Loading summary
Wade
So I needed something to tie over my son today since he was home, right? And I'm like, my. My sister yesterday, she's like, why don't you just buy some chalk and we'll just, like, color outside all day. I'm like, oh, yeah, that's perfect. I just bought the first chalk that was on Amazon. Not really thinking about it. Highest rated, right?
Ralph
Chalk's chalk package shows up highest rated.
Wade
So package shows up today with 160 pieces of chalk. And I did not realize that I had bought enough chalk for a lifetime now. And so if anybody's in San Diego need some chalk, let me know.
Ralph
That's not a neighborhood chalk.
John
So I cleaned. I cleaned out my basement because we're having some construction done. And by the way, I'm wearing a hat today because of the polar vortex. I've been up since like, 4 this morning doing plowing and stuff. So it, like my hair so bad. Yeah, I've got jackets, Kelly. So it's really, really, really bad. But cleaning out my basement, and we were going through these cupboards, and I found this bag that was like 20 pounds of, like, quarter used chalk. So I'm you in the future, Wade. And I threw it all away.
Wade
Someone sent a reminder for 20 years, Wade, to remember this video and to post it.
John
Yeah, reminder, 20 years. We got intern Gator Hunter. That's good, Marion. Pretty good.
Kelly
Hi, Ralph. Megan. That was cheery, Mary Ellen.
John
Hi, Ralph.
Marion
Hi. How dare you join the show.
Ralph
I'm Ralph and I'm an. I'm an alcohol. I mean, podcaster.
John
I'm a pen tester.
Marion
I'm a recovering podcaster.
Ralph
I'm a recovering influencer. I used to have 15 Instagram followers.
John
Before TikTok got shut down. I had a career. I could have been something.
Ralph
I know, I know.
Marion
What happened was, though, was I deleted the app right when it happened, and I can't get it back, so I'm screwed.
John
You're just done. You're just done, or do you still have hair?
Ralph
No, I don't.
John
Oh, no. Okay, there it is.
Ralph
I love that people are so, like. Okay, there's two parts about this that I love. Number one, people are invested in my hair. I don't know why, but I'm here for it. People. I like keeping people guessing that I would just chop off all my hair on a random weekend. I want to be that, like, unstable of a person that I would just do that.
John
It's your hair and Wade's mustache that.
Wade
I was about to say it is really weird. Having people invested into your hair, like it's taken a life of its own. Very much so.
Ralph
Like, if you do, you need to.
Marion
Be like on YouTube with like a samurai sword or something pretty extreme to.
Gator Hunter
Get like a little mini chainsaw. I think that would go well.
John
A mini chainsaw, like those mini electric ones.
Marion
No, no, no. If you're gonna go, just go gas. I mean, just make it really obnoxious. You know, I have.
John
I have multiple scars on my legs for chainsaws. You know what I should have invested in when I was a kid? Learning how to use chainsaws? Chaps. Yeah.
Ralph
You know, would those be ass Full chaps?
John
They're assless. They're assless. But you usually.
Ralph
It doesn't count as a swear jar. This is just. Listen, this is just product. This is product. That's what it's called. Okay?
John
You don't want to go full butless chaps when you're chopping firewood. I'm telling you.
Marion
Couldn't you we underneath them, John, like you do?
John
We do. And it gets very warm.
Wade
No, you don't wear any pants when you wear chaps with. It's just like when you cook bacon. You're not supposed to wear shirts.
John
And I'm. Okay.
Kelly
I'm uncomfortable.
Ralph
I know.
John
You should be. It's all about being comfortable. But yeah, that's what the show is about.
Ralph
Making everyone uncomfortable. Usually through security related content, but sometimes through chaps related content.
Marion
I just think it's funny that everyone goes immediately to, you know, no clothing chaps.
Gator Hunter
I'm like, wow.
John
Just dirty minds, everybody. Dirty, dirty minds.
Marion
So we just go over Speedboat Jesus.
John
Are we ready to kick this thing out? I think we're ready to kick this thing out.
Wade
I didn't read anything energized.
John
Let's do it.
Corey
That means we're ready.
Ralph
Let's inaugurate this podcast.
John
Hello and welcome to Blue Monday, also known as the single most depressing day of the entire year. And we're going to try to work in as many new order themes like how do I feel? And stuff like that. Maybe, just maybe we'll get into some joy division as well, because it's that type of Monday. Today we're going to be talking about how Russian cyber spies are joining together with people in Pakistan in unity. It's either that or just more precursors to World War 3. I don't know. The FCC throws open the 6 GHz band, so that's neat. Russia disrupts Internet access for its own citizens for A change. Police shut down the Ridoch cybercrime market and it arrests three of their admins. Also, Europol. Oh, my God. Ads just blew up all over the place. Europol announces takedown of major DDOs for higher network. $50 million in radiant capital heist blamed on North Korean hackers. And of course, I have no idea why the hell this is how this got in here. But no do over for boneless chicken wings in the Ohio Supreme Court.
Wade
That's what we're starting off with.
John
Okay, so it sounds like an old one.
Ralph
Hold on, John. There was a time when you weren't coming to the podcast, and we kind of got into this chicken wing rhythm where we just kept talking about chicken wings every week. It started with a story, I think it was Chicago, of a woman who during the COVID just ordered like, it was like 17, 000 chicken wings and was like, selling them out of the trunk of her car. Right. Someone, like, finally looked at the books and was like, why did we spend 20 grand on chicken wings during a time when no kids were eating school lunches? Anyway? Then somehow for the next, like, four weeks, we found chicken wing related articles that were somehow pertinent to the show. And so now it's kind of an inside joke and you weren't there. So let's.
Wade
I wrote a bot to look for chicken related news just to throw in the show.
Marion
So one use of large language models. That's it? That's it. So I could.
Ralph
Some of the puns that were thrown out by Shecky and others were just absolutely clucking. Amazing.
John
Wow.
Ralph
So do we actually have a chicken wing follow up? Like, I. I don't even see these. Where. Where did you find.
John
That's a bizarre love triangle and just.
Marion
Pick them at random?
John
Yeah. Wait, since I wasn't here, what's the consensus? Are. Are boneless chicken wings still chicken wings or do you just refer to them as their original name? Garbage.
Wade
It depends what state you're in.
John
Oh, what? Really? Oh, yeah. This is interesting.
Wade
Where is this news article? I don't see I control f chicken.
Corey
I feel like.
Wade
So, pretty much, I think it was. Was it Indiana who did it? It was one of. One of the main states. So this guy choked on a bone in a boneless chicken wing, then sued saying, hey, these are boneless chicken wings. Like, why do they have bones in them? Went all the way up to the supreme court of that state and the state said, no, boneless chicken wings can have bones in them. And everyone's like, wait, what? Like they're not boneless. Yeah. So that happened and got punched into law. So now if you're ever eating a boneless chicken wing in whatever state that was in, make sure you, you take care. That's why you stick with Dino nuggets, right? Dino nuggets all the way. You already know Costco's got your back.
Ralph
Those can definitely have bones.
Marion
They're preex for.
Ralph
For legal reasons.
John
I love how the comments like we blew past 100 comments like in the first 30 seconds once we started talking.
Ralph
About doing a chicken wings related.
John
That was just. That was just it. All right, let's jump over. Let's talk about this particular story. The Russian cyber spies hide behind other hackers. Like I said, you know, you can look at this in one of two ways. Either a, you can look at it as nations coming together or you can look at it as, like I said, a precursor to World War iii because Pakistan has entered the chat.
Ralph
Are you liking.
John
I really think you're on an old link.
Ralph
John, are you in January 2024?
Marion
Yeah, we actually did talk about this.
John
The hell?
Ralph
I clicked on the link in the.
John
Show notes in my email.
