Episode Transcript
[00:00:04] Speaker A: You're listening to Technado.
Welcome, and thanks for joining us for another episode of Technado. Just a reminder, before we get started, the sponsor of Technado is ACI learning the folks behind it pro. That's what we do in our day job. So if you want to check out that course library, see more of Daniel and I doing our thing, you can use that code, Technato 30, for a discount on your it pro membership, and I would highly recommend it. We're working our way through some pretty interesting, interesting stuff right now. I'm getting to learn a lot about virtualization, or, as I call it, vulturalization. And so I would recommend that joke.
[00:00:33] Speaker B: Will make more sense.
[00:00:34] Speaker A: It will.
[00:00:34] Speaker B: In a little bit.
[00:00:35] Speaker A: In a little bit. In a little bit. Yeah. I just sometimes have trouble speaking, you know, the english language.
[00:00:38] Speaker B: Talking is difficult.
[00:00:39] Speaker A: It's difficult sometimes. Yeah. Daniel, how was your week this week? I know you mentioned a few weeks ago you had to, like, lay some sod and stuff, and that was not fun for you. Do you have a more relaxing weekend this week?
[00:00:48] Speaker B: Oh, last night, I was telling you earlier last night, I got to rebuild my Plex server.
[00:00:52] Speaker A: Right.
[00:00:52] Speaker B: Super fun. Super, super fun. Yeah. Because I'm like, yeah, let me throw on a little bit of a. I got a couple of tv shows I'm watching right now. I'm like, this is not playing. So, I logged into the server, and I'm like, okay, the service is running. Everything seems to be working all right. A little reboot, right? That's where the magic is. Reboots still doesn't work. Interesting. So, ultimately, it was just like, well, it looks like we're. We're gonna throw a fresh os on this thing and. And then rebuild everything with more modern technology.
[00:01:22] Speaker A: Right? We have the technology.
[00:01:24] Speaker B: We do. And I used it well.
[00:01:25] Speaker A: It's good. I'm glad you got it working again.
[00:01:27] Speaker B: It's live and working again.
[00:01:28] Speaker A: I'm still. I look to you sometimes for guidance on that stuff because I'm still working on trying to add stuff to my own personal plex library, and I'm learning the most efficient way to do it.
[00:01:37] Speaker B: You're using a plex cloud account, though, right? You're not using, like, a server?
[00:01:41] Speaker A: Yeah. Well, so I have, like, an external hard drive that I'm like, all the movies that I've been ripping are living there, and it's just for my own personal use. I'm not. You know, I'm not doing anything wrong.
[00:01:50] Speaker B: I don't think, technically you're doing something wrong. By breaking the encryption on the DVD's?
[00:01:55] Speaker A: Yes, but. Well, there's. You can't prove that I'm doing that.
[00:01:57] Speaker B: There's no proof other than you just admitted to it.
[00:01:59] Speaker A: I did not. I said no such thing. All the DVD's I'm ripping are home movies. And you can't prove otherwise. They are talent shows from when I was a child. That's right. But yeah, so I just have like an external hard drive and then like an old pc that I was not using. And it just is chilling in my house. Sounds like I might as well just use this.
[00:02:14] Speaker B: Okay, so you do have the plex media server running. Okay, cool.
[00:02:16] Speaker A: So that I can experiment with it. I paid for like the monthly pass, like $5. See what I could do with it. So we'll see if I want to. I know this isn't the point of the show.
[00:02:25] Speaker B: We can get a rabbit hole on this.
[00:02:27] Speaker A: It's technology, but it's not really the focus. We don't have like an article on that today that we're going to talk about. But yeah, so we definitely have some good stuff to get into this week. Some things, you know, updates on like the whole at and t situation. We got some python stuff that we'll get to later in the episode. But I feel like we should probably start with something that's maybe a bit more pressing. We got some news in the world of Linux here. This is part of our rapid fire segment. So we're going to just spend a couple minutes on each of these, give our opinions which may or may not be warranted, and then we'll move on. This one comes to us from the hacker news. A secret backdoor was apparently found in the XZ utils library, impacting major Linux distros. And we did talk to dawn about this a little bit. And it seems like maybe not all is as it seems.
[00:03:06] Speaker B: Well, it was poised to be a very not good thing that affected or would have affected just about everyone that was running Linux.
[00:03:16] Speaker A: CVSS.
[00:03:16] Speaker B: Score of 1010, a big 10. So that is bad supply chain attack. So this library that gets used by a lot of different tools inside of Linux got hacked. The people that produced that library, they got hacked. And someone introduced malicious code into that library.
And it was going to allow them to, if I was reading correctly, under the correct circumstances, they would be able to basically break the SSH encryption and run, run, run whatever command they felt like running and giving themselves access to your machine. And this is what gives this a full 10 stars there for the season go wrong? Yeah, no, no, no. But to your point, Don was saying, you know, don's not here anymore, but he's still here. He's still here. That's right. We didn't never forget, like it's a.
[00:04:14] Speaker A: Memorial historical event, just never forget Don Penn.
[00:04:18] Speaker B: Never forget. That's right. This close to our moment of silence. That's right. Pour one out for the homie.
But no, he was talking about how he, he saw this was really not as bad as many articles were making it off to be. Now that said, I did see that Kylie Lennox posted an advisory saying you need to update because they were using the backdoor version of that library. I think Red Hat also kind of came out saying eh, probably, you probably want to do this. So again, under the right circumstances this would absolutely affect you. But for a lot of other Linux distributions this was, this was not a big deal. You were not going to be affected just because they were not using the specific version. And really the mitigation for right now is did they come out with a patch? I didn't read whether or not they have a patch for it or they fixed it. I know they closed down the GitHub.
[00:05:08] Speaker A: Repo so they, they recommended, and there may be something more recent on this because what I'm pulling from was updated only a couple of days ago. But um, it, it only affected certain, uh, certain, like it didn't affect Alpine Linux, Amazon Linux. Debbie, there was a whole bunch that distros, that it didn't affect. So it was only present in Fedora 41 and fedora Rawhide.
[00:05:31] Speaker B: Yeah.
[00:05:31] Speaker A: But out of an abundance of caution they've been recommended to downgrade to the last build before this one which had.
[00:05:37] Speaker B: No malicious code in it.
[00:05:38] Speaker A: But I don't know if they ever came out with another off to look and see if there was another like hey, by the way, you know, if you downgrade it or if you were dealing with this, we have a fix for it. But for now the, the fix it seemed like was to just go back up.
[00:05:50] Speaker B: Yeah. Oh no, this was bad because you don't want people being able to just access your machines remotely or the fun of it or the profit of it, whatever the case may be. Yeah, this is why this kind of made its rounds. It does seem to be a bit sensationalized. No, not all the way. There is some actual risk to this, obviously, because you, it does have a cvss of ten and there were affected distributions that were popular, that are popular. So if you are running those things, hopefully you've heard about this already. This. This has kind of been going on for the last few days, maybe. Last. When did this article come out?
[00:06:27] Speaker A: Uh, so that was the 30th, 30th. So it was a couple, three days ago.
[00:06:32] Speaker B: Yeah.
[00:06:32] Speaker A: But I. They. The hacker News had another article from the second, so earlier this week. Um, doesn't look like there was any, any fix that they talked about.
[00:06:43] Speaker B: I know there's some tools, there's a link in this article, the original hacker article news that we're referencing right now. If you look down in there, there is a section that says the end goal of the malicious backdoor introduced by CVE 2024 3094 is to inject code in the open SSH server that runs on the victim machine and allow specific remote attackers that own a specific private key. So it's not like just anybody and their brother could use this. It was, this was built for specific attackers, and then they could send arbitrary payloads through SSH, which will be executed before authentication step, before the authentication step, effectively hijacking the entire victim machine. JFrog said little link right there that says said. If you click on that, that will take you to a very detailed deep dive into this. So you need to know a lot more information, like how do I detect for this? And you can see there, here's all the major sections of this. Who is affected, how to detect, how to remediate JFrog OSS tools for detection, technical analysis of the attack itself, and of course, there's more about JFrog platform and so on and so forth. But this is a really good article for if you need those technical bits to keep yourself out of trouble.
[00:07:52] Speaker A: And it's always nice to be able to go in and look at a more detailed version. If this is something that affects you, so would recommend that. I know you said it, you know, sometimes seems like it might be sensationalized, but not totally. I feel like that's. Most articles, there's a little bit of. Well, that's not entirely true. But, you know, you gotta get people to take a look at your article, and a lot of times there's truth to it. So we're gonna move on to this next one. This one's gonna be fun. This is part of one of Daniel's favorite segments, pork chop sandwiches. Pork chop sandwiches.
[00:08:19] Speaker B: Pork chop sandwiches. You've never watched the entirety of this pork chop sandwiches thing. You absolutely need to.
[00:08:25] Speaker A: No, I just love the way he says pork chop sandwiches. I just love the way he says.
[00:08:28] Speaker B: Well, I mean, it's highly improper. Don't watch it. Around your kids, but.
[00:08:31] Speaker A: Oh, well, I'm glad you said something.
[00:08:32] Speaker B: Yeah, she was about to.
[00:08:33] Speaker A: My young children, she likes to go to, like, daycares. Yeah.
Take a look.
Well, the reason we have this segment is because it's for stuff that's just like, what the heck is going on, right? So this one says, retail chain hot topic has been hit by a new credential stuffing attack. And this is not hot topics first rodeo. I think they were hit by five separate. Five other waves of credential attacks last year in the first half of the year. So not, not the first time this has happened. But, uh, I'm just. It's interesting because it's like stealing people's rewards, like, breaching their rewards accounts. I didn't think many people cared about hot topics.
[00:09:10] Speaker B: Rewards, dude, hot topics. A hot topic, bro.
You know, I remember when hot topic came out, and it was where all the goth kids went to, you know, buy their. My chemical romance t shirts and that kind of stuff. But apparently now it's like Taylor Swift and Ariana Grande.
[00:09:24] Speaker A: And, like, they still, they still have the stuff that originally, you know, like, you can find a corn t shirt if you look hard enough, but a lot of it is, like, the weeknd, Ariana Grande, Lana del Rey, like, up on the t shirt wall, and then they've got SpongeBob shirts. Nothing wrong with those things. That's great. It just, it's not really. It wasn't. Hot Topics initial target audience. I wonder if goth culture has just kind of.
