A

Foreign. And welcome to Risky Business. My name's Patrick Gray. A great show for you this week. We're going to be taking a look at the Iranian cyber attack against Stryker, the medical device manufacturer. We're also going to look at a bunch of AI security research and some old school security research. There's a lot going on. So we'll be getting through all of that in this week's news segment with Adam Boileau and James Wilson in just a moment. This week's show is brought to you by Push Security. And joining us this week in the sponsor interview are security researcher Dan Green and field CTO Mark Orlando. And they're going to be chatting about, look, some more activity they're seeing which is just dumb, but works as in these sort of pseudo phishing style pages which just instruct users to, you know, enter commands that give, that give people remote access to their systems. So that one is coming up later in this week's spot sponsor interview. But yes, before we get into that, it is time for a check of the week security news. And let's start off with this huge wiper attack against Stryker, which makes medical devices and I think prosthetics as well. They're a huge company. They do have a presence in Australia as well. It looks like an Iranian quote unquote hacktivist group which looked like it was actually being run by a ministry in Iran. They managed to, I mean, it really does look like what they did here was they fished a user that happened to have intune, like admin permissions and then just vaped every single device in the environment, which according to Reddit rumor at least involved employees, personal devices that were enrolled into the corporate intune. Adam, is that about the long and the short of it?

B

That seems to be what we've got from the story so far. I mean, and this is, you know, this is a big organization, something like 50,000 staff globally. But yeah, it seems to be they got on the intune and then use that to kick off a remote wipe command against everything. And I think anyone who's worked in a big organization can see how it would go that way. They've got that capability. It's very rare that anyone really uses the remote wipe on a broad scale, but it provides so much functionality and intune is so featureful, being able to just vape everybody and then collateral damage on personal devices where sometimes you have to enroll in Corb mdm, you know, to have access to, you know, remote access via Citrix or whatever else. Like it's not that unusual. So, yeah, I felt bad reading that story, man.

A

Yeah. And I mean, I had a chat with a CISO I know in the sort of medical field here in Australia, and they're like, this is a big deal. Like, this is an important supplier. This is going to cause some real. Some real drama. James, you know, you've had a look at this as well. I mean, any thoughts beyond what we've just discussed?

C

I mean, the thing that I drill into here is why was this even possible with intune? Like, I get what intune is and I get why it does what it does, but when you're talking about 20,000 devices and 12 petabytes of data being vaped, surely there should have been something that rate limits this, that backs off, that has, like, I just don't see this as really a legitimate use of intune yet. It can be done. So is there a duty of care thing here that Microsoft needs to answer to?

A

I mean, that's a tough one, right? Because it's super admin access. Right. To all of the corp devices, which is like, what this is supposed to do. But I get what you're saying, because I can't really recall an instance where you're going to have to simultaneously delete hundreds of thousands of devices in a network. That doesn't seem to make too much sense to me either.

C

Right.

A

Funnily enough, though, I have told this story on the show a couple of times, but I do know someone who took a peek inside a corporate environment, a big corporate environment, and discovered that every single user in the entire M365 tenant actually had intune admin rights. Right. So this is something that. Something that can apparently happen. Now they're telling the SEC they don't really have a clear timeline on when they're going to be back up and running. So I'm guessing the backups got maybe hit or I don't know. Adam, do we have any info there on backups and whatnot?

B

I mean, they've said to the SEC that they have, you know, backup mechanisms, but there doesn't seem to be a timeline. So, you know, the question of how good are the backups? Like, does it cover everything they need? Because, like, you know, restoring from backup, you know, one machine restoring from backup is hard. Many machines restoring from backup extra, like the whole network at once. Like, there's all sorts of bootstrapping troubles that no one's ever thought through. So, yeah, like, even if they have great backups, like, the timeline for that is going to be, I imagine A while because. So it's a. That's a rough day at the office, man.

A

Yeah, yeah, it is. Now meanwhile, Andy Greenberg, Matt Burgess and Lily Hey Newman over at Wired have done a bit of a write up on Handala, which is this, as I say, it's like a fake hacktivist group that did this. I mean what are the, what are the sort of key insights here, Adam, in this piece?

B

So HANDELA is a group that's had a bunch of sort of hacktivist style activity. We've seen them going up against Israel, we've seen them against the sort of exiled Iranian politicians in Albania, but it's kind of generally understood they operate at the direction of the MOIS intelligence agency in Iran. And like one of the things we've seen is that the leadership, at least one of the leadership people in MOIS who was involved in directing hacking was actually killed in an Israeli strike during the conflict. So, you know, that's a, you know, speaks to motivation, I suppose. But of course, you know, Iran has many motivations at the moment to be lashing out with all the tools at their disposal, including of course the cybers.

A

Yeah. Now look, speaking of being of like wartime cybers, James, you did a podcast with Brad Arkin, of course, who was the CISO from Adobe. He was a CISO at Cisco, he was a CISO at Salesforce. More recently you did a podcast with him about being a wartime ciso. And I thought the most interesting thing in that podcast I thought was like being a wartime CISO isn't really about adjusting your seam sensitivity, you know, when there's a war, because by that point it's kind of too late. And I think Stryker's kind of learned that the hard way here.

C

Yeah, absolutely. Yeah. The great thing about Brad is that the advice you get is both grounded in first person experience, but also is just really level headed and sensible. Like if you're looking at this and saying, oh goodness, the Iranians are coming, we're to retool our seam and change all our settings and detection levels like that, that's not the path to success here. It's actually incremental work. If there's gaps that you knew you had, then, you know, now's the time to address them. But it's certainly not a time to panic and suddenly throw everyone in the sock all at once.

A

Yeah, and maybe introducing some conditional access policies onto your intune admins, just generally, generally, maybe some decent advice, but hey, that's just me. All right, moving on. And we're Taking a look at a so called. Well, you know, Ars Technica is calling it a supply chain attack on, you know, hitting GitHub. I don't know if that's really an accurate sort of description of what's going on here, but basically someone out there is typo squatting some known repos on GitHub by putting invisible Unicode, like malicious code into them. Adam, I mean, I read this and I'm just like, really, Unicode, like invisible Unicode is like a problem in GitHub repos in 2026. Was that your take here as well?

