Adam Boileau (2:47)

Yeah, you would kind of expect so. And you know, Marks and Spencer is such sort of British institution that I can see it being a sensible target for, you know, the kind of British kids that are going to be part of that, you know, the comm. Scattered spider octopus lapsus, you know, kind of crowd, you know, just because of the publicity it's going to get. But it is going to get law enforcement attention and that crew is not really known for their opsec. So. Yeah. Mm. Probably going to end badly.

Patrick Gray (3:17)

I was predicting very quick arrests after the last time we saw this particular cluster of people, you know, doing the casino hacks and stuff. I expected handcuffs on them the next week. And it did take a while.

Adam Boileau (3:31)

It did, yeah. And I guess there's, you know, there's a lot of people involved, there's a lot to unwrap them and you know, it's not much fun for law enforcement having to dig through these kinds of communities to make the connections. But yeah, OPSEC is not their watchword. So I'm sure in time we will see people in cuffs.

Patrick Gray (3:46)

Yeah, they'll get, they'll catch up with them eventually, I think. Seems to be the thing. Now in other sort of criminal activity on the Internet, we're seeing reports out of both Malaysia and Japan of attackers obtaining access to brokerage accounts, like owning people's, you know, stockbroking accounts. And what they do once they've obtained access to those accounts is they sell all of that customer, all of the shares in that account and then they use the funds in the account again to buy penny stocks that they already own. Right. So they'll buy some penny stocks in some Chinese company or whatever, or in this case one of these cases, a Malaysian company, and then they just buy, buy, buy, buy, buy, which pushes the prices price up as well and, you know, just gets all of the money out of that account and into their pockets. I mean, one of the things that's kept a lid on these types of is financial regulators, right. Are able to, you know, in some cases roll back trades and, you know, very easily track who was behind this trading activity. But I guess the thing that makes it different in this case is, you know, it's a much more, you know, interconnected world these days. And if you can do this with like Chinese penny stocks, I mean, good luck catching the people who did it.

Adam Boileau (5:01)

Yeah, yeah, exactly. Like, as we get more and more interconnected in terms of, you know, financial markets and things like, it just like unraveling the stuff becomes more and more difficult. And I think in both of these cases we're seeing sort of a password reuse, so account takeover because they've got either info stealers or reusing credentials from other cred dumps or whatever else. So pretty normal from a cyber technique point of view. But we've often talked about how innovation in turning cyber skills into money is where we see crime. Really. Boom. When you come up with a new way to cash out, then, you know, off you go. And repeat that around the world.

Patrick Gray (5:41)

Yeah, I mean, this is not a new thing. We've been seeing this sort of thing done many, many times over the years. I think one, one thing that's interesting here though, is the scale. So I think in Japan, the regulators there are reporting that something like, yeah, $350 million worth of shares were cashed out and they used those funds to purchase 300. So 315 million of that was used then to bid up penny stocks, which is just, you know, crazy.

Adam Boileau (6:10)

Yeah, yeah, we've seen some, you know, quite large price changes in markets in Malaysia as a result. So, yeah, like, the scale of this, I think, is what made us want to stick it in the, in the list to talk about this week because, you know, two in the same week and both of them pretty reasonable size. Yeah, it's interesting, you know.

Patrick Gray (6:27)

Yeah, I mean, I think the reporting here from Japan is sort of describing more of an ongoing activ. And the one in Malaysia was just one event. But yeah, we've dropped links into this week's show notes so everybody can go have a look at that. Speaking of markets and price movements, this one's just too funny not to include, but someone stole 3520 Bitcoin, I'm guessing from. It just says from a potential victim. We're going off a Zach XBT tweet here. So about $330 million worth of Bitcoin. And to launder it, they just decided, hey, I'm going to just throw it all into Monero. And the hilarious thing was it caused the price of monero to spike 50% because there were so many, you know, bids on it.

Adam Boileau (7:12)

Right, yeah. It's kind of funny when you see that, you know, the scale of cryptocurrency, things that you can do, like when you're stealing that kind of amount of money trying to launder it all at once. You know, it kind of makes me wonder whether, you know, can you make more money than you stole through this kind of like manipulating the pricing in the money laundering market? Because I don't know, it's all, all pretty wild. I mean, the. I did see some other reporting, I think Catalan had some reporting in today's newsletter that we were proofreading earlier that said it was like an individual private Investor lost the 300,000,000,000. So it sucks to be them. But yeah, like it's just, it's, it's so funny watching a speedrun all of this, you know, financial crime learning all at once.

Patrick Gray (7:57)

Yeah. Now we've got a report from the Global Times, the Chinese Global Times. And this is so reliable, so reliable, so reliable. So this is very, very funny to me for reasons that will become obvious very soon. Let me just read from it. China's Cyberspace Security association revealed in a report on Monday that the country's national computer Network Emergency Response Technical team, CN Certified, had detected and handled a cyber attack launched by US intelligence agencies against a major Chinese commercial encryption provider. So you hear that, Adam? They detected it. And it's handled, right?

Adam Boileau (8:36)

Handled.

Patrick Gray (8:37)

It's handled. And then you read the report and it talks about how throughout 2024, suspected U.S. intelligence agencies owned their CRM and also owned their repositories and stole something like 950 megabytes and then something like 6.2 gigabytes. So by handled, I don't know exactly what they mean by handled. You know, they handled it, they repelled it after all of their source was stolen and all of their CRM data was stolen. But look, you alluded to this as well. Like who knows what actually happened here.

Adam Boileau (9:11)

Well, yeah, exactly. I know when, when we were chuckling about this beforehand, the thing that came to my mind was, well, when the Chinese hacked RSA and stole all of their key material for all of their hardware, RSA tokens, the secure ID tokens. I guess RSA handled that too by having to reissue all of the tokens to their entire customer base after being used to break into military industrial complex companies and onwards here, totally handled. But yeah, it's always funny when we see China do the same kind of name and shamey sort of attribution that we have been doing to them for so long, but just kind of less.

Patrick Gray (9:49)

Well, yeah, I mean, there is that. I mean, I think also the story talks about how there is a concern that the Source code for this stuff was tampered with. So again, you know, well handled. It's been totally handled. When all of your source code is gone and you wonder about the integrity of it. I just said, yeah, I just find that very, very Chinese media. Right, Yeah.

Adam Boileau (10:12)

I mean, it's a good thing that the US doesn't have a background in, you know, manipulating other people's crypto systems for long term access and profit.

Patrick Gray (10:20)

Yeah.

