Episode Transcript
[00:00:14] Speaker A: Welcome to a very special edition of Technado, live from Deadwood, South Dakota, sponsored by ACI Learning the folks behind it pro. You can use that code Technado 30 for a discount on your it pro membership. You cannot avoid that spiel, even in Deadwood. I'm still going to say it.
[00:00:28] Speaker B: She's bound by law.
[00:00:29] Speaker A: I am. Yeah, it's true. You don't want to know what would happen.
[00:00:32] Speaker B: Oh, man. The restraining.
[00:00:34] Speaker A: It would be. It would not be pretty. You might have noticed that we've got a little bit of a different crew than usual this week. We are joined, of course. You know, I'm here and Daniel's here, but we are joined by our friend Mike Saunders, or Michael, if you're feeling a bit formal. Mike, how you doing today?
[00:00:48] Speaker C: I'm doing great. I'm in Deadwood. It's wild west hacking fest. Beautiful weather. We're going to have a great time.
[00:00:54] Speaker A: Oh, yeah.
[00:00:55] Speaker B: Absolutely. It is pretty out here, isn't it?
[00:00:57] Speaker C: It is beautiful.
[00:00:58] Speaker A: It's gorgeous. This is. We had a great backdrop last year, but this backdrop tops it.
[00:01:02] Speaker B: If it's possible, we just like to take it to the next level every time.
[00:01:06] Speaker A: I would agree.
[00:01:07] Speaker B: That's what we do.
[00:01:07] Speaker A: I would agree.
[00:01:08] Speaker B: Next time we're going to be on the mountain up there. Yeah. We're going to hike 6 miles.
[00:01:13] Speaker A: I'm going to have an oxygen tank on.
[00:01:15] Speaker B: I need a sherpa.
[00:01:19] Speaker A: Not if it's as warm as it is right now.
[00:01:20] Speaker B: So it's a little warm here. Not going to lie.
[00:01:22] Speaker A: It's a little toasty.
[00:01:23] Speaker B: It's not normally this warm here when we're here.
[00:01:27] Speaker A: Yeah, it's going to get cooler on Friday, though. But as of, as of recording this, we got some, some great news articles we're going to jump into today. And I am eager to get your input on some of these because they are.
[00:01:37] Speaker B: Mike's eager to hear what they are.
[00:01:39] Speaker A: That's true.
[00:01:40] Speaker C: I've been on vacation for a week, so this is all going to be surprised.
[00:01:43] Speaker A: He's going in blind. That's the best. The best time to do this. Yeah, you got to go in blind. Makes it more fun. We are going to start with one of our favorite segments. This is breaking news. This week we've got a couple of articles for breaking news. We'll start off with this one. Palo Alto networks warns of firewall hijack bugs with public exploit. So this, both of our breaking news pieces today are going to have to do with exploits because, I mean, it's breaking and you got a patch. Now, what is more breaking than that?
[00:02:07] Speaker B: So these probably that giant log truck that just drove by.
I don't know if everybody could hear.
[00:02:12] Speaker A: That, but, man, you have better ears than I do.
[00:02:15] Speaker B: He was riding that Jake brake.
[00:02:16] Speaker A: I was. I was locked in. I was locked in. So these flaws were found in Palo Alto Network's expedition solution. So I believe it's the pan Os firewalls. And this is, this does have public exploit code. So they are warning, hey, patch now because you don't want to be on the victim end of this. Again, this is breaking. So this is, we're just seeing this for the first time. I don't know if you got a chance to read any deeper into it.
[00:02:38] Speaker B: I did not. And Mike, I know he hasn't seen it at all. And we're, we should probably get some sort of sunshade.
Not the brightest nits on the planet when it comes to this laptop.
[00:02:48] Speaker C: It's enhanced by the glow of the dust.
[00:02:50] Speaker B: I do enjoy that, don't you? I mean, that's a feature.
[00:02:52] Speaker C: Have you cleaned it?
[00:02:53] Speaker B: No, man, it's just, it's just like a VM server normally.
[00:02:56] Speaker A: Wow, that's a feature.
[00:02:58] Speaker B: Needed it out here. Hey, don't judge me, okay?
[00:03:02] Speaker C: There's, there's information on the screen.
[00:03:05] Speaker B: On the screen. We could probably.
[00:03:07] Speaker A: You're gonna do a little zooming, too? Yeah, that might be helpful.
[00:03:10] Speaker B: So I thought it was interesting that, like, I have under good authority that sequel injections are completely extinct in a thing of the past. They never, of course they never happen.
[00:03:22] Speaker A: Because we always sanitize anymore, right?
[00:03:24] Speaker B: Since like, 2000. That was the last, when the last SQL injection bird fell.
[00:03:31] Speaker A: I actually wasn't even born when the last sequel injection. Yeah, you know, it just, here's.
[00:03:35] Speaker C: I mean, I haven't found one since two weeks ago.
[00:03:38] Speaker A: It's basically extinct at this point.
[00:03:41] Speaker B: I always love, because I'll get, I'll get like, messages and stuff and leaked in or whatever. If I mentioned sequel and they're like, that's so old. Nobody cares. Like, no one's got sequel. I'm like, have you read the news within the last.
[00:03:54] Speaker A: Where have you been?
[00:03:55] Speaker B: Day?
[00:03:55] Speaker C: Absolutely. You know, I'm looking at this, and I don't know anything about this bug, but it seems like this must be in, like, the management interface most of the time, because SQL injection, things like that, which in my head, I'm screaming, why is your management interface exposed to the Internet at large?
[00:04:13] Speaker B: See, you need to shut up, Mike, because I like managing stuff from the comfort of my home in my underwear. That's a fun picture. Anyway, don't think about that.
[00:04:27] Speaker A: It's a little late for that.
[00:04:28] Speaker B: Hey, what's the. What's. Yeah. Anyway, moving on. But it's got all the latest ingrace. I mean, this is, this is a who's who.
[00:04:37] Speaker C: Yeah.
[00:04:37] Speaker B: Of problems that they've got going on. Poor Palo Alto.
[00:04:41] Speaker C: I mean, this is like the nineties called and they wanted their exploits back. Exactly. Command injection vulnerability. Two of those SQL injection clear text credentials and stored logs.
[00:04:50] Speaker B: Three of these bad boys are unauthenticated.
[00:04:52] Speaker C: Yeah, and unauthenticated reflective xss. So like, it's got clear text cray.
[00:04:58] Speaker B: All of it stored in the logs.
[00:05:00] Speaker A: That's our favorite.
[00:05:01] Speaker B: I. I don't know how to. That's just fun for everyone right there. That's. The whole family can show up to that party.
[00:05:07] Speaker A: I love, I love storing stuff in clear text. That's my favorite. It makes it so much easier for everybody involved.
[00:05:11] Speaker C: Absolutely.
[00:05:12] Speaker B: So here, here's what I'm taking though. The bad news is dumpster fire for Panos right now. But the good news is there's a proof of concept available. Hold on. That's not the good news, right? The good news is there is a patch for this.
[00:05:27] Speaker A: There are fixes. Yes. We all listed issues and we all.
[00:05:30] Speaker B: Fell prostrate and worshipped.
[00:05:33] Speaker A: And saying that any usernames, passwords and API keys should be rotated after you upgrade. Of course. Because.
[00:05:39] Speaker B: Because you might have been completely hosed.
[00:05:41] Speaker A: You may have been. It's possible. It's possible.
[00:05:44] Speaker B: Just say it.
[00:05:44] Speaker A: I don't want to assume. We know what they say about assuming.
[00:05:47] Speaker B: You're right 100% of the time.
[00:05:48] Speaker A: Yeah, 100% of the time.
[00:05:48] Speaker B: You do.
[00:05:49] Speaker A: And you never make a fool of yourself ever.
[00:05:50] Speaker B: That's absolutely true.
[00:05:51] Speaker A: So this, this was not the only exploit on the breaking news docket today. We had another one from Mozilla. They fixed a Firefox zero day that was actively being exploited in attacks. And we always like to see when things are fixed, but it's a little less fun to see that they're actively exploited. So looking a little bit further into this, it was a critical use after free vulnerability that was being exploited.
I'm going to have to look at what the. I mean, it's critical. So I guess that would mean probably it's a tendency, but I'll have to look into that.
[00:06:18] Speaker B: Probably not a ten.
[00:06:19] Speaker A: You don't think so?
[00:06:20] Speaker B: If it's being exploited, we typically see depending on whether or not it's unauthenticated. Whether it's remote, like in some other factors, it could be still hovering around the sevens or eights.
[00:06:31] Speaker C: Yeah.
[00:06:33] Speaker B: So I would be interested in seeing. Yeah, I know you can.
[00:06:35] Speaker A: I'll see if I can find that.
[00:06:36] Speaker B: I'm sure there's a question somewhere that would tell you whether or not the CVSS score was above.
[00:06:42] Speaker A: Let's see, probably. Probably 9.8.
[00:06:45] Speaker B: Okay, so that's not.
[00:06:47] Speaker A: Pretty close. Pretty close.
[00:06:48] Speaker B: So that means all those things that we were talking about is most likely.
[00:06:52] Speaker A: Low complexity, no privileges required.
[00:06:56] Speaker B: There you go.