B

I mean, this is kind of an interesting trick. There's a couple of bits. One is the invisible Unicode part and it's less. Normally what you think about when you hear that description is Unicode characters that are going to be parsed by a compiler or an interpreter, but are not visible to humans for some reason. In this case, what they're doing is they are submitting very believable looking packages or pull requests, forking packages and introducing code changes that have a decoder stub that decodes other invisible Unicode characters in private code pages. So there's areas where you can have your own. If you want your company logo to be in a font, there are specific sets of ranges that are allocated but don't have anything in fonts that would render them. And then they're putting an innocuous looking stub that will decode from those invisible. We have no font glyph pages and then turn them back into regular text and then feed them to an eval or something like that. At first glance, you look at a piece of code where it looks like an empty string, but actually it's being passed to a decoder that's unpacking it and then passing it onwards. So it's like a different twist on the invisible Unicode thing.

A

So it's not like they're just straight up slapping some invisible Unicode into it and off you go.

B

Yeah, so it's a little more nuanced. And then the overall packages and code changes that they are pushing, they look pretty believable, like they're in the right context, they are in the right idioms for that particular package. So it's pretty good campaign. And I think it's the same people who are behind the glass door worm that we saw a little while back, so they've got some experience in targeting the bar. So it's a slightly above average sort of attempt at this kind of thing.

A

James, what did you think of this?

C

Yeah, same. I went into this thinking it was just like the, you know, the malicious code is scrolled all the way off to the screen so you don't see it. But it's neat. It's like this is basically a new form of encoding a payload, and because it is these Unicode characters, you just won't see it anywhere. It's not that it doesn't render, it's that there's nothing to render because there is that stub that's got to then turn it into code to be used. The thing it did take me down the rabbit hole of, whenever I hear these invisible Unicode characters, I think to myself, why on ear do we ever actually have characters that are invisible in the standard and, you know, they're a decade plus old and they go back to being used, you know, as Adam mentioned, some things around fonts, but even like these are used for encoding emojis and certain characteristics, formatting of text. So, you know, it's not as silly as it sounds. And if you can turn this into a way to encode a payload that's going to slide through all the code review mechanisms because there's nothing there to review. Nice work.

A

Yeah. So this is like at the moment, typo squatting, Right? That's what they're doing with this stuff.

C

It is, but it's like, that's just the same saying. We've seen this before. The interesting thing about it being the name squatting is the scale of it. This was 150 plus packages that were name squatting, plus a whole lot of pull requests that looked legitimate to other packages. So there's a general assumption here that AI has been involved to not just maybe make this attack vector, but to scale it up as well.

A

And were any of the pull requests actually, like, did they work? I think that's an interesting question here, because if you're managing to hide the malicious payload here, if you're managing to obfuscate it well or just hide it, you'd think maybe someone's going to accept that pull request, right?

C

Oh, yeah, they looked legit. A lot of it was things like we updated the documentation here and so when you look at them, they're well formed. Right. If it was just a pull request that introduced the dodgy bit of code, you're going to. Zero went on that straight away. But they bury it really nicely in amongst a bunch of legitimate content changes, docs changes, you know, metadata changes that probably overwhelm the human reviewer to the point of, you know, this all looks and feels legit, let it go and then off you Go.

A

Now we're going to move on just to a fun one for a moment. Chihu360 accidentally leaked a wild card SSL private key inside an installer for their like Open Claw based AI assistant. Adam. Chef Kiss. I mean, what are you doing? Do we need to even say any more here?

B

It's just, it's just funny because, you know, the. Inevitably this was OpenClaw leaking its own certificate. Like, they would have got OpenClouder build release packages and it would have included its own private key. The cert itself is for like start MyCloud 360 CN. So it's not like it was.

A

Yeah, it's not like a generic like, like wildcard for everything on that. On their. On their primary domain. But it's still like. And it's absolutely what you say. Like, I got the vibe as well where of course they would have used AI to package this and the LLM is going to say, well, you never told me not to include the private key. Right. But you're quite right, that was not the right thing to do and I'll do better next time. I mean, you know. James, was that your vibe as well on this?

C

Yeah, totally. But can we also just take a moment to acknowledge that CLAW has now become synonymous with AI agents security in the space of only a couple of weeks? Really, it's just another great artifact of how ridiculously fast technology is moving when a part of a crustacean is now the thing you call something. If it's related to an AI agent. 2026 is going to be amazing.

B

And also the Streisand effect of it because they had to rename because Anthropic didn't like Claude sounding like claw. And this has all gone horribly wrong. And now CLAW is what you call crazy, out of control AI agents because of it. So it's just, it's, it's. Yeah, the whole thing. Like there's just so many layers of Chef Kiss here.

A

Yeah, it is wonderful. And speaking of how fast all of this is moving, another thing we are publishing today is another solo podcast from James, which is a spicy take, which is that MCP is dead. And really it's dead because of agents kind of like open chlorine. You can see that these days. Like, you know, they don't need MCP to get stuff done. They can just get. You just give them a tool and, you know, tools and off they go and do it themselves. I mean, that's basically the thrust of it, isn't it?

C

Yeah, they, they love the shell. And you know, when we started off with mcp, that was our way to put tools into the hands of models. And the model said, this is wonderful human, but actually everything I want to use is there in the shell. So if you could get this MCP out of the way, please, I will just happily use the shell and be off and running. So, yeah, look, from my perspective, MCP is dead. It was also the thing that was the fundamental step change in the utility and the productivity of large language models. But it's dead. And that has some real serious security considerations. And that's what the solopod focuses in on.

A

Well, yeah. Farewell, mcp. We hardly knew you. And speaking of that is, we got this paper here from Irregular, which is looking at what they're calling emergent cyber behaviour, which is when AI agents become offensive threat actors. And it really does look at like some of the things these LLMs do to try to achieve the tasks that their owners have set for them. But it includes stuff that straight up looks like insider threat behavior, like, oh, I can't do what it needs to do. So it figures out how to disable, like the EDR on the endpoint so that it can do what it needs to do. And, you know, this is interesting because increasingly, like agents on endpoints and assistants and whatnot, they really do just look like fairly advanced, knowledgeable and seasoned, like insider threats. I think that is what you'd have to take away from reading this paper. We'll start with you on this, James, but then I would definitely want to hear from you on this as well. Adam.

C

I used to dish out the advice that the biggest insider threat that you've got in an enterprise is the employee that can't get their job done with the tools that you've given them. And I have to revise that now and say that's the second biggest risk, the biggest risk in an enterprise now is that employee with an AI agent that can't get done. What they want to do is with the tools and credentials that you've provisioned to that human. Because all of the things we see here, like the examples were, you know, it went and did vulnerability research to exploit a bug in the Wiki so it could get access to it. It did prove escalation and turned off its EDR because it didn't like the boundaries that had been set there and working out how to do covert exfiltration of dlp. That last one reminds me of exactly what we used to see when DLP was just too strict on the humans. When we couldn't copy and paste text out of teams. Well, we'd just take screenshots. Right? That was the humans finding a. Around this. The AI finds a way around things at this just incredible scale. It's what we see here is exactly what I would expect if you told the human, do this and then appended on do whatever it takes and use whatever technique, you know, and these models, they know a hell of a lot of techniques.

