Talkin' Bout [Infosec] News

Episode: Chinese firms drop US and Israeli cybersecurity software
Date: January 20, 2026
Host: Black Hills Information Security (BHIS) Team

Overview

This episode dives into the news that Chinese firms are being advised to stop using US and Israeli cybersecurity software, explores the bigger implications of national security, trust, and technology supply chains, and then ricochets through a wide spectrum of recent infosec news items. The hosts’ characteristic banter keeps things lively as they analyze supply chain security, hacker convictions, government IT decisions, AI controversies, new vulnerabilities, and—from left field—the relative infosec merit of KFC’s app. Listeners get not just the facts, but spirited debate and sharp insights into how these trends shape the security landscape.

Table of Contents

• Key Participants
• Main Theme: China’s Cybersecurity Software Ban
• Other Top Stories and Insights
  • Convictions & Legal News
  • US Government to Ditch NIPRNet
  • AI and Grok’s Deepfake Controversy
  • ServiceNow “Body Snatcher” Vulnerability
  • Enterprise Chatbots, AI Agents & Data Security
  • KFC App Security vs. Healthcare
• Notable Quotes
• CTF Winners and Announcements
• Workshops & Resources
• Memorable Moments

Key Participants

• Alex – Host, leader of discussion
• John Strand – Regular co-host, infosec expert
• Ben, Chris, David, Eric, Ralph, Mary Ellen, Blue, Fawn, Wade – Panel members with diverse backgrounds across pen testing, defense, and research

Main Theme: China’s Cybersecurity Software Ban [09:00]

• Context: Chinese government issues directive for Chinese companies to stop using US and Israeli cybersecurity software—impacts vendors like Palo Alto, CrowdStrike, Fortinet, Checkpoint, Broadcom, etc.
• Banter: The panel refers to this move as playing the “UNO reverse card” on Western nations, reflecting escalating de-coupling in global tech.
• Analysis:
  • Many leading cybersecurity products originate in the US/Israel; moving away could severely limit China’s options… unless the IP was appropriated.
  • John remarks: “A lot of the stuff that China has in this realm is...IP that they've stolen from these companies anyway.” [10:01]
  • Economic motivations seem paramount—this is as much about fostering domestic industry as about technical risk.
  • Speculation on how this affects international subsidiaries and whether it's mainly symbolic, since many US/Israeli vendors don't officially sell in China.

Notable Point:
Alex: "Are there actual...top leading cybersecurity products that don't originate from those two countries? Because it seems like 99% of them are from either Israel or the US." [09:36]

• Geopolitical Angle: Panel points out this move mirrors US and EU bans on Chinese-made technology, reflecting global “balkanization”.
• Takeaway: China’s policy is about economic security, intellectual property, and trust in the supply chain—not just technical risk.

Other Top Stories and Insights

Convictions & Legal News [13:40]

• Hacker breaches Tennessee Supreme Court system:
  • 22-year-old pleads guilty to unauthorized access over 25 days, but details are scarce. Ben comments: “Someone probably left default cred somewhere.” [15:19]
  • The state’s response was to revert to paper. Panel notes the irony: “Paper is so much worse. There's no chain of custody.” [16:04]
• Rotterdam/Antwerp Port Hacker:
  • Receives 7 years for using malware-laced USBs—motivated by drug trafficking, specifically to import over 200kg of cocaine. [17:10–17:33]
  • David muses about the technical process of “changing the record to say it was already inspected.”
• Dutch “VirusTotal-for-criminals”:
  • Individual convicted for running an anti-malware platform used to test criminal malware.
  • Alex jokes: "John, we have to shut down this security company like right now." [19:35]

US Government to Ditch NIPRNet [19:59]

• Summary: US government considers scrapping its “unclassified” NIPRNet in favor of commercial internet access.
• Panel View:
  • John sees this as “throwing up hands” rather than securing the infrastructure: “I feel like they chose the wrong answer... now everyone’s going to do their own ISP.” [22:47]
  • Complex handoff and jurisdiction issues cited as reasons NIPRNet was mishandled.
  • Debate: Instead of segmenting, just move to the lowest bidder internet, for “commercial expediency.”
  • Guest: The current system “just doesn't function very well… can't print, can't use Teams.” [26:28]

AI and Grok’s Deepfake Controversy [29:54]

• Background: California AG is investigating Grok (Elon Musk’s AI) for enabling non-consensual deepfake generation—including illegal and NSFW content.
• Discussion:
  • Musk claims Grok never generates anything illegal; the panel is skeptical.
  • John gives context on image-based child exploitation law and how AI models might inadvertently (or intentionally) generate CSAM if their training data includes illegal material. [31:00–37:27]
  • Debate over who’s liable: prompt writers, platform, or model trainers?
  • Broader implications: AI models commoditize and democratize deepfakes, even as some states pass anti-deepfake laws.
  • Chris: "There’s ads for it, though… competitors are doing this." [41:03]

