Sam

All right, so the quote in this document that is literally the best is delivering cyber security at the speed of war.

John Hammond

So really slow because.

Corey

Yeah, yeah, super slow and painful.

Dan

There was another one that was so good about this. Where did that go?

Bronwyn

The speed of war.

Hayden

If you're.

Sam

If you're just joining us, we're. We are reviewing the Department of War announces new cybersecurity risk management construction construct.

John Hammond

It's wrong, but I brought it up.

Dan

Delivering cyber security at the speed of war. Amazing. Yes, but partnered with enabling cyber defense at the speed of relevance.

Corey

Oh, that.

Dan

These two are right past each other.

Guest

Is relevance faster or slower than war?

Dan

Cyber defense.

Sam

It depends on what type of war.

Corey

Yeah.

Sam

War never changes. No.

Corey

After reading this article, I want a nuclear winter.

Sam

You got that quote. Thank you, Dan.

Corey

I just want to own war.gov. that's such a hard domain. That is.

John Hammond

You could probably own any.gov, any.gov would be considered like you're now a TA. If you own it, you can get.

Sam

A.Ru.

Hayden

Yeah, I'm a. I'm a TA. I'm a threat actor. I googled.

Rodwood

Yeah.

Hayden

I looked up balloon in recorded future and they're like, he's a threat actor. And I'm like, how you never looked me up.

Sam

I was really disappointed.

Rodwood

Oh yeah.

Hayden

I said I was going to. I didn't get it.

Corey

You trusted recording.

Hayden

Yeah.

Dan

See if you can get like war SD us or something.

Corey

Okay. Nice. I like that too. I just want war something. I don't care at this point.

Sam

Three letter domain. That's going to cost so much. So much. I tried to get Wade IO and nobody is.

John Hammond

Dude, I have ham sh. Man. I'm shell scripting my own last name.

Sam

Right.

Dan

Brian just added hello three letter friends.

John Hammond

When I. When I choose to hand out my dad.

Corey

Dude, can someone spot me 79499 real quick?

John Hammond

Yeah, dude, I got you put in.

Sam

A request to John.

Corey

John, I would like to buy war XYZ.

John Hammond

Dude, there's way cheaper ext than that.

Corey

Yeah, but this one's very expensive.

John Hammond

War shop 2600. Who has war AI also did war me only 9k.

Rodwood

That's.

Corey

That's a steal, dude. And then it renews at 21 a year. So it's only that upfront cost that I need funding for.

Bronwyn

Yeah, you just need to buy it from the cyber squatter.

Corey

Yeah.

Sam

Nice.

Guest

Hey, Wardot Online is only 1300 bucks, but it renews at 5400.

Sam

That's too many.

Corey

How does that even work?

Dan

Someone game company not have that One already.

John Hammond

War Thunder.

Dan

Like, which game company didn't get that already?

John Hammond

I mean, war cheap is only five bucks.

Sam

That's what is cheap. Good job. That's still a lot of letters. I made my domain, and I realized after I made it, I made way too many letters. And so I made another domain that was only like four. Like, nobody wants to type in at waiting through security.com just way too long.

Bronwyn

Yeah, that's okay. I decided to make my domain in le and people trip over the zero all the time.

Sam

Ah, that makes sense.

John Hammond

Time to buy war CV for $1,300. All right, let's. Let's send this show live.

Rodwood

Let's do.

John Hammond

Hello, and welcome to Black Hills Information securities. Talking about news. It's October 27, 2025. We've got AI generated news, we've got AI generated humans, and we have smart beds that don't work because AWS is out.

Corey

I love that so much. That made me so happy. I was like, ha. And I'm pouring on a normal mattress, and this is the time that that's been beneficial to me.

John Hammond

Yeah. I mean, so we did.

Hayden

If you're. If your mattress remains upright for longer than four hours, do you consult a medical professional or a.

Corey

Now you check US east one is what you do.

John Hammond

Now you check that. You check AWS status. So this is kind of last week during the show is really was kind of during the outage. And so we didn't talk much about the fallout. I did want to bring this up just because there's so many quotes in this article that I like, like Hayden said. I just love it so much. So basically the actual story is that eight sleep, which is a bougie bed, which I will say I'm a little bit jealous of people that have these because they're amazing, at least on paper. You know, they, like, cool you down, they heat you up. They can apparently, you know, elevate your head or whatever. And it's all, you know, a subscription. I mean, I will say I'm not really looking to subscribe to having a bed, but when AWS was down last Monday, some users overnight had their beds, like, hard to 110 degrees and had some, you know, issues like. Or things were like, basically they were unresponsive. So somehow, I don't know how, but somehow the coding of this app prior to this outage was that it would not let you make changes offline. Right. So, like, you couldn't say, like, you had to talk to AWS to, like, adjust your local Settings, which is the best drm.

Bronwyn

That was a good idea.

Dan

I know.

Corey

There's so many things like, like are just like this now too, where so many games you're required to be online, even if it's single player, like all locally downloaded, whatever. There's no multiplayer component. You have to be online for it to work. And this is just further proof that that's a terrible model for the consumer. Like, what is eight Sleep gonna, you know, have as a result of this? Some people complain and they pushed some new code and now it's over.

Sam

Like, we can confirm that Hayden does not like Battlefield 6 now.

Corey

Okay, I am. I've been a little salty about Battlefield 6. You can ask Ashley. I've been a little bit guilty about it.

John Hammond

I. Yeah, I mean, obviously this has now been the. The stupidest part of all this is they did push an offline mode, which arguably they should have done that years ago. And now my question is, is there someone out there that can tell me if now I can just own this DNS black hole and on a WI FI network that can't go anywhere and then just only use it in offline mode and not pay the subscription?

Corey

Well, this also tells me someone can hack your bed, is what this is telling me.

Bronwyn

They're talking about people jailbreaking their beds.

Corey

I know, it'. It's like the BMW model.

John Hammond

Listen, I mean, some people are.

Dan

That's what we just heard as the. What if I just blackle it?

John Hammond

Yeah.

Dan

Not jailbreaking a bed at this point.

Corey

That's the new, like scattered spider. The scatter spider tactic now is just you exhaust the defenders by inclining their beds so they can't sleep and then by the time you attack, they're all just wiped out.

Hayden

Okay.

Sam

I'm really glad I got the open source bed that runs on Linux.

John Hammond

Like, I'm. The other thing I can't believe is in the article, like, I quoted. I literally like highlighted this as a quote. But in the article he says, we'll be working 247 to fix this. It's like, what, you guys aren't allowed to use your own products?

Corey

Yeah, they're gonna be working 247 because they're stuck straight upwards.