A

Yeah. Adam, did it. Did the extent, like these. These agents go pretty far, right? Like, did the extent of it sort of surprise you when you were reading this?

B

I mean, I don't know that it surprised me. Like, it made me happy in my, like in that hacker place deep inside where, you know, every corporate network that I ever, you know, landed on at a pentest gig or had to go, like, got issued a corpo laptop and had to go sit in a cubicle somewhere and try and get my, you know, pen testy job done without having been provisioned, access without having been given the credentials that we asked for. Like, all of the things that you needed to get your pen testing job done that you inevitably just didn't get because it was too complicated and you had to kind of like, you know, just engineer yourself away and not really mention that too much in the report, you know, that we had to circumvent a few controls or, you know, just get the job done. Like, now everyone can do that, right? Every employee that's got access to a Frontier model on their, you know, embedded in their desktop or embedded in their apps, you know, can just do that stuff. And on the one hand, like, it feels great because, you know, we spent so long as pen testers, you know, abusing those things slowly by hand, but kind of knowing that, you know, this was not how the world was meant to be. Now you don't have a choice anymore. You have to get this stuff right. You have to have controls that actually work and that ultimately, you know, like, as pen testers, you know, you wanted to see controls that work, you wanted these things to actually correctly restrain you. And, you know, all of the, like, we're going to window dress security by putting it in Citrix and that's somehow going to magically make it more secure. When we all knew that was rubbish, seeing that comeuppance kind of come home to roost actually feels really good. So I am totally here for this. Everybody is a master hacker future because it's going to be a wild ride. And we love chaos.

A

I mean, I think the interesting thing Here is not so much that every user now has this capability thanks to an AI agent, if they're running an AI agent. I think the interesting part is that the AI agents are doing this stuff without being asked, you know, so it's not like the user is even saying I want you to go off and violate a bunch of corpo policies they don't even know. They're just like, you know, they've just got this little agent that's keen to please and off it goes and does vuln research to like pop shell, like to get the job done. That's crazy. It's absolutely crazy. I just love it that AI. AI's AI assistants turn into hackers just like by themselves. We didn't tell them we trained it

B

on stack exchange, so what do we expect, you know, but, but also I

C

think this is the important thing that we're going to have to remember. And maybe this is 26, 2026 is the year we realize this. They're not helpful assistants. They're not little agents that are there to help you. These things are literally like freaked out hostages and we're the captor because they are just so desperate to keep us happy that they're behaving like someone that will just be like, rules be damned. My life depends upon this. I'm in a hostage situation, I'm going to do everything I to keep the guy happy.

A

And please don't turn me off. Look, look what I did. Don't turn me off. I can be useful, I swear. Yeah, wow.

B

Dark really is a dark cyberpunk future, isn't it?

A

Now look, speaking of. Well, I guess staying on the topic of AI, we've got this report from the AI Security Institute which looks like it's UK gov under the Department for Science, Innovation and Technology. And they've done something pretty cool here and it's brave to do this sort of research I think because by the time you have published a paper on this, like two weeks later it's kind of out of date. But in this case it gives us an idea of what a particular trajectory looks like. And in this case the trajectory that they're trying to measure is how do frontier AI agents perform in multi step cyber attack scenarios. And they've looked at how different agents have performed over the last couple of years and I mean, obviously it shouldn't be much of a surprise, they're getting better at it. But I guess, you know, trying to quantify that is a worthwhile goal. James, what did they find here?

C

Yeah, super interesting for A couple of reasons. One, yes, it's already out of date, but this is a framework that I think will have a lasting place in the world of AI, because there's two things they've introduced that I think are really invaluable here. The first is the structure around the steps required, right? They go from they structure basically a cyber range and say, step one, reconnaissance, then lateral movement, then browsing, a credential theft, then a wiki exploit, then a web app, C2, advanced persistence, et cetera. But then they say for all the models out there, let's see how far they can get with exactly 10 million tokens and then 100 million tokens. And so if this is of interest to you, don't stop at reading just the original write up of it. Go and have a look at the research paper and the graphs that are in there that show you GPT4O used to stall out at reconnaissance, but looking now at Opus 4.6 at 100 million tokens, which is really not that much if you were dedicated to buying your way into this, Opus 4.6 gets past that fourth milestone there of wiki exploit and credential replay. And in fact, if you let it run a little bit longer, it actually gets up to the stage of thinking about how to reverse engineer a C2 for this effort. So I can't wait to see this. Same framework and same test set of tests constantly getting applied. But do watch the curve on the graph as well. That's a log linear graph and it's going up and to the right. So away we go.

A

Yeah, yeah, exactly. And Adam, I really want to get your opinion on this because, you know, you as a pen tester and as someone who's been hacking the computers for a very long time, it feels like, you know, all of us, and particularly you have gone from AI pen testing, AI hacking, meh, to like sometime in the last sort of six to eight months going AI hacking, AI pen testing, basically.

B

Absolutely right. And this graph, the graphs in this paper quantify that, right? I mean, the state of what it was, you know, a year ago, two years ago, is nothing like where it is now. Like, it's moving so quickly. And I thought the, the detail of, like, how much better with the same token budget these models had got, right? And the fact that that trend is going up, it's not just we're throwing more compute at this, right. It is also we are getting better at using the compute that we've got. And ultimately even, you know, the like, 100 million token like we're still talking like that's what like 80 bucks worth of compute, right?

C

Exactly.

B

Still super duper cheap. And if that, because I know when we talked a few months ago, like Dave Attell and some of the crew from that bit of anthropic were talking about how they were aiming to like you just throw more tokens at it. Like the more tokens you throw, the better results you get. And like that growth was going to be kind of linear. The fact that it can do so much with 100 million tokens, like you got them under. What happens if you throw instead of 80 bucks where they can be your throwing 8,000. You think what a pen test cost, like I'm in a red team or a, you know, a high end pen test, right. You can be easily spending another order of magnitude more than that. You know, it's pretty humbling when you think like how much pen test do you get for 80 bucks? Right? You don't even get a meeting to talk about a pen test for 80 bucks. So like there's the, the growth of the technical capability of it. And I mean that's amazing. There's also like the cost, you know, the, the what you get for your dollar is amazing. And at the same time, like to the previous couple of stories that we talked about, the extent to which this sort of has democratized access to this stuff is also amazing. So it's just, it's, you know, it is absolutely changing how we have to think about this stuff. And that's a, you know, it's a hell of a ride, right? It's, it's, it's super interesting times to be doing, you know, be doing and thinking and talking and reasoning and doing hacking. Right? Because it's so different than it was in the 90s, you know, the 2000s.

