I wasn't the first person to kind of show this, but it's just interesting how we have to stay on top of this now. That being said, of course, Patch, go. Now if you've got Geoserver and you're using it and you have these vulnerable versions of it, you need to update. So go ahead and do that.
But ultimately this was a really interesting article as far as the timeline goes and what they're doing and how just, just seeing those techniques and tactics and procedures that apts are using to learn more about how this is happening. So we can probably build better defenses on this. And some of the stuff was really interesting with the type of squatting that they did. Did you see any of the typos? Did you look at this article at all?
[00:41:05] Speaker A: Well, I looked a little bit at the map that they have here of like initial access and everything.
[00:41:11] Speaker B: And that is good. You should definitely check that out because it shows you how these things kind of propagate. This is a. Can I. Yes, thank goodness I can click on it. There we go. So choosing, you know, t 1566 spear phishing attachment that contains the attachment which contains this decoy MSc that gives them command and control as well as defensive asian and showing this is all the mitre, ATT and CK stuff. If you're looking to get into security, these are the kind of things that you need to be aware of. And now if I wanted to emulate this threats, I could take all these pieces from the mitre, ATT and CK framework, build the threat and do threat modeling based off of this type of thing.
[00:41:51] Speaker A: This research, the type was quoting stuff. Is that where s three? Cloud Azure s two. That's interesting because s three is an Amazon service. You're getting it, you're getting it, so why would you. And then s two, I don't even think is a service.
[00:42:03] Speaker B: It's not even a thing.
[00:42:04] Speaker A: Yeah, so I could see maybe misreading s two as s three, but to see s three and Azure in the same, would that not set off alarm bells for, I guess if you didn't know.
[00:42:14] Speaker B: So I watched a documentary one time.
[00:42:15] Speaker A: Yeah.
[00:42:16] Speaker B: And it was about the New York Islanders. Yeah, the New York Islanders, the hockey team.
[00:42:21] Speaker A: Okay.
[00:42:22] Speaker B: There was a guy who bought the New York Islanders and he didn't have any money.
He and all he, how he bought it was through lying and telling people, I have the money. I'll transfer it to you. Oh, there's a problem. And they were interviewing him. He said it got to where I felt so capable of lying to them. They were so incompetent, the people that I were dealing with that I just started making up the most elaborate, unbelievable lies to see if they would continue to believe it. And they did.
To me, it feels like saying s three azure is like, are you even paying attention at all with this? And even in the slightest, because as soon as someone were to have seen this, they would have been like, s two azure.
[00:43:16] Speaker A: What, what is this new like?
[00:43:19] Speaker B: I mean, I'm not saying that that's the case. I'm just saying it's what it feels like to me.
[00:43:23] Speaker A: Yeah.
[00:43:23] Speaker B: It was so blatantly not right.
Next, the next, I'm guessing the next iteration of eagle door, or at least this apts is going to be. We're stealingyourdata.com.
[00:43:35] Speaker A: Yeah.
[00:43:36] Speaker B: That's what this is.
[00:43:37] Speaker A: A threat.
[00:43:37] Speaker B: Yeah. Chinese apt at it again.com.
[00:43:42] Speaker A: It was an interesting name that they ascribed. It's been dubbed Earth Baxia is the name that they've given it. Earth baxia with a b.
[00:43:50] Speaker B: Earth baxia?
[00:43:51] Speaker A: Yeah. B a x I a. Maybe I'm pronouncing that wrong. Maybe it's like, no, I'm sure that's. Or something. I'm putting the emphasis on the wrong syllable. But yeah, I don't know if that's like a crowdstrike giving that name or what.
[00:44:01] Speaker B: Or if I don't know who's giving.
[00:44:02] Speaker A: Them the name self ascribed, like we are. Backyard with the voice modulator on. I don't know. I don't know. She thought it was an interesting name, but yeah, so, and this was also a 9.8, I think, as far as severity goes. So kind of continuing that trend of what we were talking about earlier again.
[00:44:16] Speaker B: Starts to give you some idea of what apts are using. I see a lot of stuff in here. Like crowdstrike. Right? Or not crowdstrike, I'm sorry. Cobalt strike. Right. Thanks for using the same type of name. People get. Get a little more creative, please. But like, cobalt strike is a very common platform for command and control and it's used by good security people as well as bad security people. Again, it goes back. It's a tool, but it's one that's well known. So maybe we can up our defenses by signaturing better and doing that kind of stuff again, seeing what their tactics, their tool sets and procedures that they are using to gain those accesses help us to kind of refine our defenses to go, hey, yeah, they're doing this. I bet other people are going to do this as well. Maybe we can build a better fence for stopping that kind of thing.
[00:45:12] Speaker A: Because like you said, a lot of this stuff, it's tools that are created for. For good purposes. It's just that, you know, I can use. I use my kitchen knife to cut up scallions for soup, but Jason Voorhees uses his kitchen knife to kill teenagers. So same knife. Right.
[00:45:25] Speaker B: But it just to do two different employees depends on the wheeler.
[00:45:29] Speaker A: Yeah. So kind of continues that trend of exploiter flaw that was previously patched, high severity, but is still being exploited. So, hey, if this affects you, we might want to patch.
[00:45:40] Speaker B: Simple as a patch.
