Wade Wells

I have one funny story that you guys are gonna. You guys can laugh at me about. I never run the robot vacuum. Like, I had the app installed. Never did it. My wife just took care of it. A couple days ago, we had. We had, like, the diaper party. If you remember, Ralph suggested having a diaper party. When you're having another kid and people bring you diapers, people are over. Our floors were a mess. She's like, hey, set up the Roomba. Or set up the shark in, like, the kitchen so it cleans it. I'm like, all right. I set it up. It tells me, oh, it's out of water. I'm like, oh, all right. And so I'm looking at it, and there's this big flap right on top, and I'm like, oh, this looks like a. You dump water in, like. And it fills it up because it's the whole thing. I dump water in there, it explodes. It literally just, like, explode. That was the air intake and not the water intake. And.

Ryan

Oh, no.

Wade Wells

So. So know your roombas.

Michelle Khan

Human error, right?

Wade Wells

The AI Would the worst.

Ryan

Okay, can you elaborate on why your robot vacuum exploded? Was it just anger at you? Did someone, like, sabotage it with potassium or something? What?

Michelle Khan

Water in the air intake?

Wade Wells

Water in the air intake. I put water in the dock. Like, the dock. The docks for the newer roombas literally sound like a jet engine when they suck all the trash out of it. And so I put water in the jet engine, and then it blew it out the dock, and I was like, whoa, why'd it shoot water everywhere?

Ryan

So I filled it up again.

Wade Wells

And then I looked at the shark, and I was like, oh, my God. There's a water thing underneath it. So I just, like, set it outside for a couple days.

Michelle Khan

Those rumors are gonna come.

Wade Wells

It still works. It makes a weird noise, but it still works. Yeah, it still works.

Ralph

That.

Hayden

That's actually a shocker.

Wade Wells

It does. My wife told me to buy another one because it smells a little bit like our electrical fire, but it still works, dude.

Ryan

Yeah, that. That smell never goes away.

Hayden

I feel like it might explode again at some point. You should keep a close eye on it.

Wade Wells

It's not. It's not in it. I already bought another one to tell you that they're not too expensive. The docks themselves.

Ryan

Can we get, like, a write up on, like, how an AP tried up.

Wade Wells

Your living room, dude, after that. Now. Now that I put that out there, they're like, wade's dock is ready to explode. We're going to. As. I have a bamboo Labs behind me. That gets super hot, which could probably explode as well.

Ralph

All this Chinese gear. You got so much Chinese gear.

Wade Wells

I know, right?

Ryan

I mean, they know you have a.

Hayden

You can just download your house blueprints real quick.

Wade Wells

My DJI gets. My DJI is illegal. My 3D printer.

Michelle Khan

American Gear like Teslas.

Ryan

Those don't explode.

Michelle Khan

Those don't explode.

Ryan

Nothing American explodes. Except for all the bombs. I love this.

Ralph

This is my favorite argument. Well, I'd never use AI it's inaccurate. Humans are perfect.

Michelle Khan

Have that AI built into it. The silly X AI.

Hayden

Oh, God. Oh, geez. I can't.

Ralph

Hmm.

Michelle Khan

Yeah.

Hayden

I didn't know.

Wade Wells

I didn't know. He took. That's a little scary. I don't want to know. Grox installed on my Tesla.

Ralph

Unlike the hierarchy of AI Grock is like beside, like the bot.

Michelle Khan

Yeah.

Hayden

You know the situation where it's like, would the Tesla hit the old person or the child? If, like it has to hit one of them in like an evasive, like, situation. I would not want to put Grock in charge.

Ryan

Just hit both.

Wade Wells

Grock would swerve around and then hit.

Ralph

The other one because it felt like it was a game.

Michelle Khan

Challenge accepted.

Ralph

Yeah.

Ryan

Yeah. I scored the most points.

Hayden

This person is not subscribed to X Premium because they're a baby. Time to hit.

Ralph

So speaking of Tesla, they announced last week that they were not going to produce the Model X or Model S anymore because they're going to just produce robots. Yeah. Pivot hyped up thing ever. That they're like, all right. Cars. They're not doing as good because of that whole thing where I like held my hand in a weird position.

Ryan

Anyways, where can I put my deposit down? Because I still got that $50 riding on a Tesla Roadster I'm super committed to. It's definitely going to happen. And I also have $50 down on a Tesla semi. I know that's coming any day now.

Andy

I thought those were running already.