Marion
John, maybe, maybe I gave you the wrong one.
Corey
Here's the one for today.
Ralph
Okay, I'm taking over. I got good news for everyone. I got great news for you. If you lost your Fortinet firewall config, hackers backed it up for you.
Marion
Oh my God.
Ralph
This is actually the second article. Data from 15,000.
Marion
Yeah.
Ralph
So basically hackers have leaked 15,000 Fortinet firewall configs that were vulnerable devices. So for those that didn't know how their Fortinet firewall was configured, unfortunately, now everyone knows how your Fortinet firewall is configured.
Wade
Any.
John
Any.
Wade
Open. Open.
John
Are we sure it's crowdsourcing? Like, are we going to feed this through AI and it's going to be like, oh, I'm going to learn what a good and bad firewall config is.
Marion
Yeah, what a good and bad one.
Gator Hunter
I think that's actually a great idea.
Wade
Poisoning most likely configured Fortinet firewall is now easy to like. Just statistics, all of them.
Ralph
Like, I mean it, it is interesting to think about analyzing these and being like, of the people who are vulnerable, here's what their configs look like. You are worse than this. You need to have a better config if you're worse.
Marion
Blows my mind is the firewall has one job, right? It's literally to keep, to keep traffic out.
Ralph
It's in the name. It's a wall name, but this company.
Marion
For some reason just lets them in. I don't understand you guys.
Wade
You guys are absolutely wrong. You don' about the firewall, VPN0 trust, IDS, XDR configurations of every firewall out there.
Ralph
The next generation wall is 2ft higher and cannot be hacked by CSS.
Wade
And they all run Outlook on prem.
John
Okay, okay, so Corey, we need to look for. We got to get a firewall vendor like at RSA to have their slogan be our firewall is 2ft higher. Something I love that I actually, hey, can we get a shirt? Since that's what we do. If we can get a hold of the content community team, we need a T shirt that says our firewall is 2ft higher.
Wade
We can make a fake requested a shirt.
Ralph
We could definitely make a fake firewall vendor that, that, you know, advertises in airports and stuff and like just eventually leads you down the. Like, if you try to buy it, it just sends you to Black Hills and it's like, sorry. So I mean, I will say, like to, you know, close the loop on the technical side of things, people ask, are any of the configs good? The answer is probably no, because this vulnerability only affects people who expose their management interfaces to the Internet. So, like, the assumption here, is that.
John
Kind of what you mean?
Ralph
Yeah. If you already expose your config or your management interface to the Internet, you probably don't have this, you know, solidus config. Talking to some of our customers about this because we've, you know, of course, mapped this vulnerability like 80 times because it just keeps coming up. The only instances we've seen have been like, one of our customers had a range and we were like, what is this? And they were like, this is our parking garages. We have a parking garage vendor that somehow has deployed Fortinet firewalls with default configs into the parking garages. We don't know how or where they are. Like, they're like buried in the basements of these parking garages. We can't get to them. So I think it maybe is a lot of that. I mean, I will say at Internet scale, 15,000 isn't that bad. It is bad because they're all firewall configs. But that isn't that high of a number. Patch your fortinets and don't expose them to the Internet.
Marion
It was CVE 2022 as well.
John
I do, I do love how these two articles in our show notes, now that I finally got to the right date, they're like right next to each other, you know. The top one is Fortinet warns of an auth bypass zero day followed by data from 15,000 Fortinet firewalls leaked by.
Corey
Hackers like Shot and Chaser.
John
That.
Ralph
The funny thing is. Yeah, Shot and Chaser. One is from now and is a zero day. The other one is from two years ago and is, you know, however many days that is 720 day or something.
Marion
I mean, do they like this kind of news coverage? I don't understand. Like what is.
John
No publicity is bad publicity. Yeah, except this. It might be bad.
Ralph
Share price is probably up.
Marion
It sures anymore no one cares.
John
They're like, no one cares.
Ralph
It just happens all the time. 20% or sorry, 02%. 20%.
John
Hey, but I want to call that out. Like that whole no one cares anymore. It is kind of liberating as a pen test company. You know, now that, you know, you have people that are coming to the realization that, you know, you get hacked and share price dips and then it's right back up a couple of weeks later.
Eric
It.
John
It's kind of liberating for the pen testing community. Right, because, you know, it's just like we do our jobs and if it works, great. If not, eh, it's okay as it just doesn't feel like it's all that weight on our shoulders anymore. Because the attackers will get in more than likely anyway way.
Gator Hunter
The value of their stocks are 50 for the last year.
John
They'll be back.
Ralph
That's just good business practices. Zero days are great.
Wade
Do you know the amount of times Fortinet's been in the news?
John
Like they're like their revenue gone down. Graham, can you hunt that down? Has their revenue gone?
Marion
It probably put more lights on their boxes. They blink harder and everyone.
Ralph
The wall is two feet higher. Okay. The average height of the average person is going up. You got to get those high.
John
You got to keep up with the rate of growth.
Gator Hunter
You have to fortnite marketing person. I would be so happy with these numbers to report on my annual review.
Ralph
Like, yeah, our annual. Why should get a race?
Gator Hunter
Everyone's talking about us.
John
KPI's my okrs. Hey, wait a minute, Kelly.
Ralph
So, okay, since the point of the show is making us uncomfortable, let's talk about Salt Typhoon. Apparently also being in the US Government before they were in telcos. Yeah, that's terrifying.
John
A separate called it another goofy cyber name. And we were able to, based on the visibility that we had within the federal networks, connect some of the dots. I do love that quote that Jen is basically like, it's just another goofy cyber name which is kind of, think about it, probably not the best thing that we can do.
Ralph
But I, if you can't laugh at it, you're kind of screwed.
John
That's the kind of scenario back to it's Blue Monday. So this gets into, you know, we keep on talking about things like ransomware, info stealers, all this stuff that has immediate impacts to organizations and individuals. But one of the things we've been talking about that on the show for a while is we really, really need to be concerned about the persistent threats. Right. Whenever they came up with advanced persistent threat, that name meant something advanced meant that they could bypass existing security controls, right? They could bypass your firewalls, they could bypass your endpoint protection, whatever it is you're running. And persistent means they want to stay in your network. If you're looking at ransomware, ransomware is not an advanced persistent threat. That is not their goal. Their goal is not to persist.
Ralph
Well, it can be. It actually, I mean, yeah, I mean, I don't, I don't want to argue too much, but I will say that it. There are ransomware threat actors that they classify as APTS because their motives are different than just immediately get in and drop crypto lockers everywhere.
John
But anyway, I'm talking specifically the ones that are locking you out right away, right? So advanced persistent threat, they're going to cause you long term damage. And when you're looking at nation state actors like China and Russia somewhat a lesser extent lately, like that's what they want to do. They want to dwell inside of your network and siphon off as much data as they possibly can. And I don't feel like the industry has really came to grips with that type of threat actor. Reading these articles and kind of seeing how this all unwinds, I think that that's being more and more like apparent every single day.
Kelly
John, that's a great segue to the, to the Chinese threat. I had some interesting conversations with people over the weekend regarding TikTok. And we talk about, yeah, I know, we talk about security awareness training or working with laypeople. And I had legitimate conversations this weekend with people saying, why are we picking on the Chinese by banning TikTok? And it's stories like this. It's like, hey, they've been picking on us for a long time.
John
Oh, I agree. It's also very weird because if you would have shown me a picture of the future like 10 years ago and said, hey, in the future we're going to have in depth political conversations about a tool called TikTok, I would be horribly, horribly confused. And I wonder how the hell we ended up here at some point.
Ralph
So it's off, right? Like TikTok is fully off as of today.
John
Or it went down on Sunday and came back on Sunday.
Ralph
Okay.