[00:45:41] Speaker A: It's as simple as a patch. Ignorance of the flaw is no excuse. We are going to continue with this theme of chinese nation state type stuff with a segment that we like to call behind bars.
[00:45:58] Speaker B: Break the law and you'll go to jail.
[00:46:02] Speaker A: It's literally so true. So chinese, that's the plan, huh?
[00:46:05] Speaker B: That's the plan?
[00:46:06] Speaker A: That's the. Well, yeah, yeah, ideally. And in this case, it sounds like that's gonna be the case. Chinese engineer was charged in the US for a years long cyber espionage targeting NASA and the military. Now there's some pretty big organizations to be targeting and don't feel good about it. Pretty bold. Pretty bold to be doing that.
And especially considering it was a years long campaign that he apparently went undetected up to this point, I guess. Spearfish campaign to obtain unauthorized access to computer software and source code.
I don't know that I love the idea of an, you know, a nation state attacker or whatever the case may be. In this case, a chinese national. I guess accessing software and source code created by NASA were created by the military. That just seems not ideal to put it lightly, I guess. But Songwoo is this person's name. They've been charged with 14 counts of wire fraud and 14 counts of aggravated identity theft. I wonder what the difference is between aggravated identity theft and just identity theft.
[00:47:04] Speaker B: They were just pissed off the whole time. I'm just trying to steal your identity. Okay. Jeez.
[00:47:09] Speaker A: John legend. Not anymore. That's me. Now, I don't know whose identity he stole, so that's. I can't make that statement. But if convicted, this person's gonna face a maximum sentence of a jail term of 20 years for each count of wire fraud and a two year consecutive sentence in prison for aggravated identity theft.
[00:47:25] Speaker B: So he's staring on the barrel of some time.
[00:47:27] Speaker A: He will be behind bars if he's convicted. Yes.
[00:47:30] Speaker B: For, like, ever. Yes.
[00:47:32] Speaker A: Yes. Yeah. What do they say for this many years or. And for life, whichever comes first or whichever comes last or whatever it is. So, yeah, this guy's. It looks like justice is going to be served. And that's good, right?
[00:47:43] Speaker B: It is good. Unless he did a bad, bad thing. And when you do bad, bad things, hopefully the government comes along and goes, hey, you see this thing? That was a no. No. We're gonna. We're gonna teach you a little lesson by never letting you see the outside of prison ever again. Obviously, these are some fairly substantial crimes. He picked some pretty big boys. Yeah. You ever see. Yeah. Like movies or whatever. And they got the kid and he goes up, right up to the biggest bully on the. On the playground and throws dirt in their face, spits on him or something like that. Listen, you picked a fight that I don't believe you were able to, like, withstand the consequences of.
[00:48:30] Speaker A: Yeah.
[00:48:31] Speaker B: If it didn't go your way. And guess what? It doesn't look like it's going your way.
And there you go. Yeah. So that's. That's what's up. This person did work for a chinese company.
[00:48:43] Speaker A: Okay. Yeah.
[00:48:44] Speaker B: Aviation company. Or does work or. I don't know if they're still employed.
[00:48:47] Speaker A: Right? What? We didn't know he was doing that. He's fired. How dare he?
[00:48:51] Speaker B: Which fun fact, has been sanctioned by the US government. They're not allowed to do business with them in the United States, if I'm not mistaken. Yes. Oh. Barring investing in the company, you're not allowed to invest in the company.
[00:49:03] Speaker A: Okay. Yeah.
[00:49:04] Speaker B: This company's name is Avic, the aviation industry corporation of China, headquartered in Beijing.
[00:49:12] Speaker A: Okay.
[00:49:13] Speaker B: Chinese state owned.
[00:49:14] Speaker A: Yeah. Yeah. I generally. You don't probably want to have. You probably don't want to be doing business willingly, I guess, with a company that's been sanctioned like that. But it sounds like, because this was spear phishing, it's not like the nobe four case where they realized they were like, oh, crap, this guy is like, you know, pretending to be something they. It sounds like this guy was just creating email accounts to mimic to look like he was working for these other organizations, for NASA or whoever, and just got away with it for four years. Like nobody noticed anything. Fishy. Fishy, so to speak. About.
About these, about these emails.
[00:49:50] Speaker B: Yeah.
[00:49:51] Speaker A: What? Oh, a little slow on the uptake, kids. I wasn't looking at you. I didn't, I didn't realize.
But, yeah, from what I think, late 2017 to late 2021, these emails were going back and forth and just none the wiser.
[00:50:05] Speaker B: So, yeah, you know what I find interesting is we are obviously, the United States, that is, is doing really well with our aviation, our technology, because they're always stealing from us. We don't see us doing a lot of stealing from them. You never read chinese newspapers going, Americans have attacked again with their apt. Stealing our ip about this technology and that technology.
They just rip us off left and right because that's what they were doing. They were gaining access into those systems. And obviously, if they're an aviation company that's owned by. They, they want to know how to build f 35s.
[00:50:44] Speaker A: Yeah.
[00:50:45] Speaker B: They want to know how to build spacecraft and probes and satellites and that kind of stuff because we obviously know how.
And they want to steal that so they can know how because that gives us an advantage in the world as a superpower to be able to do those things.
[00:51:02] Speaker A: Mm hmm.
[00:51:02] Speaker B: It puts them at a disadvantage to not know. To not know or to have those technologies. So, I mean, I get it. I don't really, in a weird way, I don't fault them.