Adam Boileau (10:21)

Dear, oh dear, sucks to be you. China.

Patrick Gray (10:24)

Now, also, Iran has also repelled a major cyber attack on its infrastructure. It says now this comes hot on the heels of a, you know, giant fire which ripped through a port, which, you know, who knows what was behind that? But, you know, when things start going bang in Iran, when Donald Trump is president, you do kind of wonder if, you know, a lot of the bad things are happening as a result of the US government or perhaps the Israeli government. But yeah, apparently Iran said it has foiled a major cyber attack.

Adam Boileau (10:55)

I mean, yeah, they haven't provided details except that it was very complicated and very big and very taken care of and don't worry about a thing. And presumably unrelated to the fact that their containers full of rocket fuel blew up.

Patrick Gray (11:10)

Yes.

Adam Boileau (11:10)

In the port.

Patrick Gray (11:11)

So complete coincidence. Yes, complete coincidence. Again, they handled it.

Adam Boileau (11:17)

They foiled it by turning it into atmospheric pollution.

Patrick Gray (11:20)

That's right, they foiled an attack after it had happened. But no, look, I have no doubt that they probably, you know, found some other, some other stuff and whatnot. Now, look, in news out of Europe, a lot of people would have seen that there was a major blackout, like a power systems failure in Spain and Portugal earlier this week. And the usual people were sort of jumping up and down and saying, oh, what if this is cyber war? Could be Russia. Indeed. I think one Spanish government body actually said, oh, we, we think this might be a cyber attack. But then they quickly walked it back. Portugal says no to cyber as well. And now it looks like Spain has ruled it out. So probably a squirrel.

Adam Boileau (11:58)

Yeah, probably, yeah. I mean, I did see some conversation about the amount of renewable energy resources in, in Spain and we have seen plenty of speculation about the ability to attack those and cause downstream problems in the rest of the power grid. But yeah, there is just no suggestion that it's anything other than Spanish squirrels.

Patrick Gray (12:18)

Yeah, and it's interesting that you mentioned that though, because the research that we spoke about recently was really about how you could manipulate some of these, like solar controllers and stuff to desynchronize them from the grid, which is actually what happened in this case there was a desync. The, you know, the frequency of the power actually dropped below 50 hertz, which caused a cascading failure and whatnot. But you know, probably some damage to a line or something like that. And you know, again, not even probably due to renewables per se, but moving on, and this one is interesting. Something really bad happened to a South Korean telecom called SK Telecom because they are replacing the SIM cards of all, all of their customers. They have 20 million ish customers I think, and they only have a million SIM cards on hand, so they're having to order a bunch more. And this is going to be a bit of a long term project. But you and I were talking about this and the only thing that we can come up with is that the key material, the private key material for those SIM cards must have been stored somewhere in the telco and someone got their hands on it.

Adam Boileau (13:22)

Well, yeah, that's the conclusion you end up arriving at because you know, I've been in plenty of telco security meetings and the level of badness that it would take for them to roll, like physically replace the SIM cards of the entire subscriber base, like no one wants to say yes to that, no one wants to do that. So it has to be like nose rubbing in bad for them to suck it up and do it. So presumably someone was in a position to get to the hlr, the place where the, the keys are stored for those SIM cards. Because the way SIM keying works there is basically a symmetric key that's stored in the SIM and at the telco and if you nick it now, you can clone SIM cards, you can become anybody, et cetera, et cetera.

Patrick Gray (14:06)

Well, you just answered the question I was going to have, which is why are they storing private keys? But you know.

Adam Boileau (14:11)

Yeah, so it is actually symmetric because this stuff goes back to the GSM era when doing asymmetric crypto in a tiny SIM card probably wasn't super feasible. So anyway, that's what I imagine what happened. Early reports. So Catalan had some coverage of SK Telecom having an issue, I want to say a couple of weeks ago. And that said like it made it sound like there had been some data theft, like they had a machine compromised and it had access to some customer data and they were, you know, sort of warning customers. But it sounds like, you know, I guess it had access to maybe backups of the hlr, maybe the HLR itself itself. Or they pulled the thread and realized that it wasn't just a single machine, it was actually domain admin and everything and oh God, you know, and here we are, you know, trying to like there's apparently queues outside mobile phone stores in South Korea where customers have been told they have to show up and get a new SIM card and then the store's like we only had 100 now what are we going to do? So yeah, it's funny, it's a very big mess.

Patrick Gray (15:10)

It's funny what you mentioned about like reports of like a data breach in a telco. It's usually like eh, subscriber names, addresses, emails. Right. You just sort of read that and think ah, whatever. And then it's like oh no, they stole the keys for everybody.

Adam Boileau (15:21)

Good times. And whoever did it like good job, good job.

Patrick Gray (15:24)

Yeah. Now let's talk about some awesome research here from a company called Oligo Security which is having a look in the air airplay protocol, Apple's airplay, excuse me, airplay protocol and the implementation thereof. They've found a bunch of really cool bugs in airplay. So if you could get on the WI FI network, the same WI FI network as an airplay device, you can own it. And this is not, this doesn't just affect Apple devices, this affects third party devices as well. Which I think is probably the more insidious bit to this because Apple's patch this stuff, right? Like you probably installed the patch for this months ago whereas you know, if you've got some Sony TV or whatever that supports airplay, these bugs are going to be in stuff like that forever.

Adam Boileau (16:16)

Yeah. So a lot of other Companies that implement AirPlay use Apple's SDKs to do so and some of these bugs are in code that's part of those SDKs. There's also bits of airplay shared in things like CarPlay. So like these bugs are applicable to plugging Apple device into your car and doing the screen sharing, audio sharing thing. There's a range of bugs, at least one of them is like kind of zero user interaction required affected macOS and the other Apple systems as well. The guts of it comes down to that. In the network protocol they use Apple's plist format which is sort of a, I guess kind of like imagine like the Windows Registry format. Plists are kind of used in similar sorts of ways for storing key and value pairs and either on disk or passing them around. Anyway, the parsing code for the plists used to pass information for the airplay wire protocol is being a bit fast and loose and there's some like use after freeze and some other bits and pieces like that. The, you know you wouldn't, you don't really expect from Apple these days, but there's probably quite a long tail on this code base. But yeah, this company has pulled that thread, identified a number of bugs and demonstrated exploitability, some with zero interaction, some with some degree of user interaction required across Apple devices. Third party things like AirPlay speakers and TVs and car headend units via CarPlay. So pretty comprehensive research and yes, the long tail of non Apple devices is the real problem here.