John
And if, you know, stepping away from the politics of it. But I hear what you're saying, Kelly, but here's the problem I have with it. As soon as TikTok was shut down and believed to shut down, they were moving to a completely different app that was ran by ByteDance in China. I don't understand how picking on one app is really going to solve this problem. Because if you look underneath the hood, a whole bunch of our supply chain, semi product semiconductor production is all done in China. Like, why? Like, this seems very performative to me. Where. And by the way, this legislation is bipartisan, folks. So if you're a Democrat or Republican, you want to start doing the point. That was bipartisan. Right. So it seems like it's performative, bipartisan legislation that kind of acknowledges that there's a problem without actually trying to get to the root of the problem.
Eric
Well, there's a good thing that a lot of people don't understand is it was all of Binance's applications, cap cut, all the rest of them that were supposedly banned. And then, you know, I know we're not trying to get too political, but I'm not sure how in the world this thing got reversed in under 24 hours when Supreme Court said, yeah, it's.
John
Legal to ban them. I can answer that. There was a provision within the law that allowed for it to be stayed for 90 days if there was a review. And that's the, that's the clause that they basically went under. It's not reversed. It's quote, unquote, under review. So it's basically just kind of a stay of execution on this. But I still come back to. Who gives a sh. Who gives a darn.
Marion
Oh, yeah.
Ralph
I mean, didn't know. It was like, it was like 80%, John.
John
80%.
Ralph
It just now that. That. That was like a $1 swear. That wasn't.
Marion
That wasn't.
Ralph
A $15.
John
Okay, okay. Because everyone, you got to remember, everyone's for. Eff. Everybody.
Ralph
You got to keep in mind, the.
John
Human brain sticker at the bottom needs to be updated, reset.
Ralph
The human brain comes pre autocorrect and everyone's brain just autocorrected what you said into the real.
Wade
There you go.
Ralph
Yeah.
Marion
But this.
John
But also this China isn't new. I want to kind of go back to it. I can't remember what year it was. I want to say it was like 2007 in the classified world. We had to go through and remove a whole bunch of Cisco devices because they were backdoored by the Chinese. Like the actual device was backdoored. And I remember when that happened, we were like, well, this is going to create a change in the way the United States buys their technology to ensure that we aren't going to be buying as much as we do from China. That didn't change any. Right. Well, so I just don't understand how people get worked up over TikTok without fully understanding the implications of all the other crap that we're getting from China that's probably backdoored as well.
Ralph
So John, to go back.
Wade
To go back farther with like the political stuff. Right. So the, the big hacking was going on all throughout like the 2000s. And then 2008, Jinping, Xi Jinping actually came into power and was doing a tour around the world because he was.
John
The new out that sweet, sweet honey.
Ralph
Wade and podcast China.
Wade
There was a conversation between him and Obama at the time and supposed this is supposedly how it went. Obama said you need to stop hacking US or hard trade regulations are going to fall. Right. This was more than 10 years ago. @ the time, China wasn't as powerful as they are now. But there was an actual decrease in known Chinese threat actor drops.
John
Wait, at the same time a lot of other threat actors to kicked up.
Wade
Exactly.
John
Basically bounced through other people out there.
Ralph
Yeah, yeah. I mean it's.
Wade
But I guess my main thing is that that can't be done anymore. Right. Like we can't show a force of power because China has too much of an economical stranglehold on the tech market right now.
John
Well, with these. Brian just asked, is my smart kitchen Chinese made? It's actually South Korean. I have a lot of Samsung products.
Wade
My. My baby monitor is South Korean made and it was pinging out to China for some reason also.
Marion
Right.
John
When you're talk lot of the underlying semiconductors and chipsets and everything, they're all built in China as well.
Marion
Got to put covers over half the cameras in my house that are Chinese. You know, I just think.
John
Cameras in my house. And if there's someone in China that's watching my video feed when I'm walking around in my underwear middle of the night. Right.
Ralph
You mean in your crap on the.
John
Floor at 2am Something really smells bad. I really feel bad for them. Like, if you're doing that to me, I feel bad for you. There's better things you can do for your life.
Marion
I legitimately do have one of the Chinese robotic vacuums, right? And people are like, oh, well, I better disconnect it. So it does. I'm like, so we can map my house? Like, what does it need?
Ralph
A floor plan? Have they heard of Zillow? Like, all right, yeah.
Marion
A vacuum to figure out where my bedrooms.
Ralph
I mean, so, okay. To kind of get you back to the higher.
John
Funny. I find it funny.
Ralph
Funny to go back to the higher level discussion here. I think the reason why, first of all, never underestimate the power of a poster child. Right. The, you know, example, a bad example of, oh, this is what happens to Chinese companies when they enter the US Market in the wrong way. Whatever. The other thing, I think that made it more like you mentioned, it was bipartisan. I think the perception that Tik Tok particularly targets kids or teenagers, like, younger people, was particularly scary because we all know, you know, people's brains aren't fully developed. Like, it's. They're. They're a vulnerable class of people. And so I think that's, like, maybe why it was able to be pushed through so aggressively. Even though I agree with you, you know, everything's made in China, blah, blah, blah. Like, that is true, but this is still, like, an example of, you know, maybe. I. I do think, for the record, that platform is a platform, and at the end of the day, if you force it to be sold to Elon Musk or whoever else, it doesn't really change the nature of the platform.
Marion
I think the bad stuff is happening whether it's Chinese or not. That's just kind of my opinion. I really don't care if it gets shut down or not. I just. I'm just saying, like, it did seem kind of weird to target it. It was bipartisan and all this other fun stuff and blah, blah, blah. I'm still confused of the why. Like, and I understand, like, from. To keep a security focus. Just, I kind of understand that, you know, China was attacking us, but, like, sure. On the other side, I'm kind of like, but there is other apps just like it.
Ralph
Don't put it on. Don't put it on US Government phones. Don't, you know, ban it.
John
Yeah, like that out there. What is. What exactly is Tick Tock doing that Facebook and Instagram and Twitter and all of these other platforms isn't doing? Right.
Ralph
Yeah, I mean, definitely filtering certain.
John
It's pulling down all this sensitive information, and it's like. And then you can even layer on. It's like. But then it might be accessible by China. A lot of these companies have memos of understanding with the Chinese government that they will open up their data for the Chinese government, just like they have in the United States with a proper warrant being executed. This gets back into that much larger issue. What is it about this that's so unique? Right.
Ralph
I think it's more about.
John
I understand that they're targeting children, but they all are targeting children. Right. Except. Which is squarely at the Generation X zennial. People. And they'll die because of it.
Ralph
I mean, Facebook targets people over 40, if we're being honest.
John
Yeah, no, no question. And I'm right there in the two.
I
Apps that they were pushing in replacement, like, sort of last minute, there was a 216% increase in people on Duolingo trying to. Trying to learn Mandarin because they were pushing red. They were pushing Red Note and Lemonade. And I looked at the APKs for both of those, and I think the word backdoor was in there, like, I don't know, eight times. And you look at all the URLs, they're all dot. You know, cn. Cn. If you. If you break apart red node and eliminate. I didn't look at TikTok, but, you know, I thought it was really interesting what was inside there.
John
And isn't it delightful? Isn't it refreshing whenever they just call it backdoor? Like, yeah, it's hard code, the link.
Marion
Yeah, it's fine for them.
John
There's nothing but respect there. Like, we're not even hiding it.
Ralph
Okay. Yeah. I mean, what if.
Wade
What if this just fully backfired and now, like, half the US Learns Chinese or Mandarin now. Right? And we just become even more powerful because now they can't say stuff about us, and we can do business trades better.
John
First we learned. We learned Mandarin, and then we taught them social dissent.
Marion
Oh, my God. Oh, my God.