[00:06:56] Speaker A: So that's never fun.
[00:06:58] Speaker B: Now, Mike, as a pen tester and a red teamer, do you feel weird when you see this stuff? Because I'm sure you get a little like, ooh. And then you go, but, ooh.
[00:07:10] Speaker C: Yeah, that's pretty much it. We want these things to exist so that we can, you know, use them on our test, but we don't want them to exist because we're not the only one using them. We're using them for good to try to improve security. And, yeah, it's. And it. Sometimes, it's sad to say, you get kind of numb to these, just like, oh, there's another exploit because there's another one and another one and another one. You just think like, it's like, when are we going to fix this problem?
[00:07:42] Speaker B: Well, we fix that problem and then we find another one.
[00:07:46] Speaker C: Or we introduced another one.
[00:07:48] Speaker B: Right, with the fix.
[00:07:49] Speaker A: Yeah, it's like a hydra cut off one head.
[00:07:52] Speaker B: Yeah, exactly. It can be frustrating on one hand, but then there's job security on the other.
[00:07:59] Speaker A: Indeed, this article says that of course there's an active exploitation status and there's not really any information on how people are being targeted. So they're just saying, hey, upgrading to the latest versions is essential. Please do that immediately because there are fixes. You just got to upgrade. So if you're a Firefox user like me, probably nothing wrong with it. No, I know that.
[00:08:19] Speaker B: Here's what's funny, you know, it's like, back in the day, anytime any of my hobby horse software gets popped with some big vuln don or whoever used to be on the show, or anybody that'd be on show they like to, or just in the office, that thing I hate that you like, it's stupid and it hot, super vulnerable. Then I'm like, yeah, wait, tomorrow when all the Mac OS stuff comes out, right, or when safari or whatever the case is, it's literally just a waiting game of before the thing you like is completely vulnerable.
[00:08:52] Speaker A: Everybody gets hit sometime.
[00:08:53] Speaker B: It's.
[00:08:54] Speaker A: Nobody's immune. Well, that's all I've got for our breaking news. But that's not all we have for today. Of course. We just, we just have quite the scope of stuff. This one was interesting. Has to do with air gapped systems that were targeted by a group called Golden Jackal. They targeted embassies and air gap systems using malware tool sets that, to my knowledge, after reading this, were, like, novel tool sets that came from this group.
[00:09:17] Speaker B: Correct.
[00:09:18] Speaker A: And this is the second time that they've created a tool set like this in, like, five years that specifically for targeting air gap systems.
[00:09:23] Speaker B: You know, nature abhors a vacuum, don't they?
Here's the thing, is, like, how many times do you hear about apts targeting air gap systems?
That's not a common thing. So they're really carving a niche for themselves. Mike, have you, have you dealt with, like, air gap systems in the past.
[00:09:39] Speaker C: And only in, like, theory, like, not actually having to test, because the, the, the tool set and the skillset to attack air gap systems is, is another level, you know, because they're air gapped, they're not connected. So now what is the signaling channel to speak to that air gapped system? And there's a book out there, silence on the wire. It's called book recommendation, and I can't remember who wrote it. You can get it at no starch. And talks about all these kind of, like, out of band signaling mechanisms ways. Aren't they, like, pulling, figuring out what an RSA key is by reading the flashing on a flashing light on a hard drive or.
[00:10:27] Speaker B: That is insane.
[00:10:29] Speaker C: Being able to read what's on a monitor from the electromagnetic. Yeah. Tempest stuff.
[00:10:34] Speaker B: Yeah, yeah.
[00:10:35] Speaker C: And, and that even is wild.
[00:10:37] Speaker B: Like, Faraday cage. Like, you have a device inside of a Faraday cage and they can still exfiltrate data out of it.
[00:10:45] Speaker C: Wow. That would, I'm like, I don't know how that would work. That's wild.
[00:10:48] Speaker B: And we've talked in on the show before about, like, audio emanations, like the clicks on a keyboard, if it's specifically keyboard. It's so consistent in the quality control of that keyboard manufacturer that each one of the buttons with up to 90 something percent accuracy will sound the same as another one. So they can detect what you're typing by just hearing it.
[00:11:12] Speaker C: And they don't even have to know that by doing frequency analysis. Like, we know the most frequent letters. We know what people are typing. Kind of like, you can listen to the cadence of someone type and then analyze the cadence of the keystrokes and figure out what they're typing. That book also talks about that type of thing. All you need.
[00:11:30] Speaker B: Here's what I'm gonna do. I'm gonna find me a little spot up in here, around there somewhere. I'm gonna build me a cabin. I'm gonna become a Luddite.
[00:11:37] Speaker A: So all more technology.
[00:11:38] Speaker B: It's the devil.
[00:11:39] Speaker C: All you mechanical keyboard users with your.
[00:11:41] Speaker B: Cherry whatever, you're just making it easy for them.
[00:11:44] Speaker C: Yeah. Yep.
Take that.
[00:11:47] Speaker B: I want a light key sensing keyboard. Doesn't actually have moving parts.
[00:11:53] Speaker A: To me, something like this is because you air gap stuff specifically for. You don't want. You don't want it to be vulnerable to attacks like this. Right? So the idea that there's a group that is specifically targeting air gap systems because, like, well, hey, it's free game. Nobody else is doing it. So let me just see if I can get in there.
[00:12:07] Speaker B: If I'm not mistaken, a couple of their tools were specific to USB, I think so. Based attacks. So they have.
[00:12:16] Speaker A: They have a little chart down here. Yeah, Golden USB. Copy. Golden USB. Go for monitoring USB drives and copying files for exfiltration. And then a couple of other. Others as well. They've got like a. We'll put the links, of course, in the description, but they've got a whole chart of all their different tools that they've either invented and or used.
[00:12:33] Speaker B: Yeah.
[00:12:33] Speaker A: Golden Jackal making a name. They did not come to play. And I also love the names for their. It's very, like, straightforward jackal control, Jackal steel, Jackal worm. You know, who created it and you know what it does? It steals jackal steel. That's very simple. You know, honestly, I prefer a name like that to a name like, what was the other one? What was the one?
[00:12:50] Speaker B: You're gonna start naming them all, like, diaper stink or whatever?
[00:12:52] Speaker A: Well, okay. Okay, so the tool is because then at least I know what it does.
[00:12:57] Speaker B: Yeah.
[00:12:57] Speaker A: But, yeah, I am of the school of thought that. Why are we giving threats cool names? Why do we not name them things like diaper boy it to shame them? You know, like, Camaro Dragon is a cool name. Like, that is a sick name.
[00:13:11] Speaker B: If I was, like, the person that named that group.
[00:13:14] Speaker A: Yeah.
[00:13:15] Speaker B: Contacted me and said I got a lot of slack over that name.
[00:13:20] Speaker A: Really?
[00:13:21] Speaker B: And they. My company almost didn't allow me to name them that because they thought it would. It might be offensive in some way, shape or form or whatever. I'm like, it's badass. Is what it is.
[00:13:31] Speaker A: Yeah.
[00:13:32] Speaker C: Offensive.
[00:13:33] Speaker B: I know, right?
This is the times we live in. So if that's the case, that's the case. You know, somebody in the marketing and or HR department was like, might not be the look we're going for, but chimeric dragon is bitching.
[00:13:47] Speaker A: Maybe that person.
[00:13:48] Speaker B: I want that airbrush on the side of a van.
[00:13:51] Speaker A: That's so specific.
You know, maybe. Maybe the person in marketing HR would, whatever they didn't like the name, was thinking to call them diaper boy. And in that case, I. I would have to agree with them.
[00:14:01] Speaker B: I want to airbrush that on the side of a van.
[00:14:03] Speaker A: Diaper boy.
[00:14:04] Speaker B: People are gonna be like, there goes that weirdo again.
[00:14:07] Speaker A: At least they'll be able to see you coming, though. They'll be warned.
[00:14:09] Speaker C: So, uh, what if I got myself into.
[00:14:12] Speaker B: Mike, you knew what you signed up for.
[00:14:14] Speaker C: I did.
[00:14:14] Speaker A: We will give you the opportunity to evacuate at the break if you so choose. But if you choose to stay, then you're stuck here. So we'll have to see what. What else comes out of golden Jackal in the future, because that's a little scary. It's scary stuff. Speaking of scary stuff, talking about air gap systems, this kind of stuff is exactly why you. Air gap. Certain systems. American water was hit by a cyber attack, and the billing systems were also disrupted, which is never fun. American water is the largest publicly regulated water and wastewater utility in the US. So that's not super reassuring to know that the largest water utility has been hit by a cyber attack and their internal systems were affected in some way, shape, or form.
[00:14:52] Speaker B: So they're like a water utility company.
[00:14:55] Speaker C: Yeah. Water and wastewater.
[00:14:57] Speaker B: Yeah, wastewater. Okay. It is a largest one.
[00:15:00] Speaker A: It's a New Jersey based company. Tony Soprano did it. That's why wonder.
[00:15:03] Speaker B: They got a lot of work to do.
[00:15:04] Speaker A: Yeah.
[00:15:05] Speaker B: They gotta have a big operation. I kid the jersey. I'm just. Stereotypes are fun sometimes.