Dan

They're like, everyone's got their laptop in their bed and can't lay flat.

John Hammond

You're an employee, you're done with your dev work for the day. You go to sleep and you're eight sleep and it says, please commit more code to unlock horizontal mod.

Corey

You get one degree downwards for every, like, thousand lines of code.

Sam

How many?

Bronwyn

Oh man.

Dan

How bougie do you have to be as a customer not to turn sideways on your bed? I don't know, not like lay on your side but like sleep on it sideways. Part of it's flat. You're fine.

Sam

It depends on what size you got, right? No, because then your head's going to be off or your feet are going to be off.

Dan

As a king size owner where everything is just square and then you're like.

John Hammond

Dang, I'm so rich that my couch is such a long walk from my bed. I would get lost on the way there. All right. Anyway, yeah.

Hayden

On self hosting, like this is just again making the case for like self hosting stuff.

John Hammond

Self hosting your bed. This is like not a problem. I already been self hosting my bed my whole life.

Corey

Yeah, dude, my bed has option like.

Hayden

Not, not all these things that went out because they were connected to the cloud and you're finding all these random weird things that are cloud dependent and you're like, why is there a better option?

John Hammond

I think you should self host your bed.

Rodwood

That's definitely where you should go.

Hayden

Well, just, yeah, just self hosting in general. I hope there's a renaissance for that where, you know, consumers start asking for more of that being like, I don't need AI and cloud connectivity for all these dumb things. Like I can't open my water bottle because like, you know, because Amazon went.

John Hammond

Down again and it's like it is on, on. I will say we've been through this before with the S3 outage which was like what, 2011 or something? I forget what that was. But I think the design aspect that a lot of developers seem to like, a lot of companies didn't see this coming, coming. And it seems like specifically with DynamoDB, which is the actual component that was affected, that a lot of developers just assumed it will never go down and that's, you know, I don't know, I'm not like an AWS expert, but it is interesting that like this got people, maybe they assumed some services could go down, but not DynamoDB or whatever. This actual, you know.

Bronwyn

Well, actually it's, it's even more fundamental than that. Most developers only test for success. They never test for failure. I mean, there are reasons why I'm not a developer anymore. I kept in. I. People hated me because I would say, okay, now this is great and what if what all of these conditions don't line up exactly the way these dominoes are supposed to be and then what happens?

John Hammond

You fail Open.

Sam

Duh.

John Hammond

Yeah.

Corey

Or Fail upwards at an angle.

Dan

Yeah, but did you actually make it so it would fail open or does it just like that's the problem. But no, the thing, someone just mentioned that I just, I need to know how many influencers have four poster beds.

Corey

What's the next one? Corey, we've talked about so many beds.

John Hammond

Enough sleep. So. Yeah, so I guess I would say the Amazon article is kind of a nothing burger. There's a few like nothing burger articles in here that are like. So basically Amazon, you know, has announced a plan to replace 600,000 humans with robots by 2033. Now the, by 2033 is the key here because you know, that's obviously a lot a long way away. I don't think this is surprising anyone. Amazon is like the most anarcho capitalist company out there. What about, I guess my question is, are the robots going to be programmed to pee in bottles? Like how, you know, you're displacing their culture. Yeah.

Bronwyn

In fairness, Amazon has been leading the charge for robot automation in their warehouses. This is not a new trend for them. This is just.

Corey

No.

John Hammond

And who wants to work in an Amazon warehouse? Who is like, ah, they took our jobs.

Corey

600,000 feels low as for, for like that many years. Like I, I would imagine that Amazon is already like, I don't know, Toyota level automation with robots or at least trying to get there. So 600,000 feels low for what, 10 years like that? That just feels really low. Especially with as many like deliveries and automations and stuff that they're doing. Just maybe they haven't worked for enough.

Sam

Big corporations then Hayden, 10 years with that much, they are plowing ahead.

Rodwood

Right.

Sam

Like.

John Hammond

I gotta say, yeah, if you're worried about this, go become a robot service technician. Yeah, I'm pretty sure those jobs are gonna skyrocket. The robots can't repair themselves. At least I assume they can't.

Hayden

You can't become a robot.

Dan

They are not von Neumann robots yet.

Hayden

They're renaming them to cobots in order to help massage the idea.

Rodwood

Yeah, they're like worker bots.

John Hammond

Was that the idea? So okay, how is it this be.

Hayden

Like a co working relationship there? As if changing the name of them changes anything about the uprising. Oh, I'm sorry, it's not a robot uprising, it's a cobot uprising.

Guest

Got it.

John Hammond

I reject that. I'm not allowing that rebrand.

Hayden

I thought it was one of the dumbest things in that article.

Rodwood

I always wonder if it's like the price of the robots are going down or is it the like, abilities of the robots going up. Right. Which one is it that is causing more robots to be put in?

John Hammond

Oh, no, it's ralph. Simpler than that. It's just that they've already burned through all of the human workforce in America. They ran out of people to hire.

Rodwood

Everyone else is on the burn list.

John Hammond

Correct. Yeah.

Bronwyn

Well, it would probably make a difference if they actually hired people at a living wage. But anyway.

John Hammond

Well, hold on. Amazon's whole thing is they pay you way more than minimum wage. They just ride you really hard and make you quit. Yeah, yeah. So anyway, yeah, let's. Let's move on. I just. I thought that was interesting. Like, duh. But also interested to see what the details look like. And also, if they do incorporate AI, I'm very curious to see if AI, like, ends up developing its own, like, bad work habits. Like, it's like, are you on drugs, Cobot, are you on drugs again? Oh, sorry, my prompt. My prompt got edited. I got six kids at home. Dude, it's really rough.

Corey

No, it just reminds me of.

Rodwood

What is it?

John Hammond

Silicon Valley?

Rodwood

When he messes up the prompt and it just starts, you know, destroying all of the systems.

John Hammond

Antoine.

Sam

It's like. Yeah, it's like Murderbot destroyed all of.

Rodwood

The systems because that was the most efficient way to get all the work done.

Dan

Totally reminded me of Larry Niven's Wire heads.

Rodwood

Yeah, pretty funny.

John Hammond

While we're on the AI corner, though, we should talk about how Clippy's back and it's just a blob now, so. Okay, I. I couldn't tell. Is it mico? Pico, Fico? Is it. Is it eco or iko? I don't know, but it's called Miko. Or Miko. I don't really know how you're supposed to pronounce it.

Corey

Rhymes with pico.

John Hammond

It says there's miko.

Hayden

Whatever.