[00:09:43] Speaker B: They're pissed. That's what's going on, right? Some goth kid was like, I couldn't find my corn teacher quickly enough.
[00:09:49] Speaker A: Do they talk like that?
[00:09:50] Speaker B: I mean, in my mind, they do.
[00:09:52] Speaker A: Goth kids are, like, secretly nervous.
[00:09:53] Speaker B: What was the, what was the thing we looked up that one time? The cyber. The cyberpunk.
[00:09:58] Speaker A: Cyber goth.
[00:09:58] Speaker B: Cyber goth. Yeah.
[00:09:59] Speaker A: And they do a little bit of dancing.
[00:10:00] Speaker B: Christian, if you can find the cyberpunk goth, the videos. Video, that. That shit is hysterical.
[00:10:05] Speaker A: It is an interesting.
[00:10:07] Speaker B: These were the hot topic.
[00:10:09] Speaker A: These were the kids. Yeah.
[00:10:10] Speaker B: The key demographic, hot topic.
[00:10:12] Speaker A: Big old Doc Martin boots and the dark makeup and hair and, hey, they look great. They're doing a great job.
[00:10:17] Speaker B: Baggy pants and. Oh, here we go. Here we go.
[00:10:19] Speaker A: Oh, boy. Yeah, there you go.
[00:10:21] Speaker B: This is what's up. This was the hot topic.
[00:10:23] Speaker A: If you're, if you're listening and not watching, it's about what you would expect. I encourage you to come over to YouTube and take a look. But it's about probably what you're thinking, just picture a hot topic, and that's, that's what you're getting.
[00:10:33] Speaker B: So they got hit with credential stuffing.
[00:10:34] Speaker A: They did, yes.
[00:10:35] Speaker B: I couldn't, I didn't see how this was a new credential stuffing attack.
[00:10:40] Speaker A: Right. Because they've been hit with waves like this before.
[00:10:42] Speaker B: So, I mean, when you say new credential stuffing attack, my mind thinks this is a new way to do credential stuffing that's never seen before.
[00:10:50] Speaker A: Yeah, that's a good point. And I don't.
[00:10:52] Speaker B: But in what way is it new? You have credentials. You stuff them, you attack. It's simple. Like, I didn't see anything in the article, or maybe I just missed it. It's totally possible.
[00:11:00] Speaker A: No, I think you're right. I think it was just a, the way that this article was describing it was saying, it is new for hot topic, like credential stuffing attacks before. But this is a separate thing.
[00:11:09] Speaker B: Clickbait.
[00:11:10] Speaker A: No, I mean, hey, I mean, I'm not gonna say you're wrong.
[00:11:13] Speaker B: Listen, don't make me start credential stuffing, you bleeping computer.
[00:11:16] Speaker A: And to hot topics credit, they did. They did come out and they sent notification letters to people they think might have been affected. Hey, just so you know, unauthorized parties launched these automated attacks, but we are not able to determine which, if any, accounts were accessed by unauthorized third parties as opposed to legitimate customer laws.
[00:11:30] Speaker B: It was like a weird rewards program that they broke into.
[00:11:33] Speaker A: You can get, like, hot topics bucks or whatever. And so when you, they're on your account. Right. If you spend a certain amount of money, you get rewards.
[00:11:39] Speaker B: How do you have 270,000 hot topic bucks?
[00:11:41] Speaker A: Yeah.
[00:11:41] Speaker B: Oh, uh, no reason. Just, just, just ring that corn shirt up.
[00:11:47] Speaker A: 17 of them. Thank you very much. Yeah.
[00:11:49] Speaker B: No longer have to wait and search through the swath of Taylor Swift.
[00:11:54] Speaker A: Yeah, I mean, what a t shirt. A t shirt is like 35 my chemical romance. Yeah. Yeah. They do have the good pop figurines at hot topics. I find they've got a pretty good selection of toys and backpacks and such, which isn't what you think of when you think of hot topic, but, yeah, this is not their first rodeo, not the first time this has happened. But they are currently working on it. They work. Their are working with external cybersecurity way experts. They're gonna require customers who relieve the.
[00:12:14] Speaker B: Breach of the sister's brother Joey, who's in a cyber program in his community college.
[00:12:19] Speaker A: Oh, I asked my buddy.
[00:12:20] Speaker B: Yeah.
[00:12:21] Speaker A: He said you can have a bad time.
[00:12:22] Speaker B: Yeah, it's a nice hot topic you got there. It'd be a shame if someone were to credential stuff it.
[00:12:28] Speaker A: Hey, for somebody to steal that.
[00:12:30] Speaker B: Yeah, get all those corn shirts.
[00:12:32] Speaker A: Steal that system of a down t shirt. You got to.
[00:12:34] Speaker B: You're totally gonna buy a corn shirt and wear shirt.
[00:12:36] Speaker A: You should. We almost wore the same shirt today.
[00:12:39] Speaker B: That's a little weird.
[00:12:40] Speaker A: A little weird. A little weird. But he couldn't find it, so it's probably good. I think it worked.
[00:12:43] Speaker B: I guess I'll have to reboot your ip cameras at my house, see what I'm wearing.
[00:12:50] Speaker A: That's why he's afraid. He sees that I, like, talk to myself in my apartment and it scares him.
[00:12:54] Speaker B: What?
[00:12:55] Speaker A: Kill who?
[00:12:57] Speaker B: Calm down there, Sophia.
[00:12:59] Speaker A: This is. Maybe we'll hear again about this, I think. I thought this was just kind of funny. Like, you don't hear about hot topic very often, you know, this is why.
[00:13:05] Speaker B: It'S a pork chop.
[00:13:06] Speaker A: What? What's going on?
[00:13:08] Speaker B: Why is this hot topic?
[00:13:09] Speaker A: Yeah, you didn't.
[00:13:09] Speaker B: You wouldn't think hot topic.
[00:13:11] Speaker A: Yeah.
[00:13:12] Speaker B: Who for flipping their stupid hot topic bucks or whatever. They didn't steal money.
[00:13:19] Speaker A: This is the new bitcoin.
[00:13:20] Speaker B: Money.
[00:13:20] Speaker A: This is the new bitcoin.
[00:13:22] Speaker B: Well, funny.
[00:13:23] Speaker A: Shifting demographics a little bit from the goth community over to the gamers. You may have heard about this Call of Duty hack Alert. Malware drains bitcoins from gamers wallet. I am pulling this from a little bit more of a recent source because the original one that I looked at didn't have a ton of details. So Activision has been investigating this. It's password stealing malware targeting game players. And initially it was, you know, oh, it's targeting these accounts of these players have activision accounts. But the thing that stuck out to me is they're also stealing passwords and things for, like, crypto wallets and draining them. Yeah. And I'm like, that makes a little more sense. I mean, yeah, you can steal my information from my gaming account. Like, what are you gonna do? Use my game skins that I bought? Like my character skins, but it's more.
[00:14:00] Speaker B: Like a PSA then kind of. Yeah. So it's not gamer. So a. It's not activision that's having the problem, right? They've done their own investigation and it is. They've like, nothing. Nothing's. Nothing's crazy on our end of the spectrum. This is for the a holes out there that are cheating. They're kind of getting their justice, or is poetic justice.
[00:14:18] Speaker A: Supposedly it is a cheat provider for games, including Call of Duty, that would be the big one. That was compromised with users who purchased the cheats having their personal information stolen. So the cheat that they were downloading reportedly had malware, then stole their information.
[00:14:30] Speaker B: So it's like the same hot topic hacker. He's also active.
[00:14:36] Speaker A: He wants. He wants bitcoin and hot topic bucks. That's all he's looking for in life. He's going to be set. So it's like, you know, no, it's not good. Malware is not good. Information stealing is not good. However, if you hadn't downloaded the cheat.
[00:14:47] Speaker B: You know, hey, are you victim shaming here? Is that what's going on?
[00:14:49] Speaker A: I'm not here to be the morality police, but at the same time, it's like I broke into a house and, you know, viciously attacked me, and it's like, we broke into my house. So, like, I can't. I know that's a little bit of an extreme example, but, you know, they still bitcoin, but login credentials for other accounts. So it may not just be limited to gaming accounts and to bitcoin wallets. Maybe it's other stuff. It's stealing information. So who knows?
[00:15:12] Speaker B: This is so funny because it said the person that discovered it was someone who creates cheats.
[00:15:18] Speaker A: Yeah.
[00:15:18] Speaker B: And sells them.
[00:15:19] Speaker A: This isn't fair.
[00:15:20] Speaker B: He's like, hey, someone's cheating my cheats.
[00:15:23] Speaker A: Yeah.
[00:15:23] Speaker B: The hell is going on here? Right? What was his name? Zee. Zeblier. Zebleer.
[00:15:28] Speaker A: It's a good question.
[00:15:30] Speaker B: Zebla. I don't know.
[00:15:31] Speaker A: Zeblaze.
[00:15:32] Speaker B: Ze blear.
[00:15:33] Speaker A: Z e b l e. Here. Can we pull that up? Christian? Look at the. Look at the spelling here.
[00:15:37] Speaker B: Yeah.
[00:15:37] Speaker A: Ze blir. Ze blear. Ze blir. Maybe he's French.
[00:15:40] Speaker B: Zeblier.
[00:15:41] Speaker A: Ze blair.
[00:15:42] Speaker B: Yeah. I have the cheats.
[00:15:44] Speaker A: It's a. It's like a pay to cheat service. I guess someone got ze bitcoin.
So I wonder. I don't know. Would you call this cheating as a service? I'm not sure if that. If it has a name like Robin.
[00:15:57] Speaker B: Hood as a service. Right.
[00:15:58] Speaker A: Like, kind of. Yeah.
[00:16:00] Speaker B: They're not. They're not giving it to the poor. They're not stealing their bitcoin and then giving it to, who knows, donating it to a charity. It's quite possible.
[00:16:07] Speaker A: Yeah. St. Jude's just gets a random bitcoin.
[00:16:09] Speaker B: Donation in a box of corn shirts.
[00:16:15] Speaker A: Only. That was the way the world worked. It'd be great if when we did, like, deja news, that's what we. It was like, hey, we got another family values tour.
[00:16:22] Speaker B: It was so good. I remember that.