Patrick Gray (17:50)

Yeah, it's interesting what you say about this stuff. Probably dating quite, you know, a ways back because you read about these bugs and they feel old school. Right. Like it doesn't feel like the sort of stuff that you should find in a modern Apple device.

Adam Boileau (18:03)

No, no. And that's, you know, you know they've been writing code for a long time and you know, this is I guess a sort of an obscure ish corner of their code base compared to like you know, WebKit or iCloud or you know, things like that that get a whole bunch of attention like iOS bootloaders and things like that. So yeah, interesting niche and I, you know, I was reminded of like Dao Mark Daud bugs in like the airdrop sharing protocols as well. And that also was like super weird old school like Unix, CPIO archive path traversal or something. So you know, there are some corpses in, you know, in Apple's Apple's cupboard, Apples closet, wherever you put corpses in the metaphor. I don't know.

Patrick Gray (18:44)

I actually I was in Sydney last week on my break, had a wonderful time down there, went with the whole family and I actually had a chance to have dinner with Mark Dowd last week. So that was a lot of fun as well. So I joked on Blue Sky, I went to Sydney and saw the sights like the Sydney Harbour Bridge, the Opera House and of course Mark Dowd.

Adam Boileau (19:02)

Yes.

Patrick Gray (19:04)

But yeah, he's still very much enjoying hacking the Internet, which is good to see. It's good when you're, when your friends have a passion, it's great.

Adam Boileau (19:12)

Or a sickness.

Patrick Gray (19:14)

Exactly. And he sure does have. It is one or the other. You're quite right. Now let's have a chat about juice jacking. Right. Because this is one of those things where, you know, the, the advice for so many years is like don't use public WI fi and never plug your phone into the, you know, this is sort of out of date advice that doesn't really, you know, help anyone. But we're actually, we've actually got some research here into a potential juice jacking attack that would have worked quite well. Thank you very much. This is a bit of research. It's called choice jacking. We've got Dan Gooden's write up on this one from Arstechnica.

Adam Boileau (19:50)

Yeah, when I was going through preparing the run sheet for the show and I saw the juice jacking in the headline and I just immediately went, yeah, pays down next. Didn't even read it. And then I'm like, it is a Dan article. Like he probably. I guess I'll go back around. I'm really glad I did because it is actually what you want in a juice jacking bug, I think with some researchers from. Were they an Austrian university maybe? Yes, university in Austria. And they came up with the actual juice jacking bug that you want plug in a modern, fully patched Apple device or Android into what you think is a power only connector and receive disk access to the device and steal data off it. Right. That's, you know, with no user interaction required. And that's like, I was super curious, like, how did they actually do it? How did it work? And it's super interesting. So if you'll indulge me, I'll walk you through the bug.

Patrick Gray (20:43)

Well, that was going to be my next question. How does it work?

Adam Boileau (20:47)

I'm going to tell you, even if you hadn't asked, I'm going to tell you. So this is super cool. So you plug in the USB device. It initially pretends to be a keyboard. It injects keystrokes into the device to get to the Bluetooth pairing settings menu, triggers Bluetooth discovery, and then at that point the device that's attacking you stands up a Bluetooth keyboard, and then you accept the Bluetooth pairing with this fake Bluetooth keyboard. So now there is two keyboard paths, one via the USB connection and one via Bluetooth. Then you reconnect the USB via the USB power delivery mechanism where you can change the role of USB devices between host and client. So then you change it so that the attacker is now a host device, sorry, it's now a client device. And then the phone spins up its share media with a printer or whatever thing. And then you use the Bluetooth keyboard that you've got connected to accept the prompts to say, yes, please do it. And that's the kind of the whole process end to end. So by changing client server role and then using Bluetooth as a side channel because you can't do keyboard at the same time as being a USB client device, that's how they circuit on the Apple case, in the Android case. There are some other tricks of like using out of state messages in the USB stack to do the same kind of thing. But honestly, super cool research and I just loved that. Like let's just make a second keyboard via Bluetooth. So yeah, just cool, cool work.

Patrick Gray (22:22)

I mean it is. And it doesn't involve any sort of O day memory corruption. Like it is just like old school logic hackery.

Adam Boileau (22:31)

Yeah, Using the brain.

Patrick Gray (22:34)

It's funny actually because you know, when I had dinner with Mark we were, and you know he's a very, very well known iOS security expert and we were just chatting about like what a hard time it must be for companies like Celebrate and like Greylock and or Gray Key or whatever they're called because you know, to do this sort of stuff because the attack surface for this is just so tiny, you know, so literally having that conversation last week and then we see this research and it's like, wow, you know, when there's a will, there's a way.

Adam Boileau (23:04)

Hey, yeah, yeah, yeah. We just got to love it, you know, it's. This was just such good work.

Patrick Gray (23:11)

Now if your computer will allow you to move over to the tab containing the article, the next article we're going to talk about because it's on a website called Android Authority that I think the ads were chewing. What a whole core on your computer?

Adam Boileau (23:23)

All of my cores, all of the cores of my CPU are pegged at 100% on this website because of the amount of advertising. So turn off the JavaScript and then look at it if you're clicking on the link.

Patrick Gray (23:34)

Yeah. So apparently there is actually some new stuff coming in Android 16 that is designed to prevent USB based attacks. And this is part of Android's whole, they're building some, you know, advanced security mode that is similar to the, what's the upper one called? Lockdown mode. Yeah, yeah. So they're building a mode that's similar to that and they're, you know, introducing some changes to the way Android handles USB connections. Walk us through them.

Adam Boileau (24:00)

Yeah, I mean the basic gist of this is that you will be able to tell it that when the device is locked, physically disable the USB port or at least like make it so that it doesn't work. So that exactly this kind of juice jack and thing isn't viable unless your device is unlocked. Then that's basically the guts. But there's a bunch of other changes they have been making as they design this advanced protection mode. But certainly if you were Gray Key or cellebrite, this kind of thing is probably a death now for a lot of your business. So yeah, bad times to be them and good times for Android users.

Patrick Gray (24:37)

Yeah, yeah, if they're using that mode, I guess would be the caveat there. Now, let's talk about a critical bug in Erlang OTP ssh. Now, whenever I hear the word Erlang, as someone who did a communications and electronics degree a million years ago, I get triggered because an Erlang is actually a unit that measures traffic on a telco network. So of course, anytime I hear the word Erlang, I just immediately associate that with telcos. I'm guessing Erlang OTPSSH is found in telco environments? Adam.