[00:15:10] Speaker A: They provide water services to 14 million people across 14 states and discovered unauthorized activity within its networks on October 3. So they just disclosed Monday of this week that this was happening. So a couple days after that. So that's. That's a little scary.
[00:15:24] Speaker B: Yeah. But.
[00:15:24] Speaker A: But this. This, I guess, is why I'd be curious to know if this was air gapped or. Or not. My guess would be no.
[00:15:31] Speaker B: Highly doubt.
[00:15:31] Speaker C: I'm gonna go with no.
[00:15:33] Speaker A: That would be my guess.
[00:15:34] Speaker B: I love. I'm gonna go with no.
[00:15:36] Speaker C: I mean, if you ever got on showdown and just started looking at the stuff that's out there, it could be.
[00:15:41] Speaker B: A little bit of a time consumer right now.
[00:15:42] Speaker C: Yeah, time consumer. And then it just makes you want to close your computer and throw it in the fire and walk and then.
[00:15:48] Speaker B: Go get on top of that hill up there. Yeah, I'll see you up there, guys. I guarantee you ain't gonna be long. Y'all gonna be right there next to me.
[00:15:56] Speaker A: Yep.
[00:15:56] Speaker B: Shooting at airplanes with a. 22 rifle, screaming at the sky.
[00:16:03] Speaker C: Well, if you weren't on a list before.
[00:16:07] Speaker A: I think. I think we're past that. Hope's lost on that front.
[00:16:13] Speaker B: That's what the Unabomber did.
[00:16:15] Speaker A: Yes, I'm fully aware. Yeah.
[00:16:16] Speaker B: I don't know if you knew. You gotta young, you might not be familiar with, like, him. No exploits.
[00:16:21] Speaker A: I'm familiar with his work. I think that's. That's something that if I didn't know at this point, like, you've referenced it so many times that if I hadn't put the pieces together, I'd be ashamed of.
[00:16:30] Speaker B: It was a side channel.
[00:16:31] Speaker A: It was.
Yeah, it's. It's. Yeah, I'm familiar with his work.
[00:16:35] Speaker B: Emanated enough about the unabomber.
[00:16:37] Speaker A: You did that. You know what was by osmosis.
[00:16:41] Speaker C: Yes, I disturbed by the monster that he talks about the unibody of this.
[00:16:46] Speaker A: Mike's, like, worried for his safety right now. So back to this, I guess. Most importantly, they did confirm for now that the attack did not impact the operation of its water or wastewater facilities. All that is functioning normally. The thing that they're worried about is specific systems that have to do with, like, billing and customer information. Customer data, which is still not. That's still not great. But I don't know if I had to pick between, like, maybe some of my data getting exposed and, like, not having access to water, you know, I don't know, I might.
[00:17:17] Speaker B: I might probably expediently go for the water thing.
[00:17:19] Speaker A: Oh, truly?
[00:17:20] Speaker B: Like, I want some water.
[00:17:22] Speaker A: I don't know.
[00:17:22] Speaker B: Seeing as I can live with my data being exposed, I can't live without water.
[00:17:25] Speaker A: Oh, I see what you mean. Yes, yes. Yeah.
[00:17:27] Speaker C: It sounds a lot like the colonial pipeline, you know, where like, the pipeline operations weren't impacted, but billing was, so.
[00:17:36] Speaker B: Which is why they executives were crying in the corner. They don't like not getting money. Why you would think that if that were the case, they would stop connecting things to the Internet.
[00:17:48] Speaker C: On the plus side, you know, we don't know this for sure, but I think we can make an assumption that there's some amount of network segregation there. That's why they only got to the billing system, so, like, there was slightly reassuring.
[00:18:00] Speaker A: That's true. That is true.
[00:18:02] Speaker B: Yeah.
[00:18:02] Speaker C: I mean, if they get my data at this point, who doesn't have it?
[00:18:05] Speaker B: I was going to say, like, at what point does the. Do we find a data breach equilibrium, where there's been so many data breaches that chances are you already have? Like, what's the purpose of continually data breaching? I get it. New people are born every day, and there's people coming in and people going out, so there's a cycling that goes on. But I mean, at some point there's a. I feel like there's a non zero possibility that there's at least a day that that could.
[00:18:35] Speaker C: There's just no more usable data.
[00:18:36] Speaker B: He's like, you don't need to breach anymore. You just go to the breaches that have already occurred.
[00:18:39] Speaker A: Yeah. Let somebody else do the work for you.
[00:18:41] Speaker B: Yeah, it's already been done.
[00:18:42] Speaker A: Just take from what's already at the top.
[00:18:44] Speaker B: All the hard work has been done by the hackers before us.
[00:18:47] Speaker A: Oh, that's a cheery thought. Thank you for that, Daniel.
[00:18:49] Speaker B: It's like the hacker Mustafa.
[00:18:51] Speaker A: Bright look.
[00:18:51] Speaker B: Hacker Simba.
[00:18:53] Speaker A: Hacker Mustafa.
[00:18:54] Speaker B: Yeah, right. Mufasa. That's it. Mufasa.
[00:18:57] Speaker A: You were so close. Mustafa's a different thing.
[00:18:58] Speaker B: I think I was thinking of Aladdin because he called him Mister doubting Mustafa.
[00:19:01] Speaker A: Ah, okay. Well, there you go. You were close then.
[00:19:04] Speaker C: I'll take your word for it.
[00:19:05] Speaker B: I have three little kids. I have seen all those movies. Many, many.
[00:19:11] Speaker A: I fully believe you well beyond just knowing that maybe there was some customer data that was impacted, there was not really a lot of information about which systems specifically were compromised or any specific details about the type of attack. So, be interesting to see if that comes up in a story in the future.
[00:19:27] Speaker B: See a deja news coming up?
[00:19:29] Speaker A: Well, yes, yes. Maybe in a future episode of Tech NATO. But for now, we've got another segment coming up that is. Oh, just one of my favorites.
[00:19:36] Speaker B: Oh, just one?
[00:19:37] Speaker A: This is.
No. Oh, that was awful.
[00:19:41] Speaker B: That was weak.
[00:19:42] Speaker A: That was awful. Can I try again? Okay.
[00:19:44] Speaker B: It's been a while.
[00:19:45] Speaker A: Don't. Man, that was rough. You know, it's a mountain air.
[00:19:48] Speaker B: It's too dry anyway. You're used to the. The saline of the ocean water.
[00:19:54] Speaker A: Okay, sure. Yes. Dough.
[00:19:57] Speaker B: The humidity. Dough.
[00:19:58] Speaker A: So, ignoring my poor impressionist abilities today, don't ignore Apple updates, patch critical security flaws. Thank you for the pity laugh. Thank you for the pity dad laugh. I appreciate it.
[00:20:09] Speaker B: It's funny. I'm laughing at Mike giving you the pity laugh.
[00:20:13] Speaker A: As long as I can make you smile. It's really all I'm asking for. Apple has released new updates for iOS and iPadOs. A couple security problems that I believe presented a privacy issue because there was a bug that allowed saved passwords to be spoken out loud with Apple's voiceover assistive technology.
[00:20:28] Speaker B: I don't see the problem.
[00:20:30] Speaker A: Well, yeah, because you don't use it also. Well, yeah. Okay, mister Android over there. I am an Apple user and an iPhone user, but I don't use voiceover assist. So I would not have known about this. But it is definitely a widely used feature.
[00:20:41] Speaker B: So you know what I thought was interesting about this is, well, okay, it's already patched, right? We're in patch land. Great.
[00:20:48] Speaker A: Sure.
[00:20:49] Speaker B: Awesome. Probably very like, specific circumstances that would allow for the password manager or the voiceover system to speak your password out loud.
But tell me which one of you, and be honest, would have thought you're an Apple developer, you're developing all these apps and doing stuff, that it would have been a problem either. As the security person thinking, will the voice assistant read these passwords out loud? That thought never crossed their mind. And the voice assistant people never thought, you know, we should make sure that that doesn't speak the passwords. It just never, I guarantee. Yeah, that's the, that's the sit down at Apple that happened. Like, who missed this? It's like, who did miss this? Who would have thought this?
[00:21:36] Speaker A: That makes me wonder if there is any kind of security measurement. What about things like Social Security numbers? I wonder if there is a measure in place to prevent this voiceover feature.
[00:21:43] Speaker B: From reading like a DLP thing.
[00:21:44] Speaker A: Like what do they consider sensitive enough that they won't allow the voice over?
[00:21:48] Speaker B: It would just depend on like the circumstance too.
[00:21:51] Speaker A: Yeah.
[00:21:52] Speaker B: Like in some circumstances is completely secure to speak your.
[00:21:55] Speaker A: Yeah. When you're alone in your house, your.
[00:21:56] Speaker B: Number, like, Sophia Social Security number is funny.
[00:22:01] Speaker A: Very funny. Very funny.
[00:22:02] Speaker B: Anyway. But yeah, like, how does it know that you're in a secure environment or non secure environment so just, just default to secure? It should. Yeah, right. It should. But it's still an easy thing, I think. And this is where vulnerability comes from, right? This is the, this is the vulnerability fairy has come to apple and went, yay. You get a vulnerability and you get a vulnerability. Look under your chair. Vulnerabilities for everybody. That's how it happens. You just don't, you don't think you're, you're trying to get a product done. Trying to make something cool, you're focused on the main parts of it and the little things kind of slip by. Mike, tell me I'm wrong.