[00:16:26] Speaker A: It would be nice if that's how it worked out, but you're probably right. I'm sure whoever stealing this stuff is not doing it for the greater good.
[00:16:32] Speaker B: No, probably not.
[00:16:33] Speaker A: So the Techcrunch was able to verify a portion of the data or genuine credentials. Not clear how old or recent the data is. So it is legitimate as a legitimate thing that's going on.
[00:16:41] Speaker B: So if you are engaged in cheating in the Activision call of Duty ecosphere, you might want to be a little more cautious.
[00:16:49] Speaker A: Right? If you're just. If you're just a Call of Duty player, if you're just an activision enjoyer, there's no reason to believe that regular players are at risk.
[00:16:56] Speaker B: And I can totally see, like, we've, we've all been there, right? Like, this game is flipping hard. Everybody's so much better than me. And the frustration starts to kick in. Anybody that's got their, their butt completely wiped by, you know, some kid in Korea or whatever, because that's all he does all day. Yeah, it can get frustrating. And you just go, all right, so what are these cheats thing again? Just.
[00:17:15] Speaker A: I just want to.
[00:17:15] Speaker B: Look, I'm here to peruse. I'm not saying I'm going to download anything. Right? Yeah, I just wanted to. I just want to see how it works, that's all. And then next thing you know, you're downloading things and you might be. Get your. Get your bitcoin wallet drains. So just be aware that cheating does not pay. Cheating does not actually pay them.
[00:17:33] Speaker A: You have to pay already for the cheat. And then. Yeah, you just. Everybody loses. You just don't cheat.
[00:17:39] Speaker B: No win game.
[00:17:39] Speaker A: I say, as a non competitive Call of Duty player, what would I know? But, you know, morally, I played Call.
[00:17:44] Speaker B: Of Duty back when it was still like a.
[00:17:47] Speaker A: When the lobby was overrun.
[00:17:48] Speaker B: There was no lobby. It was just a story game. Yeah, right. If you played, it was over. Like, you and your friends, you played.
[00:17:55] Speaker A: If you jump in, some of the older game lobbies are still active, like ops two or whatever. If you jump in now, it's like eight year olds. And then just.
[00:18:01] Speaker B: And then kicking.
[00:18:01] Speaker A: Horrible speech. Just like, awful.
[00:18:03] Speaker B: Oh, yeah.
[00:18:04] Speaker A: You log in and you're like all like.
[00:18:06] Speaker B: It's like freaking got a voice box.
[00:18:08] Speaker A: Yeah.
[00:18:08] Speaker B: Yeah.
[00:18:09] Speaker A: It's like. It's really for the older. The older lobbies. So. So, yeah, if you are a activision cheat enjoyer, maybe keep an eye out for that and make sure nobody's draining your bitcoin wallet, if you happen to have one. But we'll go ahead and we'll jump into coins.
[00:18:21] Speaker B: Separate.
[00:18:21] Speaker A: Yeah, keep them separated. This next one's part of one of my favorite segments.
[00:18:31] Speaker B: I give it a ten. Give it a 1010 out of ten. That was good.
[00:18:34] Speaker A: That's my. That's my high for the day.
[00:18:36] Speaker B: That's right. Ride that wave.
[00:18:38] Speaker A: I will, I will. I'll enjoy that the rest of the morning. OwasP has disclosed the data breach caused by a wiki misconfiguration.
Kind of a big deal because it's owasp.
[00:18:46] Speaker B: So the irony of this is, is, right. That's what makes this a big deal and kind of funny because it's ironic, but it's also kind of not good because it's ironic. Yeah, it's not good news. There's a lot of interesting emotions going on around this thing. So o wasp, obviously, is the.
What. What does Owa stand for?
[00:19:07] Speaker A: The open web application.
[00:19:08] Speaker B: Web application security.
[00:19:12] Speaker A: Something open? Yeah. Good question. Wow. Open worldwide application security project.
[00:19:17] Speaker B: Security project stands for, I can never remember project, but they do a great job. This is a phenomenal organization. If you've never. If this is, you're like, what's OWAsp? Totally go there. Totally check it out. This is no real black mark on them as a whole. One misstep does not undo a lifetime of good work, in my estimation. So OwAsp is a good organization. They hire a lot of security professionals. I say hire. They're more like volunteers. This is a. I believe they are a nonprofit organization, but they, they put out security advisories. They do the OWASp top ten list for many different things. Now, it used to just be web application security, but now they've got, like, mobile, they've got API. They got a bunch of stuff that you can go in and go, oh, this is a vulnerability with regards to my web applications that I really need to look out for. And they rank them by how often they see it happening. And then every few years, they update that list, try to keep it current and relevant to us. So they're really good organization for keep teaching you how not only, like, these are the vulnerabilities, but explains what they are, how they, uh, actually, uh, are introduced into your environments and what you can do to mitigate them. So it's like, it's. It's just, if you want to learn web app hacking, vulnerabilities and security, OWASp is a phenomenal resource. That said, welcome to today's. Article.
[00:20:37] Speaker A: Yes.
[00:20:37] Speaker B: Where they totally pooed the bed.
[00:20:41] Speaker A: Yeah.
[00:20:42] Speaker B: With just a simple misconfiguration.
[00:20:44] Speaker A: And this was old. I mean, it was, I shouldn't say terribly old because, you know, my name hasn't changed in the 20 something years I've been alive on this planet. So what it was is that, I guess as part of the old membership process, you had to prove a connection to the OWAsP community, and people provided resumes to do that. And these resumes were stored, and so it allowed these resumes to be exposed. So email addresses, phone numbers, physical addresses, you know, pii in general, which is, which is never good. So it wasn't a, hey, your credentials have been exposed, password, your credit card data exposure. But it is still sensitive data.
[00:21:14] Speaker B: Right. Which is one of the owasp top ten.
[00:21:16] Speaker A: There you go.
[00:21:17] Speaker B: Yeah.
[00:21:17] Speaker A: So really, maybe this is just a social experiment. They're just proving.
[00:21:20] Speaker B: Oh, it just goes to show you that no matter how good you are at security, no matter what, how large of an organization you are, that is solely focused on specifically web application security, one simple mistake can expose you to the entire world. And this was just their wiki, and they accidentally published the wrong pages. They made them viewable by the Internet, and they had to go into, like, the Internet archive, the wayback machine, and say, hey, can you remove that, scrub that information from out of the wayback machine because it's sensitive. It shouldn't be on there. Like, they had to do a lot of triage to kind of walk this back. Now, they did a great job. They followed all their own procedures and processes. But, man, the fact that this happened makes you go, if they did this, is there any hope for me?
[00:22:05] Speaker A: Right? Yeah. If even you can't handle it, what am I supposed to do? And they did take accountability for it. It was like they were like, we don't know. There's nothing. They said, hey, yeah, there was a breach, and we're fixing it, and we recognize the irony, and we're gonna work on it, team.
[00:22:18] Speaker B: And hot topic is like, see.
[00:22:19] Speaker A: Yeah, see, celebrities yell at me. They're just like us. And the other thing I thought was funny is that this news of this broke on, on April Fool's day, so they had to come out and be like, hey, this is not a joke.
[00:22:30] Speaker B: Not a joke.
[00:22:31] Speaker A: We are being serious. We're fixing it. But this is real, right? I see.
[00:22:35] Speaker B: What you're doing is a real. That's.
[00:22:37] Speaker A: And it. I mean, that's not.
[00:22:39] Speaker B: It's real.
[00:22:39] Speaker A: I wouldn't be terribly far off for a security. Hey, we had a breach. Oh, just kidding. Yeah.
[00:22:43] Speaker B: God. Did anything bad happen to you on April Fool's day? Right?
[00:22:47] Speaker A: I had a friend that was born on April Fool's day. Her dad did, almost didn't show up to the hospital because he thought that was a joke. When she was like, I'm going to labor. He's like, okay.
[00:22:53] Speaker B: Yeah.
[00:22:53] Speaker A: And didn't. So he did end up showing up, but she had to call him back and be like, what are you doing?
[00:22:58] Speaker B: That's funny.
[00:22:59] Speaker A: She's an April Fool's Day baby. But yeah. So this was, this came out on April Fool's Day and they are working on it. They've already removed your information from the Internet. Nothing needs to be done immediately. And if the information is outdated, you should be good. But they just current, you know, just take the usual precautions.
[00:23:13] Speaker B: Yeah. This let the people know that could have been affected by this.
[00:23:16] Speaker A: They did what they were supposed to do.
[00:23:17] Speaker B: If you still have any of that information that is relevant that could have possibly been leaked, be aware.
[00:23:24] Speaker A: Yeah. They did what they're supposed to do. And good on them. Good on OWAsp for taking responsibility and making sure that they tied up those loose ends. This next one, you might actually have experienced this in the last couple of weeks or in the last couple of days. Suspected MFA bombing attacks target Apple iPhone users. Now me personally, I've been fortunate enough this has not happened to me. So that is good. But if you've been getting a lot of notifications that are telling you reset your password, reset your password. If you didn't request that, don't do it. It seems obvious, but if you're getting a ton of notifications bombarded, it would be easy to just be like, fine, okay, whatever, and just go ahead and do it.
[00:23:55] Speaker B: So not only that, right.
This is a very common tactic as of recent, very contemporary tactic for getting someone to click the link or in this case, call the number. Right. So I don't know how they did it. I didn't see exactly how they were able to do this. I just assumed they're using the standard spoofing technology that is out there and they spoofed the actual Apple support number. So the, the SMS message that you're getting or the, I guess maybe it's an imessage that you're getting. Looks like it comes actually from Apple. Yeah. So it looks legit, but it just keeps hammering you. And then if you click, if you click what? I think it gives you a phone number to call.
[00:24:39] Speaker A: Yes. I believe so, yeah.
[00:24:41] Speaker B: If you then call the number which is the apple. So I think it does look like it is apple support in some way, shape or form. They then tell you, hey, cool, download this as well. Right? Am I following this correctly? Am I?
[00:24:51] Speaker A: So, yeah, one of the things was that they had like a ton of accurate information and it made it very believable. There was somebody that said they engaged with what they thought was Apple customer support staff. And all the information seemed to be in order. And so, you know, he was trying to vet their credibility and make sure, hey, is this legitimate? And it seemed to be legit. So I think he ended up, he or she ended up falling victim to it, unfortunately.