Ralph
Well, so. So let's. Let's pivot to another article. Let's talk about the FBI. Let's talk about the FBI. This is a. Kind of a funny little completion of this. So there's an article in Ars Technica called the FBI Forces Chinese Malware to Delete Itself from thousands of U.S. computers. Kind of an interesting thing. Basically, the FBI did a press release on January 14th saying that it forced it. Basically, they took over the C2 server for this malware and then forced it to delete itself. This was again PRC backed but focused on the threat group Mustang Panda, which was affecting a version of Plug X, which is apparently a malware. So it's kind of an interesting, like, you know, cyber warfare, I guess you could call it Fight back.
John
And they worked with the French on this one. Let's give the French some credit. That's it. That's all we got. Huh.
Marion
Wow. In some way that was derogatory. Like.
John
It was.
Ralph
I'm sorry if that was derogatory French people. I know you already hate me anyway, so it's. Whatever. Yeah, I mean, I guess it's like there's. I think the biggest thing is like, let's turn. If we were to turn the turntables all the way around, aren't you, like, we could argue how many of these apps that are US Based, large companies are allowed in China. Like, is Facebook allowed in China? Is Google allowed in China? Is YouTube allowed in China?
Gator Hunter
Well, Tick Tock isn't even allowed in China exactly.
Ralph
Well, they have, they have their own version of China.
John
Yeah, good point, Graham, Good point.
Marion
Called Surveillance talk.
John
It's called Surveillance Talk.
Ralph
Yeah. So it's like, it's a weird thing to think about of, you know, other countries saying that the US is backing Facebook to go harvest a bunch of people's data. Like, it is kind of a weird.
Marion
I think the funniest part of it all is that the reason people want their TikTok is not for Chinese content or anything. It's for literally American content by American creators. On. Yes.
Ralph
But then it's like scroll, scroll, scroll, propaganda. That was weird. Scroll, scroll, scroll. Like, that's what set. That's what senators are imagining.
John
You know you're in trouble. You know you're in trouble when. And three, like a high school comes up.
Ralph
Like, you know, you know you're in.
John
Trouble whenever a high school or middle school boy comes up to you. You're like, oh, this Andrew Tate guy, he, he speaks a lot of sense. I, I think, I think, I think he makes some really great points on carrying swords and women drivers. It's like, oh, my God, what the hell are you getting that from? Tick Tock. And then I just block it in my house.
Ralph
So, so you're saying, but then everyone's gonna move to that other app. That's. Yeah, I mean, not Tick Tock or.
Marion
What if that was the other thing I had a conversation with my wife about Tick Tock is I was like, it doesn't matter because those influencers aren't going to just be like, well, hanging up My hat. It's all done. I'm over. Right? They're gonna just move to the next place. Right?
Ralph
I think Tick Tock is actually positioned really poorly in the market right now because you already have Instagram re reels and YouTube shorts and everyone posts on all three anyway, so TikTok doesn't really.
Eric
They don't have the market capital.
Ralph
Right.
Eric
So, I mean, yeah, they're having the ball. And let's see. I want to point this back to like last week when we had these discussions. This is a very prime example that we've been harping about for, I don't know, years and decades, that these users want what they want, consequences be damned. They want it f the security measures. I mean, I know it's Tick Tock and it's not that bad, but you know, that's just like saying MFA and all these other things. Like there's a report that was leaked out yesterday or Friday. I Forget that over 800 known devices that are coming out of manufacturing have default passwords even after the provisioning of an Iot device. I mean, come on, this is just another staple.
John
2025.
Eric
I know, but still, this is part of the whole staple of all the problem that we have.
John
See, and this is, this is like, you know, I was sad a couple of weeks ago. I was where you are, Eric. I was sad. I've learned to embrace the chaos monkey.
Gator Hunter
This is the way.
John
Keep saying, come to the dark side. We have cookies. Pen testing. Yeah, that's where it's at, kids.
Marion
Watch out.
Ralph
Those monkeys are strong.
John
Those default creds are sweet. Sweet default creds. Like we love default.
Marion
Your sadness is my drink.
Ralph
Don't worry, John. When there's a government approved seal of secure.
Wade
Yeah, when those stickers come out.
Gator Hunter
No, no, no, no.
Ralph
We're not going to talk about that again. Let's. Okay, so this. Let's just follow this China thing. Let's keep going. So there was a huge data breach of Chinese a couple of China companies, so Weibo and QQ messenger. There's been basically 1.5 billion Chinese citizens. Information was leaked online. So I'm not going to say this is a. I don't know if this is in any way related, but you know, these kinds of. These kinds of breaches do affect not just US citizens, they also affect Chinese citizens.
John
Oh, my God. One of our listeners just said, my ex used to say, your tears give me strength. You're in a bad relationship.
Gator Hunter
They did say X. Yeah, I was just reading the. The fortinet article from the last one. And the IPS they released are like the Cloudflare DNS Local Host and Google DNS.
Ralph
As I no way, dude, those are all hackers. He didn't know that Local Host is the prime hacker.
Gator Hunter
I mean, you're not wrong.
John
But I gotta, I gotta talk about that because I got into a conversation with somebody about darktrace and by the way, I think the technology and the AI and the ML that's in darktrace is pretty cool, but I, I think that their marketing is poopy.
Marion
Wait, wait, John, what's Darktrace?
John
Darktrace is an NDR and it does artificial intelligence Dr. Or NDR. N network.
Marion
Network.
Ralph
We need more acronyms and we need more acronyms. Can you, can you explain that one?
John
Network Detection and Response. So it detects attack traffic or C2 traffic and then it automatically stops it. And got into a bit of a conversation about automatic shunning and stopping and how that's bad. And speaking of this DNS thing, somebody was like, well, you know, if it detects bad things, it can just shut it down. And I'm like, well, you know, Darktrace, last I knew, focuses specifically on text records for DNS. And I've seen environments where they basically see it like C2 traffic and they shun all of the DNS traffic and it breaks the entire environment from getting to the Internet. And they were asking how. And most organizations, their primary like resolution server is their domain controller. So all the endpoints go for recursive lookups through their domain controller and their domain controller makes a connection outbound to some third party DNS server that they're using, either from their ISP or like we were talking about Google in this situation and if you have it set up to automatically kill that traffic that's bad, that shuts down all DNS resolution for your entire environment. So whenever you look at this and you see people talking about IOCs, like communication to 127.0.0.1 and oh, we can see that 8.8.8.8 was used as a C2 server. This is the stuff that years ago, like threat intelligence feeds suck because that's the type of intelligence a lot of these products were doing back in the day. But I read that too. Graham. It's just like the same garbage. And I have had customers that are like, we probably need to shut down all the traffic that's going to, you know, this cloudflare IP or this Google DNS server.
Ralph
I mean, it kind of reminds me of the old classic. You're doing a pen test, you're using CDN for your C2 channel. And they're like, oh, we went ahead and blocked cloudfront.net and you're like, I'm sorry, we did what? Don't do that.
Wade
Undo how many socks have you been in? Where like a level one analyst just goes to the PDF, grabs all the IOCs and just throws them into crits and just blocks everything that does happen. I could easily, right, I could easily see all of this being done and when next thing you know, the networks.
John
You know, who gets blamed when that happens?
Wade
Who?
John
The testing company, the intern. Like, how dare you put that in the report to force us to do something against ourselves without testing it. It thoroughly.
Wade
As I said, maybe that should be a finding. That's a great finding.
Marion
AI now, because dark traces to make it clear.
John
That's really rare. That doesn't happen very often, but it does happen. But that goes. That goes back into. You know, I think that there's an oversimplification of security for a lot of these things where they're like, just give me the IPS to block, man. I'll just block those ips. It's like, it. It doesn't. It doesn't, it doesn't. It doesn't work that way.