[00:22:38] Speaker C: You're not wrong. You know, I saw, I don't remember the context, but I remember seeing a, a tweet here last week or two where someone was talking about some type of security, type of problem and was basically tweeting the, like the lead of the project gotcha type of thing. And the guy's like, we are in dev mode. I don't have time to think about that stuff. Like he's, he's busy writing. I'm too busy writing code, man.
[00:23:10] Speaker B: I can't think of security. Yeah, security, that's an afterthought. That's, that's bolt ons.
[00:23:16] Speaker A: Interesting. I guess I would never have thought to. I guess it's easy from an outsider's perspective to be like, why wouldn't this be fixed? And why wouldn't they do this? But you're right, that's, there's million other things that are going on to worry about.
[00:23:26] Speaker B: Island a dev shoes.
[00:23:27] Speaker A: I'd rather not. I'd rather not. I fully respect.
[00:23:30] Speaker B: Not a big Birkenstock fan.
[00:23:31] Speaker C: I'm glad doing what I do because, man, I've done development. There's. I'm a hacker.
[00:23:38] Speaker B: Yeah, yeah, yeah.
[00:23:39] Speaker A: I've heard, I've heard horror stories. So respect the developers. So as far as this issue goes, it has been resolved with improved validation processes. It doesn't look like, I mean, there were a handful of devices that were affected, but as far as phones go, was just the iPhone. Oh, iPhone xs. And later. Excuse me, I read that wrong. So every iPhone since the xs.
[00:24:00] Speaker B: No big deal.
[00:24:00] Speaker A: I missed those last two words there.
[00:24:03] Speaker B: An iPhone at all.
[00:24:04] Speaker A: No big deal. Unless you. Yeah, unless you own an iPhone. And then some of the iPads as well. A lot of the iPads are affected. So update to iOS 18, 0.1.
[00:24:14] Speaker B: There it is.
[00:24:15] Speaker A: To make sure that you're not vulnerable to this issue. If you are using, if you haven't.
[00:24:18] Speaker B: Upgraded 18 yet, now's the time.
[00:24:21] Speaker A: Yeah, yeah. If the rest of the features were not enough for you to upgrade, hopefully this is.
[00:24:25] Speaker C: Well, now that there's an 18th one, I might actually upgrade because I am not a dot zero.
[00:24:31] Speaker A: That's fair. Wait for them to work out the initial bugs.
[00:24:34] Speaker C: I don't like to be a beta tester.
[00:24:35] Speaker B: I hear you. I hear you.
[00:24:37] Speaker A: It's understandable.
[00:24:38] Speaker B: They love you to be a beta tester.
[00:24:40] Speaker C: They would. They would. They've been trying to get me to upgrade.
[00:24:43] Speaker B: Just get on board, Mike.
Stop being a holdout.
[00:24:46] Speaker A: If I had had access to the new, like, apple AI features that are supposed to be coming.
[00:24:50] Speaker B: Mm hmm.
[00:24:51] Speaker A: I don't know. I might have been tempted to, like, immediately download just that. I could try them, but I won't have access to them regardless because my phone apparently can't handle it. So I'm still a little salty about that crap. Yeah. My garbage phone that I got a whole year ago. Oh, my gosh. It's so old.
[00:25:03] Speaker B: I don't know how you don't just go put it in the shitter right now.
[00:25:05] Speaker A: Yeah, throw it off the balcony, like you were saying earlier.
[00:25:07] Speaker B: Yeah, do it.
[00:25:08] Speaker A: Just chuck it.
[00:25:09] Speaker B: Do it.
[00:25:10] Speaker C: See, there's a difference. I will not be doing any of the AI stuff. Yeah, I'm. I'm a Luddite when it comes to that.
[00:25:17] Speaker A: That's fair.
[00:25:17] Speaker C: Like, keep the AI out of my life.
[00:25:20] Speaker A: The more I read about it, the more I'm. I'm kind of glad that I won't have access to it. So the temptation won't even be there because some of it is. I'm reading a book about Clearview AI right now, and it's. It's freaky. So the more I read about AI, the more I don't like it.
[00:25:32] Speaker B: The more you're really turned off by.
[00:25:34] Speaker A: The more I become an AI denier, if you will.
[00:25:35] Speaker B: An AI denier?
[00:25:36] Speaker A: An AI deniere. Well, I think we can probably call for a break there, give Mike an opportunity to get out of the sun. We did not realize we would be in the direct.
[00:25:45] Speaker B: We're all going to be red roasting lobsters.
[00:25:47] Speaker A: I may. If I brought my hat with me, I may go put it on so I may come back with a hat on. You don't know.
[00:25:51] Speaker C: You won't even recognize me.
[00:25:53] Speaker A: You might not even recognize me. So we will go ahead and take a quick break, but we'll be right back with more here on Technato.
[00:26:03] Speaker B: There's a new CCNA in town, and.
[00:26:05] Speaker A: Here at ACI learning, we've got you.
[00:26:07] Speaker B: Covered with a brand new CCNA version.
[00:26:12] Speaker C: This course covers the theory that you.
[00:26:16] Speaker A: Need to succeed as well as the practical, hands on application of technologies. You're going to learn network fundamentals, network access technology, IP connectivity, IP services.
[00:26:32] Speaker B: Don't waste any more time.
[00:26:34] Speaker A: Get signed up for the new CCNA.
[00:26:37] Speaker C: Here at ACI learning.
[00:26:49] Speaker A: Welcome back. Thanks for sticking with us through that break once again here in Deadwood. If you are enjoying this episode we would love it if you left a comment. Let us know what you liked, what you want to see in the future. Leave a like and maybe subscribe to the channel if you haven't already, so you never miss an episode of Technato in the future. We're not always in Deadwood, but our studio back in Gainesville is pretty cool as well. So I highly recommend checking it out. I quite enjoy it. Uh, so we are going to keep on trudging through. We got maybe four or five more that we'll be able to go through today. So I'm looking forward to these. Uh, we're gonna get some interesting territory. This first one comes to us from Techcrunch. Us government considers historic breakups of Google an antitrust case. So the allegation is that, hey, Google's got a monopoly on search and search advertising, and that is a big no no. So they are going to attempt, the US justice department is going to attempt to force Google to sell off parts of its business and break up that. That monopoly.
[00:27:41] Speaker B: Too big. Google, too big. Damn you and your bigness. We're not going to have that anymore. It's not the first time this kind of thing is happening.
[00:27:50] Speaker A: This is the high tech analysis that we come here for.
[00:27:53] Speaker C: Absolutely.
[00:27:54] Speaker A: Too big. Get rid of your bigness.
[00:27:55] Speaker B: That's right.
[00:27:55] Speaker A: So it would definitely reshape a lot of things.
[00:27:58] Speaker B: So can you imagine Google not being the leviathan that it is now that I'm, like, trying.
[00:28:05] Speaker C: This is the first I've heard of it. I'm trying to wrap my head around this whole thing and it's kind of.
[00:28:12] Speaker A: Wow, brave new world.
[00:28:13] Speaker B: Yeah.
[00:28:14] Speaker A: I can't decide if. Because, I mean, you know me, I'm never one to be like, to advocate for a ton of intervention where it's not like I, you know, hey, go and do business and grow and whatever, but at the same time, I'm also not a huge fan of monopolies or, you know, it just so I don't know where I stand on this.
[00:28:33] Speaker B: So the problem comes in when they become anti competitive, they do not want competition.
[00:28:39] Speaker A: Right.
[00:28:40] Speaker B: So they undercut and they do things that keep their competition from getting ahead in the market or innovating. If they innovate, then they. Then they do it again. And then they take a. Now we're better. Oh, yeah, we saw what you did. They. They have such the ability to scale up and do whatever it is the heck you're doing, and then you just kind of go by. Because why would I go off of Google? If everything I do is on Google, that's true, right? Why would I take a chance on the little guy that's got some cool new idea? When Google came, you know, three to six months later, and they have the same thing and I'm already on Google, right? That's the problem. When they start creating anti competitive, or they start doing anti competitive things, and that's how you gain a monopoly, because nobody goes anywhere else. And that is the antithesis of what we like to call capitalism.
[00:29:31] Speaker A: I know there are some people that are like, for that reason, they're so anti Google, it's almost like they're tired of seeing it everywhere. So they're like, screw Google. I'm gonna use anything but Google. So they will only use, like, bing or duckduckgo or whatever. So are you like a Google denier?
I use Google, like, all the time. It's just the easiest, most accessible thing. I don't go out of my way to not use it.
[00:29:49] Speaker C: There are times I will consult other search engines just to get a second opinion.
I definitely do not use the AI search because, man, those results are. Those results are.
[00:30:03] Speaker B: You and Gemini are like that.
[00:30:05] Speaker C: They're so bad. They're so bad. You know what? I want to. What do you really want? I want sjeeves, man. Just give me ask.
[00:30:10] Speaker B: Bring it back. Bring it back. Altavista.
[00:30:12] Speaker C: That's all I need.
[00:30:13] Speaker A: I'm sorry.
[00:30:15] Speaker B: Altavista. These are old search engines.