But, yeah, a lot of push notifications coming through and I think you're right, they were.
[00:25:13] Speaker B: So it was just a two fa. And then some people got a phishing attack where they actually called them and said, hey, we're with apple support. And you probably noticed the MFA token. Go ahead and click on that and tell me what the MFA token is. We have to fix this, right? And this has been one of my favorite social engineering attacks that I use as an example when I'm teaching social engineering, right? Because I've worked at help desk, you literally call somebody, or if someone talks to you and you tell them you're with the help desk, they go, okay. And then you could tell them, hey, give me your mom's maiden name, tell me your Social Security number, give me the last four digits of your credit card number. What's the expiration date? What's. They will tell you anything you want to know.
[00:25:57] Speaker A: Yeah.
[00:25:57] Speaker B: Because you have that baked in trust.
If someone believes this was actually apple support, they could have asked them for their firstborn child and they would probably gave it over. Right. That's just how that works. Because of that high level of trust with that system. Once that happens, well, this has been a fun game, but you have lost horribly.
[00:26:16] Speaker A: Yeah.
[00:26:17] Speaker B: Right. Because then they have access to the account. They. They reset the account, give themselves access to your account, and then do whatever they're going to do.
[00:26:23] Speaker A: And it raised some questions about. Because people were getting dozens of these reset requests in a pretty short period. Does there, is there a rate limit problem with Apple's password reset mechanism? And so I think some people reached out to Apple to ask him about it and Apple did not respond.
[00:26:35] Speaker B: They're really subjective whether or not there's a rate limit problem.
You know, you have to try to. It's like how many passwords before you get locked out?
How many times can you type in your password to get locked out? What's the right number? Well, if I've got a bunch of incompetence and they can't type their own password to save their own lives, I might want to make that ten. I might want to make that 15.
[00:26:59] Speaker A: That's true.
[00:26:59] Speaker B: If, you know, whatever. If I'm just really stringent about security policy, I make it three people. Look, three. I've been there. I've gotten the calls where I have set password policies at a corporate organization and they went, I typed in my password like three times and I got locked out. I'm like, yeah, because that's what's up.
No, no, no. And then people above my pay grade ring on my phone and go, so we understand what you're trying to do, but that's not going to work. So there, there is no right number to this. There is no right rate limits number. You just have to try to find what works right now. So they're getting a high volume of these two fa calls or SMS's then? Yeah, they rate limit for now, but maybe then they reduce that down the road when people stop targeting that and, and then it'll go back and forth. It's always a push and pull.
[00:27:50] Speaker A: Yeah.
[00:27:51] Speaker B: You're always going back and forth and playing whack a mole. So you'll adjust your security policy to do what you need to do for right now. And then you'll readjust down the road when things change.
[00:28:01] Speaker A: And if you do get to a point where you're getting what looks like a suspicious phone call from Apple support, I mean, it goes back to that. Don't click on links you get, don't, you know, respond to texts you don't know. If you feel like you need to talk to Apple support about something, probably just go to the site and look for the number on the site and then call them directly rather than, oh, well, they're. Why would they be calling you?
[00:28:16] Speaker B: That is the answer. They will not call you. They will not text you. That is not going to happen.
[00:28:21] Speaker A: Just like your bank is never going to email you and ask for, hey, we need your information.
[00:28:25] Speaker B: And for all you out there listening and for the people who are, well, that's not true. Daniel. I've been contacted by Apple support. I've been contacted by Microsoft. For every one of you out there, I can give you like 100,000 others that this was a scam.
[00:28:37] Speaker A: Yeah.
[00:28:38] Speaker B: Right. So in general, they are not going to contact you. By and large, be very, very, very, very very suspicious of a large organization like Microsoft or Apple or something like that. Paypal. Whoever contacting you, they need to contact you. They will send you an email, and if you get an email, don't click the links. Call them directly, go to the website, log in, find that support area, and contact them.
Then you know you have gone to the right place. And then they'll go, well, I don't see anything on your account. Anything seems fine. Why is it.
[00:29:14] Speaker A: Oh, cool.
[00:29:15] Speaker B: So this is just a scam, right? Verified.
[00:29:18] Speaker A: Done.
[00:29:18] Speaker B: You're five minutes out of your life.
[00:29:20] Speaker A: But better to just double check and make sure, you know, rather than five.
[00:29:22] Speaker B: Minutes of pain or a lifetime of backing out of identity theft, right?
[00:29:27] Speaker A: What would you prefer, exactly? You can't really recover from that. Or you can, but it takes.
[00:29:32] Speaker B: But it ain't easy, man. It takes an act of Congress.
[00:29:34] Speaker A: No, no official word from Appleyet. They pointed to an article about. Hey, here's how you can avoid phishing scams. But no real. Oh, yeah, we're aware of this. Which I guess maybe is smart on their part to not totally accept. To accept any. Hey, yeah, this is going on. But maybe we'll see this in an upcoming segment if they've got any updates for us in the coming weeks. Speaking of that favorite segment, we've got a little bit of a double feature for you today on these last couple articles. It's Deja news.
[00:29:57] Speaker B: Deja news.
[00:30:02] Speaker A: I feel like we should start cyber gothing when it comes on, so you may have. Wow, that's impressive.
[00:30:07] Speaker B: You remember we watched the video of them dancing under, like, an overpass or something?
[00:30:12] Speaker A: That was very accurate. That was very historically accurate.
[00:30:14] Speaker B: What is this tribe of weirdos?
[00:30:16] Speaker A: They were living their best life.
[00:30:17] Speaker B: They were. They were. They were enjoying. I can't. I can't hate on them, honestly.
[00:30:20] Speaker A: Oh, yeah. You know, live your life.
[00:30:22] Speaker B: Yeah.
[00:30:22] Speaker A: If you've been following along with any of our recent episodes, you may have noticed, uh, we've been talking about some python stuff going on the last couple weeks, as well as some at and t things. So we'll start with some updates on the Popeye situation. They've gone quiet after a huge malware attack. 500 plus typo squat fakes were found, and I believe they shut down signups for a while. If. If they. If they're not still.
[00:30:41] Speaker B: They literally shuttered the doors. Cause they were like. So apparently Popeye is a shithole of malware, and what are you gonna do? We can't take any more registrations because of the way it works. Right. And unfortunately, when you make an open platform that anybody can submit to and then everybody starts pulling from and it becomes a resource. This is one of the dangers of kind of open source, of open source software.
Don't get me wrong. Love open source software. I want to see it continue and thrive. But when we become very, you know, um, reliant on this stuff, we could find ourselves with a supply chain attack through typo squatting and. And such with these malicious versions of things we think are legitimate. And maybe they should institute some sort of, like. And I don't know how they would do this realistically, where it goes to, like, a code review and it has to pass that. There's nothing malicious, but a lot of things do that. I think the. There is. Is there a code review? I know Apple does. So for. That's why the App Store is so touted as being so safe. Anything you download from the Apple App Store, you're. You're, you're, you're pretty good. You're golden. Yeah, go crazy. It's good because they have done a very extensive review of that code and.
[00:32:00] Speaker A: Pretty strict about what they let it go.
[00:32:01] Speaker B: It takes forever to get your code published, so. Right. So it's going to be a while, and you got to go through this lengthy process. So it's this give and take of ease versus security, and it's just how it continues to work. Google Play store, obviously, is a little bit less robust, but then you start to get into, like, these truly open things like Pypy and NPM package repositories and GitHub and stuff. It's the Wild west.
[00:32:28] Speaker A: Yeah.
[00:32:28] Speaker B: Anybody can upload anything and make it public, and you can go, cool, I want that thing. Let me just go ahead and hit that poll and bada bing. I've got it in my code. If you did not vet that, well, the onus is on you. The responsibility is on you to make sure that those things are not malicious. So don't just willy nilly grab stuff and slap code in your code.
I think I was reading some people talk about, like, well, I'm a Python developer. I'm not really a coder.
[00:32:53] Speaker A: Yeah, they're different.
[00:32:55] Speaker B: I'm just a person that knows how to slap python stuff together that's already built.
That's kind of python dev ing in a lot of ways. That's being facetious, obviously, but it's kind of true as well. In a lot of ways. Yeah.
[00:33:08] Speaker A: Well, and the whole thing about, you know, how anybody can create this code, anybody can share it. It's kind of like that whole argument about Wikipedia, how Wikipedia is greater. Sites like Wikipedia, different wikis are great because anybody can contribute, but on the other side of it, anybody can contribute.
[00:33:22] Speaker B: That's why Wikipedia says, do not use this as a viable source.
[00:33:26] Speaker A: You might not be getting the best information. You got to double check. Um, and in this case, you might not. You might be getting stuff that's malicious. So probably you need to be careful about what you're. About, what you're borrowing, what you're using.
[00:33:35] Speaker B: So what happened to at and t?
[00:33:37] Speaker A: So at and t, if you recall, there was a bit of a. There's the cyber goth where they are.
[00:33:42] Speaker B: Oh, yeah, I told you it was like some un overpass that they're under.
[00:33:46] Speaker A: That's the video. That was the video we watched.
[00:33:48] Speaker B: That's what at and T was up to.
That was their tech team.
[00:33:52] Speaker A: That's why at and t refused to comment. Initially, they were cyber gothing, cyber got.
[00:33:57] Speaker B: Thing, and someone was like, I think we just got hit.
[00:34:00] Speaker A: I'm busy. I'm feeling the music right now.
[00:34:02] Speaker B: Leave me alone. Quit dampening my vibe.
[00:34:04] Speaker A: So they did finally, because before they were like, hey, we don't really know. This wasn't our fault. There wasn't really a breach. And it was like, but this information's here. There was a breach, and the at and D did finally confirm. Well, maybe. Maybe there was. And they ended up resetting a ton of account passcodes after millions of customer records leaked online.
[00:34:19] Speaker B: So. So we're in step two of the data breach. Step one, deny, deny, deny. Step two, admit only what you have to.
[00:34:27] Speaker A: Yes.
[00:34:27] Speaker B: Right. Step three is going to be. So it's. It's a little more extensive than we thought it was originally. We have to let you know. But now that we're well down the news cycle rabbit trail, then no one's really listening at this point.
[00:34:40] Speaker A: And they are still saying, we don't have evidence of unauthorized access to our systems. We don't. Hey, there's no evidence that that happens.