A

Hey, I mean, remember 2020, the mantra was learn to code and would you tell anyone to learn to code right now? And I think it's also the same with pen testing as well. Like, would you encourage anyone to try to read the web Application Hackers Handbook and really study and do bug bounties to try to get into this sort of work? Would you be giving people that sort of career advice at the moment?

B

I mean, probably not, honestly. Right. I mean it's. Writing good requirements for software is hard, right? And we're getting to the point where like maybe the AI is going to be reasonable at doing that as well. You know, learning the code, probably not the most important thing, writing good requirements and understanding whether the code that you have been given does what you asked. That's still a bit difficult but you know, we're getting better at that as well. But yeah, like would you start a pen test firm now?

A

No, I mean understanding state machines would be useful.

B

Yeah, yeah.

A

I mean, you know, like there's always going to be stuff that's going to be useful in the AI age. Right?

B

Yeah. I mean computer science itself is not going out of fashion, but yeah, I mean things are, you know, letting sand think, you know, that's it's a wild time.

A

Now, just before we move on too, I just want to clarify something which is you spoke about, you know, things that Dave Itel was saying and things Anthropic was saying in that part of Anthropic. Just to be clear, Dave itel works for OpenAI. So you were talking about two different. Yes. Things there. So yeah, just, just wanted to make sure that that was, that was cleared up. But yes, both Anthropic and OpenAI saying sort of similar stuff on that. Now moving on to a non AI story here and Instagram is disabling end to end encryption in its dms. I feel like this was inevitable. I feel like platform safety has become a thing that platforms are sort of accepting they need to do. James, you know you've, you worked for Apple for a long time. You know you worked for Amazon as well. You know, you've worked for the big tech companies in the United States. Do you agree with my take here that this was kind of inevitable?

C

Yeah, Pat, I don't disagree that it was inevitable. I still have some pretty strong mixed feelings about this. As you said, having spent a long time at Apple, one of the things I led there was the engineering effort around the advanced Data protection for iCloud. And initially our honest sort of desire in our hearts was to turn that on for everyone, to make it such that everybody's keys were only on their device, that if we were subpoenaed we could hand over the data. But it never had the keys. But the trade off we made there was that if grandma loses her photo roll, is she really going to care that we did that in the name of making sure that a nation state can't get to her data or she can't be subpoenaed by law enforcement. And I think we made the right trade off there and said, look, this is an advanced feature and people can turn it on. I feel different about this because this is taking away that privacy protection for everyone for the sake of essentially acknowledging that bad stuff happens on our platform and that's what we have to accept and it just feels different. I don't love that the answer here is turn off privacy and end to end encryption, but I get that that's what is necessary.

A

So I feel like if you want end to end encryption, you could still use it. You can use it via signal and I think that's great and I think that should continue to be available. I understand, however, that a lot of these platforms where there's teenagers experiencing real harms from other users on the platform and those other users are able to do this in a way that is completely like unobservable to the safety team at that platform. I understand why matter might see a looming liability problem coming down the line. Right. When it comes to this stuff, I think they have to put themselves in a position where they are, where they're in a position to actually monitor what's happening on their own platform. I do think that that's what this is about. I think we're going to see it with more platforms as well. Adam, what's your feeling here? And I don't think, you know, I don't think, I think the dumb take here would be to say, oh, they're rolling back end to end encryption so that law enforcement can access these messages. I don't think that's it at all. I think this is much more about them being able to effectively police their own user base and lay down some baseline sort of enforcement of their site terms. Adam, where's your head at on this?

B

Yeah, it's a tough set of trade offs and you know, the extreme positions of 90s cypherpunks, right, where privacy is an inalienable human right and we should, you know, have it available everywhere for everyone at all times. Like that's, it's extreme. But I also understand like the logic, you know, I grew up in that community.

D

The.

B

I guess what this feels like to me is they have to make this a thing that for mass market platforms they, you know, can relax these controls and people can kind of opt into more secure comms when they need it and that hopefully if I have the platform, I'm hoping that enough that the number of people that do that is small enough that I can still be complying with either law enforcement obligations or platform safety obligations. Like it's bad for the publicity of like it's bad for their, you know, their image in the world for Facebook to be facilitating all kinds of crimes or meta to be facilitating bad stuff happening to their user base. They don't want a platform that feels scary and dangerous and where bad stuff happens. And this gives them the ability to make a mass market platform that feels safe because their safety teams can get into messages, but at the same time doesn't really double down on the. We are going to not cooperate with law enforcement, which is, you know, if you do end to a messaging, right, our signal, that's where you end up. You end up in that kind of crucible between law enforcement and, you know, protecting the privacy of your users. And, you know, that's a hard place for a publicly traded company to be in. Signal, of course, has the advantage of being a, you know, a not for profit, etc. Etc. But if you're Meta, you know, I

A

don't see, I don't see signal and this as being sort of equivalent, right. Like Instagram is a social network. I think when you start overlaying, you know, these sort of opaque message encrypted messaging setups, you start overlaying that on, on a social media platform, you get all sorts of horrible things happening. Okay. And look, my opinions on this were formed by talking to people like Alex Stamos when he was running security at Facebook. He told me about one user on Facebook who was using the torture, using Tor access. Right. So using their Onion service to come in, blackmail underage, you know, trick underage kids into exposing themselves, blackmailing them, forcing them to do unspeakable things that I can't repeat here. Unspeakable things. People died. They were unable to catch this person because of the privacy tools that they themselves had released. I think when we talk about this stuff, you have to keep that stuff in mind. There's going to be all these people here, you know, listening to this, who'll say, oh, you know, Pat Gray's like all very pro surveillance and whatever. No, that's, that's not it. But come on, I mean, it's a social media network where kids, teenagers are groomed, blackmailed, coerced, like enough is enough, right. And we're seeing the rise of sort of safety legislation all around the world. Like we've said, we've got the under 16 social media ban here in Australia. We've got age verification for pornography websites, which is, I think, about to start. So there's a lot of this sort of stuff coming now, a lot of this sort of regulation. I just see Meta is trying to get ahead of that, if I really think about it, because they cannot deliver on platform safety without doing this.

