Loading summary
A
I will say it is a little different than like the dot com bubble because at least some of the value is physical. Like you know, GPUs do have at least some physical value. Unlike the concept of Yahoo.com or ask Jeeves.com or whatever which has no inherent value.
B
Yeah, it was, it was vast. Vast AI. You can go rent GPUs all over the place and I rent.
A
Is that one of the ones that like lives at a like oil and gas production facility and like burns off of their extra energy or whatever? Like.
B
No, no, no, no, no. So like what did. This is like a marketplace where people just rent out their like computer sitting sitting next to them. One GPU or whatever it is.
A
Right.
C
Is this the same people make it. They have vast antivirus. I don't know if you should trust.
B
It.
A
If you install a vast on your computer, they will rent out your GPU for you. Not really. I rented like 30 50.
B
It was, it was really easy.
A
Yeah, I mean Amazon with spot pricing too can get ridiculously cheap for what you get. Yeah, yeah.
B
I don't know, I just thought it was wild. We obviously are in a bubble if the prices are that expensive but yet the rental is that cheap. I, you know, we're in something.
A
I mean it's always like, I mean it's these two factors like buy versus rent. You know, if you were to look at the housing market or any other market would that has like large capital investments. You know, buying an office building is expensive but renting out office space might be cheap. Like you know this is a dynamic that exists in any market.
B
Well, yeah, but you're, you're also talking about where there's like a reasonable supply and demand equilibrium right now. And there, there isn't that in the computing market, especially in the RAM and in the GPU market the, you know, the supply and demand is totally broken. But what I think is most interesting is that everyone is using that supply to then sell it back as a rental. So they're like buying every single house to rent it out but then selling it the rental price really low.
A
Yeah.
C
Just so you.
A
Speaking of, I don't know if we put this article in our show notes or if it really would need to be. But did you guys see that there's like a price fixing lawsuit that someone filed against Micron and the other and memory manufacturers. So I mean this is like not really cyber security. So we can cover it in pre show but basically people are upset about the whole RAM thing. RAM pricing to the point that there's actually a class action lawsuit, 14 individuals and three businesses against Samsung and SK, Hynix and Micron, the three main major manufacturers specifically covering DDR3 and DDR4. And basically the claim is that they stopped making DDR3 and DDR4 intentionally to drive up prices for it. But you know, we'll see if it pays out. I mean obviously this, it'll be very difficult to prove whether that price collusion type activity actually happened or if, you know, it's, it's turns out it's legal to just maximize profit. That's legal.
D
So
A
we'll see if anything happens from that. But it is a real article. I'll see if I can find a, a real link for it.
B
I was reading something that said that you know, every time that sometime there's like a price collusion, eventually some competitor figures out the, the, the way out and the, the price colluders pretty much
A
get, you know, get ran. Ran over pretty hard.
C
We can only hope.
B
We can only.
A
I mean, I know I, you know, I don't know, like I could see it going either way. But basically people are upset about prices for low end ram which should be.
C
Yeah, like DDR3 and 4. You can probably find a data center some. It's just throwing that away. Like I'm pretty sure I have a buddy who has like a moving box full of DDR4 that I will sell to you at cost.
A
Well that I think. Yeah. I mean basically that's like how it was for many years. Like Ralph and I were both buying. Like I probably have a tech thread between me and Ralph where we both Talked about buying 64 gig 6 of DDR4 for like 50 bucks a pop. Yeah, now that's like, that's like impossible.
B
The ram and my servers now is appreciating so fast. Like I'm making money take off it. Like I just haven't sold it yet. Right. Like it's a new investment. It's a new investment. This is actually like a capital investment right here.
C
Don't invest in the gold, invest in the ram.
E
Every time, every time a computer chip is made, an angel gets its wings.
B
Oh my God. Literally, I just want just put this in perspective. I was in a drawer that I have extra SSDs in and I found a couple one terabyte SSDs, like enterprise ones and they're like worth $300.
A
And I was, oh no, I know,
B
dude, throw them away.
A
Like I know home labbers. If you're a hoarder, cash in now or forever hold your peace.
D
This is it. This is your time.
A
All right.
E
I'm still waiting for floppy drives to appreciate.
B
Yeah, yeah, hold your breath.
A
You're gonna be waiting for a while. Vintage, though. At some point, it'll be valuable. All right, let's do. Hello, and welcome to Black Hills Information securities. Talking about news. It's July 6, 2026. Somehow it's July already. And this is a not an AI generated podcast so far. Josh Strand. Well, if you're watching this or listening, it will look and sound like John Strand is being generated by AI but believe it or not, he is really here. And he'll say something right now that proves he's not generated by AI. All right, so obviously, we'll go through introductions real quick. My name is Corey Ham. I'm director of continuous pen testing at Black Hills Infosec. I'm always pen testing, and I don't know what that actually means, but Ralph's here. He's a home lab hoarder. That's his job title. He has his more money in RAM than his house is worth, but.
B
Exactly, exactly. It's appreciating much faster than my home.
A
We've got Hayden, who's currently looking for jobs on the McLaren F1 team because he's in the sock, and that's just hard. That's hard work.
F
That's the wrong team to look for jobs on right now.
A
Yeah, I don't. I don't really follow F1, so I don't know what that means, but it makes sense. And then we've got Doc, and I don't. Is it. Is it Fletus? Fletus.
G
It's Fletus. It's Fletus.
A
Fletus. All right, you guys want to introduce yourselves?
C
Go for it, Doc.
A
Wow, you're too nice. You're both too nice.
G
You.
A
No, you go ahead, Doc.
G
So Fletus Poston currently serve as a director of IT and cyber security for an additive 3D manufacturing company running pretty much blue team activities. So excited to be here.
A
Awesome.
E
Cool. I'm Doc Blackburn. And you're not. I don't know why I'm here right now. And so that's. Continue on. There's. There's no need to.
A
Exactly
D
how did I end up here?
A
All right, I clicked a fishing link, and now I'm on a podcast. That's what I like to hear
D
this morning. Amazing.
A
All right, and then we've got Wade, who's professional also. I mean, I gotta say, you did Hayden. Wade, did you Guys, like, coordinate your colors. Are you both simulating that you're getting pulled over by the police or what's going on? You both have like a red.
D
The background. The background color.
C
Yeah, I thought that's how you're supposed to do it, just to make pretty backgrounds. That's what. That's what. Yeah, Ryan tells us.
F
I got
A
lights for three colors.
D
Yeah, you guys, I had a student compare me to Doc last week while I was teaching. He's like, ouch. You know, a couple of things. One, you don't have cool lights in the background. Two, you don't have any guitars in the background. And three, shave your beard. And he's like, I don't know if I can trust you. I'm like, God, now I'm getting compared to Doc, man,
A
I'm so sorry.
D
I think you set me up. So.