Adam Boileau (25:08)

Yes. So Erlang in this context is a language runtime environment from Ericsson and very heavily used in the telco environment and has a bunch of systems built in. Erlang tend to be used in big communication systems that need to have very high availability because you can kind of hot patch it and keep the system running whilst you work on it. Anyway, there is a SSH implementation in OTP which is basically the de facto standard library for Erlang applications, and this SSH server has a bug that is CVSS 10 out of 10, no auth remote command exec. And that's bad.

Patrick Gray (25:50)

I mean, you don't often Hear the words CVSS 10 and SSH in the same sentence, right? Well, yes, because people are like, oh, why are they talking about some bug in SSH in togo? I mean CVSS10 ssh, CVSS10.

Adam Boileau (26:04)

And obviously this is just Erlang's implementation of it. But the thing that really touched my heart reading the story is the guts of the bug is that you can basically send out of state messages down the SSH protocol channel pre authentication saying hey, please open up a command prompt and run a command. And when I was doing my work on weird out of protocol SSH out of state, like weird protocol stuff in ssh for ssh jack back in 20056 I went and looked for this bug in Open SSH and a number of other implementations of SSH on unix. I didn't look at the Erlang one because I wasn't in a telco and this bug didn't exist in any of the ones I looked at, but it was a bug that I thought about and that I went looking for. So seeing someone else find it now, all these years later, this warms my heart like fills me with joy and love. So good job researcher who found this. Sucks to be everyone running Erlang anything with ssh. On the plus side, you can probably hot patch it, so yay.

Patrick Gray (27:09)

So you feel vindicated because you would have spent a few days on that 20 years ago and now you understand that that wasn't a waste of time. It wasn't.

Adam Boileau (27:18)

You were justified. My instincts were good, man. They were good.

Patrick Gray (27:22)

Now look, I mean, you know, we're going to continue talking about a few bugs because it's just a big week for bugs this week. So we've got two more to talk to and one of them is in SAP SAP netweaver. This is under active exploitation and it's a bad one.

Adam Boileau (27:36)

Yeah, this is straight up Arnold of CodExec once again, CVSS 10 out of 10 this is a bug in. So like in this SAP web server component there is like a service discovery and registration endpoint. They use a uddi, which is like a Java Java people use it for doing service discovery anyway it just has no auth and the net result is you can connect to it, kind of reroute services inside it, inside the big applications and then leverage that upwards onwards to code execution, which is wonderful and great. And there is quite a lot of this on the Internet and for internal networks and SAP environments this bug would be a wonder. Like you would have such a great time in an enterprise. So yeah, once again fills me with joy.

Patrick Gray (28:21)

Yeah, I think it's a CVSS 9.9 so, so close to being perfect. I wonder how they lost that 0.1 point.

Adam Boileau (28:30)

Probably because you have to think about Java and that's enough to put off, you know, some percentage of attack at some.

Patrick Gray (28:35)

A large part of them actually we saw that with log 4J, you know, like people only ever used ready made exploits for that one like. Well, as far as we know anyway. Yeah and then there's some nasty stuff in commvault as well.

Adam Boileau (28:47)

Yes, the commvault backup system, there was a. There's a bug in it. Watchtower Labs have their usual very high grade, you know, meme heavy write up. I like. I just can't give enough props to watch style because so many advisories that we read have zero detail and seeing someone actually work through and work up the exploit and give you all of the details that you actually want fills me with joy Again this is a wonderful week. I'm having a great time this week in the show and this is once again Java bugs processing a zip file with pass traversal that leads to unzipping a JSP file or malicious code inside the web root of the commvault Java web application. And they talk through their auditing approach which is once again exactly how I approach auditing Java web apps like this. So yeah, I felt right at home. It was a good time. If you run Commvault, boy, oh boy. Yeah, it's going to be time to patch I'm afraid because yeah, this is straight up code executing your backup server and then you restore the backups of the domain controller, steal all of the key mats and Bob is your domain admin having uncle.

Patrick Gray (29:57)

Yeah, yeah. And I think this is being exploded in the wild now, isn't it? Since this write up.

Adam Boileau (30:03)

Yeah, I think so. Like the write up is super clear and Watchtower has what they call their euphemism for a poc a detection artifact generator. So yes, easy times for everybody who is near a commvault.

Patrick Gray (30:17)

Yeah, there you go. Now let's look at future trouble. Right. So we've spoken about it on the show before about how Chinese crooks are really scaling up a lot of these scams where they get people to, they obtain one time passcodes to enroll people's card information into like Apple Wallets or whatever where they're in China and then they're doing relay attacks to post terminals or ATMs or whatnot in targeted countries. So that's interesting. But Catalan Kimpanu, our colleague and you know, we keep talking about his work this week, if you want to read this stuff yourself, go to Risky Biz and subscribe to to our newsletters and you'll get this in, in your inbox and you don't have to listen to us talking about it, which I guess we don't want that, do we? Anyway, but go subscribe to his newsletter anyway because it's really good. But he's, he's done a bit of a deep dive into what Russian crews are doing with NFC card malware. So this is different to the enrollment scams and more about being able to relay sort of, you know, NFC based information, I guess that unlocks transactions off to other locations and whatnot. I guess the point he's making is that this stuff is on the up. Right. So between what the Chinese are doing with this stuff and what the Russians are doing with this stuff, it feels like, you know, mobile payments fraud is about to become an issue.

Adam Boileau (31:39)

Yeah, I mean I think the ubiquity of NFC payment cards and equipment in the forms of mobile phones has just like it's giving opportunities for new ways to do crime. And the enrolling stuff into Apple Pay and rolling cards into Apple Pay through social engineering to get the enrollment one time code or whatever, that's really Smart. And then this Russian stuff where, you know, they get a piece of malware on your phone, you know, through all the normal mechanisms, and then social engineer you into holding your card near it and then relaying it. Like both of those are what can we do when we have card readers in everyone's pocket? And I'm sure there's going to be a bunch of other really interesting ways to attack the payment ecosystem that we will see over the years. It's also transferable between markets, so we're seeing it mostly in Russia, mostly in China, but it's going to appear in other markets because the techniques are the same, the cards are basically all the same, the phones are all the same. Like, there's no reason we're not going to see it elsewhere. So, yeah, Catalan's been pretty good at giving everybody a heads up of what's coming down, you know, in other places as well. So if you're in that payment space, definitely go read because it's a good write up.

Patrick Gray (32:49)

Yeah, I remember like 10 years ago watching Nick VD doing like a NFC relay demo at Kiwi Con and just thinking, oh, this could turn into a problem, I guess. And yeah, here we are. It took 10 years.