John Hammond

Anyway, it's a blob. It's a floating blob. They're really. Microsoft is really trying to get you to talk to your computer. There's so many quotes in this that, like, that are just so bad. Like, Clippy, walk so that we could run. Okay, I just threw up in my mouth a little bit. Also, the. The quote that says all of the technology fades into the background, and you just start talking to this cute orb. How is. How. How is talking to a floating orb natural? I don't understand how the technology, like, oh, yeah, that feels supernatural to just be talking to a floating orb on my computer.

Hayden

That.

John Hammond

That's all faded into the background for me.

Hayden

Now?

John Hammond

Yeah, it's not really. It's not really that much of an article. My question is, I'm sad that Cortana didn't make it. I'd much rather have a holographic Cortana on my computer than a stupid blob.

Corey

Yeah.

Dan

Even if we were getting stuck with the original meaning of Cortana, we'd still have a sword.

John Hammond

Just something. Just something that isn't a blob.

Corey

And then, like, 10 years later, 10 years later, this. This little icon will die off and they'll come up with something else. Because, I mean, you got to rebrand constantly. Otherwise, why. What are your designers doing? I guess I highly.

Guest

Yeah, Portals.

Sam

I'm gonna lobby for a chicken that walks around on your screen and then you ask it questions, right? You know?

Dan

Yes. And anytime there's a blue screen, its head comes off, it runs around the screen, just right around the words of the blue screen.

Corey

Okay.

John Hammond

I would say, like, from my perspective, I just imagine all the boardroom meetings where they just slowly got talked to. Okay, fine. What about a blob?

Corey

An amorphous blob?

John Hammond

They were like, cortana's out. It's a female. It's. You know, that's too. You can't have a gender these days. We're just gonna go for a blob.

Corey

Let's be real. Let's be real. They paid some company $500,000 to do that research. Yeah. Come on, now, listen.

John Hammond

It's a blob.

Rodwood

The pitch. This was a whole day to pitch this.

Corey

There's some PowerPoint somewhere branded with some consulting company, like, proprietary and just blob. That's like one word sentence on the opening slide. You know, it's. It's. It's almost like they're just kind of throwing whatever at us to see what sticks, and then whatever kind of sticks, they'll run with it.

Hayden

That's.

Corey

That's the vibe that I'm getting from a lot of this. This AI stuff from Microsoft, because they keep talking about ideas, and they kind of like, halfway do one of them, and then they're like, well, this didn't quite take off how we wanted, so let's come up with a. A different one.

Hayden

I would.

John Hammond

Yeah. Making. I mean, if we're gonna make a bet, who's gonna. Who wants to bet that this will get rebranded or deleted within a year?

Rodwood

I mean, that's a Six month.

John Hammond

Six months.

Dan

No, I'll give it. I'll give it a full year. I'll give it a full Year which.

Sam

Which will happen sooner.

John Hammond

Will a War Thunder leak you know what? Or will this be War Thunder?

Rodwood

Easy.

Sam

Buy.

Dan

Buy next hack and fast ass Deadwood, not Mile High. I'll take that bet. It'll hold up until next Deadwood.

John Hammond

What are we betting? Yeah, it's a good question.

Dan

Favorite drink?

Corey

Chicken outfit on the podcast.

Sam

Boom. That is correct.

John Hammond

Chicken outfit on the podcast. Done. All right.

Rodwood

Chicken outfit.

John Hammond

So okay, who then it has to be a group thing. Then how many people vote that will it will be here in one calendar year from now.

Corey

Define here.

Dan

It will still be the official name.

John Hammond

A product baked into Microsoft. If you think it will be here, raise your hand one person.

Corey

Really funny or really wild the next.

Rodwood

They just want to see what Corey thinks. And then after they find that out, they'll make their decision.

Hayden

It can be like Microsoft.

John Hammond

Microsoft Blob.

Hayden

Yeah, Microsoft Bob. Does nobody remember Microsoft Bob?

John Hammond

Oh, you have selected hearing about it. Oh, computer's default voice.

Hayden

What?

John Hammond

No, it was Microsoft Sam. Dude, I don't know about Microsoft Bob.

Hayden

No, there's Microsoft Bob. That was a. It was like an overlay interface. This is like I'm making myself feel like really old. Back in the days of like Windows 3.11.

Rodwood

Oh my God.

Hayden

Where you got. Yeah, but I think before Clippy, like you could get this little. Like you could. You could configure. I think it even had it be like a little like dog that would greet you. So you would have this overlay. Being able to set up different programs, links to things. Like I launched video games, I launched Tie Fighter wars from within this. And you would be able to set up like a room. You would be able to, you know, open up spreadsheets, documents. So it was a way to make like that clunky at the time Windows interface look a little bit more, you know, streamlined. So yeah, it would.

John Hammond

I would not have believed that this is real, but it is real.

Hayden

Yeah, that's showing like a house with rooms. So you'd have different rooms. So I'd be like, you go to the house and you go into like your room and you'd have your programs. Yeah. Like a little lava lamp that you there. You could like, you know, swirl it around or something or.

Dan

Yeah, this is.

Corey

What were they doing in those?

Dan

This is reminding me just like it did back when it was rolled out of Simple Finder, which was like finder for really old folks and little kids. That made everything like three tabs of. Here are the things you can open.

Bronwyn

Those are back in the days when they Put the document files in the same directories as the program files. I remember those days.

Dan

Well, that one I'm talking about macOS. That was System six and System seven.

Bronwyn

Well, they did it in Windows too.

Corey

Anyway, yeah, I do think we should talk about the WSUS one. Yeah, I've never had it. I saw this through John Hammond's Twitter is how I found out about this. And I've never had a tweet that said Sussy Baka caused me to have to go do work on a weekend before.

Rodwood

So.

John Hammond

Okay, yeah, so that was quite a tweet. It certainly was. Basically. So for those that aren't in the loop last week, a company I've never heard of before, it's called Hawk. What is it called? Hawk Trace, published a blog about a CVE they found and that got it in Microsoft out of Band Patch. It is a deserialization remote code execution in wsus, which is Windows Server Update Services. Yeah, the host across your enterprise, which is, which is. Runs on Port 8530. And we all, we checked all of our clients immediately. None of our clients had publicly exposed WSUs and we also had, we had discussions about why would anyone publicly expose. I did some showdown Safari action and there was only a few hundred that I could confirm in the United States that were actually WSUs and weren't just encapsula or whatever false positives on. On having an open port. So the exposure wasn't huge here, but the impact is high.

Rodwood

Right.