Ralph

Yeah.

Ryan

No.

Ralph

Is out there. Yes.

Michelle Khan

The few prototypes.

Ralph

Yeah, sure.

Ryan

Let's say it's out there. Then Elon will feel better.

Michelle Khan

So the Model X price is going to jump high now because they're no longer being produced.

Ralph

Yeah. They're like exclusive and then. But literally it was all stock hyped because they're like, now we're going to produce robots. Now we're onto our next thing. That takes us over 10 years to get even. Okay. At. And probably won't self drive.

Ryan

I'm still waiting for that road any day now.

Andy

The passenger the robot's going to do the driving.

Wade Wells

Oh, there you go. Oh my gosh.

Ryan

You sit in the car, it uses up a whole seat just to drive.

Ralph

They're like, I told you we would be self driving. Look, he'll get in and drive for you.

Ryan

Oh my goodness. That is the most terrifying concept is like you get hit and you get out and you look in the car of who hit you? And it's just a freaking robot behind the wh Being like, I can help with that. I'm so sorry I hit you. Oh, you're. You're absolutely right. I did hit you.

Ralph

He's gonna bring self driving to every car.

Michelle Khan

Well, Uber already has that option. If you go in the Uber app, there's a autonomous vehicle option. You can call one and wayo.

Ryan

Wayo.

Wade Wells

Ye. Wayos just got here in San Diego. Everyone's like, please know they're driving around.

Ralph

Here in town right now. They're doing like the testing rounds with the humans in there. Just like sitting there, just driving.

Michelle Khan

Oh yeah, they have them in Dubai. I was in Dubai last week and they have like 50 different Chinese manufacturing manufactured vehicles like the Jittor and the.

Ryan

The Robo Rock. Please tell me they have a Robo Rock.

Michelle Khan

But they have self driving ones there too. So I'm like, damn. Like, they're way ahead of like the US The US Only has like a Tesla and like other, like, what's that other. Other one? They have the air. What's it called? The what?

Ralph

Air.

Michelle Khan

Lucid. Lucid, yeah, Lucid air. But they're not letting any Chinese cars come in here because they're going to destroy the market. The by.

Wade Wells

It's not the AI cars we're scared of. It's everyone else who's driving around the AI cars. I'm a scared.

Ryan

All right, let's roll the show. Let's do this.

Ralph

This beautiful finger.

Ryan

Hello and welcome to Black Hills Information securities. Talking about news. It's February 2, 2026. Welcome, everyone. It's February already. It's here. It's happening. It's the shortest month of the year.

Andy

Too fast.

Ralph

Too furious.

Andy

We got Too flurious.

Ryan

We got all kinds of people here on the show today. We got me. I'm the resident continuous hacker of bhis, I guess is what I call myself. We got Wade Wells, who's apparently going to enter the Dune cinematic universe this week.

Wade Wells

It's. It's a reference to one of the.

Ryan

Articles, the Shy Hulu. Yeah. We got Michelle Khan, who's our guest today. Michelle's Here to plug his Wild west hack Infest Denver class about osint. I have taken this class. It's a great class. I strongly recommend it. You will learn something, even if you know something about osint.

Michelle Khan

You took the beta version.

Ryan

I took the beta version. Oh, man, I need to take it again.

Wade Wells

I took the unique offline version of this course at HackSpaceCon. It was particularly special.

Ryan

I like that.

Andy

We even gave you a fancy QR code.

Ryan

Oh, don't scan. Yeah. For security reasons, we have to ask you. For security reasons, we're gonna have to ask everyone not to scan the QR code. But legally, if you do it, we can't stop you, so don't worry about it. Yeah, we got Andy. We got Ralph, who hid his name, so I have to guess who he is. Iguana's falling. Is that a new AI tool? We got Hayden, our sock to Ms. Prime. And we got Ryan, who's wearing a sick sweater.

Hayden

I gotta say, that is a nice sweater.

Ryan

I gotta say, Ryan, like, I feel like you live in Florida, and so you only get to wear this sweater, like, once a year. So I'm glad that you're pretty much. Pretty much.

Ralph

You missed my reference. So iguanas are falling in Florida right now because it's so cold. There's falling out of cold. It's like a really, like. Because they're kind of evasive, and just everywhere people are, like, grabbing them all up. It's like all these TikTok videos with.

Ryan

Like, 20 I see just looting iguanas. I like it.

Ralph

Yeah.