A
All right, let's get into the articles. I think we can start with kind of a follow up to the whole Huntress thing. We kind of brought that. Um, I think that matter, at least from my perspective, is now closed. And I want to give people an update in case they're curious. If you live under a rock. I'm sorry, you don't know what this is. Basically, Huntress is a defensive operations company who does a lot of threat intelligence. And recently there was a whistleblower who left the company and was basically claiming they were mishandling interactions with criminals and law enforcement. Basically, I think the. My summary, or like, my take on this is that it appears that, yes, this did happen. What the person claimed, basically an employee involved in an investigation did kind of tip off a criminal that, you know, the cops are come on to you or whatever Huntress is claiming. Basically that activity was investigated and handled internally. And my read on the situation is that the person, the whistleblower who left was not super pumped with that internal resolution and was like, okay, I'm going nuclear. So that's basically my take on it. They obviously did confirm some of the stuff we speculated about last week, which was that they do sometimes interface with law enforcement and they do also interface with cyber criminals, because, you know, that is the nature of being threat intelligence investigators. But also they confirmed that according to them, at least, nothing malicious or illegal happened. There was no tip off, no investigations were put in danger. No agent agents or other people were put in danger. In danger. I mean, it's a really tough situation, I gotta say that. You know, I kind of see both sides of this one. I get it from both perspectives. Obviously, going public is kind of the worst case scenario. But I don't know what are people's thoughts on this. I feel like it's kind of closed and weirdly, in a way that kind of works for everyone. I don't know.
D
I don't know how Kyle and the team could have handled this any better because they basically said, yeah, it's kind of true, but there's more to it and we can't talk about it. And see, that's what sucks about living in a gray area. Right? Like, you're always going to have these gray areas and they can't come out, say flat out, no, this is a lie. They can't come out and say, yes, it's 100% true. It's. It's true. There's going to be nuance. There's going to be something in the middle of what's going on here. I just. I really don't think that Huntress could have won this at all. I think that the statement is about as good as it could have been. It's still bad. I'm not crapping on it. Like, it could have been written better. It's just. It's nuance.
A
And they had to leave some info out intentionally.
E
They had to.
D
Yeah, yeah. And I still say this, that social media is not a place for nuanced conversations. And I'm sure that there's a lot more data about this that we'll never know. And to be honest with you, if they're working with law enforcement, law enforcement's happy. Then it's none of our business. Let's move on with our lives.
E
All right.
A
I agree. Any other takes on. On this? I think it's basically what I would say is if you are an organization following this and you do kind of similar activities, I think it's worth sort of trying to navigate these situations carefully. Right. Just like they are always.
E
Yeah.
F
Yeah. I thought what we're supposed to do with social media, though, is to make a lot of drama about nothing. So I thought we were supposed to do.
C
That was the wrong podcast. Aiden, how.
F
And then Ryan, big screens. Thanks, Ryan.
C
Yeah.
D
Brian throws him up in the big screen.
F
Yeah.
A
So, yeah, we try not to do that.
B
No.
D
And that's about all I got to say about that, Doc, since we're doing old references. Right.
E
That was a good one. As far as this article goes, I was going to say this has real strong energy of we've investigated at ourselves and discovered a vocabulary problem.
A
Yeah.
D
Yeah.
A
All right. On another, I guess let's stay in law Enforcement corner for a second. A couple of Scattered Spider or one Scattered Spider hacker was been extradited to the United States. It's a dual U.S. and Estonian citizen who's facing charges in the U.S. his name's Peter Stokes and he was arrested in Finland on 10 April. He was involved in four scattered spider breaches which if you don't know who Scattered Spider is, they're basically an English speaking group that was doing a lot of social engineering activity. They were the MGM breach party responsible for that and have occurred a lot of damage in ransomware also. I mean there's not much to talk about with this article except for I don't know if it'll come through in the summary but you have to show the picture because I'd like to. I'd like to congratulate. I'd like to congratulate the U.S. department of justice for maintaining their perfect streak of finding the most embarrassing photos of someone they possibly can and using them for the news articles. And it did a great job here. Such like I'm sure this poor kid has so many photos of him that are so much more reasonable than this.
G
No.
D
And this is what they only. These are the only two photos of this kid.
G
I go back to Hayden's comment. This is why social media is bad. Any and every photo can be taken and used against you in a court of law.
D
This is.
A
These are the only two photos of this.
F
Yeah, and he's got like a Gatorade water bottle. Like you got all that money but a cheap $10 water bottle.
D
So hey, is he wearing. Wait, is he wearing a necklace that says Hack the Planet?
A
Yes. And it's a diamond necklace by the way.
D
Oh my God.
F
Oh man.
B
Did you guys see how they caught him though?
A
So did you there?
G
No.
B
There's an article in Tom's Hardware that they used a Windows. Microsoft used a Windows 11 identifier. They worked with the FBI to identify the actual to get a. The GDID data to help with the FBI with the, with catching in. So the Global Device Identifier on their Windows instance, they actually use that to. To help track them down.
C
Bro,
A
are you telling me that operating systems track and collect information about their users? That's BS dude. That's why I only use Arch Linux.
D
Pair them with vendors.
A
I only use Arch Linux. So then my OS is always completely broken and I can't do crime.
B
Here's the wildest part. People get upset when they catch you doing a crime but when they sell that exact same data to Advertisers, they're like, oh, okay, that's just part of.
A
Yeah, I mean, yeah, it is. It is what it is. You know, criminal justice system hopefully will work as intended here, I guess. One last thing, John, question for you. Hypothetically, if this person was wearing a BHIS shirt, how do you feel? Like is that, is that, is it. No press is bad press or like.
D
It depends. It depends on the. So it depends on the shirt. Right. If they're wearing spearfishing social like, like really doesn't does. It's kind of, you know, just a clothing brand. Right. But if it's like bhis, like you know, like any staff where staff corporate shirt. I might be a little uncomfortable because I don't think our shirts pair well with that haircut. Looking at a strict fashion sense, our shirts do not pair well with diamond necklaces that say hack the planet. That specific hairstyle and I think it kind of clashes with a handful of cash, but other than that, I'm fine with it.
A
All right, moving on, moving on. There was potentially a leak this week. It's pretty spicy one. Basically the claim this is leaked information claiming that hackers breached DHS's information sharing network. Yeah, this one, I think there's a link somewhere to it and there's a few different. There's a Reuters article about it. There's a few different articles about it. I'll paste. But basically. John, have you read this one?
D
I have. And so yeah, it's possible that they broke into this network. I don't know what the level of damage would be from it because a lot of these data sharing networks, threat actors and breach data and things of that nature, especially whenever it's unclassified, like sensitive. But I think it was sensitive.
A
But yeah, they said information, it's. They haven't named the network that was supposedly breached and it just says it was an information sharing network.
D
And it's usually anything that's unclassified. The network that, that, that broke into has like crap data. A lot of it's data that we already like a lot of other sources are talking about it openly. I mean, yes, Department of Homeland Security, do better and secure your systems, but I don't think that this is like the equivalent of like full classified data breach or anything like that at all. It just, every time I've been around these data sets, it's not super, super interesting at all.
A
Yeah, I mean it says SharePoint was compromised as well. So I'm assuming, of course it was. Maybe it was the SharePoint CV that popped this week maybe.
D
Could be, could be. I would like. That would be a much more interesting story to me. But still, I don't know. Then it would be another interesting. Like are they running their own on prem SharePoint instance as well?
F
I hope.
D
I don't know. I don't think that this is like a big deal. Like oh my God, something horribly sensitive has been broken.