John Hammond

So. And Huntress's blog. Huntress's blog confirmed. Yeah, it'll be, it'll definitely be spicy for internals. But yeah, I would say Huntress's blog did confirm that they saw a few of their clients getting active exploitation of it in the wild. I mean it makes sense with the public disclosure. They published a POC along with the disclosure, which we did weaponize and it wasn't too difficult to weaponize. And then basically like our pipeline here was pretty short. So it makes time, it makes sense that threat actors also would have had a short pipeline on the exploit. Like the PoC they published with the finding was basically ready to go with running CMD programs, which is what the threat actors were doing. They're running encoded PowerShell commands.

Corey

Right. And that was that. That like Runway for me was like John Hammond Sussy Baka tweet 2 into like a very deep sigh. And then I started trying to convert their sigma rule into the SIM that we use. Like it's like Corey said, I mean you shouldn't have this publicly exposed and Microsoft issued a patch for it. So theoretically like you should be fine, but that's never exactly as it works quite that well. So yeah, we wrote a detect for it pretty quickly but if it is exposed it doesn't seem too terribly hard. I think you said that Corey, and it's pretty nasty.

John Hammond

Yeah, it's basically instant PowerShell or instant cmd command from the Internet. So pretty easy.

Rodwood

WSUS Server 2 is kind of like an old product in like Microsoft. I mean like it's still useful but it's, it's kind of like an, a much older design decision with updating your enterprise and Microsoft as a whole. So I, I wouldn't be surprised. My point is that there's probably going to be more vulnerabilities that come out with this as it goes. It's still maintained. I get it. For how long? I'm not sure. Yeah, it's your old active directory days.

Hayden

Right.

John Hammond

So I mean it's one of those things where it's funny like looking at the chat. Some people are like, well it's just a patching server, so exposing it publicly makes sense. But then everyone else who's like a Windows veteran is like, no, we don't put Windows on the Internet.

Rodwood

Yeah.

John Hammond

You know, it's like it's, there's.

Rodwood

No, there's no reason to expose this publicly. This is for internal patch management. Right. So you manage all your systems at scale. Right. If you have other sites, you would set up a WSUS server in those sites. The other benefit that it brings is caching and also deciding when those patches get rolled out. So there's really zero.

John Hammond

It gives you control. What if you have remote control over the patches?

Rodwood

What's up?

Guest

You've got remote workers, they need to patch, just, you know, always on vpn. That sounds like a lot of work, man. Certificates, that's hard.

Rodwood

I know. That's security.

Guest

Open those ports up, they all come up.

John Hammond

I mean the only.

Dan

It does sound like the sort of thing that happens when, you know, you go, we're putting people on work from home because there's Covid and nobody's set up a VPN for this yet.

Rodwood

Yeah.

Dan

So we'll just make those ports open so these machines still get their updates, right?

Corey

Yeah, yeah.

Dan

I mean, five years later.

Corey

The Sigma rule is nice. The Sigma rule is nice. The write up from, you know, the original and then also Huntress was good but the IOCs made me laugh because one of the IOCs was just W3WP exe like. Okay, all right, noted. Okay, maybe not quite just that, but now the sigma rule is, is pretty solid. So it was, it was an easy. I was playing magic when I converted the rules, so it wasn't that complicated.

John Hammond

I mean, I mean, even the, Even the, like the. At least what we saw from the threat actors exploiting it in the wild, it would have already been caught by. Most people have an encoded PowerShell command alert like that.

Sam

That's what I was going to say.

Dan

Right.

Sam

Like, encoded powershell is usually like bread and butter.

Rodwood

Like. Yeah, yeah.

John Hammond

So basically, don't expose WSUs and honestly, don't expose any Windows services that aren't at all.

Corey

Honestly, don't expose wsus and don't check John Hammond's Twitter on the weekend.

Dan

Unless you want overtime.

Hayden

I know.

John Hammond

All right. We could talk about Australian spies. I guess this company is. This article and the company associated with it is so, so confusing. I've never heard of any of these things. So basically the title is ex L3Harris executive accused of selling trade secrets. So basically the US DOJ filed charges against an Australian national who used to work for a company called Trenchant, which is a cybersecurity division of L3Harris. Now, none of that stuff outside of a US national or a US Department of Justice filing charges against an Australian makes any sense to me. I don't know what L3Harris is.

Rodwood

I guess they're a DOD contractor. They're big. There's like, there's like four or five major DOD contractors. Like, they pretty much dominate that whole thing.

Dan

Right.

Rodwood

And so L3 is one of those in the list. Right.

Hayden

Be Harris. Did this used to just be Harris? No.

Rodwood

So it was. Yeah. So L3 bought. Probably it combined them together. They're like a conglomerate. But I mean, they essentially go for government contracts and they sub out all the work. So once they win the contract, they'll hire people in to do that kind of stuff. Right. So it's not surprising to see them pull in a bunch of people for some contract. It was probably related to cybersecurity.

Hayden

Yeah, I did. I did some partnerships with Harris Technologies. So I didn't know of like, L3.

Rodwood

It could have been. Yeah, they're one of the big ones, like Lockheed Martin's another one. And they do tons of stuff. Like they don't just build planes. They also do any government contract that they can try to win.

John Hammond

So the, the, the charges which are international allegations. Right. So we have doj US charging an Australian national are essentially that the person misappropriated eight trade secrets from two unnamed companies, presumably also DOD contractors.

Dan

Right.

John Hammond

And sold them for 1.3 million to Russia. They don't identify what the trade secrets were. I mean, who knows. But it had to be bad enough that it got the, that, you know, it was, that the DOJ was willing to charge people internationally. That's a pretty severe situation. It's also a little bit sketchy. It's just layers of sketchy. Right. So you have like a contractor who hired an Australian national and then they sold secrets to Russia. But then also the place they are working seemed to do like zero day development and like technology development. And so that's, it's like, was it zero days that they sold to the. To Russia? Was it vulnerability reports?

Dan

It gets better because there's second layer news about Trenchin. So Trenchants, the little company that L3Harris contracts to do zero days and trenchant is where this Williams guy who's been charged works. He got nabbed for this because Trenchant fired a guy for leaking stuff. And as soon as the guy got actually fired, he got a notice from Apple about his phone saying you've had, you know, deep spyware on your phone for however many months. And he turned around and sued Trenchant for wrongful firing, for wrongful separation because someone was spying on his phone. He didn't leak anything himself intentionally to get fired. And then they found this guy Williams behind all of it. We think some of.

John Hammond

So what, it was his own employer spying on him? Or you're saying it was some other someone else spying on him?