Adam Boileau (33:00)

Yeah, took a while. But it was fiddly because I work with him on some of the implementation of those attacks and getting the timing working and stuff. Like, it was fiddly, like wasn't complicated, but it was just there was fiddles that you didn't really appreciate. So doing it in the wild, you know, is pretty, pretty cool work.

Patrick Gray (33:17)

Well, we've also seen like, and I don't think it's necessarily applicable in this case, but we often see too, when technology companies lay out a foundation for something that can be done really, really securely and amazingly, they don't use all of the features that would enable them to do it really, really awesomely and securely. So you think back to when chip and PIN was kind of new and I think Australia and New Zealand were certainly ahead of the United States in, in terms of having chip and pin. So there were a lot of people doing research on that stuff here and you know, just they, there were so many ways they could have implemented it that they didn't. You know, so you could do things like replay attacks and whatever and like, yeah, anyway, let's just see how bad it gets. I get, I'm guessing there's already some work being done on countermeasures to a lot of this stuff, but you know, there's a lot of banks in the.

Adam Boileau (34:04)

World and it's also, it's also so applicable to other things like, you know, car, you know, unlocking cars via the key fobs and stuff. Like, once as those radio systems converge and become more and more uncommon, you know, and people are using, you know, their phones to unlock their cars or whatever, like there's just a bunch of building access control. Like there's so many hotels, like so many places. This research is applicable even beyond payment cards.

Patrick Gray (34:27)

So. Yeah. Yeah. All right, so now we're going to talk about US Government stuff. And you notice that I buried this towards the back of the news because.

Adam Boileau (34:36)

Of the US Government.

Patrick Gray (34:37)

Yeah, yeah. So you remember when the whole signal, you know, hoofy signal group chat came out, I speculated, well, they're going to be using probably, you know, not just the mobile app, they'll probably have it on their desktop as well. And they're probably not running that on government computers because that's against policy. Turns out Pete Hegseth actually had a personal computer or like a non government computer in his office and was even provisioned a like commercial, you know, Internet access to that machine so that he could use signal on that machine. So that's a report from ap. It just really confirms our vibes on this when it all first started, I guess, which is why I mentioned it.

Adam Boileau (35:17)

Yeah, yeah, exactly. I mean, typing all those things on your little phone keyboard is a pain. Using a real keyboard, a real screen, super convenient. And yeah, you can see why. And then you gotta wonder, like, what else does that machine have access to? What does its microphone listen to? How difficult is it really to compromise Pete Hegseth's dirty computer.

Patrick Gray (35:37)

Yeah. His unsanctioned computer. And this was always my concern, right. Is if you've got like, if you spider out the number of people in these sort of group chats. Right. And the number of devices. Okay. If they're all just using the phone app, you know, as I often say on this show, I don't use the signal desktop app for this reason. And you would just think one of those. Yeah, one of those devices somewhere along in these group chats would have been compromised. Almost certainly. But we've also got. So this is a story from April 21st I'm choosing to include in this week's show notes Brian Krebs write up of this because it is superb. It is really good. A whistleblower from the National Labor Relations Board has filed a complaint. This guy's name is Daniel J. Baroulas. He's 38 years old and you know, he's come out and made a series of allegations about the way that the DOGE people were handling data and access into this, this, you know, organization's environment. And you read the complaint and it's pretty mind blowing stuff. Now we've got to keep in mind that these are just allegations, but there is some evidence provided, like various photos of consoles and whatnot. But I mean, walk us through this one, Adam, because it is a wild time. I mean, just before you do that, I will say that very early on when we started talking about this DOGE stuff, we said, look, there's probably a data governance issue here because it doesn't seem like they're following many procedures. And you know, I expected it could be quite bad, but this is even worse than I thought it would be.

Adam Boileau (37:08)

Yeah, so this is a relatively smallish government agency that, you know, handles relations with unions and other kind of labor relations stuff. And interestingly, as an aside, a thing that Elon Musk and Tesla and SpaceX and so on have had some beef with over the years, you know, whether that means anything, I don't know.

Patrick Gray (37:25)

I think they're suing this nlrb, right. So, I mean, it's not just a bit of beef. This is, this is an organization that is loathed by Elon Musk.

Adam Boileau (37:35)

But anyway, anyway, so this guy worked in the like network and computer governance bits of this organization and he was told that DOGE people were coming in and they needed access to the environments. The DOGE people in question were provisioned like tenant admin level access to their Microsoft 365 environments in contravention of all of their normal policies and processes. And then they started seeing sort of signs in their logging and signs in like usage accounting and stuff in there as your environment that just looked kind of weird. They started pulling the threads. They found things like user accounts being created, you know, for DOGE people. And these accounts are like, some of them have like fake names or generic kind of names. They also saw records of these accounts being logged into with the correct username and password from IPs geolocated into Russia within, you know, like 15 minutes of the accounts being created.

Patrick Gray (38:39)

Well, I mean, they weren't successful logons, right? Because so they were they successful. They were the right creds. The reason this guy thinks they were the right creds is because the logins failed on the geoblock side of things. Right. But not, they didn't fail at the, at the point of credential entry, which suggests that, you know, probably these DOGE people. I mean, if this is true, it would suggest that one of the DOGE people's systems that is involved in provisioning these accounts is compromised.

Adam Boileau (39:08)

Yeah, either compromised or the DOGE kids are using, you know, commercial VPN providers with boxes that happen to be based in Russia for whatever reasons. Because, you know, you think about the ties of some of these guys to cybercrime and stuff in the past, it wouldn't be super unreasonable for them to be using VPNs or whatever. So could be that if it was Russia on DOGE employees systems, you'd think.

Patrick Gray (39:32)

They'D bounce it out through another country. Right?

Adam Boileau (39:34)

It doesn't that I feel like the doge people using cheap ass VPNs is probably more like, what if it was.

Patrick Gray (39:43)

The Canadians trying to get them to think it was the Russians?

Adam Boileau (39:46)

Maybe false flag. That's also entirely crazy.

Patrick Gray (39:49)

Canadians false flagging.

Adam Boileau (39:50)

Yes. But anyway, so this guy's got a whole, basically a list of complaints and weird stuff that they've seen. He raised it with his management and eventually their investigation of it got shut down and the guy got his access revoked and he's currently on paid leave or something.

Patrick Gray (40:06)

I think they all got their access revoked.