[00:34:45] Speaker B: All in the verbiage, right? Yeah, there's no evidence.
[00:34:48] Speaker A: You can't prove it. You can't prove it.
[00:34:49] Speaker B: Other than the fact that it's all on the line, right? It's all on the web being sold or was announced, just being freely given out.
[00:34:56] Speaker A: So they're still.
[00:34:57] Speaker B: So there is evidence that something happened, right? They just don't have any tangible evidence that they're willing to, like, reveal at this point.
[00:35:06] Speaker A: And initially, they were. They were not even wanting to cop to the fact that, okay, yes, it is at and t customer data, and now they are acknowledging anybody. Yes.
[00:35:14] Speaker B: That is such an extensive user base.
[00:35:16] Speaker A: Right.
[00:35:16] Speaker B: If you had any Pii, you can't blame us. You could just slap this is at and t on it.
[00:35:21] Speaker A: Right.
[00:35:21] Speaker B: But now it's like, well, yeah, it's. It's ours.
[00:35:24] Speaker A: So they're still saying, hey, we don't have any evidence of a breach. We don't know the source of this league. We have no idea where it came from. Couldn't have been us. But they are acknowledging at least that it was customer data. And as a result, you know, the passcodes that they pass. Yes.
[00:35:36] Speaker B: Would there be any evidence of an insider threat?
[00:35:41] Speaker A: That's a good point.
[00:35:41] Speaker B: Right?
[00:35:42] Speaker A: Yeah. And even if there, because it would.
[00:35:44] Speaker B: All be authorized access to those things.
[00:35:47] Speaker A: It could be somebody that is very well supposed to have access to this stuff.
[00:35:50] Speaker B: And it's not like we've ever seen that happen before with at and t, have we?
A quick Google search for this. I believe in, like, 2019. This. This happened to at and t. I think.
[00:36:01] Speaker A: I think you're right.
[00:36:02] Speaker B: Anti insider.
[00:36:04] Speaker A: This. The initial data spell may have happened in 2019.
[00:36:07] Speaker B: Oh, really? Is that from this? It says that what this was.
[00:36:10] Speaker A: That was one of the parts of this article said the. This giant is taking action.
[00:36:14] Speaker B: Tax and insider threats and cybersecurity. Oh, that's just a.
Let's see here.
[00:36:19] Speaker A: Is definitely not the first time at and t has been talked about on this podcast, even just in recent history. But I feel like over the years, they come up a couple times a year, you know, just stuff going on.
[00:36:28] Speaker B: It does stinking happen from time to time.
[00:36:30] Speaker A: I guess when you have a company that big that is. And it's. And it's cell phones, I mean, yeah, you're going to end up having your security issues. Nobody's immune to it. If O wasp isn't immune, at and t is certainly not immune. But, um, definitely they're not super eager to take responsibility or come out with a whole lot of information if they don't have to, which I can kind of understand. But they did end up. They said they were going to contact all 7.6 million existing customers whose passcodes it had to reset. So it reset millions of passcodes just as a partially as a precaution or as kind of a. They're trying to clean up the mess.
[00:37:01] Speaker B: So it says that. I'm looking at Secureworld IO. It says, is there a point where your staff would knowingly compromise your organization's computer? Network and abuse their credentials to help cyber criminals. AT and t wireless can certainly answer that question for you. Yes, and this looks like it was 2021.
This is a story of activated insider threats at, at and t wireless revealed in court documents just reviewed by secure world. And yeah, it looks like the AT and T wireless call center would be easy to miss if you drove right by it in the Seattle suburb where it's located. But 34 year old Mohammed Fahd found it.
Found it from half a world away, was arrested in Hong Kong and extradited the US. And so, yeah, looks like things went down. He paid. I'm sorry. Yeah. The US Department of Justice says the call center employee who made the most was paid $428,500 over five years.
[00:37:59] Speaker A: Wow.
That would set me up for life. I'd be chilling.
[00:38:03] Speaker B: So, just saying, this happens, you get.
[00:38:06] Speaker A: A Dunkin donut coffee every day for that? For that money.
[00:38:09] Speaker B: Employees installed malware and employees accessed are installed access points. Employees installed new variants of malware.
[00:38:16] Speaker A: Yikes. So, yeah, that's rough. That's rough. Not the first time we've seen at and T's name come up. Hopefully it's the last.
[00:38:23] Speaker B: That would be awesome.
[00:38:24] Speaker A: I don't have a lot of hope in that. So, yeah, if you are an AT and T customer, maybe you may be getting a little bit of a notice from at and T. This is. Hey, yeah, it's probably nice to see you. We reset your passcode. You got to go in and fix that. And please don't make it zero. Zero. That's a bad passcode. Or 1234 just doesn't work for us. But that is pretty much all we had for our rapid fire segment for today. We do have a couple of other things we want to go a little bit deeper into in the next half of the show, but we'll go ahead and take a quick break so we can reorient ourselves and mourn the loss of that at and T data. But we'll be right back with a deep dive here on Technato. Tired of trying to schedule your team's time around in person learning? Isn't it a bummer to spend thousands of dollars on travel for professional development? What if we said you can save money and time and still provide your team with the best training possible? The answer to your woes is live online training from ACI learning. With live online training, we provide our top in person courses in private online instructor led formats. You get to provide professional development in a manner that fits today's expectations. Entertaining, convenient, and effective. Our exam aligned courses inspire the full potential of your team. Visit virtual instructor led training at ACI Learning for more info.
Welcome back for more Technado. Thanks for sticking with us through that break. We're about to get into a bit of a deep dive. We have a few good articles for you in this segment. Look at that. He's deep diving.
[00:39:41] Speaker B: Deep diving.
[00:39:41] Speaker A: Call him free diver, mister scuba over there.
[00:39:44] Speaker B: I can do 200 meters easy.
[00:39:46] Speaker A: I did. I did realize over the break we were talking, and I forgot to mention there's a lot of movies that Don and Daniel wanted me to watch to kind of like, you know, get up to speed on their level of weird culture.
[00:39:55] Speaker B: The sake of making pop culture references that you don't get.
[00:39:58] Speaker A: Just go right over my head.
I'm only five foot four. Thank you. That's why they go over my head.
[00:40:03] Speaker B: That's it. That's it.
[00:40:04] Speaker A: You guys are like 7ft tall.
[00:40:06] Speaker B: That's right. Blatant ages.
[00:40:08] Speaker A: I finally watched, you know, I watched Predator a while ago. I watched Robocop.
[00:40:13] Speaker B: Robocop recently.
[00:40:14] Speaker A: And I watched aliens the other day. Aliens.
Aliens. And didn't realize that as, I guess.
[00:40:21] Speaker B: Good movie right there.
[00:40:22] Speaker A: That's the second movie in the franchise. So I did it wrong.
[00:40:25] Speaker B: But my favorite film of the franchise.
[00:40:27] Speaker A: Well, there you go. So. And I did enjoy it. It was an enjoyable movie to watch. It was very entertaining. Yes. But I did not love, and I'm not gonna worry about spoilers here because it's, the movie's like 30, 40 something years old.
[00:40:38] Speaker B: 34 or 35 years old. Yeah.
[00:40:39] Speaker A: So at this point, yeah, you had your chance, right?
[00:40:43] Speaker B: Yeah.
[00:40:43] Speaker A: But if you don't like spoilers, I don't know, skip ahead 10 seconds. The fact that, like, okay, you think that newt's gonna die and then she doesn't. And I looked it up. Apparently she dies in like the first 10 seconds of the third movie. So what was the point? Point of going through all that? To have her, like, she and have this relationship and they could start anew and then she's dead.
[00:40:59] Speaker B: Listen, they probably had no clue that aliens was going to do as well as it did in the box office. And as you know, studio execs go, I need some of that alien money. You're going to make another one of alien movies, right. So alien three comes out. Actually, didn't, uh, hate alien three. Yeah, I watched alien three quite a bit growing up. I thought it was a decent flick. It was very suspenseful and scary. And, you know, you start off in alien three where her, their escape pods land on a prison planet, and I think Newt drowns in her pryotube.
[00:41:35] Speaker A: And, jeez.
[00:41:36] Speaker B: Yeah. Like, it starts off with, Ripley is the only one that survives the crash.
[00:41:40] Speaker A: She's got nothing to live for. If I was Ripley, I'd be like, all right, peace out. That's it.
[00:41:45] Speaker B: So she wants to peace out the whole movie.
[00:41:47] Speaker A: Oh, okay.
[00:41:48] Speaker B: Yeah.
[00:41:48] Speaker A: There you go. Yeah, I guess. I guess. All right, that makes sense. Maybe I'll go back and watch the first one and eventually continue. But it's actually.
[00:41:55] Speaker B: It's actually. I think alien three is an underrated film.
[00:41:58] Speaker A: Okay, that's good.
[00:41:59] Speaker B: I think you would actually like it.
[00:42:00] Speaker A: I'll have to go back and watch alien first, the original.
[00:42:03] Speaker B: Have you not seen the first one? Okay. It's much more suspenseful, but still one of my favorite movies of all time.
[00:42:10] Speaker A: Oh.
[00:42:10] Speaker B: Oh, really?
[00:42:10] Speaker A: Okay. There you go. Christian gives it a raving review.
[00:42:13] Speaker B: I can. I find no flaw in your logic. Any of the alien. Only I say any of the first three worth watching.
[00:42:19] Speaker A: I did enjoy it.
[00:42:20] Speaker B: Prometheus and. And, you know, the. The after, you know, covenant and stuff that comes after that are more recent. They're okay.
[00:42:28] Speaker A: They won't touch the first. The first couple. Yeah.
[00:42:31] Speaker B: Nah.
[00:42:31] Speaker A: Well, I did enjoy it. I wouldn't say it's, like, top ten favorite, but. But it was an enjoyable movie. I mean, I'm glad that I did watch it. So now I can say I've seen it. And when you make your references, hopefully I'll understand them.
[00:42:39] Speaker B: We'll see how many we can make in this article.
[00:42:41] Speaker A: Yeah, we'll see. Yeah. And we'll see how much of this article I can follow along with because it is a bit of a doozy. So, uh, you may have heard of it. There is a. An Android malware called Vulture with no e expanding its wingspan here. So, uh, I actually have an. We can pull it up in a second, but I've got the, uh, the little flow chart that they show how the steps work. I love that. I love the visual. So maybe we can take a look at it here.