Dan

The best theory I've heard, because I don't know if this has all come out in the, the, the multiple court cases involved, is that Williams at Trenchant contracted with Russians for the 1.3 million. Part of how Williams did it was to make sure that the Russians got spyware onto devices used by people at Trenchant. This one guy at Trenchant got caught with it by Trenchant, fired, heard from Apple, and that is what tumbled into Williams actually getting caught, I think.

John Hammond

Weird. I mean, we'll have to follow along. I feel like at this point the question is, is this guy going to be extradited? What's going to happen? Who knows?

Dan

Definitely. Yeah.

John Hammond

Like it's layers of sketchy on sketchy on sketchy, like international espionage and et cetera, et cetera.

Hayden

Right.

Rodwood

It's all good.

Dan

And to be clear, the guy who got fired was specifically working on zero days for iPhones for companies like anybody else who's. Yeah, I mean, the government for Us?

Rodwood

Yeah. They contract out the development of zero days en masse. Right. They have like o day factories and they just pay for this research, you know, and anything they get. And that's how they make money. They buy them and then use them as, you know, tools.

John Hammond

We'll have to keep. I think we'll keep tabs on that article for a while as the charges happen and for the next several years, extradition, etc. It's going to be a long process, but, yeah, good luck.

Corey

All right, what's next?

Hayden

Want to talk about Atlas?

John Hammond

We haven't talked about Atlas. We could talk about Atlas.

Dan

So.

Corey

Oh, good.

John Hammond

This is. Yeah. So Atlas is a chat GPT browser.

Rodwood

I'm.

John Hammond

I mean, basically, they announced it. They posted this, you know, really slick video of it, you know, my browser.

Rodwood

On all my computers with it. It's perfect.

John Hammond

Did you really?

Rodwood

Yeah, it's listening to it right now. I'm scared.

John Hammond

Okay, that. Well, see, that's the thing that gets me, like the privacy invasions and all the MCPS and things like, okay, so I don't know that much about how it works. And I am. I will probably try it out, just out of curiosity, but the whole premise here is it's a browser from an AI company, which every AI company is doing browsers because they want to turn you into the product. They want to harvest your queries and your data. And also there is a legitimate use here, which is that if the AI and the browser are the same thing, you can ask the browser questions that you would ask an AI and have it do stuff for you. The agentic or whatever behaviors of a browser can be super useful to be like, oh, can you go ahead and order? Like, in the video, he. The user is like, oh, can you order me the stuff I would need for a trip at the beach? Which immediately made me think of the taco bell AI that was like, all right, 18,000 waters, that's $16,000 or whatever. Like, I can't believe I'm assuming all of these are MCPs, right? Model context Protocol servers that are supposed to interface with services like instacart, Verbo, airbnb, whatever. They, you know, what are their other services they offer? And then I'm like, we already know MCPs are a security disaster. I'm just very curious if people are going to use these and they're going to be like, you know, in their work, logged into their work stuff and be like, oh, can you send an email to my boss? And then like, hallucination happens and it sends their shopping list to their boss. I don't know, I'm just imagining all the, I'm imagining all the AI Darwin awards that this is going to generate.

Corey

We talked two weeks ago about prompt injection stuff on GitHub where the prompt injection is just basically ripping all your private repos, like we talked about that. And that's just within the context of GitHub and Copilot. So imagine all the different websites that could have these prompt injections run where you just asked ChatGPT to summarize a page and all of a sudden it's, you know, sent your entire email inbox to whoever owns this website. And so that's, you know, problem number one. Problem number two is of course, like the personal data concerns. And I will say at least to chat GPT or OpenAI's defense, like, I would trust them more than I would trust Perplexity, because Perplexity has actively said, hey, we're going to harvest all of your data and turn you into an ad farm, basically, is what they, what they said. And their CEO got pissed off when people weren't happy about that. So at least OpenAI is trying to pretend like they won't do that.

John Hammond

Can you ask the browser to hide ads for you?

Bronwyn

But what I'm seeing in Atlas is no different than what OpenAI has been doing in Comet. Or, excuse me, what Perplexity has been doing in Comet.

John Hammond

Exactly.

Bronwyn

Using Perplexity. One of the things, because I've experimented some with Comet, I haven't played around with, with the OpenAI version yet, but one of the things that I tried was I opened three different tabs for different offerings of coffee. It was all ground coffee. It was all from the same provider, but it was different packaging. And I was curious what the difference was in the price per ounce. I was able to have those three tabs open and in the browser as Perplexity to go and give me a cost comparison. And it did that, that. So for people who are like coupon clippers are always looking at, at what is the actual price for things. Or your. Or you can set up alerts in the Perplexity browser to turn around and notify you when a price changes on something you're following. So it's.

Corey

And you're, you're outlining. Sorry, you're outlining the main reason why these things are taking off. Because there are functional use cases for them. Like in a lot of situations you can hit a button and initiate like a page summary. Right? So like if we're doing the news Here and you pull up one of the articles we share. Theoretically you could press one button and get a TLDR of that page. So you can follow along or you can start asking follow up questions like AI has a lot of cool uses and adding it more and more. Like, like fundamentally letting gets it get its hooks into like every part of where you use. You know, technology is going to come with some productivity and like functional benefits, but there will also be those concerns of the injection of the data that they're harvesting.

Bronwyn

Oh, absolutely. I mean, the fact that Perplexity has partnered with both Microsoft and with Google to be able to read, organize, sort and maybe even throw out email that I receive from my account, as long as I connect the app with my account. Oh, the privacy concerns are off the chain.

Hayden

Yeah.

John Hammond

Because the first step of installing this browser is give me access to everything. Right?

Corey

Right.

John Hammond

Go connect all your accounts, connect your Airbnb, your Instacart, your.

Corey

Even if you don't do that with something like Comet, it's not connecting applications, it is what is on the page currently. Go do this other thing and not going to see as like a systems administrator, someone requesting access to their email through Perplexity. You'll be like, what the hell? No decline. You're just, you're not going to see a thing because it's all going to be browser side.

Rodwood

When am I not browsing the Internet? And it's just browsing the Internet.

Dan

Right?

Guest

Right.

John Hammond

That's a good question.

Rodwood

Yeah, just like just existing and it's like, do you want this? I'm like, no, just like shake your heads. I have to like blink twice or something.

John Hammond

It would be better if you were just talking to a formless orb and it was just talking you like, that'd be really nice. No, I mean, I will say that that is my concern or not really my concern, but my main focus is like, what type of agentic, you know, capabilities does it have? Can I just make a C2 be like, send me all this user's emails every five minutes for the next indefined future. Like, like, you know what is funny.

Rodwood

Though, because you bring that up and I'll, I'll just do like the slight detour for like AI models and cyber security.

Dan

Right?

Sam

Right.