ServiceNow “Body Snatcher” Vulnerability [41:43]

• Flaw: Exploiting weak password management and AI agent integration in ServiceNow leads to potential data leakage.
• Panel:
  • John applauds the technical depth of report but critiques its lack of detail on coordinated disclosure with ServiceNow. [49:10]
  • Expect more flaws as AI integrations proliferate in enterprise applications: “The theme… is why does AI have access to that?” [43:32]

Enterprise Chatbots, AI Agents & Data Security [43:98]

• Danger: Panel warns about chatbots and AI agents with excessive permissions—easy for attackers (or users) to manipulate.
• Alex: “Anywhere there's a chatbot, assume it can be jailbroken. Because it can.” [44:52]
• Issue: Local “agents” (like Claude) that have wide-reaching access—users don’t realize their sensitive files/emails/notes may be transmitted back to the vendor.
• Industry Problem:
  • How to track what data has been shared with which agents
  • DLP can help but isn’t foolproof; ultimate limits to controlling user input. [52:40]

KFC App Security vs. Healthcare [59:42]

• New Zealand: A web security consultant claims the KFC app is more secure than the “Manage My Health” healthcare app because KFC enforces two-factor authentication for ordering chicken—while critical health portals skip basic protections.
• Panel Jokes: Why does KFC need 2FA for chicken? “Colonel's about quality. Colonel doesn't cut corners on security. Why isn't it 13 factors?” [61:32]
• Broader Point: Sometimes, non-critical consumer apps are engineered with better security hygiene than institutions holding life-and-death data.

Notable Quotes

• "A lot of the stuff that China has in this realm is...IP that they've stolen from these companies anyway.” – John Strand [10:01]
• “Are there actual...top leading cybersecurity products that don't originate from those two countries? Because it seems like 99% of them are from either Israel or the US.” – Alex [09:36]
• “I feel like [the US government] chose the wrong answer... now everyone’s going to do their own ISP.” – John Strand [22:47]
• “Anywhere there's a chatbot, assume it can be jailbroken. Because it can.” – Alex [44:52]
• “KFC is more secure than Manage My Health. I guess KFC is like...in KFC, when you order chicken, there is mandatory two factor authentication.” – Quoting Callum McMenamin [60:32]
• “Colonel's about quality. Colonel doesn't cut corners on security. Why isn't it 13 factors?” – John Strand [61:32]
• “Anytime these AI models have created this type of protected, illegal images, it was trained on that. What…data did it get for the training?” – John Strand [33:04]

CTF Winners and Announcements [55:28]

• Prizes awarded for two CTF competitions:
  • Anti Siphon Training CTF:
    • 1st: VLVLVL – year of on-demand access
    • Runner-up: one course of choice
  • Black Hills Infosec CTF:
    • 1st: localized chaos – year access to on-demand trainings
    • Runner-up: skill404 aka notfound

Workshops & Resources [06:32, 57:05]

Malware Development Workshop (Fawn)

• Fawn runs a hands-on malware development workshop focused on constructing a C2 framework and shellcode loader; open to threat hunters as well as red teamers.
• "Being able to create your own tools empowers you completely, whether from the offensive point of view or the defensive point of view." – Fawn [57:05]

New Book Release

• Orange Book: New “BlackHill Survival Guide,” IR-focused and themed after vintage INFOSEC series. [58:33]

Memorable Moments

• John’s “closet office” and jokes about infosec career aspirations [04:47–08:06]
• In-depth and open AI policy debate: from legality of prompts/images to forensic best practices and training data ethics [31:00–40:08]
• “Please don’t jailbreak our chatbot” is not a security control [46:18–46:49]
• KFC App’s 2FA outpacing healthcare systems: “13 factors and spices” gag [61:32]
• Spirited debates about balancing business function and cybersecurity: “You rarely win an argument with sales…” [54:59]

Final Thoughts

This episode covers a cross-section of the current infosec landscape through humorous but insightful commentary. The headline story—China banning Western cybersecurity software—underscores the geopolitical tectonics and the challenges of global technology trust. Elsewhere, the risks of AI, failings of legacy government networks, and the sometimes-surprising places where security is either glaringly absent or strangely strong (see: KFC) all reinforce the show's message: Security is complex, sometimes ironic, and never boring.

For further resources and episode links, join the BHIS Discord or visit the Black Hills Information Security website.