Adam Boileau (40:08)

Yes, like the entire IT team or whatever it was at this organization. So really kind of weird looking. And the thing that strikes me about IT having been an, an auditor, having been a pen tester, someone that goes into other people's environments to go look at stuff, quite often you do end up saying, look, just give me root, just give me admin and we'll sort ourselves out. Because understanding the local policies and processes and all of the weird account types and rules of any particular organization takes longer than the job is worth. And I get the vibe that DOGE kids like they're going into hundreds of organizations, everyone's got different set up some policies, just asking and demanding tenant admin, because you can is pretty easy. Like it's. Yeah, but they're going in there rulebook and the same playbook for everything, you know, and that's efficiency, but sure, but.

Patrick Gray (41:01)

They'Re going in there and they're flipping off logging, spinning up a bunch of new users, running random containers. Like, I mean I get that that is the easy way to get it done, but I go back to that whole thing, which is this is a data governance and process problem. Right. Because they're not adhering to any processes. Like they're not logging what they're doing. And a lot of this is sensitive data. It's just nuts.

Adam Boileau (41:20)

Yeah. And I Think like both of these things are true. Right? This is the easiest way to get the job done. And I have been on the other side of this where you need to get the job done. And, you know, you do circumvent all these processes and controls because, hey, you're there for a week, you've got an outcome to get. You ain't got time for their stuff. You just go get it done and tidy up after yourself and hope you don't make any mistakes. And that's not great.

Patrick Gray (41:43)

But rules, sometimes they don't apply to us, Adam. They don't apply to us.

Adam Boileau (41:48)

But at the other hand, these are government organizations with very real data, you know, governance requirements and obligations that exist for a reason. And just because it's easy and you're 23 and you've got a boss providing top cover that says you can go anywhere in government and do whatever the hell you want, it doesn't mean it's the right thing. So, yeah.

Patrick Gray (42:11)

Yeah. Well, staying with U.S. government news and CISA is getting a new deputy director. Madhu Gotu Mukala, who is the CIO of South Dakota, is the number two pick. I think the nominee for the director position. That's still being held up by Ron Wyden, who's waiting for them to release a report into SS7 from 2022 because reasons. But yes, SISA now has a deputy inbound, apparently staying with SISA News. And Bob Lord, who I've interviewed him before, he was the, he was the CISO of Twitter a long time ago and then went and did a bunch of work with the DNC to secure their campaign. He is leaving cisa. He was a senior technical advisor there and he was working on Secure by Divine and also Lauren Zabierak who worked there on the same stuff. She is also leaving. So it looks like things are a little uncertain for the Secure by Design initiative. And of course, the ax is about to fall on a zillion employees there. So, yes, the, the dojing continues at cisa. And now a quick follow up on the Chris Krebs situation. He was, of course, was the first director of CISA and you know, is being is subject to an investigation now ordered by Donald Trump himself into God knows what. But yeah, he was put in an untenable position. He has resigned from Sentinel 1, as we predicted, and promptly turned up at RSA and bucketed the Trump administration for all its cups of cyber agencies. So, yeah, I think Trump's earned himself a new thorn in his side for the next couple of years. While Chris goes on a war path. And one more thing we wanted to touch on quickly, just very quickly, is there's a blog post from Chris's former employer called Top Tier what it Takes to Defend a Cybersecurity Company from Today's Adversaries. I actually spoke to like their head of Threat Intel, Steve Stone and Alex Damos yesterday. We did an event, I just joined by Zoom, an event in around RSA to talk through all of this. But it was actually really interesting research and I figured you'd want to chime in your two cents on this as well.

Adam Boileau (44:27)

Yeah, this is a super interesting write up of the sorts of attacks that Sentinel 1 have seen against themselves and other peer companies in the industry that do, you know, kind of important security work and attacking security vendors. There's a long and proud tradition of that and there's just, you know, it's very rare that anyone comes out and talks about it. So it's really nice seeing, you know, a write up of some of the things that they experienced. One example is North Korean IT workers, you know, how they went and kind of work with their HR team, recruiting team to sort of spot some of that stuff early on. So that was super interesting. And then also some of the work on when cybercrime actors are renting access to EDR products to be able to test stuff and to be able to kind of get into even some people's production environments, like where the there's EDR consoles on the Internet, some of the attacks around their products and how the customer's using it. I thought that was kind of an interesting thing that you don't often see vendors talking about compared with Fortinet, who every time they have a bug, they just find a bug in somebody else's product and quickly drop a press release to distract you from the fact that 40 everything is getting your own. So it's just really nice seeing this kind of detail.

Patrick Gray (45:43)

Yeah.

Adam Boileau (45:44)

And it's from a vendor.

Patrick Gray (45:45)

It was a great conversation. I'm still waiting on the video feeds from the other side and once we get them, we're going to chop that all up into a podcast. It'll go out next week. It's our first wide world of cyber without Chris, which was a bit strange. But anyway. And for anyone wondering, Chris Krebs will absolutely be back on Risky Business. It's just a matter of how long. He's a little bit busy right now, as you can imagine. Yeah. So that's actually it for the week's news, but I'm going to do something now, which we don't normally do, which is just chat to you a little bit about this week's sponsor interview, because part of it was inspired by conversations you and I have been having about IPv6 and the adoption of IPv6 because. So knock Knock is this week's sponsor. They make a technology that orchestrates your firewalls and it's tied to sso. So basically you SSO to a web page, which is the Knock knock page, and you just press authenticate with sso and then it opens up network access to the resources that you want to access. So unless you've done that, you just can't even get a port to these, to these resources. Now, it's funny because a lot of what, and I'm on the board of this company, right, I work really closely with them. And a lot of what we spend our time thinking about is like, how to get around the fact that occasionally someone's going to want to connect from a CG NAT gateway that's shared access that has possibly some compromised bot machines behind it. Right. You are then opening up to them. So what do you do? And there's a. There's a few approaches there. You can have gray noise risk scoring where you can say, well, you know, we've seen some bad activity from that ip, so just don't allow that user to connect from that ip. That's one way to do it. Or if they want to connect to a web application, you can shunt them into a ID ID Aware proxy. Right, that's another way. And that also works for stuff like rdp because there's, you know, various stacks where you can basically webify RDP and whatnot. But then you look at like the experience of one of their customers who's an IPv6 shop, and just the way they use it, you don't need to do any of that with IPv6. And you quickly realize that IPv6 is going to be the foundation of like the zero trust future. And of course, I have this conversation with you and then you say, but V6 is nowhere near ready. And it's like, oh, he's kind of right, but he's kind of not. But it is true, isn't it, that V6 just solves so many problems?