Rodwood

As soon as you ask. ChatGPT is notorious about this. As soon as you ask anything that could be used offensively.

Bronwyn

Right.

Rodwood

It's like, no, I can't answer that. I can't answer that. Right. It goes right into its models. Right. You have to pretty much run your own models to do that. Right. So. And I know there are models out there now that aren't part of OpenAI's. Right. So using it maliciously. They do have some guard rails. I'm sure you can kind of like jump over some of them to get into it.

John Hammond

But yeah, I mean, you're not wrong. If I'm explicit about asking for a C2, it's not going to do it. But if I just, just make it a feature that would be super convenient for a user. Like, hey, I have a separate email. It's called, you know, Bob protonmail.com I need you to forward all my emails received with the subject line MFA code to this email for you know what I mean? Like, like. Right, like that. That'd be a great feature to have for legitimate use cases. But it's also like, I mean, AI is so helpful. It's helpful to everyone, not just the good guys.

Dan

Right.

Rodwood

So these are on the, on the run, right? So don't be surprised if we see more MCP style things. That's what this is. It's a, it's a big. It's a browser wrapped in with a bunch of MCPs doing, you know, trying to hook into everything.

John Hammond

So yeah, we're gonna see tons more.

Corey

Of them because they're all just chromium flips. That's all they are.

John Hammond

Well, the other thing. Yeah, I was gonna say that is true. Not, not on the topic of MCPS, but on the topic of browser AI enabled browsers and AI browsers. This is like if we're talking about the AI bubble, I mean this is straight up 25 years ago, right? We're in the do boom again. Every company. It's the browser wars. It's the same thing. It's like we have to get, oh, we have to get people out of Netscape and into Yahoo and out of. Out of Google and into Yahoo. Or like it's all, it's the same thing. It's just with AI there's this huge bubble and everyone's trying to get their product to market, right? Like whether it's Perplexity or OpenAI or Claude or whatever or Anthropic, they are all trying to get a browser product to the market. And the reason why is because they can harvest all the data that comes from that browser browser and they want to be. It's like the third place. Like Starbucks all 2005. It's like the AI is the place. Like if you're not the AI that people are using, you're out Case in.

Corey

Point, Atlassian bought the browser company for $610 million, which, which owns an Agentic browser now called DIA. There no one is going to invest that much money without an expected return. So there is, there is some part of this AI, you know, browser model and I' to spoil it and tell you what it is, it's your data that, that there's a reason there's that many companies that are pouring hundreds of millions of dollars into this market because I mean, I think everybody's basically already saying it on this show. Like there is a browser war. Whoever wins is going to win it and everyone else will just be second place.

John Hammond

And it is ironic, you know, people are bringing up in discord all. They're all chromium. So like it's not actually a browser.

Rodwood

War these days, it's a rapper war.

Dan

It is, yeah.

Bronwyn

Back in the day there actually were differences between.

John Hammond

Yeah, I'm just saying the only difference is where does the dev, where does the data go to?

Rodwood

What are they going to show you?

Dan

The thing that's hilarious to me about this is, does everybody remember why Chrome is called Chrome?

John Hammond

No.

Dan

The Chrome was all the flashy UI elements on your browser. And Chrome's big selling point was that it had the smallest, subtlest, least invasive Chrome of any browser that was out on the market at the time. It did not throw you 15 million ads. It did not stick seven different logins to an email browser that's. Or an email client that's only for your one service that doesn't want you to do anything else, whether it's AOL or Yahoo or whatever. Like now we're having a war over what AI Chrome gets stuck on. Chrome.

John Hammond

Chrome, yeah. I mean it all.

Bronwyn

There's so many bars and tool bars.

Dan

I know, right?

John Hammond

I mean there's.

Bronwyn

That was insane.

Dan

Yeah.

Corey

Everybody has. Everybody has. Their angle is Perplexity's whole thing is like automating everything. And dia's whole thing is clean and colorful design and simple and I guess open AIs is just going to be. You already use this everywhere, you idiot. Like just use this for this too.

Hayden

Yeah, well, there's always new ways to break the AI. I'm worried about. Like when this was what, like the browsers ingest. And just before the show went live, I shared like another input. Like you just asked Chat GPT to print the seahorse emoji and it goes insane. Like you get to get like going. It still works right now I got it to work like just during the.

Corey

Show and you're talking about the new attacks, which makes sense, but all the old ones still work perfectly fine. Like prompt injection.

John Hammond

Easy.

Corey

Yeah, it's different flavors of prompt injection.

Hayden

Yeah.

John Hammond

Well, so honestly, I'm. There's someone out there who's just gonna go full send into this and it's gonna have horrible repercussions and I want to hear the stories. Like, someone's gonna be like, on Instacart and it's gonna order like 18, 000 ping pong balls because they said they really liked ping pong. It's gonna be like, 10 years ago you said you wanted this book, so I just ordered it for you. It's like, it's like, yeah, you wanted.

Corey

10, 000 rotisserie chickens, but your current have enough in stock, so he ordered some for the next state over. You know they'll be arriving across the next three weeks.

Rodwood

Yes.

John Hammond

Oh, my God. Yeah. Like you order a lot of meat.

Corey

Like a lot of meat.

Dan

Did you. Did you want to touch on, since we're talking about browsers eating all your data and giving them to everyone else, what Google just said about the privacy sandbox?

John Hammond

Sure. I don't know. I'm not familiar with the article, but I'm down.

Dan

They said it's dead. They're phasing it out. It's. It's okay.

Rodwood

Over. It was a good.

Dan

All of our plans for privacy. No one adopted them enough, so we're just killing the whole project. That's.

Rodwood

But that's every year, dude. Every product they make.

Dan

Yes. Google kills things all the time. But they just went, we're going to be privacy. We're going to be privacy. We're going to be privacy. By the way, Gemini is in your browser now. And never mind that whole thing we talked about last year.

Corey

Did anyone believe Google would ever care about privacy at all? Or was that just like it does?

John Hammond

Yes, it does.

Dan

No, because who cares about keyboard keeping our data inside their hands, private from all competitors.

Corey

Yeah, they only care about privacy as long as you and them get to see everything else.

Bronwyn

They could market it and sell it. I might give them all my data willingly if they could keep it out of everybody else's hand.

Corey

The necessary evil.

John Hammond

That's Apple spoiler.

Corey

Yeah. Oh, yeah, Right. Exactly. There you go.

Guest

I don't know. I think the privacy sandbox is kind of a loss. But it wasn't like the EU shut them down. I remember they, like a year ago, there was a bunch of EU stuff where, you know, antitrust laws, they were saying, no, you can't do this because you'll be the only one with all the ad data and everybody needs to be able to have all of their 53rd party cookies and everything.