A
But yeah, yeah, I mean it's just a headline. Anytime that DHS is claiming a data breach. Right. Like that is, you know, the exact headline they're trying to avoid at any cost.
B
Yeah.
F
The article at the very end says.
D
No, no, no, no, no, no dhs, you can say that they're trying to avoid those headlines. What's the quote? I think Winston Churchill said Americans will always do the right thing after they've tried everything else first. Whatever you're talk talking about government security, it's like, well, we got to make sure we do a press release. We got to do this. How about we actually secure the servers? No, no, no, we're not going to do that. We're not going to put effort into that at all.
A
It's a legacy network, John. It's legacy and it's unclassified. How are you going to get funding always?
D
Yeah, it's right there. I think you just nailed it, Corey. You just summed it up perfectly.
A
All right, that's where we're at. But yeah, speaking of SharePoint, there is a. No, Kev got an edition this week of a SharePoint CVE. It's, it's self hosted SharePoint only if you use SharePoint like every, if you use SharePoint like every single organization on the planet does, it's probably cloud hosted and you're, you're not vulnerable to this. But if you are the weird ones who self host your SharePoint because of, I don't know, legacy information sharing networks like the dhs, there is a CVE and you should patch immediately because it was disclosed on July 2nd.
B
Yeah.
F
If you've ever used SharePoint, you know that it's kind of iffy. If you've ever thought that maybe it's not the greatest, you should try self hosting it because it gives you an entirely new opinion on SharePoint. It is.
B
Yeah.
F
And if that's not bad enough that you have to use the self hosted SharePoint. How many CVEs has it been for SharePoint in the last few years? It's been a couple that were pretty nasty. Yeah, it's been. Maybe move to something else.
B
You know what the worst part is if people think that the SharePoint on, like, regular Microsoft is somehow better, like in the cloud, they're like, oh, yeah, no, it's. It's just that they updated it before this one.
D
But that's my. That's the question I'd like to ask is you remember, like, years ago, there was somebody. There was a critical Exchange vulnerability, and the guy decided to see how long it took to patch it, and it was like, incredibly hard to install patch. Is SharePoint as difficult to patch as old on Prem Exchange, or is it a little bit easier? I don't know of anybody that's running on prem SharePoint Other than some of our customers from time to time. But seriously, is this like an incredible pain in the ass to patch, or is it pretty straightforward?
G
Usually. Usually it's still the same. It's tedious, but it.
B
Yeah. Okay, here's the fun patch one. Here's the fun patch lesson.
A
This.
B
Microsoft done this a bunch of times too, historically, right? You got to patch this and then you have to go to this version, then you got to go to that version, and then only this version. If you go to the other one, you're gonna break that. Yes, yes, exactly.
F
They love it.
B
They love it.
A
So what if I just go in co pilot or Codex and type patch my SharePoint. Make no mistakes tomorrow, buddy.
B
Yeah.
F
It would only work Fable if it's on Fable.
B
Nothing wrong with it's on Fable. No, it'll be like, sorry, I can't do this.
D
Corey, did you just replace our SharePoint server with an FTP server running on ARP?
A
Listen, the AI ran out of discussions. Yeah, I ran out, so. Actually, John, I have bad news. It is FTP, but it's somehow through iis. Don't question it.
D
There we go.
B
Yes. That's how you know you made it FTP with iis.
A
Yes, I've switched to move it. A more secure solution.
D
There's something we haven't heard in a while,
A
so we already kind of just talked about this without talking about it. But we're talking about Fable. What?
D
Wait, crap. I was gonna say, do we have any other stories? Hold on, hold on, hold on.
A
No, no, no.
D
We're not gonna go there yet.
G
We're not. He refuses.
D
Hold on. I'm not there yet.
B
I'm not.
D
That's AI.
A
Did you see the defeat airdrops?
D
Hold on, hold on. I got one. I got one. This story right here.
F
Yep.
A
This is another John's Googling non AI news article, right?
B
Yes, exactly.
D
Yeah.
B
Copilot summarizing the non AI article investigating.
D
Hold on. It's the guy that was investigating Pegasus in Europe and then they found out he had Pegasus on his computer.
F
What?
D
Yeah, so this is a. He was a substitute member of the European Parliament committee and they were specifically in the EU investigating the use of Pegasus and equivalent surveillance spyware, and they found out that he had Pegasus.
A
Okay, but the question is, are these two activities related? Does he just have bad hygiene or is this.
D
I would find it very weird if NSO hacked. Well, I wouldn't actually. I. Man, I flip a coin. I think it would be about 50. 50 because listen, this is the group in Europe that's studying NSO and whether or not it's going to be okay for people to use Pegasus and nso. I can't put it past. I can't put it past NSO to hack the members on that panel to see what they're coming up with. I. Oh, I don't know, 5050 on this one. Does anyone else have a take on that?
C
He was, he was trying to reverse engineer.
F
Yeah.
E
It's not surprising that the spyware being investigated apparently is attending every meeting.
A
Well, okay, I, I think I will say like reading the article a little bit in depth. I think that it probably was a non technical. Like I'm guessing this person was actually infected like as from the threat actors because they're a member of Parliament and they're on the committee that's supposed to be like investigating spyware abuse in Europe. Right. So it seems like that would just be a target for, you know, Corey,
C
thanks for taking all the fun out of it.
E
All right.
C
I made like five more jokes. Yeah,
G
Yeah.
A
I mean it is possible, right? Like, I mean sometimes people get a little technical, but also just to make it even more depressing, it was his iPhone that was infected. So basically, you know, his personal. Or not personal, but his phone was what was infected. It's probably pretty unlikely he was doing reverse engineering on his phone. Unless he's, you know what if he infected.
C
He infected himself on an iPhone as a false flag and then he was feeding them information. It was. He took John's Deception class. That was the key of it.
D
He did. That's how it works. I don't know. Everything I learned about how they reverse engineer in Europe, I learned from like, like James Bond Specter or was it Skyfall where the guy was just like running it on the actual network and blew up a building? So I don't know. Maybe.
A
Yeah. I mean, basically this is it is dating back a few years, right. This is 2022, 2023. I don't know exactly. We honestly, it's super interesting to think about. We don't know how active tools like Pegasus really are today. We don't know if these are still running rampant or not. There's been a lot of regulations around them. Obviously Apple filed some lawsuits against these companies. Like it's a pretty active. Like Apple's worst headline is we can hack your phone with Pegasus or whatever. But it's kind of crazy you because you have to think of it from the nation state, like level. The assumption I would make is that only nation states get access to run Pegasus against live targets. And so the question is what nation state is running a live Pegasus infection against Member of Parliament?
D
And that's why, that's why I'm like flip a coin that NSO group was behind it. Because you're 100% right. And as far as I know you still have to have a direct connection back to NSO servers. Like you just can't stand it up on your own. Just go like off road, right?
A
So there's no cracked copy. Although if you Google it, you will find a cracked copy. Don't install that.
D
Wait, what? I was trying to keep up with my hair.
E
I think Apple's just upset that they're not getting a 30% cut for each install.
D
I'd love to say someone tries. It's like doc, I just got a pop up. It said I have to download this app from the store in order for it to run properly. That's spear phishing in the future. It's like go to the app Store and download bhis. Pegasus is not Spectrops. Pegasus not trusted. Sec Pegasus B H I S Pegasus.