Adam Boileau (48:00)

Yeah, I mean, the ability to be able to individually address computers on the Internet is a thing we have given up on over the years because of V4 exhaustion and the complexity of networks and things like NAT breaking. That kind of the way that networks were meant to be end to end reachable. And the return to the end to end Internet is a thing that a lot of people are not really ready for. But this kind of use case of doing access control based on source IP address is exactly why end to end addressing address so great. And in the old days there was this idea that IPv6 was going to have built in kind of ipsec style vpning and stuff that would have delivered, you know, also confidentiality and integrity on top of it. But then the standards were so complicated and no one implemented IPsec terrible and blah, blah, blah. But you know, just being able to identify who you're talking to is super, super valuable. And we've forgotten how valuable because of the, the sands of time in V4.

Patrick Gray (48:59)

We'Ve learned to deal with it. Right. And that's the thing like until you say, oh well actually things would just be so much better if we just all used V6.

Adam Boileau (49:05)

Yeah. If the entire Internet moved to V6, then everything would be super great.

Patrick Gray (49:09)

Yeah, yeah. Well that's the funny thing. In this interview, as everybody's going to hear, there's a moment where it's like, oh, it's easy. All we've got to do is get everyone in the world to use V6 and then it's, you know, problem solved, we can go get a coffee. But yeah, I'm going to intro the interview now. Adam, thank you so much for joining me for a discussion of this week's news. It's great to be back.

Adam Boileau (49:28)

Yeah, it's really good to be back. And yes, I will talk to you next week.

Patrick Gray (49:39)

That was Adam Boileau there with a check of the week's security news. And as you just heard, we're going to chat with Adam Poynton, who's the chief executive of Knock knock now, about IPv6 really and the security benefits it unlocks, which are many. And we're also going to talk about a couple of use cases that they have that are turning out to be really popular for Knock Knock. And one of them is internal use to segregate a production network from an OT network. It's a really clean way to do that. And other approaches can be a bit more fiddly, like VPNs internally. Yeah, you can do that. It's a bit more fiddly. Jump boxes, again, a bit more fiddly. You can micro segment the entire network, but that's like a lot of work. Right. So people are finding that, yeah, you can just drop in, knock knock, add a few firewall rules and orchestrate it that way. And it's really working, working well. So I will drop you in here though, where I first off asked Adam, you know, if he agrees with the proposition that IPv6 really unlocks massive security wins. And here's what he said.

Adam Poynton (50:41)

That's very true. It really does. You get precision, like you get precision attribution, you get precision direction of the flow of traffic. It's just unlock is the right word. You know, it's one of those sort of words, but it is very true. You get absolute precision attribution of the client, of the server. You get orchestration at the firewall level. You don't have to have a listen. That and the whole, the whole nattered, you know, walled garden thing. Everybody, you know, NAT came around, everybody had their nice soft and squishy internal networks. But don't worry, that prevented anybody getting in from external. And IPv6 is a little bit of fear still around that, a bit of confusion, lack of understanding. But the world is Almost there at IPv6, the rate of adoption now. And you know, we're above 50%. It's quietly happening in the background. And we love IPv6 because it allows that precision of attribution and, and target what server, what service and other benefits of IPv6 that it brings.

Patrick Gray (51:39)

Yeah, that 50% figure is now like 50% of Google visits in the United States are served over V6. But the problem with V6, right, is you can't be guaranteed that you're going to get it from your provider. Like if you're out on the road, right, you're connecting to the hotel WI fi, there is no guarantee that you're going to be able to get V6. You know, this is just the problem with it. So we are really talking about an ideal world kind of scenario. But, you know, once we imagine a world where you have to authenticate a completely unique IP before it can connect into services, you'd imagine that you would just do this on every network and oh my God, the benefits would be just incredible.

Adam Poynton (52:15)

Incredible. It almost comes back to the micro segmentation piece you said before, where you've got individual client, individual host, individual services, obviously at a massive scale, and the ability to have, you know, single pinpoint between the two, as opposed to, you know, allowing broad networks through. It'll take a little bit of time to get there, but it's, it's happening. It is actually happening. People probably don't realize.

Patrick Gray (52:40)

Yeah, I mean, I think there's a couple things there though, right? So you've got the ISPs who've got to support it, and then a lot of enterprises they don't have. I mean, I don't even think we've got. We're serving our website via V6 at the moment. Right. Like, which is terrible. And we're going to have to fix that. But that's my point is, like, when I talk about this with Adam Boyleau, he's like, well, V6, if you want to roll V6, it's a whole other network, you know, I mean, it's on the same equipment, but you need to be maintaining essentially a dual network if you want to run V4 and V6. So, I don't know, like, you know, how long is it going to be before we can reliably get V6 everywhere.

Adam Poynton (53:14)

We are going to get there? It is a whole lot on the network. It is complicated. There's a lot more to it. There's other security elements of it that aren't fantastic, but there's a lot of pros. But personally, I love the ability to pinpoint a client and a machine and, and have that specific control. And then you get a lot of observability benefits too. You know, you're not just seeing a NAT gateway connect to your service, you're actually seeing more individual client machines. So from a security observability standpoint, there's a lot of untapped benefits there, I think, too.

Patrick Gray (53:49)

And of course, the customer that uses this on their V6 network, I mean, it's perfect.

Adam Poynton (53:55)

Yeah, they're very big network people. It works flawlessly. And there's a big push in US federal government to move to V6 for obviously all the benefits. So we will see more adoption.

Patrick Gray (54:09)

But I mean, this is the thing, right. Is like, I've been in this a long time, so have you. And it wasn't until we were working on this when we're like, oh, okay, you know, to make zero trust actually works. There's a very simple answer. And it's just to use V6 and apply some authentication to network connections.

Adam Poynton (54:24)

Yeah. Which is not what you want to hear. To achieve something that's slightly difficult, all.

Patrick Gray (54:28)

You need to do is roll v6 across the whole world.

Adam Poynton (54:31)

That's right. Yeah. But it is baked into everything these days. Every client, every server. Okay. Not all the fantastic podcast websites in the world have it enabled, perhaps, but all of the client and server machines do support it. So it's not experimental, but there's a lot of effort and it's complicated.

Patrick Gray (54:53)

I Mean for that customer too. You even had to roll out a couple of extra like protocol support features. One of them was the. What is it, the Privacy extension to IPv6. Tell us about that.

Adam Poynton (55:03)

Yeah, so privacy extensions essentially. I mean the original V6 was like, oh, we'll make your address based on your Mac address. Which you know, was crazy because then you get individual attribution down to the hardware layer around the world, which you can.