Hayden

I wonder which one's lost on more people. Is that one or Corey's like, subtitle? I wonder which one people are getting more.

Ryan

My. My subtitle is from Current Events. Yeah. Yeah, you figure it out. If you're. If you're watching the audio show Rest in Peace, Catherine, what's Her Face Cat. I don't even know her name. Lol. Yeah, o'. Hara. I want to say Zeta Jones, but that's not it. But let's get rolling with the show. Although, people, I think if you're here to track the Groundhog Day situation, he did see a shadow. Six more weeks of winter is what I hear.

Ralph

It feels like it right now.

Ryan

Where I live in the west coast, we haven't really gotten a winter. So if it started now, it would be six weeks of winter. So, yeah. All right, let's get rolling. Does anyone want to start? I mean, there's. There's some. There's some fun. I think we should start with A slightly spicy one, which is. There's an Ars Technica article that is basically, people. There's sources at CISA that are reporting that the CEO of cisa, or whatever we're calling him, the chief of cisa, has uploaded documents into Chat GPT. And I mean, I don't think this is that big of a deal. Like, it's not that big of a deal, right? Like, it is kind of a big deal. But it's not. Like, I don't want to overplay this article. The reason I want to bring it up is because. So essentially, here's the story. The current chief of sza, whose name is Gatuma. I don't know how to say that. I did my best. I did my best.

Michelle Khan

Got to.

Ryan

Makala is his last name. His first name is Madhu. But anyway, he's from South Dakota. Fun fact. He. He. He's. He used to be the cyber or the It. The. The CIO of South Dakota, which is a hilarious title to have. He basically, here's the scenario. He specifically requested an exemption for to. So he's allowed to use Chat GPT. And for whatever reason, he was granted that exemption. You know, we can all guess the reasons why. And then he used it to apparently get some. He uploaded some contractor documents into it and was like, we don't exactly know the prompt, but I'm assuming it was, hey, Chat GPT. Is this a good deal? Or are they, you know, screwing us? So I guess the reason I want to bring this up, I mean, you can get into all the political, you know, rules and things. I think at this point in their current political situation, it's not really worth talking about. Are there going to be consequences? Absolutely not. Is there going to be anything changed? Absolutely not. But the reason I want to bring it up is because I feel like this is happening at every company throughout the US and throughout the world, right? The CEO demands access to an AI and then misuses it, right? Like, this has got to be like.

Wade Wells

That'S not just AI, that's everything. Like, that's always the C suite.

Michelle Khan

Literally, like, I don't want to use mfa.

Wade Wells

Yeah. Oh, it takes me too long for my assistant for me to log into her email. I know.

Ralph

Like, how did they find out that he used AI?

Wade Wells

That is that people have this.

Ryan

It's basically leaked. Like, people have their sources.

Ralph

Was like, the secretary in the room and she saw him on it, was.

Hayden

Like, hey, I think it might be bad.

Michelle Khan

Are you in Chat GPT?

Ryan

It's Sizza. No. So, okay. So basically this is all leake, like none of this. They haven't like posted about this publicly and they probably never will. But essentially, from what we understand, he was asked. He asked for this access and he was granted this access. They claim, oh, it was like a special version of it. Right. But like, who knows how true that is. But essentially they knew he was accessing it. It wasn't like he was secretly doing it.

Wade Wells

Right.

Ryan

Like, let's say that SZA has like a denialist for the Internet. They're not, I'm assuming they're not like operating just with open Internet and like, okay, we trust you don't go to Google and search something sensitive. Um, so he was granted access to it intentionally and then they probably monitored his access to it and immediately realized he was abusing it and then revoked it. Right.

Hayden

I saw a very interesting product. I don't know how much I can mention about it yet because apparently it's very like early state from one of the people that we work with in the SoC, but they asked us if we wanted to try out one of their products, which is effectively like a middle layer between your AI, almost like a gateway.

Ralph

And it'll.

Ryan

Oh yeah, there's a bunch of validate.

Hayden

Yeah, right. But this one's from somebody that I would actually trust to do it very, very well.

Ralph

Does it use AI to do the validation?

Hayden

Probably to an extent, yeah.

Ryan

Yeah. But yeah, I don't know why there's.

Hayden

Not more like widespread use of effectively like a gateway for your AI agent calls, especially in like secret places, secret spaces.

Ralph

It's all turtles all the way down. They gotta use ChatGPT to check.