[00:51:13] Speaker A: Well, right? They're doing what they need to compete.
[00:51:16] Speaker B: And be the superpower.
But if you're gonna play in a big sandbox, better be ready to suffer the consequences.
[00:51:25] Speaker A: You need to get some sand kicked in your eyes.
[00:51:26] Speaker B: That's right.
[00:51:27] Speaker A: Careful. I do love how these articles, like, they'll tell. They'll have the story right and all the details and, hey, he's been convicted. He'll serve this many years. Da da da. And then there's a section at the bottom. This development comes weeks after the UK National Crime Agency announced that three men pleaded guilty to running a website that, and I remember reading this article about, they created this service, OTP agency, to bypass or to disclose one time passcodes to help people get into bank accounts and stuff. And I'm like, oh, wow, is it because it says this comes three weeks after? And I'm like, oh, this must be related. It's not.
[00:51:54] Speaker B: It's not.
[00:51:54] Speaker A: It's not.
[00:51:55] Speaker B: Is this the hacker news? Yeah, this is the hacker news. His favorite thing to do is to take two completely separate I articles.
[00:52:02] Speaker A: Yeah.
[00:52:02] Speaker B: And slap them together like they were related.
[00:52:04] Speaker A: Yeah.
[00:52:05] Speaker B: And completely confuse you.
[00:52:06] Speaker A: Yeah.
[00:52:07] Speaker B: Don't. If anybody the hacker knows is listening, please stop doing that.
[00:52:10] Speaker A: Yeah, we love your articles.
[00:52:12] Speaker B: Just make another article.
[00:52:13] Speaker A: It's just. Yeah. And there are other articles on this. Like, you could easily just.
[00:52:17] Speaker B: You don't have to.
[00:52:17] Speaker A: Similar story.
[00:52:18] Speaker B: Link to it.
[00:52:19] Speaker A: Yeah. Just be like, similar stories. And put them there.
[00:52:21] Speaker B: Yeah.
[00:52:21] Speaker A: Why? There's, like, a full three or four paragraphs on this.
[00:52:24] Speaker B: Basically the article.
[00:52:25] Speaker A: Yeah. I'm like, surely there's something in here about Songwu or about this chinese organization. No, it's not related even remotely. So there you go. Love that. But otherwise, great article is informative. So you know how we were talking earlier about how telegram people were saying, like, oh, it's become a haven for cybercrime, and it's like, well, but that was never an intention. Right.
[00:52:47] Speaker B: It's not that we can tell.
[00:52:48] Speaker A: Yeah. It was never a stated intention that this is what the. Well, authorities seized ghost communication platform used by cybercriminals. And this was a platform that I believe was created explicitly or expressly for the purpose of being a haven for cybercrime. To use the words in that telegram article earlier, Operation Kraken was the operation that the takedown was named. That's kind of funny.
[00:53:11] Speaker B: Release the Kraken. That's all I hear every time.
[00:53:14] Speaker A: Yeah. I need Davey Jones up on the screen with his octopus face. A meticulously planned operation involving several law enforcement agencies from different countries, coordinated by Europol, supported by the FBI, Europol, whatever.
And they were able to apprehend those involved with ghost. It was allegedly created by a dude from New South Wales. That's. They didn't say dude. A 32 year old man from New South Wales.
[00:53:37] Speaker B: They didn't say.
[00:53:39] Speaker A: But authorities claim that ghost was specifically designed for the criminal underworld, facilitating activities like drug trafficking, money laundering, and even orchestrating violent crimes. So gang activity, kind of like mob activity, that kind of stuff.
[00:53:51] Speaker B: So cartels.
[00:53:52] Speaker A: Yes, cartels, that kind of thing. So in this case, it's when we see platforms like this pop up. I don't think this is the first time we've talked about something like this. A platform or a communication service. There was that one time, there was all those cell phones that were expressly created or something like that. Yeah.
[00:54:08] Speaker B: So the FBI actually, they bought. So there was this. This dude that created a service such as Ghost, where they created cell phones that were all encrypted, and then he immediately, like, reached out or the FBI found out about free. I don't know if he reached out or the FBI almost immediately discovered that these were a thing, and they. He basically, I think he did reach out to them and said, I'll sell you this, and I'll. I will be your middleman. I'll be your, basically your point guy, and I'll sell all these things to these. Oh, these bad guys. I'll make all the money. You'll get access to their information. Everybody's happy. And they went, cool. So, in essence, if not in reality, the FBI owned an arm.
[00:54:53] Speaker A: Yeah.
[00:54:54] Speaker B: And used it to take down quite a few bad guys and girls, I'm sure.
[00:55:01] Speaker A: Sure. Equal opportunity criminals.
[00:55:02] Speaker B: That's right. That's right. Women do crime.
[00:55:04] Speaker A: Everybody has an equal right to break the law.
[00:55:07] Speaker B: That's right.
[00:55:08] Speaker A: But break the law and you'll go to jail.
[00:55:09] Speaker B: You technically don't have a right to break the law.