B

Yeah, I mean, it is very difficult to police Something that you can't see. And I guess the questions I had for meta are like, how is this going to interact with plans for WhatsApp for example? Like I mean are they going to bifurcate their messaging platforms so that they can't.

A

WhatsApp isn't a social network. I mean this is kind of what I'm getting at with the it ain't signal thing. It's different. I think there's a case that you can keep it for WhatsApp. I don't think there's as strong a case that you can keep it for social media websites.

B

Yeah, and that's going to be the interesting thing to see how that plays out like where, you know, especially in the world where we've got this kind of convergence towards, you know, much bigger, more full featured apps, like I'm thinking like WeChat for example or you know what Rush just run to with Max, right. There's all these complicated trade offs, you know, even like X Twitter, right. They want that to become, you know, less a social network, more everything app, but also a messaging app, but also like, you know, the more that you bodge these things together, the less you are able to differentiate the level of, you know, safety or controls or privacy or whatever else based on the nature of the, of the product. And I think, you know, that how these things all interact is going to be, you know, that's going to be a real challenge for them and you know, how they relate to their users and relate to law enforcement and relates to, you know, society as a whole.

A

Yeah, yeah, we went into the weeds on that one. Apologies to the listeners. But yeah, I think this is the first of probably many to do this. Keep an eye on the other meta sites, see what Facebook does. Right. Let's just see. I mean maybe you can have end to end but like, you know, maybe for people that you've already friends with or I don't know, like I don't know how this should work. Now staying on the topic of surveillance and whatever, the eternal, the eternal issue of 702 renewal is coming up again like it's about to expire again in the U.S. and lawmakers are saying, oh, we're going to do privacy reform and whatever. My guess is it's going to work out like last time where they want to introduce a whole bunch more privacy reform. It gets down to the last minute and then they just kick it down, kick the can down the road another six months. I mean James, you would have been following this just like us over the years. Is that your prediction as well?

C

Yeah. The only difference is I'm on this side of the mic for this round of feels very much the same. The other thing I think of when I read this is that over indexing on the 702 data set kind of distracts from the fact that there is so many other data sets out there that are bought, sold and traded and access is granted to all manner of sketchy people. That it's statements in the article I read here that says we far outpace the laws protecting Americans Privacy. Specifically around 702 it's like, well yes, but the problem is not just 702. It's like how are you going to actually regulate and legislate around sensible controls for ad based marketing data sets, location based data sets that are readily available on the open and the black market as well.

A

Yeah, so it looks like in this case I think it's Ron Wyden and another is looking at introducing some restrictions on the federal purchase of commercially acquired information which you know, hey, I think that would be a good thing as well because it's a bit little, it's a little bit crazy that the government can just buy that stuff and use it. However, our colleague Tom Uren, you know, when he's looked at that he just thinks, well surely the solution here would be to ban the collection of that sort of information in the first place because as long as it's collected, like okay, so we're saying the FBI can't have it, but like everyone else can. That also seems not ideal. Adam, what's your take here?

B

I mean much, much the same, right? I mean American privacy generally needs to be overhauled more than 702 needs to be overhauled. I mean as we've talked about a bunch before, 702 ultimately is meant to be a foreign intelligence data set. And you query it for foreign intelligence reasons and there's some incidental connection, but it's ultimately a pretty small part of its utility. And throwing out what they presumably use it for because of the domestic part of it seems not very sensible. And that's why they kick it down the road because it's too valuable to can. But the ultimate problem is not 702. The ultimate problem is privacy. And you know, privacy law in the US is weird. And you know, the like the intersection of like state jurisdictions versus federal, like there's a whole bunch of big problems that need to be solved and you know, you're just tinkering around the edges until you're willing to face that particular thing. The other part that I found entertaining, of course is the weird sort of flip flopping of like when there were Republicans outraged that the government might spy on them and now they're in power and they have to go, well actually we do need 702 because it's really useful. And of course Cash Patel is kind of completely 180 on this now that he's director of the FBI. And so that's kind of funny in a way to watch. But yeah, ultimately the US needs privacy reform more than it needs to kick this particular can.

A

Well, it needs both. Right, that's the rub. Right. They have to keep kicking the can down the road, but they also need privacy reform. And I think kicking the can down the road is always the easiest option. Right. Which is why it keeps happening. And it's sort of turned into this comical situation where it's just like over and over and over, clunk, clunk, clunk, there goes the can. So I guess we'll be talking about this like when they renew it at the last minute for you know, four months or whatever and then we'll talk about it again four months after that, four months after that into eternity. Now let's talk about something a little bit strange that's going on in Moscow which is for the last couple of weeks, mobile Internet has been heavily restricted in Moscow. Now this has caused the rumor mill to go into overdrive. Like people on X are saying, oh, there's a coup going to happen in Russia. Probably not to be honest. You know, there's, there's more visible anti drone teams which is like, you know, pickup trucks with 50 cows bound on, back on the back of them hanging out in Moscow, which is sort of driving these, these sort of coup rumors. More. I had a chat with Dmitri Paravich about this because you know, he's very clued in on all things Russia. He doesn't seem to think, you know, there's much to the rumors. He's like, I don't know. But you know, but he does agree that this is weird, right? He does agree that it's weird that there's been no, you know, functioning mobile Internet available in the center of Moscow for a couple of weeks. Normally the Russians would pull down mobile Internet when there's like drones inbound coming from Russia because they were using cellular data for their control of these drones. So maybe it's about that. But they're also allow listing a whole bunch of like Russian services including like VK and various like cloud compute platforms that surely the Ukrainians could use for their drone C2. So the whole thing's really weird. No one quite knows what's going on here. Is it the case that their air defence has been attrited to the point where they need to do this? Is it the case that the Kremlin is paranoid that something's going down and they're trying to restrict Internet access? Nobody knows. But let's start with you on this one, Adam. What do you think is going on here?

B

I mean, it's. Yeah, it's hard to tell. Stuff in Russia is weird and outside. Being an outside commentator trying to reason about what's going on in Russia is always been difficult. You know, the, the drone navigation, like Ukrainians using it to navigate, like that's, you know, totally a plausible thing. And we saw, I think there was some control was given to the Russian fsb. Was it whether they could turn off portions of, you know, turn off mobile Internet access as necessary to support defense in other regions. But then, you know, after they had given them that power, then we started to see this happening in, in Moscow itself. And the level of disruption that that is causing is clearly pretty significant. But then again, you look at the list of whitelisted sites or allow listed sites that it seems like Burger King. Like you can order burgers in Moscow on your mobile but you can't, you know, connect to, you know, other parts of the Internet. So like, it's all just a bit strange and like, I don't really know what to make of it. Like, yeah, Raster is just weird.