[00:30:16] Speaker C: Very old search engines.
[00:30:17] Speaker A: Okay. I could not understand what you were saying.
[00:30:19] Speaker B: I was like, hostela Vista box.
[00:30:21] Speaker C: The beginning, you know, at, when we once got to the web kind of as we know it, some of the early search engines you had, Altavista, you had one called ask jeeves. Ask Jeeves, who was a little butler guy.
[00:30:34] Speaker B: He had like, a little draped over his butler outfit.
[00:30:37] Speaker A: Yeah. All right.
[00:30:38] Speaker C: You'd ask chiefs and he, he'd give you information.
[00:30:40] Speaker A: Yeah, you said it super fast. And I was like, what am I hearing right now?
[00:30:44] Speaker B: Even yahoo. Used to be like a huge search engine.
[00:30:46] Speaker A: Yeah, that. I'm. That one. I'm familiar, right?
[00:30:48] Speaker B: Like, they, they were big for a while, and then Google just came in and started wrecking everybody. They became, because they were, they were the best product. Like that. They started off. They were absolutely the best product.
I think where the government here is starting to get a little like, hey, now is because of the things they're doing to stay the best product. Okay? That's, that's the problem. So if you. And they have their hands in everything, they've grown to be such a large company with arms in every area of tech that it's like, this is the monopoly they've built and said, and we're not huge fans of monopolies, so let's not do that.
[00:31:33] Speaker A: Yeah, I would agree.
[00:31:34] Speaker B: And, you know, Google may even be like, cool, you know, we'll break up. We'll break the company up. You don't have to.
You say that, but it's happened.
[00:31:43] Speaker A: Well, no, maybe eventually, but for now they're.
[00:31:46] Speaker B: No, right now they're like, heck no.
[00:31:47] Speaker A: They're saying this is radical and sweeping and you are going to negatively affect american innovation. They're not happy right now.
[00:31:52] Speaker C: I was just thinking about, just last week, I was thinking about like the number of emails, like, number of accounts that are tied back to a Gmail account. It's like, man, I should really, I should really diversify. If something were to happen to Google, like, that could be a gigantic pain. And then here we are.
[00:32:14] Speaker B: Yeah, you want to, you want to decentralize, right? Because, right? If you got all your eggs in the Google basket and something happens to.
[00:32:22] Speaker C: Google, now I've got 900 email accounts and that's right, no one's got time for that.
[00:32:28] Speaker B: And then not only that, but like, I. They've long been known to be a little too heavy handed when it comes to. What's that you're doing there. I'm going to record it. I'm going to put it in.
[00:32:41] Speaker C: Data access and usage is absolutely not one of the points of this case. Absolutely not.
[00:32:46] Speaker A: It's definitely not on the screen.
[00:32:47] Speaker B: Definitely.
[00:32:48] Speaker A: Oh, wait a minute.
The Department of Justice has asked for remedies across four areas that they have deemed or issue areas, search distribution, data access and usage. So it's almost like Mike read their mind, extending search, monopoly and advertising practices. Those are the four areas that they said, hey, we need a solution here. So then maybe you're right. Maybe eventually Google will be like, yeah, whatever, it's fine.
[00:33:11] Speaker B: Well, it's going to probably become either just play ball under your own volition or we will get involved and make you play ball. So what's it going to be? And, you know, when the mafioso shows up with his baseball bat and says, you know, you got a nice search engine thing going on here, be a shame something bad would have happened to it.
[00:33:36] Speaker A: There were analysts at Bernstein that wrote, I guess, beast or blog post about this. And one of the things they said was the last thing Google needs right now in the broader AI battle is having to fight with one hand tied behind their backs by regulators. You know, I just. Maybe I'm wrong. I don't know a whole lot, but I feel like a lot of the issues that come up with, like, this AI stuff, there's this big rush to be like, oh, we got to have the newest thing relating to AI. I'm so sick of hearing about it. But it's like, that's how you. That's how you end up with, like, issues. Not. Not just, I mean, quality issues, but security issues, things like that. So, hey, you know what? Maybe we should tie a hand behind the back of Google and slow them down a little bit. Like, let's just calm down and slow down the process. I get it. We want to make progress. We want to innovate. But, like, they forget to tell you.
[00:34:21] Speaker B: Google has, like, nine more arms.
[00:34:23] Speaker A: Exactly.
[00:34:24] Speaker B: Yes.
[00:34:25] Speaker A: Google is a monster.
[00:34:26] Speaker B: So one arm behind their back. Oh, goodness me.
[00:34:30] Speaker A: I don't. I'm a little sour about that. Probably can't tell because I have such a sunny disposition right now.
[00:34:35] Speaker C: Just a little sour.
[00:34:36] Speaker A: Just a little sour. We'll maybe move on from that, because otherwise I'm gonna.
[00:34:40] Speaker B: She's about to go off.
[00:34:42] Speaker A: Yeah. This one I'm not as. I don't have as much.
[00:34:44] Speaker B: Sophia Jones.
[00:34:47] Speaker A: I don't have as much of a personal opinion on this one, but this one is interesting. Lua malware targeting student gamers via fake game cheats. And I. If you all are long time watchers of Technado, I feel like we've covered this before, but time just moves so quickly, and I only have so much space for things in my head. So maybe I'm remembering wrong, but if we've covered this before, please remind me, because this just sounds really familiar. There were. It's been targeting educational institutions and student gamers. This Lua malware, and it just sounds so familiar to me. I don't. Does this name sound familiar to you? Have you heard this come up in the news cycle before?
[00:35:19] Speaker C: It does sound familiar, but there's a lot of, you know, luas in a lot of things, and so maybe. Maybe that's why, like, it's just a new variation of.
[00:35:31] Speaker B: Was it NMAP?
[00:35:33] Speaker C: Yeah, I think NMap scripting engine is Lua.
[00:35:35] Speaker A: Maybe that's. Maybe that's something enough. I'm not sure.
[00:35:37] Speaker B: Well, and they make a lot of games in Lua, which is why they're targeting, apparently. And here's a fun fact. You know, I'm a. I like listening to things like Darkneck diaries and, you know, all these different hacker podcasts and stuff because it's fun to stay on top of things and just hear cool stories from the trenches.
And a lot of hackers started off gamers that decided to hack their games, figure out how to do that, and then get neck deep into game hacking. So I'm not really surprised to see that this is a avenue of attack. I'm surprised we don't see it more, to be honest with you. Right. And what's the best bait on earth is I'm gonna help you do something you ain't supposed to do. Right. You're already in that kind of like you're skirting the line between criminal and legal. You know, it's kind of sketchy. You might not be technically breaking the law yet, but I.
[00:36:35] Speaker A: But you're violating probably at least like a terms of service or something.
[00:36:37] Speaker B: Yeah. Right. And, and you're doing, you're getting away with like, like how is it that they. I cannot beat this person in this game? You're trolling people and so you're definitely moving into that realm.
So I can see someone going, I, I wonder, I wonder, did this start off with someone going sick of all these cheaters?
I'm gonna learn Lua and I want to make malware packages specific to them and hahaha.
[00:37:07] Speaker A: Teach them a lesson.
[00:37:09] Speaker B: I think that would be awesome.
[00:37:10] Speaker C: It's interesting, you said, you know, talking about the game, game cheats, you know, becoming coming hackers because there's still a lot of, a lot of things like EDR evasion, stuff like, you know, unhooking kernel modules and getting around those types of protections. A lot of the stuff we use is based on stuff that people straight out of that came straight out of the game hacking.
[00:37:34] Speaker B: That's crazy. Right? And it just goes to show you how while, yes, the end thing that you're doing is different, underneath the hood, it's programming, it's still the same thing. It's just what you're doing with it. So all the same types of vulnerabilities and dumb things we do when we make, when we write code.
You're not immune. Yeah, yeah.
[00:37:58] Speaker A: And the whole idea of like being like a vigilante, like you gotta give those, those cheaters, they're just desserts.
[00:38:03] Speaker B: It's the Batman of game hackers.
[00:38:06] Speaker A: He doesn't kill. No, he doesn't kill, he just crypto locks their stuff or whatever.
[00:38:10] Speaker B: Yeah.
[00:38:11] Speaker A: This particular malware though says disguised in the form of an installer or a zip archive, it disguised as game cheats or other gaming related tools. And when you download it, you get a zip archive with four components.
And upon execution, this long bit here that describes in detail what it does. This is my first time reading it.
[00:38:30] Speaker B: So bear with me.
[00:38:31] Speaker A: Bear with me. Sends detailed information about the infected machine. Ooh. Actions such as maintaining persistence or hiding processes, how to download and configure new payloads. So definitely. Oh, yeah. Command control server. So definitely.
[00:38:44] Speaker C: A lot of this sounds like malware.
[00:38:46] Speaker B: Yeah, it's the full gamut that keeps.
[00:38:50] Speaker C: Throwing me as it keeps talking about targeting student gamers.
[00:38:53] Speaker B: Like, like, why is it.
[00:38:55] Speaker C: Why students? What, what is the, what is the importance of students in this whole thing? Yeah, I'm.
[00:39:01] Speaker A: That's a good question.