[00:55:11] Speaker A: So I guess this is also kind of a behind bars. Cause it does talk about how they call him the mastermind behind ghost is facing serious charges in court supporting a criminal organization dealing with the proceeds of crime. I wonder, though, I wonder if this guy, like, was directly involved in any of the criminal activity. Not that it matters because you created the platform for this purpose, but I wonder if he was just like, okay, I created this platform and have fun. And then he was just off in Aruba on vacation, whatever, and kind of turning a blind eye, like, okay, you know, all this stuff is going on, but I'm not directly involved with it. It's like, yeah, but you're still doesn't matter. At the very least, you're in a, you know, you created this service. You allowed this to happen. You knew this was happening. So it's different, I think, from the telegram stuff because this guy's like, look, I'm not. I didn't create this.
[00:55:53] Speaker B: It's just an encrypted platform.
[00:55:54] Speaker A: Yeah, but I wonder if stuff like this will then be used as ammunition to be like, see, look at all this criminal activity that's going on.
[00:55:59] Speaker B: So a lot of crime requires intent, right? To have a murder charge, you have to show intent. I meant to kill you.
[00:56:07] Speaker A: Yeah.
[00:56:08] Speaker B: Right. Now, don't get me wrong, there are crimes of negligence and things of that nature, or maybe they'll go that route, which typically are lesser offenses, but still an offense nonetheless. So, yeah, I'll be interested. This is. It feels like we're starting to reach the climax of how are encrypted channels going to be allowed? Because the governments don't seem to like it. Criminals do use it, but criminals do use a lot of legitimate things. Yeah, use the mail. We're gonna now criminalize the mail service.
[00:56:43] Speaker A: Right. Or I'm not allowed to lock my door anymore because I could be doing bad stuff, but, like, it. It's just even if I'm not guilty of anything, I should be able to.
[00:56:51] Speaker B: Right. We're gonna take all the locks off the doors because the government doesn't want to be locked out because there might.
[00:56:56] Speaker A: Be somebody doing something bad in that house. Yeah, that's always going to be the case.
[00:56:59] Speaker B: We'll just take all the doors away. There is no doors.
[00:57:01] Speaker A: Right. And that sounds like an exaggeration, but it's just. How far do you go before you draw line? So it does mention some of those other encrypted platforms, encroachat, Sky Global, that were similar in nature. And in this case, it says that there were specialized handsets that were distributed globally by this guy or by this service, sold for approximately $2,350 each. Modified smartphones. So kind of like that thing we were talking about, modified devices.
[00:57:26] Speaker B: Yeah. And criminals, they need these types of systems.
[00:57:29] Speaker A: Yeah.
[00:57:30] Speaker B: Right. They require them.
I guess there are other ways in which you can communicate that, while maybe not encrypted, are still fairly obfuscated or obtuse to be able to, like, tap into in some way, shape or form. So maybe they go more.
Somebody got onto us in the, in the comments last.
[00:57:53] Speaker A: Oh, really?
[00:57:53] Speaker B: About using the term lo fi. Oh, did you read that?
[00:57:57] Speaker A: I think. I think so, yeah. They were getting on your case about.
[00:57:59] Speaker B: Yeah, but you get the idea.
The idea is that's just technology that's usable but not prolific.
Therefore, it's much less.
What are you going to do? It's harder to gain access to because nobody uses it.
[00:58:17] Speaker A: Yeah.
[00:58:18] Speaker B: That's not on the standard technology that we use today.
All the tools that you would normally use to infiltrate and gain access to those communications are not useful.
[00:58:30] Speaker A: And not that sound pessimistic, but I just. I feel like it's only gonna be a matter of time before we see something like this pop up again, because it's the persistence of organized crime. It's kind of like Hydra. You cut off one head, two more take its place, it's always going to come back. So it just. It's important then to. To be persistent in trying to combat it.
[00:58:45] Speaker B: Yeah. And I'm guessing the ticket price to entry on this isn't that bad for you to be able to get in a phone use an encryption?
[00:58:53] Speaker A: Well, it says these smartphones were a little over 2000 each, which is not much different.
[00:58:59] Speaker B: It will. Even if they were like, you know, cricket phones or whatever.
[00:59:04] Speaker A: Right.
[00:59:04] Speaker B: The fact that they're on an encrypted, they're most likely that price comes with the service.
[00:59:08] Speaker A: Sure, yeah.
[00:59:09] Speaker B: I mean, like, you're hiding illegal activity, right? I can write the price up on you and now you'll pay it, but.
[00:59:16] Speaker A: Even then, it's not anymore really that much more expensive than an iPhone. Like, it's true. You know, so it's not like, oh, well, the price point is so high, we're only dealing with, you know, these. These really powerful people. It's like it could be your neighbor. Not to scare you. Like, you know, you just never know. We got a. We got.
[00:59:30] Speaker B: It was just funny. I looked down on the page and I read Operation Karen.
[00:59:38] Speaker A: I laundered that cryptocurrency for you, and I have yet to see a dime of my share.
[00:59:42] Speaker B: I'm thinking more along the lines of the government being the capital.
[00:59:44] Speaker A: Oh, yeah, right.
[00:59:45] Speaker B: They're like, where's your manager? Not allowed to do this.
[00:59:48] Speaker A: They're looking for.
[00:59:48] Speaker B: I am taking your number.