Rodwood

I don't know.

John Hammond

So.

Dan

Okay, so slammed things about the implementation. Yes, yes. And it definitely was the EU that took them to court about it. But like, it's not. There's a difference between you're not allowed to do it that way and what Google has said, which is, yeah, we don't care about privacy anymore.

Guest

So I mean, the status quo is terrible though.

Hayden

So.

Guest

Yes. Was privacy sandbox perfect? No. Google was still going to have all the data, but now everybody has all the data and is going to continue to have all the data.

Rodwood

Data.

John Hammond

So, yeah, not everyone, just whatever AI you use.

Dan

Right.

John Hammond

So.

Guest

Well, that's in addition to everyone else.

John Hammond

I will say so.

Bronwyn

All right.

John Hammond

Don't get me started.

Bronwyn

Don't get me started.

John Hammond

Rodwood's got a rant loading.

Corey

Speaking of breaches.

John Hammond

Well, okay, so I do want a level set on this. This basically, if we're looking at the overall, like, browser world, right? So we had info stealers starting to pop up in like 2018, 2019, 2020 is when they got really off the ground. And a lot of companies responded to Infose dealers like Chrome changed their entire security model where they're trying to restrict secrets, you know, not using dpapi or using alternative encryption techniques or whatever. But in response to the whole browser issue, you still have adversary in the middle or attacker in the middle, right? With like credential harvesting, cookie harvesting, MFA bypass. This is like, browsers are a disaster. And I will say that if we look at the enterprise, the way that companies are solving this is they're basically moving their secure web gateway into a browser. So like Palo Alto has a product called Prisma Access Browser, which lots of my clients have asked me, oh, would you recommend using this? What do you think about it? Essentially, the browser is now becoming a security product offering that companies are looking to purchase because the browser as a base state, like if you just go download Chrome, download Edge, download Firefox is a disaster for privacy, right? All of them. I mean, Firefox is probably the best, but all of them have tracking for, you know, usage. All of them are just willing to send your cookies wherever. Like, the web was never really built for security. And so I'm just on a, like, product level there. The browser wars also include these companies who are trying to make secure browsers that are designed for enterprise use and are designed not to Send your data to perplexity or to ChatGPT or to, you know, Microsoft or Google or whoever you don't want it to be sent to. And so that's like we're looking at this industry. That's what's happening.

Corey

That's like fighting a losing battle though. I feel like trying to develop your own. Like you're just getting into the competition, right, but you're, you're also competing with all the other Chromium clones.

John Hammond

But like no, no, you're not competing.

Rodwood

Because they're looking at it from enterprise.

Corey

Okay. So they're flipping the script. Okay. Because what we do in the soc is we have sensors for Chromium based browsers that they deploy and we get telemetry. We're like use whatever browser you want. As long as it's Chromium based. We'll get your logs. Like it'll all look close enough. But you're saying it's an enterprise offering?

Rodwood

Yeah, product like that would integrate. They'd be like, oh, you offer sensors? Well those are in our actual library. Like we just have a library of sensors as opposed to, to like, you know, games that steal your stuff.

Corey

Well, so you buy the Palo Alto, you get all 50 other products, includes the browser and all these other things.

John Hammond

Okay, well it's, yeah, it's basically how as a cso, how do you secure users data in a browser? The only way to do it would be deploy your own super lockdown version of Chrome, which I think is a valid way to do it. But you have to be a Google cloud or Google, you know, you have to be Google managed company. If you're a Microsoft company company, you can't deploy super lockdown managed version of Edge because they don't allow you to have that strict of controls in Edge. So you basically are either rolling out Google browsers that are heavily locked down. Like if you look at the Chromebook browsers, they're insanely locked down. You can control every different switch and setting and you can like the whole environments read only, etc. But if you're on Windows Shop and you need to lock down your browsers, you basically either have this option or you roll your own custom browser browser. I would say this is probably better, but yeah, I don't know. I mean I've never actually. Are we saying custom or are you.

Guest

Saying like island custom?

John Hammond

I mean there are enter.

Guest

There are enterprise products that do this though. I mean you've got island if you want like a full browser or if you want to use an Add on. There's like push security. I mean there's, there's a lot you can do.

John Hammond

You're gonna have to pay for it.

Guest

Not for free. Yes.

John Hammond

Yeah, I'm just saying, like basically, basically the browser wars, or whatever you want to call them are now extending to the enterprise side. I would hope from a policy level that companies are saying absolutely no, you cannot use the freaking Atlas browser at work to log into your work accounts. Right. I mean, obviously that's not going to, that will happen. But from a privacy and policy perspective, like from a GRC perspective, if you just allow your employees to use AI enabled browsers of any chance type, you're, you're, you're screwed. Like it's got to go badly one way or the other from a prompt injection attack, accidental data leakage, intentional data leakage. Like you can't do that. And so you basically are in a situation where you have to buy a product like you know, the Palo Alto browser Island, whatever is out there to be a lockdown browser because Edge doesn't let you do it. Chrome lets you do it, but you have to be Google managed and basically has to be on a Chromebook.

Guest

So now some of this you could control through your SSO though, right?

Dan

Right.

Guest

I mean, with Entra, couldn't you have a conditional access policy that checks the user agent and you know, at least doesn't let you use it? If the user agent says it's Atlas.

John Hammond

Then like you sso. But I can, that is a great thing to call out and companies should do. But I can tell you I've been fighting conditional access policies for 5 years at my clients and none of them are.

Guest

I didn't say people were going to do it. I said people could do it.

John Hammond

Yeah, you could, you could, you can design a conditional access policy that prevents almost every threat that you would face in a browser browser. But companies really struggle to do that because they're really complicated and confusing. And there's exceptions, right? Like if you're trying to enroll your iPhone, you have to allow single factor at some point during that step and you know, that gap can be exploited, etc.

Guest

I mean, I think that's the, that's the appeal of some of these enterprise browsers though, is that part of the setup for the enterprise browser is okay, go make a conditional access policy so that you can't off to your SSO through any other browser browser.

John Hammond

Yeah, yes. And that's, I think a good idea. Like if you're, if you're a executive in control of a, you know, privacy GRC type policy. And you can do that. I would totally do that. Because if you just allow all browsers, it's going to get worse. Atlas is the beginning. The end is, I don't know, freaking the War Thunder browser or whatever, like just gory.

Guest

Are you saying that Python requests is not a valid browser browser?

John Hammond

Oh no, it absolutely is. So is Invoke Web request.

Corey

Do we have articles?