[00:39:02] Speaker B: Specific student they're going after, they know the a hole. We. I got you. You know, headshot five, four, nine. Every time I play this game, you get me, and I'm coming for you. I don't care if I have to burn every other gamer to the ground to get to you.
[00:39:19] Speaker A: Headshot 549 is his name.
[00:39:21] Speaker C: Yeah, yeah, that's.
[00:39:23] Speaker A: That's probably the, that's the most innocent Xbox gamer tag that you will.
[00:39:26] Speaker B: Listen, we got a show to do. We got to have. We.
[00:39:29] Speaker A: That's true. No, that's true.
[00:39:30] Speaker C: As you can be hearing from headshot 549 later this week, he's like, I am innocent.
[00:39:35] Speaker B: We've slandered 549, the good name of.
[00:39:38] Speaker A: Headshot 549 it is. I would be curious to know why educational institutions, why students are being targeted so maybe more informational. There's, there wasn't. It kept saying, like, hey, be on the lookout, gamers and educational students, students or whatever. Like. But not any mention as to, as to why. So maybe, maybe whoever's behind this will write a manifest or something and explain us why they're so eager to target them. We will stick with the gaming theme here for just a little bit longer. We've, we've talked several times in the last several weeks about Nintendo and their. Their legal might that they love to flex. So there's.
Wow. There was a switch modder that we talked about recently. Alleged switch modder has taken on Nintendo without a lawyer. So they're just gonna. Yeah. Mono e. Several monos on Nintendo's team.
[00:40:25] Speaker B: So one hand. That's kind of brilliant, though, right?
[00:40:28] Speaker A: Brilliant to face them alone like that.
[00:40:29] Speaker B: And here's why. Because Nintendo has how much money? Just pay lawyers to keep you tied up forever in a day.
I'm not gonna pay lawyer at all. I'm just gonna show up and I'm gonna fight you one on one. It don't cost me nothing but a day off work.
And you're spending how much? Nintendo. So, yeah, let's fight. I'll go to every court proceeding you want to go to, and I'm going to file continuances, and I'm going to. So in one way, it might actually be a stroke of brilliance in this strategy.
[00:41:00] Speaker A: That's. Yeah, that's an interesting perspective. I. Yeah. Because most. I mean, like, this article talks about, usually if you are hit with some kind of a cease and desist by a company like Nintendo that has, you know, all this money to. To keep you busy forever.
[00:41:11] Speaker B: Yeah.
[00:41:11] Speaker A: You're either going to, okay, we'll give in or come to a settlement, or, yes, I'm guilty. I did it. I'm sorry. Whatever. Or, yeah, rather than hire a lawyer, because that's. That costs a lot of money. So this guy. This is the owner, alleged owner of modded hardware. Modded hardware.com. and I think we did talk about this one several months ago. Ryan Daley is his name, and he has decided to represent himself. So back in March, Nintendo said, hey, buddy, you are, you know, selling. I'm sure they didn't say buddy. I'm sure they used very official, formal terms.
[00:41:40] Speaker B: Good friends.
[00:41:40] Speaker A: They didn't say buddy in their formal seats.
[00:41:42] Speaker B: Dearest buddy, Terrence and Philip from Salesburg. Hey, buddy.
Buddy.
[00:41:50] Speaker A: He was allegedly was selling modded switch consoles, console modding services, and piracy enabling devices. Oh, I do remember this. The mixed switch card was talking about this.
[00:41:58] Speaker B: Yep.
[00:41:59] Speaker A: And at the time, he verbally and in signed writing agreed to refrain from selling these things. But after months of him continuing those sales and ignoring further contact from Nintendo, the company said, hey, okay, we're filing a lawsuit, and he's gonna. He's gonna fight it. So, honestly, like, I. I can appreciate the. The moxie that he's exhibiting here, the chutzpah. I don't think I would have the guts.
[00:42:21] Speaker B: Definitely.
[00:42:22] Speaker A: Yeah. I would be terrified.
[00:42:23] Speaker B: Some brass ones.
[00:42:25] Speaker C: I'm feeling like. Like, you know, just. This is not gonna work out well for him, but, you know, more power to him.
[00:42:31] Speaker B: What do you think about, like, game modding hardware mods and them saying, you can't do that. You can't mod the system. You don't actually own it?
[00:42:41] Speaker C: Yeah, that part. That part just rubs me the wrong way.
[00:42:44] Speaker B: Yeah.
[00:42:44] Speaker C: What. Whatever it is, whether it's the game hardware you have, you know, we hear about John Deere tractors. Right? Because they can't do anything with their.
[00:42:53] Speaker B: Tractors and half a million dollar tractor.
[00:42:55] Speaker C: I own this.
[00:42:56] Speaker B: No, you don't.
[00:42:57] Speaker C: I own this.
[00:42:58] Speaker B: And here's the thing, Mike, ownership is such a nasty word.
[00:43:02] Speaker C: I mean, I get it. If you were leasing it, that's one thing. But if you bought that tractor, you bought that switch to the tune of.
[00:43:08] Speaker B: $500,000 on the cheap side, right?
[00:43:11] Speaker C: You should be able to modify that thing, right?
[00:43:15] Speaker B: If I want to turn it into a potted plant, that should be my business.
[00:43:18] Speaker A: Yeah. I was curious as to whether he had, somebody had started like a Kickstarter Gofundme or something to back him up. Not yet, but it wouldn't surprise me if just purely because of the, of the guts that he apparently has to have to be like, yeah, I'm gonna take on Nintendo one on one, you know? Yeah, I would not be surprised if gamers come together and they're like, let's support him.
[00:43:38] Speaker B: Headshot 549 is like, I'm on your side.
[00:43:40] Speaker A: Maybe he is. Headshot five, four, nine. That's him. That's his secret idea. Allegedly.
[00:43:44] Speaker B: Allegedly.
[00:43:45] Speaker A: So it wouldn't surprise me if they start, you know, gamers rise up. We're gonna back him up on this one.
[00:43:51] Speaker B: This is the v for vendetta of gamers.
[00:43:53] Speaker A: You're gonna see Reddit, Reddit threads start to pop up. Support him here.
[00:43:56] Speaker B: People need to rewatch V for Vendetta.
[00:43:58] Speaker A: That was a great, it was a really good movie.
[00:44:00] Speaker C: I've seen that ages.
[00:44:01] Speaker A: Yeah, I really, full disclosure, I only watched it cuz I had Natalie Portman in it and I really like her. And then I came for Natalie Portman. Like I, that's why I watched, but I stayed for the plot.
That's why I initially wanted to watch it. And then I had me at the.
[00:44:15] Speaker B: Whole v speech at the beginning. Yeah, yeah. I was like, this is cool.
[00:44:18] Speaker A: I got as soon as I start.
[00:44:19] Speaker B: Ooh, this is interesting to this.
[00:44:21] Speaker A: So yeah, maybe this is the new, what is the name? Guy Fawkes.
[00:44:24] Speaker B: Guy Fox. It was the mask.
[00:44:25] Speaker A: The mask? Yeah.
[00:44:26] Speaker B: The mask is Guy Fox. Yeah.
[00:44:27] Speaker A: Maybe it's not.
[00:44:27] Speaker C: The mask is a different movie.
[00:44:29] Speaker B: Yes, the mask is a different movie.
Son of the mask. An even different movie.
[00:44:35] Speaker A: An even more different movie.
[00:44:36] Speaker B: Yes.
[00:44:36] Speaker A: Maybe Ryan Daley is the Guy Fawkes that we, that we needed.
[00:44:39] Speaker B: That we did.
[00:44:40] Speaker A: Yes. Guy Foxenhe. Well, getting into a little bit, this is, this is the interesting territory that I was talking about. And if there was ever an article that was going to get me fired up, it's probably going to be this one. Hacked AI girlfriend data shows prompts describing CSAM. And that to me is, I mean, just reading that headline, I'm already pissed that this is even a problem that we have to worry about. I mean, I know it's an issue that exists, but every time that it's brought to my attention, I get, like, pissed all over again.
[00:45:09] Speaker B: Yes. It makes me want to find them and have a, like, a bucket full of rocks with me. Yeah, I'll let your imagination go where it will, but. So you've got AI.
AI has become obviously, quite a large thing, and everybody's rushing to make it do whatever they can make it do. And we all knew eventually we were going down this road and very quickly found itself on this. This type of path. I get it, right? You got your thing. You want to do your thing, that's fine. But when we discover that you are using it for this type of activity, like, I feel like, I mean, you're monitoring everything else.
Why not this, right? Why not that? And then come down with a wrath of almighty God, you know what I'm talking about? Like, some real biblical type of punishments when it comes to the people that are engaging in this activity. And I get it. There's some weird gray matter because it's not real people, but you're.
Ah, man, I.
[00:46:17] Speaker A: It's a very slippery. Slippery.
[00:46:19] Speaker B: Exactly. It's exactly. You took the words right out of my mouth.
[00:46:21] Speaker A: It's the same with this, the, like, the AI generated imagery. It's like, okay, no, it's not a real kid, but that's not. What are you perpetuating by, like, allowing this to be generated?
[00:46:30] Speaker C: I think as far as the. The law goes, it doesn't matter if it's a real human good. It's. It's the context. But it. Thinking about this, like, the whole AI girlfriend thing, just like, well, I think, man, I am old because I read.