Wade Wells

I can tell you why. Right, right now. Why, why there is it. Okay, these C suite are all investing into this AI to get their devs to go faster and faster. That gateway is going to cause so much, it's going to cause them all to slow down.

Ryan

Dude. The bill on the gateway is going.

Ralph

To be more than the actual bill for the building.

Ryan

Yeah, the, the other thing, the, the other thing I want to say is like I, I think that that is like a weird band aid on a prop like Siza. Over time, I'm assuming moved to an internal only model. That's what most companies have done. I have friends who work at big tech companies. They don't just use Chat GPT, they have their own internal or they have their own version of ChatGPT. Right. Like they have a lockdown restricted version. But the other thing is like, if we're being honest, there isn't like. I mean, we don't have hard data on this. This is total speculation, but it seems like this doesn't matter. OpenAI isn't harvesting all the documents that are going into chat GPT. They probably can't even store all of them. Right. There's no way.

Ralph

They're actually like a 200,000 context window anyway. They, like, already limit what they can store on that stuff.

Michelle Khan

Yeah.

Ryan

I mean, and maybe, maybe there will be some future article where we talk about how the OpenAI has siphoned every PDF anyone ever uploaded into it. But the reality is the amount of data, it's like it's basically impossible that they're storing all of it. Right. It would be like.

Ralph

It's like when the government was monitoring all of the Internet. Right.

Ryan

Yeah.

Ralph

They can't actually store it all. So what they do is they kind of like have this, like, kind of tiered system where they look for certain things at certain times. Like, they're always even.

Wade Wells

Yeah.

Ralph

Your cell phone provider does not store all the logs of every call that's ever made. Right. They still parse it down and they're. That's just log data because it cost them a ton of money to do it and they're in the business to make money, so they can't everything, you.

Ryan

Know, and they're already about to go bankrupt. Their S3 bill is probably like 20 million a month or something. Right.

Ralph

Like, I mean, open AI might as well just be a big fire pit of money and they're burning it the whole time and they're asking for more money to throw into that pit. And then when they ask to get repaid, they're like, we have no money. Like, can we borrow more? But it's for AI.

Wade Wells

Yeah.

Michelle Khan

I think the main issue is policy.

Ralph

Yeah.

Andy

Aren't they required to hold a bunch of these, like, chat logs and everything?

Ralph

Yeah, for a certain, like, probably for a certain amount of time.

Ryan

For 30 days, whatever the minimum is. Yeah. So if this happened last summer at cisa, it's gone. The data is gone.

Hayden

And if they want sensitive data, they'll just go to, like, the War Thunder forums and they'll get it easier.

Wade Wells

I love it. I love it, I love it.

Ryan

I mean, yeah, obviously I will say I do support the government enforcing whatever policies it has for data leakage. Right. Like, I, I would be upset if I was a senator or whatever and my, like, aide is just uploading my documents into chat GPT. But, like, at the same time, we have to acknowledge the reality, which is Unless he's uploading it into Deep Seek or whatever. You know, it's like a story.

Andy

There are limits, blocked. What do you expect me to do?

Ryan

Okay, yeah, good point. Right? That's the other thing I will say it is funny like most companies when I talk to them, like when we're doing scoping for phishing or like when we're, you know, we're talking like are we allowed to target your executives? They're always on one side of the fence or the other and they're always on the extreme end of the spectrum of like either they want us to specifically target their executives on a regular basis or they want the executives to be completely out of scope and do not mess with them, do not impersonate them, do not touch them. I feel like in the government it's probably the, the second one. Do not impersonate, do not go after. Like obviously this person was able to bypass all the red tape at a government agency and get access to ChatGPT.

Wade Wells

So doesn't he already have like unlimited access to Grok or whatever? Like didn't just like.

Ryan

This is last summer, dude. He was desperate. He was desperate.

Ralph

He was desperate.

Ryan

Also needed to summarize it.

Hayden

It was a big document. I'm not going to read all that.

Ryan

Yeah, yeah, it's a lot of time.

Michelle Khan

It's a lot of time.

Ralph

I think, I think from a security perspective the frontier models are going to kind of stay in the frontier and then we're going to start to see more of the like self hosted models, like your open source models that continue to get better. You're going to see those implemented for certain features that organizations want to use them for. Right? Yeah, that's how I envision it to work. The frontier will still be the frontier model. You're not going to be able to self host that, but a lot of times you don't need it to do the level that it's doing right there. You can make it to focus more and a lot of those newer models are really good. Right.