A
It's going to open up the app and it's going to ask for a callback URL and that you have to put this in.
B
I thought the European Union changed the rules so Apple has to have a alternative app store or whatever. I think that was one of the laws they did change.
D
So I don't know if it's in effect yet or not. I don't know I think a lot.
G
Well, that's what Apple Intelligence is for. You just tell Siri to go to use Apple Intelligence and put it back for you.
A
Yes, that's good for preventing it from ever getting infected because Apple intelligence is useless.
F
I was gonna say, by the way,
D
I want to say I'm proud of all of us. We made it 23 minutes without an AI story.
C
We go
D
do one more. Let's do another one.
A
Let's do another one. This is like a push up. How many push ups can we do before AI podcast happens?
C
Exactly two, I would say. I don't know if this is security, but I still think it's in the realm of Sony going completely digital.
F
Oh, I saw that. Dude. People are mad about that.
G
Okay, wait,
A
is this live?
C
Like this is PS5 games? Yeah. All PlayStation games are going completely digital by April 2027. So no more physical discs whatsoever. There's already. I'll throw you a link right now. You can just google it and you'll find something too though people are not happy.
D
Yeah.
C
So the thing is, Xbox is. There's already been talks that Xbox is already moving this way as well. But like, I'm not surprised about it, but I am sad about it, if that makes sense. There's also a bunch of great memes out there going around of like Domino's putting out a statement saying in response to the gaming industry, Domino's will be going completely digital by 2027. Then everyone else is clowning on them as well.
A
The classic pylon.
F
Yeah.
C
If you guys remember, I think it was like 2024, Xbox made a statement that they were going to do this and then quickly walked it back due to community. And Sony actually has a YouTube video out there saying like, oh, here's how you share a PlayStation game and just gives them the physical. But this looks like it's already in place. They're already ramping down one of their factories that is there just to make discs and then rearming it to do something else.
D
I just. Yeah, it's going to. It's going to run crypto mining or something. AI server farm. So this, this was. Okay. Like I don't give a about this one. Honestly, what does bother me is I think it was. Sony also said this last week that if you do not log into your account over. I can't remember how many months it was.
B
12 months.
D
They will delete your account. 12 months and they will delete all the games that you purchased. And that's a bigger deal for me. I don't know why people are more enraged.
B
But John, that's the same. That's the same. That's the same deal. It's. They're actually interconnected.
A
It is, yeah.
D
It is connected. Yes.
B
Yes. Because if you don't have a CD now, if I lose my account, I lose everything. Right. And then it just really comes down to the general thing.
A
Do you own.
B
Do you Own anything and you don't.
F
The goal is for you to not own a thing like an Amazon book. You rent it if you buy, you
B
rent it if you buy.
F
If you buy a game, it's now a rental. Everything's a rental. They don't want you to actually own anything. And the problem that also has a lot of people furious is these like, like these digital games that cost so much less to produce at that point. You don't have to produce them physically cost more and also continue to go up in price where like the new GTA will be over a hundred dollars or something. Ridiculous. Probably.
C
Yeah.
D
But the physical, the physical disc, a lot of the games my kids would get, you would get the physical disc, but you would still have to associate it with an account.
A
Yeah, the disk is useless. It just has to download anyway.
F
That was like.
A
And yeah, yeah, I mean I think
E
Sony having a great way of saying you no longer own the game, but please enjoy paying $70 for permission.
F
Right. You want to pass this game down to your kid. They now need to pay for it themselves too. Go to hell.
A
I think there's basically there's two takes on this one. Is there? There's always going to be a counter to this. Right. One is vintage gaming, which is probably just as popular as it ever will be. Are going to get even more popular. Right. People, especially if our vintage are more interested in playing games they played as a kid on NES than they are in GTA 6. Also I think for most people I talk to that play a lot of video games, most of them have some kind of a game pass type subscription and just kind of flop around. Like I don't own any of the shows or meet movies that I watch. I just have, they're like, they're, you
B
know, spotifying video games.
A
Yeah, they're spotifying video games, which, that's
F
fine if that's the model though. But if you, if you're purchasing a game for $70, you would assume that you at least have some amount of ownership over that product, which you don't.
A
Well, okay.
F
You never will if they have.
A
Yeah, I mean that's an interesting one because it depends on where you buy it, right? Like right now we're still in the like kind of transition phase of like depends on where you buy it. But yeah, long term perpetual licensing is
B
dying and that's really what it's getting to.
F
But I think it's already.
B
The disk is there, there. You should be able to copy all of it off and be able to save it and be able to, you know, have it to play, you know, because you bought the license one time, right?
A
Yeah. You know, basically the legacy stuff where
G
now everything is subscription based. I want you to pay me every month. Yeah, because you can't have this license anymore.
A
Yes. I mean, basically they're adopting, they've seen Amazon or other vendors do this, Spotify, you know, etc. Etc. A lot of other industries have already moved to this model and so they're just following it.
C
The thing is though, with like the video game stuff, especially with Xbox, right, they started losing money on their subscription base. Like they. And now they're, they're slowly walking stuff back. Hence there's another story with Xbox laying off a bunch of people and it's all their gaming division and they even, they brought the price down to try to bring gamers back. But like the subscription model isn't doing so well for gaming wise.
A
I mean, that's interesting. I, basically what I would say is I think this, this does also, you know, to tie it back into cybersecurity. This puts a huge target on the back of the firmware for Sony and like them as a company of like, this basically means people want to jailbreak this 10 times harder. And there is like, there is a real thing which is basically if you make piracy the easiest and cheapest alternative, people will just do piracy. Like the only real way to prevent piracy is to make it easier and cheaper not to pirate it. Right.
D
Like, well, it was like I. And that, you know, that's exactly what Netflix did. Whenever Netflix, it was kind of like Netflix and Amazon, you know, all the different Pirate Bay shit just kind of went away because it was so easy to just get a Netflix subscription or just get something on Amazon Prime. Now all of a sudden, like you have to have like five different subscriptions to be able to get to things. And now you're right, people are just like, well, looks like I'm going back to piracy.
B
Going back onto the sea, my friends.
F
Yeah, for PlayStation you need the $600 console and then you need their $20 a month subscript and you're buying the digital copy of the game.
E
You're already.
C
Ralph's already running local models. We might as well have them run a couple emulators for us too, you know?
F
Can we get on that?
A
Yeah, I mean, honestly, yeah. I'm curious to see how this evolves long term. Because like, first of all, Steam and the other like PC gaming can lean hard against this and kind of be a counter, be counter positioned and it might just take like, everything's poised to make console gaming kind of die. You have PC gaming being the most, like, polished it's ever been with the Steam machines and the Steam deck and all that stuff. You have consoles getting as expensive as computers. You have now subscriptions for everything. And, you know, Microsoft doing poorly with Xbox. Like, we're basically down to like two consoles. I don't know. It's, it's, it's rough out there if you're a console gamer.
B
Yeah.
F
And. And Wade mentioned the other Microsoft story. So that story is. Is Microsoft, but also largely Xbox is where the focus comes out.
A
Yes.