[00:46:43] Speaker B: An article last week that said Japan has not had a birth in three months.
The country of Japan.
[00:46:50] Speaker C: That can't be true.
[00:46:52] Speaker A: That's.
[00:46:52] Speaker B: So they're selling more adult diapers than children's diapers because they are. They are not reproducing because of the culture has shifted into a technological culture where men are not wanting to bother themselves with having to find a woman, court a woman.
It's easier to have a robot girlfriend, and that's that. And I hear that the same is true for China. They just. That's not something that's on the front page news that they are also having trouble. We have trouble in the United States. We. You need x amount of people to keep the system moving.
[00:47:32] Speaker A: Yeah.
[00:47:32] Speaker B: Right. And if you're not maintaining that level of. Of population, then things start breaking down. Things start going down. And if we continue to allow this to be the kind of thing that people do, it's just going to keep going on. And then I say, wipe us all out.
[00:47:52] Speaker A: Yeah.
[00:47:53] Speaker B: Mike's for the. He's like, asteroid 2020.
[00:47:55] Speaker C: I mean, have you seen this place? It's beautiful. And then, like. Yeah, and then we keep messing it up. So, you know what? Get rid of everyone. It'll be.
[00:48:03] Speaker B: It'll be good.
[00:48:04] Speaker C: No, it'll be there to enjoy it.
[00:48:05] Speaker B: But it'll be good, and no one will be there to enjoy it. The microbes will have reading about this.
[00:48:09] Speaker C: You know, this, uh, this article, though, reminds me the same thing about. There's these apps for clothing removal.
[00:48:17] Speaker A: Yeah.
[00:48:18] Speaker C: So, like, you can take. Yeah, so you can take a picture of someone. Like, the. The way they advertise it is you can take a picture of someone and then you can put them in any clothes you want. But one of the things a lot of the apps do is also put them in no clothes.
So that's becoming a problem with, like, teens.
[00:48:34] Speaker B: If this isn't the. The stone on that side of the scale that tells you, let's just ditch AI.
I don't know what is.
[00:48:44] Speaker A: You know, I am on that bus. I fully am in support of that. I think that, like, that's. That's kind of we're saying earlier, it's like, we're so eager to, like, new thing. New thing. Innovative. Innovation and. Yeah, I get it. And that's great. And don't. Wow. Walt Disney would be proud. You're innovating, but, like, at some point, you. You go so quickly that you don't stop to think about what you're doing and the implications are gonna have.
[00:49:06] Speaker C: What's that line from Jurassic Park?
[00:49:08] Speaker B: Doctor Ian Malcolm. You're Doctor Ian Malcolm today?
[00:49:10] Speaker A: Yeah, sure. Hey, I'll be Jeff Goldblum any day. All right.
[00:49:12] Speaker B: That's laughing on a lunchbox.
[00:49:14] Speaker A: That is completely. Okay.
So this in particular, this condors, this article, we probably can't show some of what's in it because it does just describe some of the scenarios. But it did stem from a website that allowed you to create uncensored adult scenarios. Right. And of course, like anything else, people are going to find a way to. When you. When you have something like that, it's. It's only matter.
[00:49:36] Speaker B: It's gonna be abused before it.
[00:49:38] Speaker A: Yeah. So it just. It's the two things that. Two of the things that piss me off most in the world.
[00:49:43] Speaker B: I. I think that the speed in which AI is increasing and the speed in which we are incorporating it, that's the danger part of it. I'm not against innovation. I'm not even sure, honestly, in theory per se.
[00:49:58] Speaker A: Right. It's a tool.
[00:49:59] Speaker B: Right. What we need to do is go, this is something unlike what we've ever seen before, and this is analogous to the invention of the atom bomb, something that could be so destructive that we need to really slow our roll on allowing it out into the world.
Right. Let's figure out good ways in which it can be used in the right here and now. And then we'll put really good private sector government sectors to figure out how it's going to be used in the future. And then we met that out at a paced rate.
[00:50:36] Speaker A: It's scary. It's a scary. I can hear the trumpets. I just am waiting.
I'm just waiting. I'm just waiting.
That's. That one was a little. A little heavy. It was moving into this next one, though. I think this is gonna be our last one today. If you're a tick tock user, no shame. Me too. Okay. And I got. I actually got somebody in the comments hated on me for it a little while ago. They were like, how are you gonna be working at this company and be on TikTok? Dude, I don't want to tell you, man. You're right. I don't know what to tell you, but I am a tick tock user. Tick tock is currently being sued by multiple us states. And the reasoning is that people are alleging this app is advertising itself as safe for children when it is not safe for children. When I first saw this, I thought, oh, sure, it's unsafe for children in the same way that Roblox is unsafe for children and that you're going to have predators and stuff that are going to infiltrate any space that's meant to be for kids, teens, whatever. But the allegation here is that TikTok is unsafe for children's mental health. And I don't disagree, but I am curious to know how far this is going to go. And can you actually sue a chinese government? Well, yeah, I mean, call.
[00:51:37] Speaker C: Sue any company.
[00:51:38] Speaker B: I mean, you can sue a ham sandwich if you want.
[00:51:40] Speaker C: It's the same thing as Instagram, right?
[00:51:42] Speaker B: Like, so you nailed it.
[00:51:44] Speaker C: People posting these pictures of themselves on Instagram and then. And then editing them to, you know, look perfect, whatever. And then everyone else is looking at that, right?
[00:51:54] Speaker B: It says, I need.
[00:51:55] Speaker C: I need to not eat because I want to look like that. You know, I think the.
[00:52:00] Speaker B: The underlying argument that they're trying to make is that the algorithm that they are using is meant to be addictive.
[00:52:08] Speaker C: I mean, the same algorithm that any.
[00:52:11] Speaker B: Social media and that they are a nation state, that we are unfriendly.
[00:52:14] Speaker C: Well, now you're getting the truth, right? Now you gotta get the truth. If tick tock was owned by some, you know, us billionaire. Oh, yeah, none of this would be an issue.
[00:52:23] Speaker B: It would be good, because we have our own versions of tick tock. They're called Instagram and Facebook and X and all the other things that we do.
[00:52:32] Speaker C: The algorithm is just doing what it's supposed to do. I was thinking about that the other day. I love threads. It's great. I post pictures on there, and then other photographers comment on it, and I comment on theirs, and people are like, hey, here's today's photo challenge. Post a photo of whatever, and then you're posting that. I was like, man, I am totally. I am totally in on this.
[00:52:53] Speaker B: Will become accessible.
[00:52:54] Speaker C: Oh, even.
[00:52:55] Speaker B: It's but a matter of time.
[00:52:56] Speaker C: Well, it will.
[00:52:57] Speaker B: Yeah, right. It's like a politician that's green and goes to. Goes to Washington. Even if they are sincere in their beliefs, give them time.
[00:53:06] Speaker C: I mean, anyone sincere in their beliefs.
[00:53:08] Speaker B: By the time they get somebody, somebody said, it doesn't matter who you send us, we will corrupt them.
I forget who it was. There was a. It was a politician said, it doesn't matter who you vote in and send to hotel, to DC, we'll corrupt them.
[00:53:21] Speaker C: Man, how did we. We sure took a left turn on this.
[00:53:25] Speaker A: Ironically, it is a DC attorney that is leveraging this case and saying that TikTok needs to be held accountable for harming DC children mentally. He calls it digital nicotine.
[00:53:34] Speaker B: I'd be really interested in seeing the evidence that's presented in these cases.
[00:53:39] Speaker A: Like, how do you prove it?
[00:53:40] Speaker B: Yeah, well, not even that it's being proved or not just that.
What. What data have they collected on this that points to a smoking gun? One way or another, you know, that's what. I'd be really just interested in the data from a purely objective standpoint.
[00:53:58] Speaker A: Yeah, well, there's. Tick tock is saying, we've already tried to take steps to make this safer, children. We've launched screen time limits that are turned on by users under 16 and has been trying to work with attorneys general over the past couple of years on this.
And they're saying concerns outlined in the newly filed lawsuits are industry wide challengers, like you guys were saying, rather than a tick tock specific issue. And I don't disagree with that.
[00:54:21] Speaker B: I don't disagree with that either. The fact that they're an unfriendly nation state that we're constantly being targeted by.
[00:54:28] Speaker A: Doesn'T really help their case digitally.
[00:54:29] Speaker B: Yeah, it's like, yeah, why are we allowing this?
[00:54:34] Speaker A: Like, previously, they were sued because for allegedly collecting data on children unlawfully. So that was in a tick tock specifically, was sued a couple months ago. So this is not their first rodeo.
[00:54:45] Speaker B: It feels like what the game plan is just, we'll just go full bore, and when someone complains, we'll pull it back a little bit, and until they complain again, we'll keep doing it that way. And then when they complain, we'll pull back a little bit.
[00:54:58] Speaker A: Yeah.
[00:54:58] Speaker B: Would do just enough to obey their. Their complaints. Like, oh, yeah, no, we're instituting all these limits on 16 year olds and blah, blah, blah, blah, blah. Like, I remember reading an article about how the algorithm for tick tock in America is completely different than the algorithm. They don't call it tick tock in China, but it's the same company. They make this. It's the same product. And the algorithm there promotes science and math and aerospace, and here it promotes people doing dances.