Gator Hunter
So I've been doing a lot of testing in kubernetes and I one time had someone ask me why it was even a problem because you can just restart the container if there's a security issue.
Ralph
I was like, well, if you knew.
Gator Hunter
There was a security issue and you just restart the container, that's not fixing anything.
John
Do you know that security issue might.
Marion
Come back every time you restart the container?
John
You know what? Here's how you fix that one. You stop caring. Like, anytime you have someone say that, just be like, you got me. All the security research I've been doing for the past few years and specializing is a complete lie and a sham. You got me, you got me. You got me. Just restart it and please go do that. Have fun with it. And, and let me know how that works out for you in the long run.
Gator Hunter
Job security.
Ralph
All right, we got plugs. John, do the plugs. You're the boss.
John
Oh, the plug. Oh, yeah. Bhis. We do pen testing, IR and soc work. We also have the wrong. Are you in Denver? Would you like to be in Denver? By the way, we got into a huge argument about Mile. Like Wild West Hacking Fest at Mile High. People are like, it sounds like we're condoning Smoking pot. For me, it was like, no, we're condoning geography. Legalized pot.
Ralph
We're just condoning geography. Okay.
John
We're just 5280, right? You know, 5280, the mile high city. It has nothing to do with marijuana as far as we're concerned for you. You do you. That's fine. If you think it's marijuana, scan this QR code and nothing bad will happen ever.
Ralph
Me winking marijuana so much.
John
Exactly. So as, as, as. As Ralph is trying to scan it. So yeah, Bhis, we do security stuff. We got a conference and anti siphon training. Oh, my God. B side San Diego.
Ralph
Hey, John. Hey, John, who do you think is doing the keynote?
Wade
I don't know.
John
At east side San Diego. Am I. Wait, am I coming down there?
Marion
You are. You are.
Ralph
I thought it was Kelly. I'm confused. I thought Kelly was.
John
Did I agree to this? No, I don't.
Kelly
Yeah, John, we're doing it together.
Ralph
Where is Kelly giving the keynote?
John
Is it not horrible advertising, by the way? We are awful at this. Kelly, Please save us. What are we going to be talking? What are you going to be talking about? B side San Diego.
Kelly
Yeah, well, we are going to be talking about grc and we're going to be riffing on Bad Medicine.
Gator Hunter
Oh, it says someone scanned.
John
I was waiting to see how long that awkward pause would go. And I was going to make some reference to Bon Jovi. Grc.
Ralph
What is bad Medicine? Is that, Is that, Is that a really Upon Joey reference?
Kelly
Come to San Diego and you'll find out, my dear.
Ralph
Come to San Diego. Oh, that sounds terrible.
John
We need to go back down there and rent out the aircraft carrier again.
Ralph
I agree.
Wade
You know how many people ask me every time I see them, when is Bhis coming back to San Diego?
John
And I'm like, yeah, so we're going to be doing a conference for. With anti siphon in D.C. this year. So we're doing Denver. We're doing another security Training conference in D.C. this year. And next year I want to expand and go back to San Diego.
Gator Hunter
Wait, that's like 30 minutes for me.
John
So we can do that. I don't know, whatever. You guys going to throw up another advertising thing for me? Oh, there you go.
Ralph
Yeah.
Marion
Webcast.
John
You want to register for our webcast? You can scan that QR code and they're totally not spammy at all. We do tons of free webcasts and free training and free content to just free stuff all the time. That's because we are horrible at this capitalism thing, we haven't quite figured it out, but we're going to keep sucking at it because it seems to be working.
Marion
Speaking of horrible capitalism, John, I will be doing a webcast this Thursday and I'm going to be giving away a free tool. I didn't even ask you, but I did.
John
I don't know if you saw, but I did the write up for your free tool.
Ralph
Oh, yeah, yeah.
John
Look at the email when it comes out. I kind of rewrote it. The content community team is like, we don't want this to sound like it's by anybody that has any mastery of marketing or the English language. And you jump right up there. Yeah, yeah. So.
Ralph
All right, all right, that's enough plugs.
John
That'S enough of that.
Ralph
Let's get back to our regularly scheduled programming.
John
Yes, there we go. Pick another one, Corey.
Marion
Oh, I got one. This is a really short one, but did you guys hear? Microsoft Exchange has finally reached end of support for 2016 and 2019.
Ralph
Is that a joke? That's not really.
John
That's a joke, right?
Marion
Oh my gosh. Yes, yes. No, no, that's.
Eric
They're still coming out with new versions of Exchange though.
Marion
Yes, yes. Okay, so let me close the loop on this. Exchange 2016 finally reached its mainstream support in October. And then this is the extended support. I'm sorry, is January 9, 2024 the October 2025 for Exchange Server 2016. Exchange Server 2019 reach into support. But they're going to have a Exchange Server SE for a special longer edition so that you can keep on running Exchange servers.
Ralph
Can we get like a Soprano style drama of like Microsoft basically running a protection racket in businesses with the extended support thing being like two guys show up and are like, we'll have the software. And they're like, but you don't have any money. They're like, we'll have the software unless you want any trouble. It's like, what is going on?
Marion
They're just servers that were running. They get email and you know, it doesn't cost them any more money to get these emails. A lot of them are just running over port 25 insecure. Right?
Ralph
Just.
Marion
I mean, this is how they've been for the last 20 years.
Ralph
China is helping patch them with the zero days.
Marion
China is patching them as we speak. It's wild. It is wild. You know what, the email keeps arriving.
John
And you know, so as long as the spice flows. The showdown report says there's still 194,000.
Ralph
Exchange servers exposed to the Internet. That's just exposed. That's not even all the exchange.
Marion
That's how they work.
John
Right.
Marion
Isn't it email.
Ralph
That kind of happen.
John
Yeah. But if we look at them.
Ralph
Oh no, no, you don't know about. Hold on. Networks that aren't exposed to the Internet.
John
Breakdown. There's 443, there's 128000 of them. Web is. Yeah. OWA 123,000. That's a huge number.
Ralph
Still, it's recommended in security practices to take a really high value server and just hang it straight off the Internet.
John
Right. On the Internet.
Marion
Yes.
Ralph
And make sure it has like required to have admin credentials on the server too. Like.
John
Yeah, I have to. I.
Ralph
We've heard of zero trust.
John
Right.
Ralph
We don't like zero.
John
I've talked to some companies that are like, well you know, according to such and such standard we can't go to the cloud. We have to run our own. I'm like, no you don't. I don't know of any. You might know. Are there any standards out there that basically dictate that you have to run your own email store?
Ralph
Yes. Richard Stallman's rules for doing business. Want version 1.2.
Eric
No one's I've ever seen this for privacy. They, you know, they want to ensure if there is some sort of lawsuit or seizure that they physically have to come to the office because Microsoft may not and probably will never tell the client that there was a warrant issued to them to issue out the information of the Exchange server.
John
Yeah. But once again I. Well, we can get into that. It's just. I agree with you, people are still making these arguments but they need to stop.
Wade
Wasn't it in team we don't have the logs.
Ralph
You didn't have the licensing for that. Sorry.
John
Three hours after the attack.
Ralph
Yeah. They're like, oh, government, you're going to have to pay for the licensing on those logs. If you're going to. If you're going to do the subpoena you're going to have to upgrade to a S5 subpoena.
John
S5.
Eric
It's funny how they say that they don't have a logs and all of a sudden you pay for it and you get the pass in six months that are there. So they got them.
John
There's a special place in hell, Eric. There's a special place in hell.
Ralph
Yeah, I mean I guess if anyone has an article throw it in here. But on the exchange thing it is kind of. It is kind of interesting. You basically have a choice Between a product that's going to get AI enabled in it without you, like you have no choice. You will be integrated into AI or a product that's hopelessly insecure and you have to hang it straight off the Internet in a high trust environment. It's like, can we just have squirrel mail or whatever That's.