F
Because I think it was 4000 CEO. She mentioned it on. On Twitter or whatever.
B
I'm not going to say the word. Did they mention the word as their layoff or.
F
Yeah, I think so.
C
Yeah.
F
Because.
A
Because, yeah, let's see.
F
Literally 800 people and then 1600 of which will impact Xbox today. But they, they mentioned it like, very early. This is seven is what.
A
It's kind of messed up because it's literally the blog or the like, internal email subject was resetting Xbox. Yikes.
C
Yeah. You got to remember, like, a little while ago, they bought like, all the main developers, right? Because they're going hard on the subscription model.
F
That was a bad decision. And I think she, the CEO mentioned that specifically in her. Her release was like, this was not the right call to buy up a bunch of studios. That was not the correct decision.
C
I think it would have been the right call if they then gated. If they gated all the games. Right. Like, they bought some of the biggest ones. If they would have said, hey, Sony, screw you, like, then it probably would have worked.
A
I mean, I think they just, they just didn't make very good games is basically what it comes down to. Like, they, they spent billions of dollars making games that no one wanted to play, basically.
F
Yeah. And I can see the appeals of. Of Xbox and all that stuff, right. Like, I play most of the games that I do play on a PC, but I can see the appeal of an Xbox where you sp and like, you don't have to update anything and everything's ready to go. But now it's to the point where you turn on your Xbox and it's a 90 gigabyte update for something, and for whatever reason, it didn't do it automatically. Like, it's as much upkeep as a computer. But then you're paying. You know, they have like four tiers for their game pass now or something ridiculous. Like Netflix becomes more and More convoluted. Like it's.
C
I hit my download last month, I hit my download, limit it on my ISP. Yeah. And then they charge you $10 for every 50 gigs over. And I went a hundred gigs over.
A
Oh, wow.
B
Oh, whoa.
E
Well, there's still a simple solution to this that you're all missing, is it not? Minesweeper is still free, is it?
C
Yeah,
E
online.
C
Oh, it's online. You still have to be online though. It's not even on the host like,
E
but it's not behind a paywall.
C
All
E
if you ever had to pay for Minesweeper, I'm all, viva revolution. I'm with you guys. If Minesweeper goes, I'm gonna say just
G
go offline and play the, the browser based games. You got Dyno and Chrome, you got the Sthill Skiing and Edge. You can just go.
C
That's right.
E
Browser based games. You page source, just save and then I'm good.
G
Play it again.
F
So I'll segue us, Corey. What about instead of playing with games, we play with AI instead?
C
No, no, I got, I got a good one. Last one. Last one more.
A
Dude, there's more.
C
Claude. Claude routed Command and Conquer Zero. Yes. But they routed all of Command and Conquer Zero and ported it to iPad in four hours.
A
Yeah. What?
G
What?
D
Yes.
B
See, so developers got something.
A
So that's why GTA 6 is going to be taking a year and a
C
half to port is because they're Claude Pretty much, yeah. So if you want to pour any game whatsoever, just throw Claude at it with a Fable subscription and sit back and relax.
A
This is a broader theme that's happening in software in general, where people are just taking a weekend, ripping some Red Bulls and porting one piece of software into another programming language. Like someone last, a couple weekends ago did SQLite ported into Rust.
B
Every time they do a port with Rust, it's always faster though. I like, every time you see some like little port to Rust, it'll be faster, but it'll always be like a millisecond faster or whatever. Like nothing to like actually go.
C
Dude, I get so many Rust like port things to Rust ads and stuff to port to Rust and it's because of this podcast and you guys mention it so much.
F
Yeah.
A
I mean the thing is we're going to port this podcast to Rust someday. Just you wait. Yeah, no, 75% faster and it's going to be memory safe.
B
So actually to. To widen that up just a little bit more though. And I think what Corey's probably hinting at is is that we're going to see a lot more compatibility across different operating systems in games. Because it's so or not just games software as well. Because it's very inexpensive to do these ports. Right. Like the large language models are good at looking at already existing code and just modifying it for that Other languages
A
it speaks most especially for small legacy code bases like this. If it was running on Windows xp, Claude can rip through it in like five minutes. Like, you know, like the code bases are small.
B
So then what is Claude five years from now going to do too? Right?
A
Exactly.
B
I mean, you know, let's fast forward and just say. But I think that, you know, here, here's the deal. Hey, I made this game. I love it, it works great. I, I, but hey, I want to port it for our iOS and I never had the time to do that. Hey, look, now I can as a developer for a very low amount of effort and money.
A
So totally new. I'm sure app stores are about to pop off like the amount of submissions. It's probably going to be the same thing as like the hacker one thing where they just have to shut down new apps because, you know, making apps,
B
like especially simple apps, I've personally done it for iOS or Android is incredibly simple with large language models like they, the, the barrier to entry is like almost zero. That doesn't mean that it's good or bad or whatever. I'm just saying that you're going to have so many apps out there that do like one thing, which is like the joke, you know, where they have the app to turn on the flashlight. Like just the stupid amounts of apps that'll be out there.
A
Okay, so let's coin the term slaps right now for AI slop apps. The amount of nothing is gonna, this is this the shit is not gonna slap app. Let's just say that's not.
E
And there's.
G
I'll deploy an app, but I'll never be able to update it because I vibe coded it. No one's ever going to tell me how to report it back in.
A
Oh no. No other vibe coder can do that. Just save a little memory for Claude that says you are an expert's senior principal software engineer.
F
Make no mistakes.
G
Make no mistakes.
A
I do love people that like hard code. The number of years of experience in the prompt, it's like, is there going to be a difference between a senior pen tester with 10 years of experience experience and a senior pen tester with 15 years of experience? I don't think that prompt is going to change.
C
Oh God.
F
With a hundred years of experience, it's
A
like I don't know what to do. We're breaking time continuums. It's more the like. Anyway, what else we got? We got. Let's. Let's go. Let's dip into some AI stuff. There's the Medtronic breach. This is Shiny Hunters, not AI. That was a joke. I tricked you all. Basically. This is, I think from my perspective, just your traditional ransomware. This just feels like a. There's kind of thin on details but unfortunately some Social Security numbers were disclosed. Not that that really matters anymore because they were all already disclosed. They basically it. The stolen data has never been exposed. So we'll see. I guess it's unclear if they paid or exactly what happened, but basically they disclosed the breach and the data was never public.
F
So I mean the good news is you have 24 months of credit monitoring.
G
You get two years this time instead of 12.
A
You get two years. Talking about add it to the 60
G
years I already have from.
A
Exactly. Yeah, that was kind of one. We sort of already talked about this a little bit, but it appears so Flipper zero. Does everyone know what that is? It's basically a little device designed to annoy anyone with a Bluetooth compatible device at a security conference from what I can tell. And basically it. I'm not sure exactly. Did they like stop supporting it or. I'm just. The article is basically saying like okay, firmware, you know, is going to be supported by the community now. But what I'm not clear on is does anyone know? Did they stop like officially supporting.
C
I know there's a new one coming out, right? There's a new, newer version.