Patrick Gray (55:16)

Well, and sometimes you're going to get collisions there too when lazy manufacturers just, you know, have 10 Macs that they just use on everything.

Adam Poynton (55:22)

Yeah, lots of problems. So it doesn't do that anymore. Well, for 10 years or more hasn't, hasn't been the standard. But the privacy extensions essentially allow you to have a dynamically generated address depending on the network that you're sort of connecting through to. So anonymizes the client and then you get periodic changes and updates of the address. So we, yeah, we love our customers that actually push us forward. And that was one of them was to support or the ability to support or not support those dynamic changes and still have attribution of the user.

Patrick Gray (55:55)

Now one thing that's getting really interesting though is you've been looking at some of the transport security options in V6 and that's where stuff starts getting absolutely wicked from your point of view, right?

Adam Poynton (56:04)

Yeah. Well, I still remember when AH and ESP were, you know, ah was a part of it and I was, oh, this is going to be fantastic. Obviously that's not really a thing anymore, ESP is, but it's just not the most efficient way to do it. You know, don't, don't, don't encrypt at the transport layer, you know, do it at the application layer. And that's where everybody is today. And that's okay. Keying's hard, distribution of, you know, re keying etc is hard. So I understand that. But you know, it would kind of be cool if you were an IPv6 ESP network everywhere. Like, you know, I'd be a fan of that.

Patrick Gray (56:37)

So look, while we're here, I guess we should talk about some of the use cases that are popping up for Knock Knock, because some of them are kind of, I mean, I guess in retrospect they're not surprising. But this is turning out to be really popular with OT providers, OT admins who have to administer, you know, control systems and whatnot and you know, water treatment plants, whatever. Why don't you tell us why it is that, you know, the OT types are getting all excited about this.

Adam Poynton (57:04)

Well, the OT use case is always on access. Why have always on from your machines, whatever the VLAN is always talking to that environment. Why have that if you can have an on off switch essentially which knock knock provides. So there's the external use case where people are connecting in, but then the internal one is getting a lot of adoption because you, you can control that per individual machine, per individual network with an on off switch. When they need access, they get just in time. And every other moment their machine can't access that network full stop.

Patrick Gray (57:36)

Yeah, and I guess there hasn't really been that many approaches for doing this I guess in the past.

Adam Poynton (57:43)

Yeah, not really. I mean there is the high side, low side network. You can physically change things. You know, go and plug in over here, do your thing, come back over here. But pretty quickly people don't want to do that. So they either bridge the networks or they find another way. Or it is a VPN or it's a jump box. And a jump box is just more steps and other elements in the way to get through to what they need to get done for their job.

Patrick Gray (58:07)

Yeah, right. So the way it would work is user wants to access OT environment, they just make sure they are sso, they hit their knock knock page and bang. That opens up the firewall into that network where the OT stuff lives.

Adam Poynton (58:20)

Yeah, and what people like about it is it's on for an hour. So their machine has no network level access. If the machine's owned somebody sitting on their machine trying to look at that network, they can't see it, they can't attack it. Only after they log in can that network actually be accessible. So yeah, as you say, they're logged in, they click a button, it opens up that network, they do their job. You know, it's like they've plugged the cable into that switch over there, they do their thing and then either log out or it times out and they're back on their normal network. But they've obviously got access to both.

Patrick Gray (58:50)

Well, I think the point is more that if someone lands on a box where someone isn't adminning the OT from that box, like that box will just never be able to access that network. Right?

Adam Poynton (58:57)

That's right. Yeah, you can't access it. It's fully controlled out.

Patrick Gray (59:02)

Yeah. So as I said at the intro, like this has kind of been a semi surprising use case because initially like it was just we thought, well, it's for reducing attack surface at the outside of a network. And indeed people do use it to do that. But I guess this internal use case is really fascinating because you know, there's some really great micro segmentation products out there at the moment. You think things like zero networks, but I can see the appeal of this because under that paradigm you're putting, you know, you're sort of micro segmenting every machine and it's like a network wide sort of project. Whereas with this it's just a few subtle changes and you're done.

Adam Poynton (59:40)

Yeah, there's a lot of benefits to that approach having all the individual one to one, but knock knock, just you get the whole network, you get the easier implementation, it's on or it's off as opposed to machine to machine and that level of detail.

Patrick Gray (59:52)

There's one more use case we should talk about because it is another one that's like surprisingly niche and you have got two supercomputer labs actually evaluating it at the moment and for interesting reasons actually. Tell us about that.

Adam Poynton (60:06)

Yeah, well that's just the mountain of data. So there is a lot of data in those environments and having direct access and you know, high speed and then having to turn that off and take a different approach to get the data there, whatever direction is a problem. And you also don't want those machines, those environments, large clusters, lots of nodes. You don't want them being extreme exposed to, you know, hostile external or even hostile internal. So knock knock, dropping straight in, controlling the edge to those or individual nodes. Still experimenting on the best way to get it solved is a simple one because of that direct access, lots of volume of data moving back and forth.

Patrick Gray (60:48)

I just think it's wild that there's been like two. You know what I mean? Because it's like there's not that many supercomputing environments in the world and when two of them reach out it's like, yeah, it turns out, turns out super, super computing environments like that. And one of the, one of the things they were complaining about is yeah, magic cloud, like Zscaler style stuff, which is just too slow.

Adam Poynton (61:07)

Yeah, well the other thing is they understand Linux. The people running those worlds deeply understand Linux, the networking stack and obviously knock knock fits right in there. So they see the simplicity of that. It's not another kernel level thing that they have to add on and don't really understand what's happening. It's more of an orchestration thing. So it's cleaner and simpler in their world. That's why they're evaluating it.

Patrick Gray (61:31)

Yeah, yeah. All right, well we're going to wrap it up there. Adam, thank you. So much for joining me for this conversation about Knock Knock. Yeah, it's internal use case being really popular how it's just crazy good with IPv6. And we wish in a perfect world everyone was using IPv6, because then everyone would need this immediately. Great to chat to you as always, my friend, and we'll catch you again soon.

Adam Poynton (61:52)

Thanks, Patrick. Great to chat.

Patrick Gray (61:55)

That was Adam Points in there, chief executive of Knock Knock, with a chat about IPv6 and the internal use case for Knock Knock, which, yeah, it's, it's funny, but it's, it's very popular for doing that. But that is it for this week's show. I do hope you enjoyed it. I'll be back soon with more security news and analysis, but until then, I've been Patrick Gray, thanks for listening.