John
Actually, I've thought about that from time to time, so I think it'd be fine.
Ralph
It'd be fine. Graham says it's fine. He's a kubernetes expert, so it's fine.
Wade
Have to restart the container.
Gator Hunter
That's right.
John
It's a zombie squirrel. Like if it's running in kubernetes, it's a zombie squirrel. Squirrel.
Ralph
Okay, I got. There's one that just. Okay. Sneak everyone. Does everyone know sneak? SN yk?
Marion
No. What do they do?
Ralph
Sneak?
John
I thought it was.
Gator Hunter
I only know them from sponsoring John Hammond videos.
Ralph
They sponsored Darknet Diaries and I'm pretty sure it's sneak. Anyway, they are actually, I think pretty heavily used throughout the interwebs and among the dev sec ops community, which I don't know what that means, but I've heard other people say it. Basically this is a company that does a lot of like supply chain security scanning, stuff like that. That. But interestingly, one of the researchers there, or at least they had sneak in their username, was deploying malicious NPM package which I guess I don't know the full story on this. I don't know if anyone does, but from an infosec company perspective, it's scary to think about the companies we trust for security and scanning also publishing malware. Like I don't know if it's an info stealer compromise the account or if it's just someone impersonating a user and saying, oh yeah, it's definitely sneak, but their name is actually SN4K. I feel like it's probably just impersonation, but you know, just brings home the ever, you know, important like supply chain thing. Right. So apparently, you know, after they published this blog, the researcher took them down. Maybe it's like someone else's blog that they were trying to write that went a little haywire and they got a little carried away and accidentally deployed malware.
Gator Hunter
Do you see the code linked in that article?
Ralph
Yeah.
Gator Hunter
There's variables called payload. Like if you're running that, that's not good.
Ralph
Like at least the key with NPM is that if you're a developer and you're writing npm, you don't actually know what you're running. That's actually a requirement. You can't know what you're running when you're doing npm. I mean you can. This is a joke, obviously, but it's definitely pretty difficult. There was that story from years ago where like someone who had an NPM library that just reorients text to the left like broke. And it was like a two line piece of code and it broke like half the Internet. Like that was a story from a few years ago. So NPM is just kind of a supply chain mess in general.
Marion
It's kind of interesting because they're. They're attacking Cursor employees.
Ralph
Is.
Marion
Is that what they're saying in here?
Ralph
I guess so. Yeah. I guess they're going after cursor.com. there's a lot. It's basically an article with kind of an open end of. Like maybe they're doing a blog post about people using malicious packages. Maybe they're doing a bug bounty for cursor. Com. Maybe there's just real threat actors impersonating a sneak employee.
Marion
So the thing about Cursor is that that is it's an AI code writing tool which I actually use actively. And the way it works really is it's just VS code. It will use one of the large language models that you choose and you can have it look at your code and write and approve and all this other fun stuff. Right. I'm just kind of curious about like what the angle was here. Like why they were going after Cursor. Like were they trying to get possibly that package into Cursor to provide that like a wider spread through the Cursor application.
John
Right.
Ralph
That would be the assumption. Right. Is it's like if you look at it perfectly good faith, it could be them doing security research for this application and trying to get malware published into their repo to show them the potential negative impacts of that. It could also be a real legitimate attack against this company.
Marion
I don't know.
Gator Hunter
It's someone's DEFCON talk. I feel like we did.
Ralph
We might. Oh, we didn't. But Source Code Red might have.
Marion
Yeah.
Ralph
I will say though, looking at the bottom, looking at the guy, Paul McCarty, he looks pretty nice. Feel like you'd have to forgive him eventually.
John
Can we talk about UEFI boot kits?
Marion
The low level?
Ralph
No, that's, that's too scary. We can't talk about that.
Wade
It is too scary. I don't want to talk about it.
Ralph
Okay, hit us, hit us with that UEFI boot kit.
John
I, you know, I've spent a lot of time like in my early part of my career working on rootkits and boot kits and different types of application level backdoors and kernel level boot kits and things of that nature. And one of the things that I that I think is really interesting is whenever we're talking about uefi, we're talking about TPM and all the security controls that are baked into the operating system at a really core level whenever it starts and especially whenever it loads up the drivers for the operating system and whether or not they're signed appropriately or not. This is always fascinating to me, but I look at it as like sidechain attacks where I don't know how often we actually see this being exploited in the wild. And I don't know if that's just a factor of the fact of it's hard. It's really just not something that we see very often because application level backdoors still today work fantastically well. Or is it that it's being used by nation state level adversaries and it's being used so effectively that we're not detecting it? It's kind of like that question of do we live in the matrix or not? And how would you actually find out about it? But there's a bunch of UEFI applications that have a vulnerability because they're using a common library. Basically you can exploit these applications which I can't find in the article. If anyone else can see anything, I think you need to be administrator to modify these binaries. I'm not 100% certain, but it seems to me like you have to be admin to be able to hijack the applications, to inject your bootloader backdoor to bypass and neutralize the like the security checks for drivers on next boot. This might be one of those areas where I kind of agree with Microsoft. If somebody is an admin on your system, you're screwed in so many delightful ways. This is just yet another one of those ways. And I wanted to get people's opinion on these types of like boot kits and backdoors. Do you think it's one of those things that's like, no, they're being used, we just aren't seeing them because it's nation state level shenanigans or is it just like there's so many other easy ways to make this stuff work that there's really. The attackers aren't moving into this space security features. Absolutely. But we haven't locked down application level backdoors at all. So I'm Wondering how much effort should we spend worrying about these types of things?
Ralph
I guess so before we get too deep into opinions, let me try to wrap my caveman brain around this actual vulnerability. Because this is really complicated, at least in my opinion is what's happening here. If a company sells like, let's say Dell sells a laptop and it includes like a system recovery utility with the operating system, and that one of those utilities includes these affected applications. So greenware, Green Guard, Radix, Smart Recovery, San Fong Easy backup System. If that's installed on my system, then anyone can backdoor my system. That would persist across installs. Is that basically the vulnerability?
John
But I believe you have to be admin and I haven't confirmed that. I went to the technical details. I don't see anything about this. There's no publicly available code. It's just researchers have discovered it.
Ralph
I would assume so. I would assume so because it does say you have to modify the reloader EFI binary. But it's a pe, so it's like a PE loader that just doesn't verify the signature on whatever it loads.
John
So whenever your system starts, Corey, just kind of break it down. There's like two different states that it goes through. Okay. So when your system starts up, it goes through a state where you can start modifying any of the aspects and the attributes of memory before it actually moves into like a protected mode where there's protections and partitions within memory that go up. So when you're looking at tools like KAN Boot, which is probably the easiest example, KAN Boot basically boots itself first, then it loads the operating system. But in doing so, when the operating system first starts up, it basically goes through and it modifies core libraries and like local security authority subsystem service so that any user ID and password combo will be accepted because it can actually edit those libraries in memory. Now, as your operating system progresses through its boot process, eventually it does put up those protections, but it actually modifies before those protections go in place. Does that, does that make sense? That part?
Ralph
Yes. I just. The thing that I'm not getting is how did anyone get these applications to begin with? The. Like there's a list of six affected or seven affected applications, backup applications.
John
Right. Like, you know, CIS Return, Green Guard, Smart Recovery, Easy backup systems.
Ralph
So you're just googling like reset password windows and this is popping up.