[00:55:32] Speaker C: Yeah.
[00:55:32] Speaker B: And, like, drinking, you know, a whole bottle of mailox or whatever. You know, I'm making stuff up that dumb, right? Stupid things. For the purposes of a uninformed, unintelligent society is easy to overthrow.
[00:55:49] Speaker C: It's interesting here. I did not realize this. It says the app is estimated to have 170 million us users, and that's. They believe that to include over half of Americans age was saying 13 to 17.
Over half of the population ages 13 to 17 are tick tock users. Like, I knew it was big, but, yeah, that's insane.
[00:56:11] Speaker B: Got to get those dances in, I guess.
[00:56:14] Speaker C: Man, I've tried. Like, I've seen tick tock, and I think, man, I know I'm old when I look at TikTok because I don't understand.
[00:56:22] Speaker B: I like that your generation is calling it brain rot content.
[00:56:24] Speaker A: Yeah. It's literally what it is.
[00:56:26] Speaker B: I think that is such an apt description of the. Of the vast majority of content that goes on this.
[00:56:32] Speaker A: At least we're honest about it. Yeah. We're fully aware of what we're doing to ourselves. So, yeah, I will be curious to see how this case moves forward and be very interesting. What kind of events comes forward. That. That does it for our articles today, given that we are in Deadwood. And of course, we're here for Wild west hacking Fest 2024, if you didn't know. It's going on today, Wednesday, as we're filming this through this Friday. And Mike, if I remember correctly, you are actually going to be doing some talks.
[00:56:56] Speaker C: I am.
[00:56:57] Speaker A: Maybe we could have a, you know, little sneak peek as to what you're going to be. I mean, you don't have to, like, go into the content. I don't want to spoil it, but like, what are you going to be talking about?
[00:57:04] Speaker C: Yeah, so I've got a main stage talk, an hour talk, and I did a blog series that came out this summer, a 14 part blog series that was on different shellcode obfuscation techniques, so different ways to hide your shellcode in your loaders so that you don't get detected. And it looked at different means and how effective they were and some were more and some weren't and so on and so forth.
And the talk is kind of based on that series. And then I'm doing two tools, toolshed talks, which are 15 minutes talks, talking just about a specific tool that you've written. So I'm doing a talk on a tool I wrote called Jargon, which is a shellcode obfuscation technique, and jigsaw, which is another shellcode obfuscation technique. So got, I think, two talks on Friday and one talk tomorrow.
[00:57:54] Speaker A: Wow.
[00:57:54] Speaker B: Well, at least you're not busy.
[00:57:55] Speaker C: No, present Mike is not happy with past Mike's decision skills.
[00:58:04] Speaker A: Well, I'm glad we grabbed you today for the show because it sounds like you're going to be quite occupied the next couple of days.
[00:58:09] Speaker C: Happy to be here.
[00:58:10] Speaker A: Before we sign off, since we are here for. Wow. Hack invest, I'm curious, what are you looking forward to most? Daniel, we'll start with you.
[00:58:17] Speaker B: My favorite thing to do here is being able to, like, meet up with guys like Mike. All my friends that typically were texts, emails, LinkedIn and that kind of stuff. I actually get to hang out with my friends and we talk and we have a good time and maybe get to sit a good talk or two. I'll probably be in Mike's talks because those always go really well and I enjoy that kind of stuff. So, yeah, I'm. And just being here in Deadwood because it's just, it's a nice break from being in Florida.
[00:58:47] Speaker A: No kidding, right?
[00:58:48] Speaker B: Where Florida has some beautiful pieces to it. Don't get me wrong, but the mountains, they call to me.
[00:58:54] Speaker A: Yeah.
[00:58:55] Speaker B: In my soul.
[00:58:56] Speaker A: It's also nice to not be in the path of a hurricane.
[00:58:58] Speaker B: There is that.
[00:58:59] Speaker A: There is that. That is a plus. Besides your talks, Mike, anything you're looking forward to in specific?
[00:59:04] Speaker C: You know, it's a lot of what Daniel said.
I come here and I get to see people and have conversations with them that I. That I don't get to see. I get to meet a lot of new, new people, which is great. But I also get to see a lot of my tribe that this might be the only time of year I get to see them, you know? And so I get to chat with you a bit. I see you on LinkedIn. Like, I like your post, you know, like, post and make a comment, but that. That doesn't sum it up, you know, like, that. That does not the same. Do it justice. It's not the same. So getting to actually see people and get those few, you know, wander off in a corner and having a couple of meaningful conversations, and one of the things that I really love about this con versus some of the other cons, it kind of has that Derby con vibe, which is check your ego at the door.
[00:59:52] Speaker B: Yeah. Because there's a bunch of smart people here.
[00:59:54] Speaker C: There's a lot of smart people here, and if you're a smart person, you're very welcome here. But if you're a smart person who thinks they're the smartest person in the room and treats other people accordingly, you're not welcome here. Which is one of the things that I love about being here, because it doesn't matter who you are, if you're an intro person or someone, the most experienced person in the industry, they're accessible, and you can have great conversations with people without a lot of ego and pretense. So that's one of the things I really like about coming here versus I've been to a lot of great cons, but I haven't been to many that have this vibe. So that's one thing that keeps me coming back.
[01:00:35] Speaker B: You know, what can be really cool about that as well.
I really agree with a lot of what you're saying is, like, if you're new, you think, oh, I'm going to be around all these people and their day to day job is red teaming or pen testing or GRC or whatever the case is, and they're up here and I'm down here. A lot of inspiration can come from having those conversations where somebody, you know, got the gumption to come up and say, hey, I follow your work. I really like what you do. And you start a conversation, and then that person goes, huh? Through that. Through that conversation, I got an idea. You made me think about something.
I could make this easier. We can make this better. We could. So I. A lot of times, I walk away from this con with a lot of inspiration and ideas for my next year. What I want to do, how I want to do it, what I want to learn, where I need to go. You get your finger on the pulse of what people are doing, and so if you want to do that, it's a great way to go. Oh, this is how I should start emulating. I should emulate this. I should start learning about that thing. Remember the first time I came to wild west hacking fest? I was fairly new to cybersecurity at the time. I didn't know if we kept talking about Mimi cats. What the heck is.
Are they saying Mimi cats?
[01:01:56] Speaker C: Meme. Cats.
[01:01:57] Speaker B: Me. What are we doing? Is an iron cat? I don't know. There a rainbow coming out of his butt? He flies across the screen. No, it's a tool. So I write these things down. All right. And you start to build this knowledge. So it's really great for the net. And, of course, nobody here has that ego. They want to help you. They want to go, oh, you never heard of mimicats? It's so awesome. You never heard of evil jinx? It's so awesome.
[01:02:18] Speaker A: Yeah.
[01:02:19] Speaker B: Come with your questions. Ask people, have conversations. This is the biggest benefit. And then you might make a friend. Mike and I, it's how we met.
[01:02:28] Speaker C: Yep.
[01:02:28] Speaker B: I set Mike's talk. I said, this guy's doing some cool stuff. I want to talk to him about it. I say, hey, loved your talk. Next thing you know, he's coming out to studio. We're doing. We're filming a series. We're like, then we're talking cameras, and we're talking fishing, and we're right friends out of it. It's so cool.
[01:02:47] Speaker A: Yeah.
[01:02:48] Speaker B: Go to a con, find a b sides. But if you can come to Wild west hacking fest, you should absolutely do it, because it's kind of like the best of all those worlds all rolled into one, you know?
[01:02:57] Speaker C: One. One thing I wanted to say was, like, if you're new, you know, a lot of times you're new, you don't have a lot of experience to come here, and you're looking up like, oh, that person's so smart. And they know all those things. But one thing I always want new people to know is like, like, you have experience and a point of view that I don't have.
[01:03:18] Speaker B: Right.
[01:03:18] Speaker C: So, like, I've talked to people like, oh, I'm just a sysadmin or, you know, I just did whatever and. And, you know, like, you know, blah. You know, I'm really good with spreadsheets, so I do. This thing was like, tell me more like that. I have to work with spreadsheets more than I want to for them.
[01:03:34] Speaker A: It's just, you know, everyday stuff for you. Hey, hang on. Like, let me hear about that.
[01:03:38] Speaker C: Everyone has something that they can share here, and that's a great about check your ego at the door with this con is that, like, even really experienced people can learn things from these people that are new if we give them a platform to share that information. So if you're new here, you know, it might be uncomfortable if you're a shy type of person, but, you know, stick your hand out, introduce yourself, and have some conversations because, man, you can't get this kind of experience in a lot of places.
[01:04:11] Speaker B: The ticket price will be well worth it. Yeah, absolutely.
[01:04:14] Speaker A: It's a great community. It's super fun to come. This is my second year and I'm very excited for the upcoming days, so we're gonna go ahead and call it there. If you are here at Wildlife hack and fest, chances are you're probably not watching this because you're gonna talk or something. But if you are here, we'd love it if you came and found us. I'm here, of course. Mike Daniel, our director Christian is here. Ronnie Wong is here with us. So we would love to come and said hello. That said, thank you so much for joining us for this special edition of Deadwood Technado. Thank you, Mike, for joining us, and we'll see you all next time.