[00:59:50] Speaker A: They're looking for the guy that started it asking for the manager. Yeah, yeah. We got. We got a couple more articles that we'll get into before we sign off for the day. This one is less like a big news piece and more just. It's a feature in iOS 18 that I thought was interesting, to say the least, how to use remote control and screen sharing in iOS 18 and iPadOS 18. So this article kind of explains how to use this feature and frames. It really is like a, hey, this is a great thing. If you're always the person in your family that has to be like, the tech support and your mom calls you. I can't figure out how to do this thing on my iPad. Well, this is a feature that, you know, your mom, in this scenario, could facetime you, and there is something that you can send her a request to say, hey, give me remote access to your screen. Let me not just share your screen, but let me control it. And they can say yes or no. And your mom says, yes, you can control her screen, change your settings, whatever it is that she needs your help with, and then boom, you're done, right? So in that way, that's kind of how this article's framing it is. Oh, a neat feature. Right? To me, though, this opens up more avenues for things like social engineering, because my mom or my grandma or whoever could get some kind of a message if there's pre texting that's been going on like, hey, I'm going to FaceTime, call you whatever. And all they've got to do, they can't like change your Apple id or anything, but they can do quite a bit with this remote control type thing. You had kind of talked a little bit before the show about how this is a feature on a lot of machines already.
[01:01:06] Speaker B: Like Windows has remote desktop and they also have remote assistance.
[01:01:11] Speaker A: Right?
[01:01:11] Speaker B: So I mean this is obviously targeted towards the iOS stuff. So phones and tablets.
Does windows still have a phone? They used. There used to be Windows phones. I don't think it, I don't think it made it. I don't think it was well received. It's probably a dead project at this point.
[01:01:31] Speaker A: No, they were. Says they were discontinued a long time ago, as of 2020.
[01:01:34] Speaker B: So there's no phones that's going to be running this.
But when it comes to tablets, windows eleven does run on tablet. I have a laptop that turns into a tablet. All the features run fine. I can turn it and do all the stuff and it has remote desktop built in. But all that stuff is disabled by default.
Right. If you need to use that feature, someone is going to have to tell you how to enable it and then there's a secure version of that as well where it has to be, you know, authenticated with a known entity.
Ways to. I forget now, it's been a while since I've used it.
What's so funny?
[01:02:15] Speaker A: No, I just was reading through and I was trying to find some stuff on like if there had been any articles published on this because I couldn't find any that were like maybe like, hey, this is a concern that comes with it and most of it is like, how can I get my grandpa to da da? Because most of it is I need to help them. Tech support kind of a thing. But there's nothing really about like, hey, here's a warning. Cause as long as you and the other person both have iOS 18 installed.
[01:02:36] Speaker B: Yeah.
[01:02:36] Speaker A: This is a feature that will be available for you.
[01:02:38] Speaker B: Yeah. They'll just get a prompt, right, saying accept the connection.
[01:02:41] Speaker A: Yeah. And then all they do is click yes. And it's like, great, I guess unless you end the call. But yeah, if you're thinking this is somebody trying to help you, it's just, yes, you have to click yes. Just like with phishing emails. Yes, you have to click the link. But it's just opening up another avenue.
[01:02:55] Speaker B: Let, let's play a game.
[01:02:57] Speaker A: Oh, boy.
[01:02:58] Speaker B: You be a social engineer, and I'll be grandpa.
[01:03:00] Speaker A: All right.
[01:03:00] Speaker B: Right. And go.
[01:03:03] Speaker A: Okay, I guess I'm calling you. Ring, ring, ring. Hello?
[01:03:06] Speaker B: Hello?
[01:03:07] Speaker A: Hi, I'm calling from Apple tech support. I noticed that there's a bit of an issue with your tablet. I was hoping that I could walk you through that.
[01:03:14] Speaker B: Okay.
[01:03:16] Speaker A: Okay. So you're gonna get a prompt, and it's gonna say that I need to take control of your device. Just go ahead and click yes, and I'll fix the problem for you.
[01:03:22] Speaker B: Okay. Oh, that sounds wonderful. Thank you.
[01:03:24] Speaker A: Click setting. Change. Setting. Change. Setting. Change. Delete, delete, delete. Install, install, install.
[01:03:29] Speaker B: What is it you're doing?
[01:03:30] Speaker A: Oh, I'm just gonna make it better for you. It's moving slow because you have a thousand tabs open, right? So I'm just gonna fix that problem for you. Don't you worry.
[01:03:36] Speaker B: Oh, you're such a sweetheart.
[01:03:38] Speaker A: And you can install things. You can delete things. The only things I really can't do are alter, like, which I guess is good. You can't alter apple ids and stuff like that. So the real serious stuff, if the.
[01:03:49] Speaker B: Stuff you're installing is malware, keystroke, loggers, all this other stuff.
[01:03:52] Speaker A: Right, right.
[01:03:53] Speaker B: Under the guise of it's, oh, this is a cleaner. This is going to remove, you know, it's going to speed up your system. It's going to remove malware. Maybe we. Maybe the ruse is we've detected malware on your system and it's propagating through Apple. Yep. People that aren't techie don't know, especially the elderly. Yeah, they just aren't. A lot of them are not as savvy when it comes to that. So if someone with a very authoritative spins a good yarn of I'm with apple tech support of some kind, they very well may believe them. Not every time, but enough times. And now they're installing malware. Crypto miners, you name it. They're doing whatever the heck they feel like under the guise of this is going to make it better. And then they think I'm great. I had this lovely girl from tech support call me and let me know that my machine is now awesome.
[01:04:44] Speaker A: Yeah.
[01:04:44] Speaker B: I love this feature.