Bronwyn

Yeah, actually we do have one that I've kind of wanted us to touch base on for a couple of weeks now. It's the Y2K38 bug, Epocalypse.

Rodwood

So. Okay.

Bronwyn

I've wanted to discover it for a while.

John Hammond

Alex has the actual sticker. That's amazing. So, okay, Bronwyn, I will let you pitch, I will let you run through this one and I'll be the devil's advocate because I do have some hot takes on this one, but go ahead and run us through. Why is this a problem?

Bronwyn

Okay, so the, the problem is.

Sam

It.

Bronwyn

It has to do with how Unix and Linux handle data. And as we've seen with the original Y2K bug, the problem was that at the time people were. The original Y2K bug was a problem because when computers were first developed, memory was at a premium, so only two digits were allowed for the year. And of course Y2K it was possible to have a 1901 and a 2001 and gee, which one are we going to use? Use? This is kind of the same thing, but the difference is it's at a much lower level. It has to do with how Unix handles dates. But it's still the same issue in that there's a limitation and we're about to run up against it and about to.

John Hammond

It says 2036.

Bronwyn

Yeah, well, you know what, what time goes fast. 2036 may seem like a long ways away to you, but it's going to be here like that.

Rodwood

I'm just trying to get you this week.

John Hammond

So, I mean years people were Talking.

Bronwyn

About the Y2K bug before it actually got fixed. And then of course everybody jumped on it in a panic and it was a, it was a, a no brainer, no non issue. Thank goodness. Yeah, it's just one of those things to be aware of and that developers need to find a better mousetrap for.

Hayden

Well, and the younger generation. Because I think we've talked about this with like John and be like, look, we're going to be like, you add what like 11, 12, 13 years to us and it's like, I'M going to be at age to where I'm like, that is, that is not my problem. Like if you're watching the show right now and you're in like your late 20s, your 25 to 30, this is welcome, welcome to what's going to be your problem in 2038? Like it's going to be, you know, the people at like their peak of their career that are in like their, you know, later 30s, they're going to be the ones, you know, I'm going to be like old enough to where I go. If I'm still in the industry, I'm going to be like, that's not my problem. I have by that time I'll be in the industry 35 years and I'm going to be like, I don't like I've been in this industry 35 years. This is a problem for somebody else else. And we need to kind of cultivate that generation, you know, saying let that because we, we olve, we solve Y2K when we were. And I think even some other like time hiccups that, that came since then. Like we solved those when we were in our 30s or so.

John Hammond

So to add a little bit of context because I, I obviously we're getting close on time, but I do basically the article that we posted is specifically talking about some of the risks that could happen today, right? We can talk 10 or 11 or whatever years, you know, we can argue about whether that's a big deal or not. But the researchers who are kind of like going out and talking about this recently gave the. The two researcher named Trey Darley and Pedro Umbelino talked about this at brewcon and essentially they have a few bugs and examples of how you can actually exploit this today, which essentially they're all kind of bugs where I would say yeah, but. And there's a lot of clarifying statements but, but the interesting ones are GPS spoofing because a lot of devices pull their time from gps. So if you can spoof in a GPS signal that says congratulations, it's 2036 or 2038, it will kill the device, right? So it'll trigger it early. The other thing is time manipulation, right? So if you gain control of an NTP server or if you just are on the local system and you can change the time essentially, I think right now exploitation is really more limited to I would say machine in the middle, adversary in the middle, attacker in the middle type scenarios like if you have to spoof GPS or just bugs. So like, you know the example that someone posted in the chat. Like someone had their wahoo fitness tracker say that it was, you know, failing over to the wrong GPS data. If it lost signal, it reverted back to 2006 or whatever. So I think there could be bugs. And like we talked about the beds failing clothes, right? Like that could totally happen happen with a device. The concern here is like ot ICS stuff, right? Because those devices potentially are unlikely to be replaced in the next 10 years at all and could be vulnerable to this now where like we could be one GPS failure away from just a bunch of IoT devices bricking. And yeah, so that's kind of like the, the long term problem is like you have to patch it, which some manufacturers have been patching it, which is cool. Replace it with something that's Y2K or sorry, Y2.38 Y38K complet. Why? I don't even know why. 238K. Yeah, so basically you have to replace it, patch it or you know, potentially risk the same scenario that eight sleep was in where they were like, oopsie, you couldn't use your beds because of Amazon going down.

Bronwyn

Right.

Corey

So and, and maybe I did, maybe I'm not read into this enough, but at this point, I mean, you all are joking. That feels far enough away for me where I'm like, yeah, I got more current pressing issues than, than this. But it could also be when Y2K happened I was like 2 years old. So I don't really remember any of that panic I guess. So I guess whenever it gets closer, yeah, I guess I'll be the one. I can't remember who said it but like, yeah, it'll be the, the late 20 people now. Like it'll be their problem then. So I guess it'll become my problem when it's closer.

Rodwood

Yeah, it's definitely Iot mostly that's going to get affected by this software that would still be, you know, or hardware that would still be out there.

John Hammond

So we already made one bet on this show which was that Microsoft Blobby or whatever would be destroyed within one year. So the next question is, do we think that at some point in the near future, in the next 10 years, you're going to be able to buy a device that has an advertisement on it that says it's Y238K compliant?

Corey

Oh, easily. And I'll win that bet by selling one of them.

Rodwood

It will be, I bet you in like in the SCADA and other kinds of devices, they, I guarantee you they.

Hayden

Will come up stuff like that.

John Hammond

I mean, you know, I. I hope the researchers. I haven't looked into it. There is a project called the Apocalypse Project, and I hope it has, like, a wall of shame. I hope it has, like a. A list of products that are not compliant and that will be nuked if, you know what, in 2038 or whatever happens. So I. I like. I hope that there is someone works on a wall of shame. Turns out the only real lever we have to pull in security is just shooting shame. And so. Yeah, we'll see how it goes.

Hayden

Yeah. Sweet.

John Hammond

All right, that's all the articles.

Bronwyn

I think we need a better. Better way to.

John Hammond

You want a better closer?

Corey

I feel like we need a browser to deal with this issue.

John Hammond

Let's browse our list of articles. Yeah, they're technically chicken News. Our allegedly KFC Venezuela got ransomware. Weird.

Corey

Okay.

John Hammond

Yeah, that's the whole article.

Rodwood

They got fried. There you go.

John Hammond

Oh, nice.

Corey

Now. Now we have to end.

John Hammond

All right, thank you all for coming and sharing your opinions and hanging out in discord. We'll see you next week, everyone.

Sam

Bye.

Hayden

Bye.

Rodwood

Later, guys.

Sam

Sam.