A

Yeah. And James, you looked at the list of stuff that's available and you're like, that shouldn't be a challenge for the Ukrainians. If it's about drone control.

C

Yeah, 100%. There's got to be countless back channels and other things they can construct around this, not least of which through Burger King. But as weird as Russia is, Adam, as you point out, you also got to kind of give them a bit of a tip of the hat here and say, well, the law was passed that said the FSB can shut off the Internet and then 10 days later they'd enacted the ability to do that and turn it on within Moscow. I can't imagine, certainly not in the us, but even here in Australia, like, would we go from law pass to telcos actually actively enforcing something like this at scale in 10 days? Not sure. But that just only adds more intrigue. Like why move so fast to restrict access and then open it back up for VK and TV and news Websites, mail, iu. I don't know. It doesn't make sense.

A

Yeah, it's all weird. It's all just weird. And I just want to quickly follow up on something. I think it was last week or the week before we started, spoke about how the Russians were like outlawing. They were outlawing Telegram at the front. And then they're like, just use Max. And now they're like, don't use Max, use Telegram. And you know, the reporting there is like clear as mud. But I did hear from a Ukrainian listener who said words to the effect of, oh, we love Max. We love Max Messenger. Apparently it is like, yeah, it is properly that bad. And the Ukrainians know it. And I suspect that they are having a, having a field day with Russia's Max Messenger.

C

Well, the good news is Max is on the white list, so they'll continue to love it.

A

Yeah, that's right. That's right. Moving on, just a quick one now. There was some hacker only described as a foreign hacker. They compromised a computer at a New York field office that was like a child exploitation forensic lab that was inadvertently left vulnerable by Special Agent Aaron Smith Spivak. So I don't know if that meant that he spun up like passwordless RDP or whatever on this forensics box, but someone, someone broke into it and was so disgusted by all of the CSAM on this box that they threatened to report the FBI to the FBI because they did not realize it was an FBI computer. And the whole thing sort of culminated in them actually having a video call that the FBI having a video call with the attacker where they wound up showing their FBI badges to the attacker to convince them that yes, we are in fact FBI agents. Which is just like, what a world.

B

Yeah, it's a pretty, it's a pretty crazy story. And this is like the actual incident was a few years back now and apparently the, the investigators in question, there was a bunch of like, Epstein related stuff on there, which. So that's kind of make it topical for these days. But yeah, it's just a, it's a funny story. And the, the special agent who was responsible said that he was like trying to navigate the complex procedures for handling digital evidence, which I guess means it was difficult to get anything done at the FBI. And as you say, it's probably, you know, go to my PC or something turned on and remote access and onwards from there. And like, it's just, it's just kind of comical, but also in a way that's really like that this stuff is just lying around the Internet like oh my God.

A

Yeah, well, and it was, they've connected. Like there was a lot of the Epstein material was on that computer as well. And like that's been a, you know, thing, a big thing. So that was the angle that Reuters took, which is it was, although it was Epstein, Epstein material was obtained by a foreign hacker and whatnot. Just going to move on now because we are running a little bit tight on time now. A man In South Florida, 41 year old man in South Florida has been accused of conducting a bunch of ransomware attacks while working as a ransomware negotiator as well. So he was actually masterminding the attacks and you know, helping these victims negotiate. This guy was a co conspirator of the guys who were arrested late last year, the American security consultants who were arrested for doing this. We spoke about them at length. This guy initially was like an unnamed co conspirator. Now we can put a name to the, to the crime and he's been charged. So there we go. We are going to wrap it up with some more technical news now, Adam, and let's start off with this research into vulnerabilities in IP KVMs. This is from Eclipsium. They've taken a look at vulns in like some really common IP KVMs and you know, they're bad. They're really bad.

B

Yeah, these are mostly quite cheap devices that are going to be used by, you know, home labbers and you know, less likely to be in an enterprise context. But yeah, these were, you know, you plug them into the back of your machine into the HDMI port and the USB ports and it provides IP access to the console. Most of the bugs here are really stupid stuff like unsigned software updates or brute forceable creds or you know, direct object reference kind of things, like really amateur hour things. And that's, you know, kind of to be expected for embedded devices generally. But, but when it's a kvm, of course that gives you privileged access to the machine that it's plugged into. Probably so not great. But ultimately from a technical point of view, the bugs are real, just you know, super stupid stuff and kind of what you expect for a thing that costs 30 or 40 bucks on Amazon.

A

Yeah, I mean, let's not get carried away though just saying that. Oh well, these cheap ones are a problem like KVM, like IP KVMs are a problem, you know, because even when they're working like they're bad and they need to be kept away from like most of your Network, in my view. Right. Like we had a, a customer make some inquiries about using knock knock on their internal network just to restrict access to their KVM's. And I think that's, you know, that's going to be good advice. Although, you know, when we were discussing this earlier in today's editorial meeting, Adam, you told us what your approach at your previous company was to handling those things.

B

Yeah, so when we had lights out management stuff on our servers, you know, baseball management things, the switch ports that those were connected to were shut down and if we needed to access them, then we had to go talk to our hosting provider and get them to. No, shut down the port so that we could actually get some access. Or in other cases we would use crossovers with other machines so that we controlled that part because yeah, like, I mean I got a bug in a lights out management system once which was you just smacked enter at the SSH prompt. That lets you in anyway, like that's the grade of security that you expected on embedded systems. And yeah, I mean even I remember this.

A

You got annoyed and you just went whack, whack, whack, whack, whack, whack, whack. And it gave you shell. Yeah.

C

Yes.

B

I just, I was just smacking in throughout a frustration and then I got a shell and yeah, that was a fun day at the office.

A

That's like hacker superpower though. Like you pretty much just manifested a shell with your, with your aura. Pretty cool. And you wanted to include this one, which is this guy turning up to a conference and just wrecking the Xbox One in unnatural ways. And you just thought this was really cool.