[01:04:46] Speaker A: Yeah, it's a. It's. It's just kind of like you said, the implication for people that are maybe a little older, maybe there's not a sex savvy. I think that's the scary part, because if I get a random face call from somebody, I'm. First of all, if I get a call from somebody I do know, there's a chance I won't ignore that, too.
Do I really want to deal with that right now?
[01:05:03] Speaker B: I always say if it's important, they'll leave a message.
[01:05:05] Speaker A: Right? Yeah. Or especially if I'm like, I'm kind of in the middle of something, then I'll just wait and I'll be like, hey, can't talk right now. What's up? And then usually it's a, you know, they'll send a text and it's. I know that makes me sound like an awful person. Mom, I promise I don't do that to you. I'm just saying, like, you know, I even, even when it's somebody I do know. So if it was somebody I didn't know, I'd be hard pressed. Answer. There is, there was an update just recently to the iPhone user guide, like on Apple's support page. It does say that part of this update is going to be, before somebody can remotely control your screen, they need to be saved in your contacts. So I think that's good. It's one additional measure, right? Against it.
[01:05:39] Speaker B: Yeah.
[01:05:39] Speaker A: That's not to say. I mean, I'm sure somehow you could.
[01:05:41] Speaker B: Yeah.
[01:05:42] Speaker A: I just need you to save this number so that when we call back, you know it's us. Right. There is always going to be a way to circumvent that. But it's good that they're at least trying to.
[01:05:48] Speaker B: It's something.
[01:05:49] Speaker A: It's something. It's better than nothing. Yeah.
[01:05:51] Speaker B: Yeah. So I just, what if I spoof your phone?
[01:05:55] Speaker A: Good question. I don't know. I don't like if you spoof my phone and then call my grandma or something.
[01:05:59] Speaker B: Yeah.
[01:06:00] Speaker A: I don't know. That's interesting. I wonder if that would work.
[01:06:02] Speaker B: I wonder if that would work.
[01:06:03] Speaker A: I mean, don't try it or anything.
[01:06:05] Speaker B: But it is in a testing environment.
[01:06:07] Speaker A: You can experiment.
[01:06:08] Speaker B: Yeah.
[01:06:08] Speaker A: I wonder. So just something that was one of the features because a lot of the stuff that's been talked about is like the AI stuff that'll be available on the new phones and that's cool. It's not out yet. I. So we won't really know too much more about it till it gets here. But this is one of the features that I was like, oh, that's a little weird. Kind of flew under the radar, so I wanted to bring that up. This will be our last one for today. I know we're running a little short on time. You might have heard there were some photos leaked at the switch two well, those Nintendo Switch two photos are almost certainly real, say tech experts. I just thought this was a funny article. My laptop's about to die.
There was a Nintendo Switch two leak that included photos of what looked like actual hardware said to have emerged from a chinese website before making their way to Reddit prototype components, our first hard evidence of what form it may actually take. So this is what it allegedly looks like. Not too different. It looks like a switch from the current switch. Yeah. I don't know if it's hard to tell here. I guess maybe the screen's bigger. Maybe it's got some different ports on there. Who knows?
[01:07:05] Speaker B: Button configuration on the back of the Joy Con. Is that a button triggered?
[01:07:10] Speaker A: It looks like it. And. Oh, and that I guess maybe is a little bit different because on the current switch, I believe it's two buttons.
[01:07:15] Speaker B: It's just two buttons on the top and maybe like some shoulder. Isn't there shoulder buttons on it? Maybe.
[01:07:20] Speaker A: I don't remember. I got it. You'd think I didn't own one. I can't.
[01:07:24] Speaker B: Off top of my head, I just heard yes.
[01:07:27] Speaker A: Okay. I have no idea. But in this case, yeah, maybe they're moving some of the buttons to the back, so maybe some minor changes like that. But I. It doesn't seem like anything too crazy. Like, oh my God, it's a ten inch, you know, 20 inch screen or whatever. It's. The whole point is it's supposed to be a handheld thing that can easily.
[01:07:42] Speaker B: Port to it, and it's supposed to get a mild upgrade to performance, if I'm not mistaken. Yeah, Christian was saying that like, they're trying to support their own games because some of their games struggle on their own current platform.
[01:08:00] Speaker A: And alleged specifications list was also found that mentions twelve gigs of Ramdhenne as opposed to the original four on the first Switch.
[01:08:07] Speaker B: That's, that's a bit of an improvement.
[01:08:09] Speaker A: And 256 gigs of internal storage where the original Switch has 32. So yeah, not bad. Right now I have some games downloaded on my switch and then I have to have like a card and like an SD card or whatever micro SD to, because a lot of the games I have are virtual because a lot of times people don't buy physical copies of stuff anymore. So that's kind of neat. I do like, I do like that. But again, this is all a legend. It's leaks.
[01:08:30] Speaker B: It's got that mod Switch SD card.
[01:08:33] Speaker A: I plead the fifth. No, I don't. I don't think I'm really bright enough to figure that out to go in and, like, find it. I'd be so scared. Even just going to a. Like that and clicking, like, bye. Somebody's gonna. I'm gonna get arrested. I'm gonna. I'd be so scared that I'd get in trouble. So even if I wanted to, I.
[01:08:49] Speaker B: Don'T know that we gotta take on the attitude of a teenage boy.