John
Yeah, you're just looking for something like that put on your. On your systems where basically people can do a restore kind of like a commercial version of Volume Shadow, Copy Right. These products, because of the way that they can set restore points and go back to restore points, they are basically. They're basically boot kits in and of themselves. And for. And what. What I mean by that is they have that capability built into it because that is the product that they're serving. So by the attackers being able to take advantage of these different libraries that are being used and I can't remember what library it was the. No, that's the malware that does it. One of the libraries that is commonly used by all of these different applications has that particular vulnerability in it. It allows the hijack the attacker to basically load their malware in as part of the process that is already there. Like these programs have that capability. So it basically piggybacks and Trojanizes these tools so they can do it. And I can't find. I had the dynamic link library.
Kelly
John, I'll jump in on your question there. We've been talking about UE UEFA. I can't even say it firmware actually back in the earlier versions of the CIS controls. We started talking about it in six. Now, is it something that's easy to check and modify? No, it's hard to do, but it's something we've been looking at and calling out as part of our cyber hygiene practices for a long time. Who is actually utilizing this type of malware? That's a hard question to answer, but from a hygiene point of view it is on our radar.
John
Yeah, but that gets to my question. Why? I'm genuinely asking this question because in my career we've used backdoors like this. But a lot of it's academic. It's like demonstrating here's basically Hacker Defender by Holy Father was one of the first tools that I saw doing a lot of this type of rootkit type shenanigans. Right. And that's fundamentally different than back orifice 2000 which was more of an application level backdoor. But whenever it came to looking at the malware that we're seeing on a day to day basis, a lot of the malware is that traditional either kernel level rootkit functionality built in with an application level backdoor. But actually going into the boot kit, we just haven't seen much of it. And this gets into the Trusted Platform module and all these different things. So it seems like there's a lot of money being put in to try to stop these types of attacks. But I don't see actual attackers utilizing these types of techniques very often at all.
Ralph
Yeah.
Wade
How would you detect assumption? I think no. How would you detect it. What tools would detect this?
John
Oh, you'd have to use an ndr, right? Like you know, that's, that's, you'd have to be watching the network and even Holy Father, like Hacker Defender, that had the capability where it could piggyback. So if you had a web server, it could piggyback all of its communication over the existing web server port. And that's something that's like 20 years old and they had that type of capability. So yeah, I mean there's definitely that capability but usually the reason why we see nation state level adversaries kind of askew these types of attacks is it generally is tricky to pull off consistently within a variety of different operating systems, service packs and language packs. Like I said, I'm just kind of throwing this out there because I used to teach this stuff all the time and I find it endlessly fascinating. But it's one of those areas in computer security. I'm like, do we need to spend this much time focusing on it? Do people really need to be that aware of these types of techniques? Or is it just something that's technically interesting but not necessarily germane to people's day to day lives?
Gator Hunter
I think it's, it's two things. One, the amount of people who can write a UEFI boot kit, it's like very, very few. And they could be making a lot of money at intel doing security work or any other low level hardware place. The other thing is why would I do this when I can just run a cron job and no one's ever going to look at it?
John
Or better yet, I get, get some creds that get me into an exposed management interface on your fortnet and I.
Wade
Could just come on on the opposite side too though. It's like how, even if they were to do it, how would I, how would I ever detect, Detect this? That's my thing. Like I, I've written certain stuff to detect it being loaded in.
Ralph
No, you could detect anything.
John
Yeah, if it's dead. Like if it's. Yeah, yeah, if it's dead. So.
Ralph
Well, the other thing. So just to kind of close the loop, the reason we're even talking about this is because a researcher disclosed it to Microsoft and they actually revoked the certs that were affected by this. So like theoretically, if you're checking revocation, you're already good, that's patched, it's fixed.
John
But that's built into the operating system though. I mean it does that type of stuff.
Ralph
Yeah, well I'm, I don't know that nitty gritty. But I'm assuming that Microsoft coded their UEFI to check revocation lists before it boots.
Gator Hunter
I think also the people that need.
John
To worry about this, what you do on that, Corey, and this is awesome, is yes, they do have that capability. You just insert your shim before it checks that capability, and then you can hijack those libraries as well. The point is, if I'm admin, there's no end to the horrible shenanigans I can pull on an operating system. Once you get to that point, especially whenever you're at the bootloader perspective, you also have malware that completely partitions itself off by reducing the size of the hard drive, taking one of the CPU cores, telling the main operating system it has less memory than it actually does, and it completely exists on a separate plane from the operating system, so the operating system can't even see it. Once again, my point is once you get to this level, you are screwed. Unless you're doing solid network level analysis.
Kelly
Don, I agree with everything you all said, that there's easier ways to accomplish the bad things you're trying to accomplish. But the piece that I'm left with is there are people who assume that their hardware is just fine, it's untouchable, nobody can do bad things to it. And I question making that assumption.
Gator Hunter
Yeah, I think the people that need to worry about this aren't people buying laptops. It's people running like data centers.
Kelly
That's fair.
John
And I would say, you know, very sensitive nation state level stuff. Right.
Ralph
Well, no one would ever use Windows for that. Right, John?
John
Right. Yeah, right, Exactly. By the time we'll get this locked down, you know, all the vulnerabilities will be in the cloud anyway, so it won't matter. So no cloud was secured by default. Like this is. This is the stuff that I find endlessly fascinating in it because you find out it's turtles all the way down or backdoors and rootkits all the way down.
Ralph
Should we. Should we do one more?
John
Yeah, let's close out with a good one. What do we got?
Ralph
So a good one? I don't know, but do you have.
John
Any Chicken Nugget stories? Dino Nugget.
Ralph
Now you got to go back pretty far to get another chicken story. There was one about an insurance company, like, tracking their progressive customers and other apps. Yeah, like that one was kind of interesting, kind of depressing.
Wade
But Biden signs an executive order is kind of a nice one, I guess.
Ralph
I was gonna do. Mine is lawsuit. Allstate used gas. Yeah. I mean, I don't know. Whatever you guys want to do, but let's do this.
Wade
The Allstate one.
John
Allstate.
Ralph
It's kind of depressing, but it's a privacy thing. And I feel like it's a fun little, you know, you're never safe anymore, basically. Texas has sued Allstate, alleging that the firm and its data broker used data from apps like GasBuddy, Routley and Life 360 to quietly track drivers. So here's how I imagine this going. It's like you just entered in that you drove 600 miles in this amount of time, so you had to be speeding. Like, is that like, what is the. I guess I'm like, what are they tracking? Is it driving behavior? Is it location based? Like, I'm curious what they're getting out of this.
John
Well, if you think about it from an insurance company's perspective, it's great data, right? Because like, Life 360, it'll tell you if there's heartbreaking, if there's cell phone use, if there's acceleration. I've talked about this on the show before where I'll get a notification. I'll find out. My son is going 170 miles an hour, and it turns out he's flying. Like, he's kind of on his way to becoming a flight instructor. And I would love to see somebody at an insurance company be like, we need to have a conversation about your son's driving 175 miles an hour over water.
Ralph
First of all, what car? Because I want to go buy one of them.
John
I don't think. I don't think the Forerunner does that type of speed.
Ralph
It does.
John
Probably not, but this gets into that weird, like, privacy place that we spend a lot of time. And I think it's good that we spend time. Right. Because otherwise we're just talking pure security. But this, like, whenever you have companies sharing this data back and forth with each other, it's spooky as hell.
Ralph
Yeah. I mean, it gets me thinking. Or go ahead.
Wade
California has been trying to pass a law to tax people on driving per mile. Right. And how would they do that? Like, that's, that's the technical part. But using this type of data, that would be the only thing that I could think of. And on the other note is we've seen plenty of insurance companies like this seems like a normal thing for most car vendors. Like, how many times have we talked about car vendors or insurance companies actually tracking this data in order to bill Us more.