[00:43:00] Speaker B: It is nice to kind of see the kill chain, right? To see.
[00:43:02] Speaker A: Yeah.
[00:43:02] Speaker B: How it starts kind of simplifies all the way to the end of. Oh, no, you are totally hosed.
[00:43:07] Speaker A: Which is nice. Cause they do go into detail on each step, but to just look at it visually. So, Christian, I don't know if we're able to show it, but it starts with just. You're getting a text SMS with a phone number. Hey, call this number. Yeah, hopefully, you stop there. Hopefully you get that text. I don't recognize this blocked. And that's.
[00:43:21] Speaker B: Well, I mean, we just saw that, right? With the, with the previous, uh, in the. In the rapid fire, the iPhone users, what was happening? They were getting bombarded with texts about, hey, click this, go here, do this, follow the bouncing ball, and do what we're telling you to do. And we're not going to stop asking you to do it until you do it.
[00:43:38] Speaker A: You get tired of it eventually.
[00:43:39] Speaker B: Right. So this is obviously not a novel concept, but it's a very effective one. So let's. Let's get into what vulture is. Vulture is banking malware, and it goes to your mobile device. That's right. If you've got one of these bad boys in your pocket, which you most likely do, then you need to be worried about things like banking malware, because it's very popular.
Any guesses why that that will be popular?
[00:44:01] Speaker A: Probably because of the money.
[00:44:03] Speaker B: That's right. The do rate me, them hackers out there, big fans of the money. So they want your money. They don't care how much money you got. They want all of it. So if you're like, well, I've got. I always love when people say, I've got nothing that a hacker would want. You absolutely have something. That hacker.
[00:44:17] Speaker A: Well, you have an identity.
[00:44:18] Speaker B: You have an identity which they can use to run up credit and do all sorts of, like, malicious things and malfeasant things. You probably have some money.
[00:44:27] Speaker A: Yeah.
[00:44:28] Speaker B: And, I mean, if you're watching this and you're completely destitute, God help you, we'll, you know, start a kickstarter, make a Patreon, get some money. But if you got even a little bit of money, they want it. So banking malware is very, very popular. And let's jump into the executive summary. That's really going to help us out. And I think it's a good starting spot. So everybody on every level kind of understand what's happening here. It says the authors behind the Android banking malware. Vulture. Love. Love. That's that name. Vulture. Because just a scavenger, real picking over the remains bird. Right? Yeah. They have been spotted adding new technical features. So this is not new. This has kind of been around a hot minute. They're just now starting to update it and make it more efficient and effective. It allows the malware operator to further remotely interact with the victim's mobile device. Vulture has also started masquerading more of its malware or a malicious activity by encrypting its c two communications using multiple encrypted payloads that are decrypted on the fly and then using the guys of, right there. Right. The guys of legitimate applications.
We just saw that with pypy. Right. Why did PI PI shutter their doors? Because it was, people were uploading malicious versions of legitimate things right there. Now, this actually also uses legitimate applications that are not backdoored. They just use them for control purposes.
[00:45:56] Speaker A: It's the McAfee security something, right? Yeah.
[00:45:58] Speaker B: So the McAfee security something that is a malicious version of the actual.
[00:46:03] Speaker A: But it does everything that the regular app does.
[00:46:04] Speaker B: Right. It does the thing. I don't know if it does everything. Like, it's obviously not going to stop their malware.
[00:46:09] Speaker A: Sure.
[00:46:10] Speaker B: Right. Doesn't want it to do that, doesn't want to key on those things. But for all intents and purposes, it looks like you did install some.
[00:46:17] Speaker A: It appears to be functional.
[00:46:18] Speaker B: Correct. Then it uses Ngrok as well for, if you're not familiar with Ngrok, it's a really cool service that anybody can use. You can sign up for free as well. Hackers use it a lot for Internet communication. So if I have a, maybe I've installed malware on an Internet facing clients, how do I get to that client? Ngrok is a service that you can use to make that happen. Basically gives you an Internet facing IP and domain, and you just couple that to whatever port you want to listen or send on. And then Ngrok does, allows for the back and forth, the accessibility over the Internet. It's a really good tool, but it can be abused, and it does get abused here. Key takeaways is they've been updating this thing since it was first discovered in March 2021. Download, upload, delete, install, and find files. Control infected devices using the Android accessibility features or services. This allows the attacker to scroll, swipe, click, even listen and view the screen. All sorts of fun stuff like mute and unmute audio and more. Prevents apps from running. So if you do stall, install some real av, it can stop that from running. Yeah. Display custom notifications in the status bar, like disable key guard in order to bypass lock screen security measures they have. If you get vulture installed, you're in for a bad day.
[00:47:41] Speaker A: So that's the big, the big thing here is that this banker has been around since a couple of years ago, two, three years ago, and these new features are now it's like, ooh, what are they doing? There's these authors of this, of this Android banker installing new stuff intended to remotely interact with the victim's device in a more flexible way, so making their, their job easier.
[00:47:58] Speaker B: It sounds like it's basically it. They're like, you know what? And they're not the only banking malware that does this. Right. This is not novel one, but what Vulture is doing is going, you know what I see? I see that. I see your hand, and I'll raise you, you know, an extra 20. I'll not only install those features, but I'm going to add some more. So I did add a few extra features that you don't typically see but are doable by other malicious variants of banking malware as well. But very cool. Starts talking about the introduction. So we get to the introduction talks about back in March 2021. Back then, Vulture abused the legitimate software products Alpha, VNC and Ngrok. There it is right there. So VNC being a virtual network connection, allowing you to, if you. Have you ever used VNC? So VNC kind of gives you that remote desktop capabilities. It's kind of like, go to my pc.
[00:48:49] Speaker A: Okay.
[00:48:50] Speaker B: Right. That kind of thing. VNC is kind of the og of that service. Special love VNC. I used to, as, when I worked in help desk, use VNC all the time. I'm having trouble with my computer. Cool. I'm going to VNC in allow the connection.
[00:49:02] Speaker A: Okay.
[00:49:03] Speaker B: Obviously, you can install a version that does not require you to allow it. It just runs. And then, of course, Ngrok getting that. And then it uses this dropper framework called Brunhilda, which I just love that name. So much fun.
[00:49:17] Speaker A: Brunhilda. Yeah.
[00:49:18] Speaker B: And that is responsible for hosting the malicious applications on the Google Play store. And then it starts talking about what vulture was doing back in then. And then it gets into what's going on in a recent campaign. So this is where it starts. I said, we just jump into the infection chain, the graphic that you were referring to. So here's, here's how it kind of goes. So the victim receives an SMS message with a phone number. This is why I was talking about this earlier. This is such a common tactic that this is where my brain was going. You get a phone number, and it just keeps hammering you. Call this number, call this number. Call this number. Call and say, hey, did you call the number? Did you call the number? Because if you didn't, you should call the number. Did you call the number? You get the idea. It's so annoying that someone will either accidentally hit. Yeah, call, whatever. What is this? Get frustrated enough to hit the number, and they call the number. So victim calls the number, the victim then receives an SMS with a link to a trojanized version of the McAfee security app. So, basically, what the number, when you call that, you talk to a person, and the person says, hey, we're. We're with your provider. Maybe we're with Samsung. Maybe we're with Verizon, whatever the case may be. And they say, we've detected an issue with your device. We need you to do X first, download this McAfee security app, because that's going to help clear off the malicious things and block you from being infected any anymore. And you're thinking, this is great. This is exactly what I need. I need to protect myself. And if I'm getting calls about a potential compromise, then obviously I've already, you know, crafted. Game over, man. Game over.
[00:50:55] Speaker A: My first reference, first one. And the text that they get, it's. It's not even just, hey, we think there might be an issue. It involves money. It's, hey, did you authorize this transaction for this large amount of money? If you didn't, you need to call us. And, of course, if you see that $10,000. I didn't authorize that.
[00:51:10] Speaker B: Yeah, if you don't have $2,000 to authorize.
[00:51:13] Speaker A: Right. Exactly. $10,000. I'd love to see it. But if you don't know or if you, what the heck? That's not, then maybe you would call the number, and then they're going to say, oh, well, hey, you know what? Good thing you called. Uh, go ahead and install this, that security app, right? Oh, this is going to protect you. And in reality, it's doing the opposite.
[00:51:29] Speaker B: Exactly. So, actually, what happens when you install the McAfee security app? It's actually the Brunhilda dropper getting installed. From there, we run a little bit back further here, and we see, then it starts doing the different stages of installation. So now we get the first vulture payload, which is an APK is decrypted and executed. The decryption part is kind of new to vulture. Oh, so they're adding encryption to this? Encryption helps bypass detection mechanisms.
[00:51:58] Speaker A: Interesting.
[00:51:59] Speaker B: Yes. Okay, so then once that gets done, it says, the main purpose of payload one is obtaining the accessibility services privileges and installing the next payload. So we start with, hey, just give me some access into those accessibility options. And now go grab payload number two. Stage two, as it were. So vulture payload to another APK is decrypted and executed. This implements the Alpha VNC Ngrok setup, also does web views, screen recording, and more. Invokes functionality defined in payload number three. Going over to payload number three now, you'll notice we got this little thing happening here. It says, communicates with. So payload two, communicates with payload three.
Vulture payload three, which is Dex, is decrypted and executed, implements all the c two methods. And FCM, which is this fire control messaging thing that is available from Google. It's a way to do messaging that they have as a free available service. People can use that as a communications channel for their c two infrastructure. A lot of, a lot of free services tend to get abused by c two traffic because it looks not malicious, because it's a legit service and it's free. And it's free.
And it's a communication thing. I can tell it stuff and then you can read it with your device. So I can send messages. Cool. And I can read messages. Cool. That's exactly what I need when it comes to c two. So invokes that functionality defined in payload, too.
Last but not least, we have full HTTPs FCM c two traffic, follow up traffic to interact with the infected device.
So there is the infection chain from start to finish. This is a really nasty variant of malware. Honestly, really a couple of clever tricks that they use. Nothing that's really new, but when you chain them all together in this specific way, highly effective, and once you install.