A
December 2025 was the latest stable, I guess. And then I. After that they essentially just said we're stopping. We're not releasing any more official firmware versions, but we are going to maintain it. Basically. Kind of like I would call it like a Linux model, ish. Where it's like community members submit PRs and things and like there's people from the company that actually review those and merge them basically. So it's like they're not actually.
G
If you read something down the article it states is they. They outgrew their team. Like it says 1 million pooper zeros generate so much communication that the smart team can't manage. So they're asking the community to help them manage it. Which is why they disable direct messaging on their social media channels.
A
I mean it makes sense, especially in the era of Vibe coding. Like can you imagine how many PRs they probably get every week.
F
I think it's like Open Claw got like a hundred thousand or some insane number where people can just throw slop at platforms as easy as they want. From their PH phones too, if they want like, I mean, a lot of
B
times these one off features though, you don't even need to submit it back. You're like, this one's for me, right? Exactly.
F
Like, you don't have to PR it. You don't have to. You can just keep it.
B
You can keep things, I mean, but you know. Yeah, you could just be like, hey, I built this thing. It works great for me. It does what I wanted, so now I don't have to complain in the forms.
A
Would someone please build this?
F
Yeah, keep your slop code as yourself. No one wants it.
C
Has anyone, has anyone let the. Like. I've been wanting to do this, but how haven't. And I wanted to clone. What are the Disney things that go on top of the box, Ralph that play music and stuff?
B
Oh, I've already done it.
C
You can, but you, you straight clone them.
B
You can't, you can't, you can't, you can't. They're called Tonys by the way.
C
The Tonys. Yeah.
B
Yeah. You can't just clone.
C
You can you, you can.
D
There's a whole.
B
Yeah, you can read them and you can make new figurines and you can redo the tags. They're kind of fun because you have to like elicit them to actually respond to you. So there's like a code y. So they, if you just try to use your flipper, right. To read it, it's not going to work. You know, you're going to need a proxmark and you know, a little bit of time. But yeah, you could totally do it. Yeah, some, there's some fun research into that.
E
So that's.
C
Well, I want to just plug, plug my flipper into my computer and just let Claude do it.
B
Yeah. So it's not fake.
C
Go at it, Claude.
B
Yeah, so if you ever, if you ever want to do that. I built some of these, like essentially design loops. If you can feed what you want and give it enough tentacles, meaning like give it access to all of the things that you could do. You could just have it loop through until it solves the problem.
A
We do not condone piracy on this show. But never, never go on.
G
GitHub just reminded you, you don't write prompts, you write loops. You write loops. Continue writing a loop. Never write a prompt again. Just write A loop.
A
Always write a while loop that only completes when your agent hacks the Gibbs and.
G
Or it runs out of tokens.
B
No, actually there's been a couple actually interesting articles, piracy aside, around just how the technology works. Usually when something like that happens and that will be the same speaking of that, with the PS5 and other things like that, when they finally are able to exploit it, you know, a lot of people do it not because they are just dying to play this game they can't afford or something. It's because they're just dying to figure out how it works.
A
Right. Yeah, I mean it'll be really interesting to see what kind of like at least right now in security there hasn't been much of like AI infiltration and. And bug hunting in like the embedded space. It'll interesting to see how that evolves over time.
B
Oh, it's going to be a freaking bloodbath.
A
All of that, like JTAG and UART and all that stuff and you know, like protocol fuzzing and I mean anything AI can. Yeah, I mean there was a recent. Fascinating.
B
There was.
A
I don't know how.
B
How necessarily it was. It was pretty recent. Essentially there was a vulnerability in some of the Bluetooth chips, right. That are used in headphones like the Apple Beats and some other devices, Bose jbl, a bunch of stuff. Anyways, essentially the vulnerability allowed you to totally compromise these devices remotely because the interface for the communication was just not secured at all and these chips were used and it was.
A
Oh God.
B
Bored.
A
So that is like the most dystopian. Like, okay, this is the new version of Listen to My Mixtape. It's like you're on a. You're in a public space and you're walking around with your headphones and an AI agent hacks into your headphones and says hello. It's like, please consider stopping by for some fudge.
B
You can send firmware updates unauthenticated to these devices. Oh, like, I mean, anyhow.
A
But the dude, I thought SFTP would be a fully. Or, sorry, TFTP would be a fully secure protocol for firmware updates on headphones.
B
So that's the thing. Bluetooth has its own. There's two communication protocols that it uses for this and if you select in this particular case, they just didn't secure either of them. And so you could essentially communicate if you're close enough to them, but you could do other things like change the firmware, monitor what they're listening to, hear what they're talking about if they're on the phone. Other Things like that. But the wild part is not specifically this model. It's the fact that these embedded chips get put across tons of different devices, and one of these embedded vulnerabilities could ess actually affect a whole class of devices that are utilizing them?
E
So I have a question for the group here. I'm just wondering, of everybody that's here, do any of you guys actually, like, buy a product and use it for its intended use? Or do you guys just clone it or hack it or whatever? I mean, it's like, it seems like nobody here actually uses the thing that they buy the way it was intended. Like, how can we break it?
A
No, it's because we only talk about the interesting ones that we don't use for their intentions.
C
Yeah, I don't want to tell you about those. I don't want them hacked. All right?
G
The answer is always, it depends.
A
Yeah, it depends.
G
What's my mood today?
A
Do I want it as it works
G
or do I want it as it doesn't?
A
What I will say. I was going to say, to answer your question more seriously, I do intentionally avoid buying the smart versions of things. If I can. If I. If I. If I have a choice of two. Like a dishwasher that has WI fi or the same version without the WI fi WI fi. I would probably buy the one without the WI fi. You know what I mean?
E
Like, I still tried to figure out why my microwave needs WI fi.
G
Turn on.
A
It's cold.
F
You turn it on. Warms up the house a little bit.
C
Nowadays, WI fi is behind, right? You have to see if they have mcps. That's what you want to do, right?
A
Yes.
B
Your microwave needs an mcp. Oh, my goodness.
C
I want to be notified on my phone
A
pocket.
C
And then I wanted to go and start my laundry for me all at the same time. All right? And I want the statistics and build
A
a nice chart that goes on as
B
you're going down that road with Home Assistant. Since Home assistant can connect to so many different things. Throw the AI model in with that, right? And then, like, you know, the world's your oyster at that point. Like, all these, like, problems that used to be like, rabbit holes. You would spend a whole day trying to get to work. You're just like, all right, go fix that. And so. But that dystopian world where you're asking it to do silly things, it could be soon.
C
Ral Ralph just created Smart house the Disney 1990s.
A
I didn't do nothing, Just built a
G
grana dashboard that he can look at for his entire thing through Grafana. He just look at Griffa all day long. This is how my house is operating.
B
I mean, I built. I built a. A gardening one. I put two cameras over a garden to watch my plants. I put QR codes above or like, where the plants are so that the model knows what the plant is. It takes a photo, sends it back, and then just does the gardening for. For me says, hey, you need to do this, you need to do that. And it has control over the watering and it has water sense meter, so it could just watch the whole thing. And then I get little status updates. I don't do anything. Status updates every day. Tell me what's going on.
C
Looking caterpillar detection. Caterpillar detection.
A
Firing slug lasers. Yes.
E
I was just going outside and watering my plants like an idiot.
B
I know.