[01:08:53] Speaker A: No, thanks.
[01:08:53] Speaker B: Don't care.
[01:08:54] Speaker A: For so many reasons. No, thanks.
[01:08:56] Speaker B: What are they gonna do?
[01:08:57] Speaker A: I think. God, every day. I was not born a teenager boy or a boy, I guess.
[01:09:01] Speaker B: So if you were born a teenage boy, your poor, poor mother.
[01:09:05] Speaker A: That'd be a little bit bizarre. Yeah. I wonder, too, what the. The price point is for this, because there's, like, polls and stuff about how much would you be willing to pay, but no information yet on how much it will, actually.
Yeah, it wouldn't surprise me, I think, because what the new PS five was like, the PS five pro was like 700. Yeah, but that's supposed to rival, like, gaming PCs. And no, hate switched. It's not going to do that. It's just not. I don't.
[01:09:27] Speaker B: It's only gonna play Switch games.
[01:09:29] Speaker A: Right. And it's not meant to rival a gaming PC.
[01:09:31] Speaker B: I was just saying that I would love to see if the switch. Because I don't. And maybe I'm wrong. Correct me if I'm wrong. I don't have a switch. So I'm not super familiar with their library, but I don't see some of the games on the platforms, like Xbox and PlayStation on the Switch.
Like, does it have Ghost recon and that kind of stuff? And Call of Duty. Is that on the switch? Can you get that?
[01:09:55] Speaker A: You. Oh, Christian says no.
[01:09:56] Speaker B: No.
[01:09:57] Speaker A: Christian says no.
[01:09:57] Speaker B: These are the things that would really like. I like the Switch.
[01:10:03] Speaker A: So there's no Call of Duty, but there's call of honor, Duty of Warfare on the Nintendo Switch. So it's call of duty, but not, I guess.
[01:10:10] Speaker B: Okay.
[01:10:11] Speaker A: And it's $12, so that's cool.
[01:10:13] Speaker B: If it's a good game, I'll play it. It doesn't have to be Call of Duty. I just want to see more games like that. I like that kind of game. So I'd be more compelled to buy a switch.
[01:10:21] Speaker A: Yeah, there are. I think there are games like that, but not like the big titles.
[01:10:24] Speaker B: Yeah.
[01:10:25] Speaker A: Like Call of Duty, that.
[01:10:26] Speaker B: I like steam decks, but they're a bit bulky, and the Switch is so sleek, and it's. It's. It's more of a. The form factor I'm looking for.
[01:10:36] Speaker A: Yeah.
[01:10:36] Speaker B: Right.
[01:10:37] Speaker A: So you can tell some of these games were named like for no people like this one's counter shooter, Strike zone. People are looking for counter strike.
[01:10:43] Speaker B: $2.
[01:10:44] Speaker A: You're looking for counter.
[01:10:46] Speaker B: Like, do you get ads in this for $2?
[01:10:49] Speaker A: That's a good question. It's. Well, this is 83% off also because there's a sale going on, so usually it's twelve.
[01:10:55] Speaker B: I buy that OLEd Switch today, so I get a $2 game.
[01:10:59] Speaker A: Hurry up. The sale ends October 5. You only have a week.
I wonder if we're gonna get in trouble because there's like pictures of guns in these. I hope not. Hopefully not.
[01:11:06] Speaker B: They're not real.
[01:11:07] Speaker A: So. So there are some games like that. This console, the Switch two, will officially be announced. So not leaks, but official. Sometime before April 2025. Wish it was before the holidays, but what are you gonna do? And then the console will probably launch sometime next year, late next year maybe. So that'll be interesting. There are some games that released this month just to kind of finish out some stuff that was anticipated a little more heavily. Epic Mickey rebrushed, which of course is the game of the century everybody was waiting for. I'm kidding. I did enjoy Epic Mickey, though. That was fun. Poworld, which is kind of at the center of some legal issues right now, I think specifically in Japan because.
[01:11:41] Speaker B: Oh yeah, that's the one. You could shoot sheep. Yeah, that's like Pokemon.
[01:11:45] Speaker A: Yeah, yeah, I think it's Pow world is the one that people are.
[01:11:48] Speaker B: Or I guess they're sheep. I don't know. They're some weird animals, right?
[01:11:51] Speaker A: Yeah, some. Some creature. Yeah. Lollipop chainsaw. I've been seeing that pop up a lot. I was never a fan.
[01:11:56] Speaker B: Lollipop Chainsaw?
[01:11:57] Speaker A: Yeah, it's like a. It's not familiar. Yeah, it's interesting. Don't know that it would be your thing. It's not my thing, but it's popular. So there's a new version of that coming out. And then Legend of Echoes of Wisdom, I think is the big one. And as of the day that this episode's released, that game will be released on Switch. So maybe I'll go ahead and buy. I'm sure it's like $80 maybe I'll buy it. $80 probably. I don't know that you got.
[01:12:18] Speaker B: Do you got the better part of a hundo just laying around 60 to 80?
[01:12:20] Speaker A: No, that's what I'm saying. I'm not going to get it when it comes out. I'll wait till it goes on sale.
[01:12:25] Speaker B: Till it's 299.
[01:12:26] Speaker A: Oh, it's 60. 60. Okay.
[01:12:28] Speaker B: Okay. That's a little.
[01:12:28] Speaker A: Not as bad, a little better. That's for the physical version.