[00:53:53] Speaker A: That app, that's the process begins, and that's it. So really, ideally, you know, you'd get that text and be like, it looks like it's illegitimate, but even if you then do call that number, hopefully you realize, I probably shouldn't be downloading this. But, you know, if you do get to that point, yeah, obviously they're going to eventually get to the point where they've, they've then got control over your device, or they have the ability to use your device, and it goes through kind of like some of the new features. Says the most intriguing addition is the malware's ability to remotely interact with the infected device through the use of Android's accessibility services. But this and several other, I guess, additions, and that's kind of what's, what's the news here? Because Vulture has been around for a little bit. It's just now it sounds like it's a little more robust. It's got some new tools in its belt. It does not. Great news for Android users.
[00:54:33] Speaker B: A, they're adding obfuscation and evasion techniques, like using AE's encryption and base 64 encoding. Again, nothing that's novel. It's just new to vulture.
[00:54:43] Speaker A: Right, right.
[00:54:44] Speaker B: And for good purposes, because it works. It's. It's a really effective means of getting around security mechanisms and detections. So let's see what else this is. Utilization of legitimate package names, obviously, the McAfee thing. And you'll notice as they drop this into virustotal only looks like two matches. Yeah. Right. So that's pretty good. You might think, oh, it doesn't have zero. Yeah, but what two are, are actually, this could be. Let's see here, bit defender, Falcs, and trust. Look.
Doesn't say any other, like Acronis, right? These are avast. These are AV and anti malware systems that are much more popular than Bitdefender, Falks, and trustlook. I've never even heard of them. I'm not saying anything disparaging about those. They could just be in a different part of the world where they have a larger market.
[00:55:36] Speaker A: If you've got a different, you know, thing that's supposed to be helping you detect this malware, that's maybe a bigger name, and that's not one of the ones that is detecting this as potentially risky.
[00:55:44] Speaker B: Right.
[00:55:44] Speaker A: That's kind of bad news for it.
[00:55:45] Speaker B: That's a problem. That's a problem.
[00:55:47] Speaker A: And you mentioned the whole, you know, how it's a little bit better now at obfuscating what it's doing. And it looks like part of that is that previously, vulture would just do everything in a single payload, and now, because it's three separate ones, you can't really get a full look at what the malware does unless you are looking at all three of them together. So it helps it to kind of pass through that and not get detected.
[00:56:04] Speaker B: Yeah, absolutely. Because, well, a, you don't have such a massive monolithic piece of malware. It starts off very small. Usually these things kind of, like, don't really have a lot of malicious activity to them. So that helps you fly underneath the radar, and it just kind of looks like it's reaching out to a website looking for information. But that information is actually malicious.
It doesn't look malicious because, hey, now it's obfuscated and encrypted.
Right. Cool. What does that do? I don't know. Let me spin it up in memory first, because I have to do the decryption function in memory. Now I have to unencode it also in memory. So by the time you get down the rabbit hole, it's kind of too little, too late. The antivirus detections are probably like, well, it doesn't seem to be doing anything malicious. I don't have any known signatures for this. And the behavior is just decrypting things. And that's, sometimes that will flag stuff because they'll go like, what are you encrypting stuff for? But this just depends on your AV system, right, whether or not it sees that as a malicious function, which is probably why we have a couple of these things actually key on this.
[00:57:07] Speaker A: Right, exactly. And it goes through each of the layers and kind of shows you what it's doing. The code, I guess, of how this actually works. Layer one, two, and three. So this is not just a one step process, obviously. And they get pretty detailed with, with showing the code and everything. And I love that they do that. Give us a little inside look into how this works.
[00:57:22] Speaker B: It is nice. They did have, this was apparently fairly heavily obfuscated code, right. So they had to do a lot of deob fuscation of the code for the malware analysis. If you know, you might be asking yourself, why are we doing these deep dives? What is the purpose of this? Malware analysis is a very interesting and probably fulfilling for a lot of people, uh, job role, and very necessary. We need people that know how to analyze new threats, d de compile them into something that we can understand so that we can build a better fence to protect against it. Without people doing the work like, this is fox it. Without the people like fox it doing this level of, of malware analysis and giving that to the community, we're. We're all in trouble. We, that's how we build a defense against this kind of stuff, is seeing what are the techniques that are being used and how do we build better detections for those techniques so that they are no longer effective or if, uh, uh, you know, useful to the attackers out there. So definitely look into these code snippets, because they are going to be useful for you. And maybe you find malware analysis to be a really interesting line of work. You can get into this business. It can be quite lucrative. Uh, what, you know who got me into the kind of malware analysis stuff was John Hammond.
[00:58:36] Speaker A: Oh, really?
[00:58:37] Speaker B: Yeah. He used to do a lot of malware analysis on his YouTube channel. And when he was doing that back in the day, I couldn't stop watching it. I was like, man, this is really cool to see the breakdown of the code and how these things do what they do. And I thought, wow, we should do that, too. Start introducing our audience to something like that. Definitely check out Jon Hammond's channel. He's amazing.
Good friend of us at ACI as well.
[00:59:01] Speaker A: Yes, he's appeared a couple times on all things cyber, and he's always a great guest. A nice guy, and clearly very intelligent, very talented at what he does. I love that you guys are like besties. That's so sad.
[00:59:11] Speaker B: We are decent friends.
[00:59:12] Speaker A: Yes. Yeah. I don't know. But you guys don't use the word bestie, I guess.
[00:59:15] Speaker B: Well, he lives across the country, so it's not like I get to go get beers with him all the time. No, but, yeah, I do get to have some facetime with him at conferences. And we do webinars together. And we have chewed some of the same grass as have you.
[00:59:27] Speaker A: Yeah. Okay, they're not besties then. They're not BFF's, but they're buddies.
[00:59:31] Speaker B: I'm not gonna be in his wedding.
[00:59:33] Speaker A: He's already married, isn't he?
[00:59:34] Speaker B: No, he's not married.
[00:59:35] Speaker A: He's not.
[00:59:35] Speaker B: Okay, what do I know him?
[00:59:37] Speaker A: What do I know? Hey, I've met the guy like once. All right, you gotta cut me some slack. Anyway, getting back to this, they do go through some of the commands, the detection, and of course, as always with these kind of show, there's a list of the indicators of compromise here. Very important piece of the puzzle. Very important piece of puzzle. And they do good. They do a great job in these deep dives of, including those when we go through these malware.
[00:59:59] Speaker B: They even write a Yara rule for detection of the brunehilda dropper. So if you just want to copy pasta that. There. There it is right there. They put in the effort, right rule. Brunhild the dropper author. Bada, bada, bada. So just grab that, make the rule, and now you can spin your yara up and have it look for that in your systems. Do some threat hunting.
[01:00:20] Speaker A: This one was all courtesy of Fox. It. So they're the ones that broke this down. I encourage you to go take a look at that if you want a little bit more detail on, on, like you said, the code and stuff. But great breakdown of this Android malware vulture. Expanding its wingspan.
[01:00:33] Speaker B: Maybe we've got him demoralized.
[01:00:34] Speaker A: Maybe. There you go, number two. You. You're. Wow. You're just going to fit him in anywhere that you can and see. I haven't seen the movie enough, I haven't seen aliens enough.
[01:00:43] Speaker B: But you're going to be quoting it.
[01:00:44] Speaker A: But I'll be.
[01:00:45] Speaker B: You recognize.
[01:00:46] Speaker A: I did love that guy, though. The guy that kept complaining we just.
[01:00:49] Speaker B: Got, that was Bill Paxton. Hey, you know, rest in peace, Bill, because you have made some. You have been some of my most favorite characters throughout history, of my. My film history.
[01:00:59] Speaker A: I was real irritated with him at first, and then I just found myself laughing at everything that he said.
[01:01:02] Speaker B: He was meant to be an irritating dude, and then you just can't help yourself with the. Like him.
[01:01:06] Speaker A: Yeah, right.
[01:01:07] Speaker B: He's goofy. Cause he was a real pain in.
[01:01:09] Speaker A: The ass, but just kept whining about everything. But if I was getting attacked by aliens and I knew there was a chance that I'd become like a. Like a cocoon for an alien egg, I'd probably be whining about everything. Also, I'd be pissed. So I can't really blame him. But anyway, we're not gonna be whining about this next article. We do have a little bit of a shallower deep dive, a shorty, as Daniel called it, a shoddy, like a melody in my head.
So this one comes to us from Hoya Haksa. Hoya Haksa security research blog. I'm not gonna try to pronounce it, but it's about bypassing Imperva secure sphere web action firewall. Web application firewall excuse.
[01:01:45] Speaker B: Right?
[01:01:45] Speaker A: And they've got a lovely little picture. We can show this picture image of this guy jumping over the.
[01:01:50] Speaker B: Here's Imperva, which is getting into it fence.
[01:01:53] Speaker A: And I also love this guy back here in his. In his garbage.
He's the little lad back there in the back. Looks like Lord Farquaad. Anyway, I shouldn't be hating on this random dude. That's not what this article is about. So.
[01:02:09] Speaker B: There he is.
[01:02:10] Speaker A: That's your reaction when you find out about this?
[01:02:12] Speaker B: I'm just like, what?
[01:02:13] Speaker A: When you found out about this bypass? So what's the background on this? What's the situation here?
[01:02:17] Speaker B: All right, so Imperva has a web application firewall. I believe it is called secure sphere, as we have mentioned already. So if you're not familiar with web application firewalls, they are meant to protect you against web application based attacks like command injection or, you know, directory traversals and those kinds of things. So let's say you're not the best web app coder on God's earth, and that's cool. We all start somewhere.
That guilty, guilty ass charge, right? I don't know it well enough to be good at it because it's not what I do every day. I could probably spin up a website, though, that would be horribly insecure. So what do I do if I need to have that website, but I don't know how to protect it. Well, I go to somebody that does like Imperva, you have a web application firewall, it knows what normal web attacks look like. You can kind of define some of those things and then bake that in and then now everything has to pass through the WAF and pass muster before it's allowed to go and actually like talk to your web server.
Unfortunately, these lovely security researchers over at Hoya Hacsa have discovered a bit of a problem with secure sphere. And ultimately it says it is an on premise security solution to inspect, monitor and block traffic to web applications. Some versions of secure sphere WAF are affected by a vulnerability that could allow an attacker to bypass the WAF rules that inspect post data. That's when you're like pushing like here's information to the actual web application itself. I'm giving it information so they can use it in some way, shape or form against the web app and then subsequently exploit that flaw in protected web applications that would otherwise be blocked.