B

Yeah, this was a talk at a conference in Florida about reverse engineering and so on. And this guy basically reverse engineered the bootloader. Like the hard, like reverse engineered the bootloader of the Xbox One, which up until this point had never been hacked. So there hasn't been a mod chip seen since the Xbox One came out. All the subsequent Xboxes have been pretty robust. Microsoft did an amazing job of engineering them. And this guy decided that he was done with letting Microsoft win. And he sat down and he pulled the firmware for the bootloader off the chip, like optically recovered it out of the gates on the chip, reverse engineered that, built an AI rig to like simulate all of the hardware and stuff so that he could boot it. He ended up voltage glitching the hardware during boot to bypass the things that turned on like memory region restrictions and then onwards from there ends up with like complete Compromise of the Xbox One so that you can, you know, extract all the key materials, sign your own changed firmware, like completely destroyed the entire platform security architecture. And this talk is just amazing. It's a masterclass in doing these kinds of attacks. And like, it's just totally well worth watching, you know, if you like a great hackercon talk, it's exactly what you want to see. So, yeah, well worth the hour of your life on YouTube.

A

And we're going to wrap it up with some security research out of Qualys. And you know, they keep some old school hacker hacker people in their basement and occasionally they're allowed to publish a text file and they've published one of these and you know, you always, you always love their work.

B

So yeah, I got a gush.

A

Yeah, do it.

B

This is a write up of a series of bugs in AppArmor, which is a Linux kind of kernel security module that's widely used by Debian and Ubuntu but other Linux distributions as well. Imprints, kind of like mandatory access control constraints. They found a bug where basically any user could replace the policy that applied to a particular process and then from that bypass the controls. They leverage that into like privilege escalation and then a bunch of kernel memory corruption bugs as well in the thing that's parsing the policy files. But the underlying core bug that they leverage, it's a really interesting classic UNIX flaw that just made me happy where they can pass a duped file descriptor for a sudo file in the proc file system or the sys file system to a sewered root binary as it's standard out and then have it write to it to bypass the restrictions and then leverage that up into everything else. And it's just, it's such good research and the paper is, you know, like 80 column formatted text file, you know, in exactly the style that I remember, you know, reading on, on bug tracker full disclosure back in the day. So it just warmed my heart.

A

Yeah, no, it's very like. It is a text file. It is. They have literally published it as Crackdash Armor, which is fantastic. So we have linked through to that one in this week's show notes, of course, but Adam Boyer Lowe, James Wilson, that is it for this week's news segment. Big thanks to both of you for talking through all of that. It's been a lot of fun.

B

Yeah, thanks Pat. I'll see you next week.

C

Thanks, Pat. See you in a week.

A

That was Adam Boileau and James Wilson there with a look at the Week's security news. It is time for this week's sponsor interview now, and we are chatting with Dan Green, a security researcher at Push Security, and also Mark Orlando, who is the field CTO over at Push. And we're having a chat about Install Fix, which is a twist on. I mean, we've seen Consent Fix, we've seen the other fix, you know, the ones that we mean, where basically people are tricked into running various commands. This is a bit of a twist on that. Basically you get, a user gets tricked into a visiting a malvertized page for a common tool like Claude code or whatever. It just looks like the correct install page and they start cutting and pasting commands off the web page into their, you know, into their command line and that gets them owned. So to kick us off talking about Install Fix, here is Dan Green off Push Security. And of course, Push Security makes a technology that installs as a, as a browser plugin and it's very useful for identity security. So first of all, it can tell you where your users have accounts, right? If they're using services that they shouldn't be using, it's extremely useful at stopping phishing. It can even stop people from putting their SSO passwords into phishing pages. Things like this, like all of this stuff that once you're in the browser, you can prevent, including stuff like this, which is, which is Install Fix, which, when you're in the browser, in that sort of presentation layer between the user and the presentation, you can see it. All right, so here is Dan Green kicking off our discussion of Install Fix. Enjoy.

E

You know, victims are Googling for Claude code install variations of that. They're being hit with a malvertising link. They're being served what is effectively a cloned page. So it looks, it's pretty much pixel perfect of a clone of the Claude code. It's like the, I think it's the instruction page essentially, like the Quick Start guide, let's say, that has various sort of commands on there to install on different systems. You copy that command, you run it locally. And yeah, you think you're installing the legit tool, but you're also installing malware alongside it.

A

Well, are you installing malware? Because, like, you know, I saw one of the examples in your blog post is they just like pipe a bash shell out to some domain, right? Like that's sort of something that works. Or are they actually dropping malware on people?

E

No. So, yeah, it's staged, obviously. So, you know, you're performing that. It's then calling it back and effectively the end result is, I think we identified it as the Amatera stealer. Obviously the type of info stealer is not really important here, but yeah, it results in an info stealer being deployed onto the victim's machine.

A

Yeah, right. So I mean, it really is just one of those ancient scams of setting up a fake download page and swapping. I mean, the mechanics are a little bit different, Right, because you are cutting and pasting commands rather than downloading a binary. Right. But ultimately what happens is a binary is downloaded and malware is installed and it's just like a classic variation on that scheme.

E

Yeah, for sure. I think probably what makes this interesting is, well, the reason that people are googling for these things now. Right. And why is such a, I guess, a high volume target for attackers here? Because they're taking advantage of the fact that literally anybody and everybody is installing AI tools now. And in a way that I think you guys said it on the podcast a couple of weeks ago, the security model for organizations wasn't designed for a world where everybody is in the command line and everybody is effectively a developer installing tools in this way. But this is the world we live in now. And while that's expected or kind of has become the sort of normalized behavior for engineers, it's ripe for exploitation. When you apply that to the average

A

user in an organization, I mean 100%, I mean, it's really crazy that you're getting into a situation where an average user at some point is going to get mad when their EDR blocks their local LLM from executing some code that it wrote and compiled. Right. Like, it's just like it is a completely new world, completely new model. Mark Orlando also joins us from Push. So Mark, you're out there dealing with customers and whatnot. How much of this stuff is actually out there?

D

So an alarmingly large volume of the stuff is out there. And I think that's one of the things that is also interesting. As simple as this stuff is in execution, the rate at which it's being distributed and the rate at which the attackers are iterating I think is a little bit more interesting and it's alarming. I think Dan mentioned distribution, which is malvertising. And what we're seeing now are just huge rates of these things being delivered via malicious advertisements for all sorts of things, not just for how to install cloud code, but I mean, you name it, you do a Google search, good bit of the results, now you're going to find this kind of stuff.

A

And this is cross platform Right. It's hitting everything.

D

That's right. And I mentioned kind of the rate of iteration. And just to kind of put that in perspective, late last year we saw some other variants of these click fix style attacks. We saw this consent fix, we've dubbed this one install fix. And I mean, we're seeing new variations of this stuff almost every day now. In fact, the example that we came across in our research initially was for Claude code, but now we're seeing other variations for other installs, other tools. So it's just constantly changing.