A
It's like, there's a snake in here.
G
There's a rabbit in here. Get the rabbit out. Get the snake out. We're good to go.
F
So. So, Doc, a minute ago, do any of us purchase or use things for their intended use? I just learned that Ralph is using plants in a weird way too.
B
Exactly. Growing a garden. We've got all kinds of vegetables and stuff in there, like jalapenos. We've got tomatoes, all kinds of fun.
F
So it's fun tokens as well.
B
Yes. I'm growing.
A
I can't. I mean, yeah, I. I don't know what the end result of all this will be. Like at some point, Ralph's gonna have some guy that just shows up to his house unbidden in that says he was hired by AI to water the plants because the AI something broke and it doesn't do it.
G
Hey.
A
I was like, he's gonna. I gotta find a workaround. I'm in a loop here. I can't stop until the plants are loop. I'm gonna run out of tokens.
B
So I have to hire someone
G
delivering it to his door for him.
A
He's gonna have to Ralph in 20
E
years and he's gonna be shuffling around in Kleenex boxes on his feet and bottling his own urine and stuff like that.
A
Yeah, Psychos. Seriously though, you could, like, imagine being the AI agent, being like, I've gone on your Amazon account and bought some upgrades for myself so I can better serve you.
F
I mean, there is a product now that, like, is almost like a managed open claw, right? But they released some new feature called Human. Like, it's their product name. And then Human. Oh, my God. And then it can allow you to basically tell the agent to elevate that problem to basically a human operator. And then it will basically pass through charges to you, the user of that account. So you could tell it like, hey, I need you to place a. To go order from this place and send it to my address. And then it just charges you the cost of that item, I guess. And it's part of that subscription service
A
we talked about Rentahuman AI on this show. Like, yeah, we made fun of it back then. Now I'm already a paid customer.
B
No, I'm just kidding.
E
I'll move over to Agentic AI when it finally he says, hey, good news, doc. I got a job. You don't have to work anymore. I'll. I'll pay the rent. It's like that's when I. That's. That's AI for me.
A
That's the condition for your while loop. Just say Agent Loop, until you can pay my rent. Otherwise, please don't do crime.
F
Get a job.
C
I have a reference that's back to the news article. Did you hear that Amazon is STO has stopped accept accepting customers for their mechanical turk?
A
Yes, I did see this. For those that don't know what mechanical turk is. Mechanical turk was designed not for this use case, actually. It was designed for the use case of AI training, actually, which is essentially, you know, they would basically have some outsourced low cost labor. You say look at 6,000 pictures of a hot dog and confirm or deny whether it's a hot dog. You know, I guess. Did you actually fully read this, Wade? Why? Did they say why? Why?
C
No, they think they're. They didn't really say why, but it feels like they're sunsetting it. That that's what it is.
A
Okay.
F
That over.
C
Over the time it's been out for a long time and they said that serv. No new services have really come. And with workers and researchers abandoning it due to bots and fraud. Right. Like if they don't really know if it's a real person now, it could, it could be an AI doing the job.
A
So you're saying, yeah, oh my God, the workers can't be verified. They're like, how do we. I mean it's SER. Actually does create the whole like snake eating its own tail problem. Because it's like, okay, we have a bunch of workers claiming to be workers. They're actually bots. But then what do we do? Do we hire workers to verify the workers or bots to verify the work?
E
Like, isn't this, isn't this ironic that. I mean, what's wrong with the checkbox on the website that says I'm not a robot. You know, I mean, did we.
A
I mean that is now it's the inverse. Prove you're a human. I'm going to give you a complex equation.
D
Have.
A
Yeah, I mean that whole the captcha thing like, I mean we a little bit touched on it a couple weeks ago but it's like how is the Internet going to just straight up break? Because you have at this point who is actually manually using the Internet all the time? Very few people. Everyone's using the Internet through an AI agent. How does that change with captchas? And like, you know, as that evolves, you have people like Ralph who are just having an AI agent buy their groceries. So now all your captcha is a potential way to prevent or I guess that's Hayden that does that. Basically you're having an AI agent. If it, if there's a captcha, you are missing out on potential revenue. Right? You are like if you require someone to buy and then you know, the AI agent's like, I gotta bypass this captcha. What do I do?
B
And you know, yeah, maybe, maybe like verified agents. I think that might be something that goes through it like you know, an agent that's tied back to an actual account as opposed to just like, you know, malicious. Right. It's the same with like your IP address. I mean there's a lot of indicators to tell that are inside of captcha that can kind of tell. And one of those, you know, one simple one is your IP address. You know, if it's a residential, other things like that, it's not guaranteed. It's just like an indicator. And so they should probably, they will probably. To your point Corey, because everyone's using it, use more of those indicators to figure out whether this is a legitimate agent doing a task or it's a illegitimate agent trying to, you know, harvest
D
a bunch of stuff.
F
And I'm curious how they're going to factor advertisements into that. Right? Because as less and less people do the actual bracket browsing. Browsing just most websites now is horrendous. It's a terrible experience. There's 40 cookie notifications, there's ads everywhere that load in and out and move all the page content.
A
You created this problem Internet, right?
F
You created this. That's why I'm using Claude to Google things for me at this point. Like you think I'm gonna go through all 40 like sponsored results and look at Google's sponsored result which is also full of sponsors like Screw that. Like Claude's gonna do my people for me. Like. Yeah, sorry.
A
So weird. All right, let's do some quick fire. I know we only have about five minutes left. Actually. No, before we do quickfire, let's have Fletus and Doc plug. Plug what? You're here to plug what you got going on in your lives that you're here to talk about.
E
Go Fleetus.
G
Yeah, as I said, pre show, not a ton going on. Most of my talks were pre summer. I've taken the summer off from a lot of things. I do have a YouTube channel. It's just Fleetus post. If you want to see content, it's
A
usually a lot of sadly AI slo
G
recently just talking to people about what they're doing and not doing wrong. Strong cyber defense. I do a lot of human centric, so I probably bring the human back
A
into everything we're doing.
G
So if you human centric security is something you care about, you'll probably enjoy some of my content. Trying to make it out to summer camp. We'll see if I make it out there or not. Still looking for funding, so I'll set up a GoFundMe. You're welcome to send me out there. All right.
A
Thank you, Doc. What you got going on? You have a pay what you can clap class, right?