Ralph
Well, this is such a. It's just such another level of an overreach. Right? It's like, it's because this is tracking geolocation, accelerometer data, magnet, magnetometer data. So they're like, oh, he was pointed south when he did it. Gyroscopic data. So, like the way they know you're drifting. Yeah, the geolocation, they have a drifting detection algorithm. They're like your insurance rates have 2x because you were drifting last week. Yeah, no, I mean, I think it's just. You're right. However, this is sketchy because it's not like I downloaded like, okay, it's one thing if you buy a Chevy and Chevy's tracking you. You're like, well, it makes sense. Of course they are. They want, they, they want to avoid the lawsuit for me driving 170 miles an hour backwards. But this is like Allstate, my company that I use for insurance or whatever. They're tracking me through a totally different app called Gas Buddy that is in no way affiliated with Allstate. Right. So it's like kind of a back door into my data. That's. That's the sketchy part of it.
John
And so as we're talking about all this data aggregation and don't we all think that maybe this Internet thing was a bad idea? Oh, yeah, Maybe it went.
Wade
Yep, absolutely.
John
Maybe it went over.
Ralph
Yeah, we need to probably reboot it. Let's reboot.
John
Russia has the right idea. Like, Russia is like, we're just going to. Like I was talking about from a story a month ago where they're isolating their Internet. Maybe there's something there. Maybe there's something there. Like, we just need to build a new Internet and ignore all the technology.
Ralph
Second Internet.
Wade
Nobody needs to order 160 pieces of chalk at like 11:00 at night.
John
That's a bad choice. Life choices, Wade. And you'll be living with that for the next 20 years. But did you read to the terms and conditions? Did you read the eula?
Ralph
I know the chalk comes in. No chalk outlines.
John
I spent my entire career, like working on training people, defending networks, doing all of that. And I'm like, this is what I was protecting the whole time, huh?
Ralph
Yeah. All right. Well, I guess if anyone has a feel good story, but I think that's.
Eric
All dim and gloom today.
Marion
Yeah, it's pretty much all doom.
John
It's job security, everyone. It's job security.
Marion
Lots of security here.
John
Take heart that you're going to be employed. Oh, look, look. Look, a QR code safe harbor in.
Ralph
This storm of the Internet.
John
We need to find a way to make people want to scan those QR codes, like free T shirt here. Or we'll just automatic check.
Ralph
The thing is, we spent like two years podcasting about why they shouldn't, so this is kind of a reversal.
John
It doesn't matter. Life is, you know, is you, like, pointless.
Eric
Just put the new TikTok and then put a QR code on.
Ralph
To increase Your firewall by 2ft, click here.
John
Increase your firewall by 2ft, click here. Yes, I think that that's a great idea. Buy more wham.com. read the terms. That's too much work. No one wants to read the specs off a chip. Yeah, very good. Oh, here we go. I don't trust that. I don't trust that as a feel good story. And we're already two minutes over. All right, everybody, thank you so much for coming. We will see you next week. I may not be here because I'm teaching. By the way, a pay what you can classify. Free is always an option. There you go.
Corey
We do want to say the schedule real quick over the next few weeks. After next week, we are not going to have a newscast on Monday because we're going to be at Wild West Hack Infest in Denver and the newscast will be on Wednesday.
Gator Hunter
It's going to be live.
Ralph
Doing it live.
Corey
It'll be live from the floor. And then the following week after Denver, we're not going to be here because we're all going to be recovering. So then we'll resume on the. What was it? I think it was the 17th of February.
John
I think we need to have a conversation about that. I think we should be here, so.
Corey
Well, okay. Maybe we'll be.
John
Maybe you're gonna have to show.
Wade
All right, I'm down with it.
Eric
We would do it. I don't have a problem with it. We'll yammer for three hours.
John
We'll do it.
Ralph
All right. The problem with all the clicky button stuff that Ryan's been doing that we don't know how it works.
John
I don't know how it works button. Ryan. Just one that says start news. Like, I just hit that button and everything works. Right? Is that how this work Easy button? Sort of.
Corey
Sort of.
John
There's.
Corey
There's a couple more buttons in that.
John
But you'll be fine.
Corey
You'll be fine.
Ralph
All right, bye, everyone.
Marion
Bye.
Podcast Summary: "Highest Rated Chalk" – Talkin' About [Infosec] News, Powered by Black Hills Information Security
Release Date: January 22, 2025
The episode kicks off with a humorous and relatable story shared by host Wade about purchasing a highly-rated pack of chalk from Amazon to keep his son entertained. However, the overabundance—160 pieces—leads to playful commentary among the hosts about having more chalk than needed.
This light-hearted start sets a casual tone for the episode, showcasing the hosts' camaraderie and ability to interject humor into technical discussions.
The hosts transition into the main content with a rundown of recent cybersecurity incidents and trends. Topics include Russian cyber spies collaborating with Pakistani counterparts, Europol’s takedown of major Distributed Denial of Service (DDoS) attacks, and a significant $50 million heist attributed to North Korean hackers.
This segment highlights the evolving landscape of international cyber threats and the geopolitical tensions that underpin these activities.
A significant portion of the discussion centers around the leakage of 15,000 Fortinet firewall configurations. The hosts dissect the implications of this breach, emphasizing the risks posed by exposed management interfaces and poorly configured firewalls.
John underscores the dangers of leaving firewall configurations exposed, advising organizations to patch vulnerabilities and avoid exposing management interfaces to the internet.
The hosts also touch upon the broader issue of default configurations and the necessity of robust cybersecurity hygiene practices.
The conversation shifts to the controversial ban on TikTok in the United States, exploring its effectiveness and underlying motivations. The hosts debate whether targeting a single app can address broader security concerns, especially given the extensive integration of Chinese technology in global supply chains.
John criticizes the performative nature of the legislation, arguing that banning TikTok alone is insufficient without addressing the pervasive reliance on Chinese technology in other sectors.
Highlighting a massive data breach affecting Chinese platforms like Weibo and QQ Messenger, the hosts discuss the global impact of such incidents, emphasizing that data breaches transcend national boundaries and affect millions of users worldwide.
This segment underscores the universal vulnerability to data breaches and the importance of robust data protection measures across all platforms.
John delves into the technical intricacies of UEFI boot kits, questioning their prevalence in real-world attacks. The discussion explores whether these sophisticated threats are primarily the domain of nation-state actors or if they pose a broader risk to organizations.
The hosts debate the practicality and frequency of such attacks, highlighting the challenges in detection and the advanced capabilities required to exploit UEFI vulnerabilities effectively.
A contentious topic arises around insurance companies like Allstate using data from unrelated apps (e.g., GasBuddy, Life 360) to track driving behavior. The hosts express concerns over privacy violations and the opaque ways in which personal data is shared and utilized without explicit consent.
The segment raises critical questions about data privacy, consent, and the ethical implications of insurance companies leveraging third-party app data for policy adjustments.
Towards the end of the episode, the hosts shift focus to plug upcoming events and initiatives, including their participation in the Wild West Hack Fest in Denver and promoting Black Hills Information Security’s (BHIS) services such as penetration testing, incident response, and security operations.
These announcements serve to inform listeners about future engagements and resources available through BHIS, fostering community engagement and professional development within the infosec field.
The episode wraps up with the hosts reflecting on the pervasive nature of cybersecurity threats and the relentless challenges faced by organizations in safeguarding their digital assets. Despite the often grim topics, the hosts maintain a tone of camaraderie and resilience, encouraging continuous vigilance and improvement in cybersecurity practices.
The closing remarks blend humor with a sobering acknowledgment of the continuous battle against cyber threats, leaving listeners with both insights and a sense of solidarity.
Key Takeaways:
Notable Quotes:
This episode of "Talkin' About [Infosec] News" blends technical discussions with engaging anecdotes and humor, providing listeners with a comprehensive overview of current cybersecurity issues while maintaining an approachable and entertaining tone.