That is the problem. Now, vulnerability summary, how does this work?
Ultimately it has a base score of 9.8. So that means this is a problem. And if you look at the cvss, you can see that the attack vector is from the network and the complexity is low. This is not a difficult hack to pull off, unfortunately.
Now what do we do? How does this work? Well, you send it some, some post information. Now what they did here, and I really love this write up because it shows you, hey look, I created a really crappy PHP web app called Clam Php and here it is, it basically is trying to execute code through a CMD query, right? And you can see this right here, you see type text name CmD ID Cmd. What does it do? It submits and then you hit execute, or it execute, you hit submit and it executes. Right? And this is done through a post request. Whoops, went a little too far. There it is, to the post request. Bam. So if I do a post against this web app with the post body being CMD equals whatever command I want it to run, it should run it. But that's a no no, that's bad. You should never really do that and that's, that's what's going on. So this, this is actually purposefully meant to be intentionally bad for the purposes of showing you how secure sphere would stop this. Right?
So right here you can see they're throwing command cat etsy passwords. Just read the password file, run the cat command and read the password file as expected. This gets blocked by a standard waf rule. And here you go, you get this error. This page cannot be displayed because it's been blocked by the waf.
Guess what though, there's an easy, easy, stupid easy bypass.
[01:05:52] Speaker A: Awesome.
[01:05:53] Speaker B: Where if you throw some extra specially crafted headers, one called the content encoding header, and then here are the valid values of Br, compress, deflate and gzip. And then you also add a content encoding header which looks a little something like this, right? So they add these headers to the post request. You can do this with something like burp suite or oauth zap content encoding and it equals no kill, no beep beep. They just put random, they basically lean on the keyboard. You can put any random data in that header and then just change the coding to gzip or the, the content encoding to gzip instead of one of those other valid.
And guess what, you get this. Oh, actually bypasses the waf. The waft never goes, yeah, that's, that's bad. I'm not going to allow that. It allows it to go through.
So that is a problem that does.
[01:06:49] Speaker A: Seem like it would spell danger. Is there a, is there any way that you can protect against this or fix this?
[01:06:55] Speaker B: I want to say that they did put out, let's see here. There's another way to do this as well if that one doesn't work. So we use the content encoding deflate header and then you have to add some like throwaway post data and I'll show you what that looks like. So here we still have the content encoding no kill, no beep beep. And then you add that content encoding deflate instead of Gzip. And then you can see it's just q and equals, not you, just some junk, right? And then, and, or ampersand command equals cat plus sepassword, right? So that's just URL encoded. That's what the plus is for. And then from there it runs it again. So a couple of ways in which you can do this, recommended remediations are using an ADC rule to update. Oh good, okay, that was, yeah. So you just add a new rule to this thing. It should be good to go. Customers get from information by logging into impervious support. Definitely call support. And so it looks like they've, they basically have a remediation for this. You just have to download and install it and get it, get it rocking and rolling. But a very simple yet very effective bypass. So if you find what you think might be a command injection vulnerability, but the WAF is stopping you. It might not be that difficult to bypass it if it is imperva secure sphere.
[01:08:12] Speaker A: Not that you should be doing that.
[01:08:13] Speaker B: No, no. If you're a security researcher or a bug hunter.
[01:08:16] Speaker A: Exactly.
[01:08:16] Speaker B: This could be useful for you.
[01:08:18] Speaker A: And I do love when we put, when we cover these and there is a fix already in place or a remediation. That's always great news.
[01:08:22] Speaker B: Well, usually when you're seeing articles like this, it's because the security researcher has submitted to imperva or whoever the vendor is. They've figured out they've come up with a remediation and now they can disclose their findings.
[01:08:35] Speaker A: Those are always positive.
[01:08:36] Speaker B: Yeah.
[01:08:36] Speaker A: Yeah. Happy ending. There's a way to fix it all. Hope is not lost here. You don't have to nuke it from.
[01:08:41] Speaker B: Space, from space, from orbit.
[01:08:43] Speaker A: From orbit.
[01:08:43] Speaker B: Sorry.
[01:08:44] Speaker A: Yes.
[01:08:44] Speaker B: The only way to be sure.
[01:08:45] Speaker A: I was doing my best.
[01:08:46] Speaker B: That was a good one.
[01:08:47] Speaker A: See that?
[01:08:48] Speaker B: Love? I love when we can learn the same language.
[01:08:51] Speaker A: Maybe for your birthday this year, I'll get you a. An alien pop, because I know you've got predator.
[01:08:54] Speaker B: Yes.
[01:08:55] Speaker A: I'll see if I can find an alien one.
[01:08:56] Speaker B: So then I would need a terminator and a robocop. Round out the group and round out the group, man.
[01:09:00] Speaker A: I'll work on it.
[01:09:01] Speaker B: Excellent. I look forward. My birthday is coming up, so.
[01:09:04] Speaker A: Coming up pretty soon. You know what else is coming up? Axpace Con. I almost forgot. Yeah. Next week we're actually gonna be doing, I think we're doing Technato from the site at Hackspacecon.
[01:09:13] Speaker B: That's right.
[01:09:14] Speaker A: I'm fairly.
[01:09:14] Speaker B: Me and you, we are going to be live and in color.
[01:09:17] Speaker A: We will be present.
[01:09:18] Speaker B: That's right.
[01:09:19] Speaker A: As opposed to our usual black and white show.
Live in England.
[01:09:22] Speaker B: Welcome to the 1950s.
[01:09:24] Speaker A: Today on Toknato.
But yeah, we're gonna be there. That's actually, it's really not too far from where I used to live. I used to live in central Florida.
[01:09:33] Speaker B: And so tell us more pii about yourself.
[01:09:35] Speaker A: It's used to, used to. Central Florida is a big area. Um, but it's, it's neat because it'll be, it'll be kind of like I'm going back in that direction. And, uh. And so we will be there at the Kennedy Space Center, I believe it's the visitor complex. And if you're going, come by and say hi. We'll be on the main stage on Friday, talking it up, yapping as we do.
[01:09:52] Speaker B: We will be available to the public at large.
[01:09:54] Speaker A: Yeah. Only just a couple of.
[01:09:56] Speaker B: I'm also going to b sides this week.
[01:09:57] Speaker A: You are? Yes. You are going to be going. You look forward to that.
[01:09:59] Speaker B: Oh, yeah. I love b sides. Super, super fun.
[01:10:01] Speaker A: What do they do there? Is it just, is it just like go to workshops and things like that.
[01:10:05] Speaker B: Or there's going to be talks, there's going to be workshops. It's going to be just hobnobbing and networking with people that are in the industry and getting to meet up with some people that I've seen at other cons and, you know, catching up. Chopping it up.
[01:10:17] Speaker A: Your besties.
[01:10:18] Speaker B: Yeah. Your buddies, my Internet friends. Get to meet. Get to meet them IRL in meat space, as they say. No, it's such a cringy way.
[01:10:28] Speaker A: But I forgot. I forgot that was a word. Smoking some meats in meat space.
Can't stand him, man.
[01:10:35] Speaker B: I am disturbed.
[01:10:37] Speaker A: He's disturbed. Good. That's good. If I can disturb you. It's a good day.
[01:10:40] Speaker B: Yeah.
[01:10:41] Speaker A: Usually it's the other way around, but yes. So Daniel will be at Bsides. We will be at hacks based con next week. That is going to be, I believe, Thursday and Friday. So that is, I think, the 12th and the 13th, if you're going to love the 12th. Excuse me. So if you are going to. There he is. He's smoking some meats again. If you're listening, you, mission, you're really missing what is a photo of Mark Zuckerberg smoking, looking his zuckiest. Very, very, very pasty. Yeah. Which I don't really have room to talk on that subject. Look at him go. He's posted up in front of that grill.
[01:11:08] Speaker B: Yeah.
[01:11:09] Speaker A: I wonder if he's got like a, like a traeger or something back there. I can't tell what brand that is.
[01:11:12] Speaker B: It's a big green egg, isn't it?
[01:11:13] Speaker A: What are those kicks? Look at those kicks.
[01:11:16] Speaker B: Like adidas slides. Yeah, I think they are.
[01:11:19] Speaker A: They are his crocs.
[01:11:20] Speaker B: Yeah.
[01:11:20] Speaker A: But yes. Anyway, Mark Zuckerberg is not going to be at a space. We will be. And we've also got a webinar today with Mister John Strand, the legend himself. Legend. Kind of. Not a big deal. Bring your questions. That is going to be at 02:00 p.m. Eastern Standard Time today, April 4, the day this episode is released. So you will want to tune in for that. I'll be there. Daniel will be there. It's going to be a party.
[01:11:40] Speaker B: Whole day of, of these two smiling.
[01:11:42] Speaker A: Whole day. And then I think they've also got Black Hills has another thing going on after.
[01:11:47] Speaker B: Right after.
[01:11:48] Speaker A: Right after.
[01:11:48] Speaker B: So you really think something's like a big reveal?
[01:11:50] Speaker A: Yeah. You could get out of work today. You could really just spend the whole day watching that stuff? Yeah. Thanks, Anita. Or use it as a credit for learning. Hey, I'm learning.
[01:11:58] Speaker B: This is professional development.
[01:11:59] Speaker A: I'm continuing my education.
[01:12:00] Speaker B: That's right.
[01:12:00] Speaker A: But that is pretty much going to do it, I think, for call it a day, this week's news. Yeah, Daniel's. Daniel's falling asleep. We had a big breakfast this morning. So, you know, they did like an office breakfast and we have been dozing. So we're going to go ahead and call it there. Thank you so much for joining us for this episode of Technato. Hope you enjoyed. Leave your comments if you are watching on YouTube. We love to hear from you. Get that feedback. I know Daniel goes in and he'll respond to the comments as well. So maybe you'll get a chance to chat with the legend himself.
[01:12:23] Speaker B: I mostly come out at night. Mostly.
[01:12:27] Speaker A: Great nude impression. Wow, I'm impressed. Well, thank you for joining us for Technado. Hopefully we didn't scare you off and we'll see you back here next week for another episode.
Thanks for watching. If you enjoyed today's show, consider subscribing so you'll never miss a new episode.