So anyway, a couple of games that were coming out that were anticipated. EA Sports FC 25 comes out later this week. So if you're excited about that. And there was a professor Layton trailer that dropped as well. And I love those games.
[01:12:43] Speaker B: I don't know what that is.
[01:12:43] Speaker A: So it's like a puzzle series, but they're super good. It's like, I like the animation and stuff, the aesthetics of it. And the puzzles are super fun. So anyway, there's like a story and everything. So it's been a while since there's been a new game in the series. And they dropped a new trailer the other day.
[01:12:57] Speaker B: So finally.
[01:12:58] Speaker A: Right. We've been waiting.
[01:12:59] Speaker B: Sitting on your hands. Yeah. What's going on?
[01:13:01] Speaker A: Well, the company that used to make them, I think might have chinese.
[01:13:04] Speaker B: Apt.
[01:13:06] Speaker A: Yeah. Yeah. Well, it wouldn't surprise me at this point.
[01:13:09] Speaker B: They've been sectioned and infiltrated every sold in America. Yeah.
[01:13:12] Speaker A: So that was a. For our gaming corner, I guess for the day. That's pretty much all I had.
[01:13:16] Speaker B: That's good. I look forward to now. Do I wait for the new switch?
Depending on the price. That's what's going to be. It's going to depend on the price.
[01:13:24] Speaker A: Worst case scenario, it will be announced April of next year and then it won't come out to like a year after that.
[01:13:30] Speaker B: Yeah.
[01:13:30] Speaker A: So you could be waiting a while is my point. If you wait for the new switch.
[01:13:33] Speaker B: Gotcha.
[01:13:33] Speaker A: So if you're thinking like Christmas time this year, you're wanting to get one.
[01:13:37] Speaker B: And I really like the steam deck. I wish it wasn't a giant beast.
I wish they had like a steam deck mini or steam deck light. Yeah, that, you know, maybe had a little less features or whatever. Smaller screen, something. I want it slimmer, more portable.
[01:13:53] Speaker A: Yeah. I think Christian has a steam deck, maybe. Yeah.
[01:13:55] Speaker B: Does my friend Alex got one? He's trying to like convince me to go buy one.
[01:13:59] Speaker A: He's trying to induct you into the box, man.
[01:14:02] Speaker B: You gotta pick one up. I love mine. I use all the time. This is the way I totally get it and I see the argument.
[01:14:09] Speaker A: Yeah.
[01:14:10] Speaker B: Except that is a big monster that doesn't have great battery life.
[01:14:15] Speaker A: Yeah, I can see the appeal, but yeah, it might not be the pros. Might not outweigh the cons.
[01:14:19] Speaker B: Right?
[01:14:19] Speaker A: Yeah. Yeah. Well, you have to let us know when you do decide if you're gonna go with switch, steam deck or some unnamed third console. I look forward to hearing about that.
[01:14:27] Speaker B: I'll bring it in whenever I get.
[01:14:28] Speaker A: Yeah, we can do another gaming episode. That'd be fun because last time we used my switch, so this time we can. We can take a turn on yours, so. Okay, well, I'm down for that.
[01:14:36] Speaker B: All five people that watch that episode and all.
[01:14:38] Speaker A: Yeah.
[01:14:38] Speaker B: Can watch that one as well.
[01:14:40] Speaker A: Yeah. Yeah. Complain in the comments. That's not what they wanted. We only do those when we like somebody's gone or whatever. Weird week. So we'll see. Maybe it'll be later this year that we do one of those. We do have a special episode coming up in a couple of weeks that will be in Deadwood, South Dakota, because we'll be there for a while. Was hacking fest. So again, if you're going to be there, we'd love to see. We'll be there both days at the conference. It's going to be a lot of fun. I already have my. The talks I want to go to marked out in my planner, so looking forward to it, but I hope I.
[01:15:04] Speaker B: Get to go to talks. I usually just get stopped in the hall.
[01:15:06] Speaker A: Yeah. Yeah.
[01:15:07] Speaker B: Or everything.
[01:15:08] Speaker A: Hallway Con is I'll wake on.
[01:15:09] Speaker B: I have hallway Con everywhere I go.
[01:15:11] Speaker A: See, nobody knows me, so I lucky I can avoid the, you know that to a degree I don't get me. Right.
[01:15:16] Speaker B: I really enjoy hallway Con.
[01:15:18] Speaker A: But you want to go to the talks, too?
[01:15:19] Speaker B: Yeah, I just, I'm. Yeah, I can't say no.
[01:15:23] Speaker A: Yeah.
[01:15:23] Speaker B: I don't have the ability to go. Oh, it's nice to meet you. I'm gonna. I'm gonna go.
[01:15:27] Speaker A: Yeah.
[01:15:27] Speaker B: Like, hey, how is it? I want to talk to people.
[01:15:29] Speaker A: Yeah. Yeah. It'd be nice if there was a separate day just set aside for that, but unfortunately, it's not the way it is. So if you'll be at Wild West Hack and fest, we'll look forward to hopefully seeing you there milling around the conference. But until then or until next week, I guess we're going to go ahead and sign off. Thanks, Daniel, for putting up with my tiredness today. Thanks for joining us for this episode of Technado, and we'll see you back here next week.
Thanks for watching. If you enjoyed today's show, consider subscribing so you'll never miss a new episode.