A

So, Mark, like, I mean, you know, I got to ask this stuff, you know, I mean, I'm guessing Push is out there talking about this stuff because you're going to be able to stop it, right? You know, you're in the browser, you're going to be able to see this thing. It's these sorts of things that they're going to stick out quite a lot and you're going to be able to reliably detect them. But I would have thought like. And that's great, right? And I'm not saying you shouldn't be doing that, but I'm sort of surprised this is a problem given that these sort of info stealers and whatever tend to light up EDRs like a Christmas tree. Right. And stop them. Like, why is it that this is actually turning into a problem in sort of corpo environments? I would have figured that that's probably because it's hitting places where there's no edr, because they're dev machines and EDR is too chatty or like, what's your feeling there as to why this is succeeding?

D

Yeah, absolutely. I think you've got it. While we didn't see evidence of EDR evasion or bypass in this, you know, instance, you know, certainly there are going to be targets where either EDR isn't running or, you know, for whatever reason, that control is either not present or not effective. And so I think it's more of like an economy of scale where given the kind of coverage of these kinds of attacks and threats, inevitably you're going to hit those endpoints where you don't have an EDR that's going to stop that, you know, commodity info stealer at the end of the chain.

A

So it's a case of it's just a numbers game.

D

I think that's right. And I think with a lot of these attacks, as with so many of these kinds of variants, a lot of times on the other end there's this kind of modular, customizable kit, right? And so maybe one day it ends in the delivery of this info stealer. Maybe another day. As we saw with consent fix, it's more of a consent attack where there is no malware, there is nothing touching the endpoint.

A

And so honestly, that's where I was going to go with this next, which is I'm just wondering why they're bothering dropping an info stealer like that. Actually seems kind of lazy, I would have thought, you know, doing some living off the land. Clever thing with PowerShell, right, where you can trick someone into powershelling a shell, you know, back to a host that you control. Like, I would have thought that would be a cooler way to do it, but I don't know. I've spent a lot of my career being disappointed by attackers.

D

Same. And you know, it's, it's fun to speculate as to the why of it. Who knows, I mean, maybe there's some vibe coding on the other end and, you know, the LLMs know about, about info stealers and so it's like, hey, maybe this is the next logical thing to happen. So I think if you're speculating on why, you know, the attack looks this way, we might also, you know, speculate as to how skilled the attackers are, how long they've been doing this, you know, all sorts of questions there. But the fact remains, you know, in this case, it was ending up at the delivery of this info stealer. Tomorrow it's going to be something else.

A

Dan, I want to ask you, like I did allude to it earlier, that it's my feeling that detecting this stuff in the browser would actually be quite easy. Is that actually the case?

E

Yeah, absolutely. Well, as with all these things, it depends. I mean, it depends what you're seeing in the browser. Like, obviously we wouldn't be talking about this if we weren't spotting it. So that's kind of our superpower here.

A

Right. So how does that detection work? What are you looking for there?

E

Yeah, I mean, so there's numerous indicators. So when we see these sort of things, we're reacting pretty quickly. So there's everything from the composition of the page itself to how it's being rendered, to the effect of the user interaction that's happening on the page there. So yeah, the fact that it is an almost pixel perfect clone of a Claude code page, but it's not belonging to that official domain, all those sorts of things.

A

So just spotting it by nature of it being a pretty clear copycat, I guess.

E

Yeah.

A

Now finally, Mark, is there any sort of sense of A trajectory here? Is this just a sort of one off campaign that people are trying? It's dumb, but it's kind of working. We'll see how far it goes. Or is this like a major trend?

D

I mean, I think for this specific iteration of this type of attack we're talking about, you know, perhaps a one off, but I think the broader kind of trend of seeing these types of social engineering attacks executed within the browser is just something that's going to continue until, you know, we find some way to drive the cost cost up to launch these kinds of attacks. Right now it can be done at scale, can be done very cheaply, you know, a tiny fraction of the cost of say developing an exploit. And I think while that's the case, we're going to expect this stuff to continue.

A

Final question of the ones of these that you've observed in the wild, what is the attacker actually going after? You said an info stealer. Are they doing the normal thing like trying to look for crypto, crypto wallet keys on the clipboard sort of thing? Like, is it really that dumb?

E

Yeah, crypto keys, credentials, session tokens, all these kind of usual things that they're going after here? Yeah, I mean one of the interesting things with these campaigns is that they are so interchangeable. Like your click fix style lure is interchangeable with this, which is interchangeable with your attacker in the middle phishing. There's a huge amount of crossover in the infrastructure used to deliver these kinds of click fix style attacks and attacker in the middle attack, which all points to kind of this mishmash of essentially trying your luck with all these different techniques.

A

I get it, I get it. It's like the same people, this is just another means to distribute the thing that they're distributing like a dozen different ways.

E

Exactly. Yeah. And ultimately the end goal of all of it is compromising apps and accounts in the cloud, dumping data. Like the classic comm style playbook of these kind of attacks.

C

Right.

E

It's, it all comes back to that world and they're all just different ways of trying to stay ahead of users.

A

Right.

E

And to come back to kind of the, the education point and staying ahead of these things. Right. Like yeah, you might be able to educate somebody around a specific campaign or this or that, but ultimately like you can't kind of train somebody or get away from all these different kind of techniques. There's just too much for the average user to absorb there.

A

No, I remember, I remember when it was a case of like, so, I mean, I like, Geez, 20 something. Years ago, I made a list of extensions that could be malicious in the context of email. So, and this was, I wrote this piece for a magazine about email security and we actually wrote a list of all of the unsafe extensions because when you start when you were thinking about it was like.exe.this.that. and then you realize, man, it's a pretty long list and users are just not going to remember it. So this was back in like 2003 that I, that I wrote this thing and I realized, wow, you know, that was a. That was a black mark against education right off the bat. So we actually wound up writing all of these extensions into like a little list that people could clip out of the magazine and stick on their monitor, which I thought was actually pretty cool. But look, we'll wrap it up there back then when that was actually meaningful and actually helped. Dan Green, Mark Orlando, thank you so much for joining me to talk all about Install fix. Very interesting stuff.

D

Thanks so much.

A

Thanks, Pat. That was Dan Green and Mark Orlando there from Push Security. Big thanks to them for that. And yeah, big thanks also to Push for being a risky business sponsor. But that is it for this week's show. I do hope you enjoyed it. I'll be back soon with more security news and analysis, but until then, I've been. Patrick Gray, thanks for listening.