E
I do. I have a workshop going on on July 17, right? Is that what it says? I. I should probably put this on my calendar. It's. It's a class on access control. We're just speaking about the Internet. Trying to prove that you're not a robot now. You are a person and who you are and all of that. This class is all about that important stuff about being able to verify people's identities, able to authorize what people can do and the accountability of now that they have the access, did they use it, when did they use it, where were they, when they use it, Things like that. Now I am sure I know that a lot of the attendees to these newscasts. Yeah, you're like, oh yeah, no, I know about all this stuff. Do you? Do you really? And do you know how password cracking works? Have you cracked passwords yourself before? There are going to be a lot of really cool things in this four hour workshop that a lot of people think that they know and they're going to find out that they actually don't know it. And even if you're one of those people. Yeah, I know all that. I'm fine. Been there, done that. Have the T shirt, fine. Tell your friends. I don't know about you guys. I know that everybody here in this room group, you all know people that say to you, hey, you're in security. How do you get into security? I get asked that all of the time. And one of the things that I've done over it's been about a year now that I've really been working on this is to get people the training that they need at a price point that they can afford. And so pay what you can is a great model for classes like this. Tell your friends, tell your family members, those relatives, that kid that just graduated high school or college, tell them about this course. Because while I'm going to teach next level skills in the course, we assume no knowledge of technology when we start, we build up very quickly. But this class is for those people mainly who are looking to get into cybersecurity and they're trying to understand what those core concepts are. And this is just one of several courses that I have. If you click that picture, picture of me, I'll bet it takes my name right above it. It'll take you to a whole bunch of other classes, including an Introduction to Cryptography class, Introduction to Into Networking, and How to Think Like a Cyber Security Defender. So check out all of those classes. They're all very affordable. They're all, I would like to say, very high level, very valuable content. I know Fletus has seen the work that I do. Fleetus, can you vouch for me? And I say this shit's good. Is this good stuff?
G
Depends on the day, but yeah, most of the time.
A
Oh, wow.
E
I didn't pay you enough today?
G
You didn't pay me enough for this comment.
A
Your agent, your AG or AI agent bid a little low on that. Yeah, I'm still waiting on mortality to come in.
G
It didn't get high enough before you asked the question?
E
No.
A
On all serious notes, you will not
G
go away without learning something new. No matter if you've been in the field one day or 40 years, Doc's going to share a nugget of truth that you'll be takeaway.
A
Nice.
E
Thank you.
A
All right, some quick fires. Real quick. Because there were so many articles this week, we didn't get to everything, but there's some fun ones. First of all, hide my email, which is an Apple service, doesn't actually hide your email. That article kind of was a sleeper article and there's no. It's a 404 Media article. There are no details as far as why or how the vulnerability works. Luckily, this isn't public, but essentially They've reported this to Apple. Apple doesn't care or isn't fixing it or I don't know. But basically this feature that's designed for one explicit purpose doesn't work for its design purpose fully. Good job, Apple. A more quick fire. There was also a Palo Alto was being sued by a company that actually got attributed as a threat actor in an AI report and then turns out there were falsely attributes contributed and all their stuff was like basically blocked from the Internet. This is actually like a crazy nightmare scenario. I'll link it if you want some nightmare fuel. Basically this company called Meeting TV has sued it after basically someone published them claiming an article claiming their Chinese corporate espionage operation, which apparently they're not. Or at least they claim they're not. This is absolutely wild. If your AI agent hallucinates and attributes a threat to some entity that it's not attributed to. Super scary. I don't know exactly what will happen with this, but yeah, those are my last quick fires. Anyone else have any final quick fires before we shut shut this show down?
F
I got one. I'm sure you know what it is. If you're using Fable on Claude, you better switch to something else before tomorrow at that, like probably tomorrow night, because they're going to pull it and they're going to start charging you usage tokens for it. And I think I ran one prompt on that and it cost me 15 bucks. So I would not recommend you do that until they re add it to your subscription.
B
Yeah.
A
Yes. We didn't even talk about it. It would have been 20 minutes talking about it. But yes, the export controls are lifted. Fable, you have access. If you're me and you ask Fable if an apple is the same as a potato, it'll say this has been flagged for cyberpunk security reasons. You know, like it literally won't.
B
Sonic 5 mic Sonnet 5 came out.
A
Yeah, Sonic 5 is out.
B
And it's probably not worth you even switching, to be quite honest with you.
A
There's a lot of articles about it.
B
It's not even. Yeah, it's the same. It's more expensive, essentially.
E
Some.
A
Wait, is it really?
B
Yes.
F
I saw benchmarks that said that.
B
It's because of the tokenizer. It uses more tokens to do the same amount of work because it's better. So it's essentially just working harder, spending more money.
A
The pricing is the same, but it will cost you more because it uses more token.
B
Yes, it will cost you as much as Opus, so. But the bigger general thing that don't be surprised we're going to see, as these models keep coming out, is they're going to somehow be more expensive every time. Every time. As opposed to no way.
A
Yes.
G
What an epiphany. What an epiphany.
A
Are you telling me that the graph only goes up and to the right?
F
Oh, it sure does.
C
Once again, Ralph's local AI is just looking sweeter and sweeter.
A
All right, that 40k was money well spent. All right, Coming. All right. Thank you all for being here, and thank you for attending. If you're in the audience, we'll see you next week. I won't be here. I'm going on vacation. But I'm sure someone will be here to run the show, so have fun.
C
I'm gonna call in sick. Bye.
A
Bye.
B
Later,
A
Sam.
Date: July 7, 2026
Host: Black Hills Information Security team
This week’s BHIS Infosec News roundtable takes on a wide arc of the security world, from commodity hardware market shenanigans to data breaches, the reliability of cybersecurity tools, and the consequences of digital-only gaming. Discussion is both irreverent and insightful—as usual—with frequent side-liners on AI’s impact and the joys of hacking things purely for curiosity. The episode’s main headline teases a disappointing flaw with Apple’s “Hide My Email”, but the hosts roam across infosec news, tech industry changes, data breach dramas, and philosophical musings about ownership in the digital age.
Theme: The team opens by breaking down the oddities in the hardware and GPU markets, comparing current bubbles to the early dotcom era.
Memorable moment:
"Every time a computer chip is made, an angel gets its wings." (E, [04:36])
Casual intros with each participant riffing on their home labs and roles, interspersed with jokes about background lighting, guitars, and hoarding RAM ([06:27]-[08:32]).
Theme: Law enforcement and nation-state adversaries, catching criminals via OS telemetry.
Theme: Embarrassing government headlines and legacy tech’s insecurity.
Theme: Sony and Xbox plan to completely eliminate physical media for consoles within two years, sparking discussion about digital “ownership” and piracy’s resurgence ([28:24]-[38:46]).
On RAM hoarding and value:
"Don't invest in gold, invest in the RAM." (C, [04:33])
On digital gaming:
"Sony having a great way of saying, you no longer own the game, but please enjoy paying $70 for permission." (E, [31:37])
On Apple’s Hide My Email:
"This feature that's designed for one explicit purpose doesn't work for its design purpose fully. Good job, Apple." (A, [63:15])
Philosophy of tech ownership:
"Do you own anything? ... You don't." (B, [30:44])
On AI-generated apps:
"Let's coin the term slaps right now for AI slop apps... The shit is not gonna slap app." (A, [41:44])
On AI labelling collapse:
"With workers abandoning Mechanical Turk due to bots and fraud... you don't know if it's a real person now." (C, [56:02])
On security drama and nuance:
"Social media is not a place for nuanced conversations." (D, [11:27])
Apple’s “Hide My Email” doesn’t hide your email (A, [63:15]):
AI Hallucination Nightmare ([63:15]):
Fable/Claude changes:
Fleetus Poston: YouTube channel focused on “human-centric cyber defense.”
Doc Blackburn: Upcoming “pay what you can” 4-hour workshop on access control, aimed at all skill levels, with other approachable cybersecurity classes (Introduction to Cryptography, Networking, Defender Mindset).
Next week, expect more wild tangents, salty takes, and the latest in infosec drama and innovation!