Ryan

So yeah, I mean I will say like I, I think there's a market for like obviously like you know, Hayden was saying like a gateway for you know, to interface between the LLM. I think the same thing needs to exist that essentially decides based on the query what model to use.

Ralph

Right.

Ryan

Like auto select. Right. Like okay, if it's a sensitive internal query, maybe use a model that's specific, insensitive and internal. If it's like, hey, I need a recipe for waffles that one can Go to a frontier model or whatever. So, yeah, yeah, all right, let's move on. There's. I guess we can update based on Wade's name. We can talk about the NPM supply chain hack thing. So basically this is a follow up to. It's actually a second, it's like a third follow up, but essentially there are. People have demonstrated that you can bypass some of the security controls they put in place after the shy Hulud NPM worm. So basically, essentially what I understand, and if anyone understands this better, please jump in and correct me. But essentially after this NPM supply chain attack, GitHub, who runs npm, which I learned that I didn't actually realize that GitHub ran npm. Now I know they implemented a thing that essentially require. Gives people the option to use this ignore scripts equals true option, which is essentially like please don't hack me equals true. Like disabling scripts disables a lot of these supply chain attacks. However, researchers at Koi Security found that you could implement a specific NPMRC file that overrides the git binary path, which basically lets you bypass this. So it's like we're getting into the cat and mouse game of bypasses and things. My opinion is these types of worms are. This is still an effective security control. The more security controls you put in place, the better for supply chain. Like, I think a lot of these supply chain problems exist because there are no controls whatsoever. And so giving people the option to more securely set up their repos and disable like don't run scripts is great. So I think, like, my opinion is, yes, I'm sure there's a bypass. I'm sure they should fix it and hard code the git path or whatever. But it is still, you know, it's like you're stopping a worm. It doesn't, I mean, how do we stop conficker? We just blocked 445 across the Internet. We didn't actually stop it. Like, like, how do we, how do we fix worms? We just black hole the DNS and block the port. That's the best we can do, right? So I don't know. I still think it's a good response, but I don't know. Other people have takes on this.

Wade Wells

Just the, just the malware that keeps on giving me incidents and incidents. That's all it is. Like, it's a, it's. It's a fun one to work. I feel like this is going back to just. You need to put something in place with all these coders right? Like how we were talking about the firewall between AIs. Right. I've seen several different organizations handle NPM differently and at the end of the day I feel like it's just logs all the way down. I can't deal with it anymore. Yeah, now I'm a little bit of a down. I'm sorry.

Ryan

Come on, come on. Oh, go ahead.

Ralph

I was just going to say this attack though does originate from like the original repository owner has been compromised and then it kind of spreads from there. Right. So yeah, I mean like it's like the initial and then so like anything you can put on that workstation to try to like prevent it, they can change it from there. So it's kind of. There's not necessarily like once you compromise a machine entirely, like anything you put in there to prevent from going up, it needs to happen not on that machine, it needs to happen like server side. So like when you send npm, that's how the validation should work like that.

Wade Wells

The other way to protect against it. Right. Was because it uses the. Whatever GitHub account it's logged into. Yeah. So if that is a company owned GitHub account that can't post public repos because that's how it was actually doing the data blocked as well. Right. But then you find some random developer who is using his own personal repo and pushes stuff every now and then.

Ryan

So yeah.

Wade Wells

Against Cat mouse game.

Ryan

Yeah, a worm works because it goes wide.

Andy

I mean in this last version they had checks and if you like couldn't post a public repo, it was just rmrfing everything.

Ralph

So. Whoops.

Andy

Yep, it's okay.

Wade Wells

It should all be backed up again.

Ralph

Yeah, well, that's where.

Ryan

So speaking of supply chain, I guess we can touch on the Notepad plus plus stuff. Basically Wade doesn't use Notepad plus plus because we bullied him into not using it a couple weeks ago on the show. Which, you know, that's the whole point of the show. Security awareness. But no, I'm just kidding. Basically, yeah. And someone already posted the article in, in the chat. It's basically there's a, there's Today it was announced that. Or I guess not today or. No, actually today, this morning, like an hour ago it was announced that at the provider level, not like the infrastructure. At the infrastructure level, the Notepad updater server was compromised like starting six months ago or a long time ago. The spooky thing about this is that basically, you know, the, the update's pretty specific, but essentially the hosting provider was compromised and the there were threat actors who were distributing modified versions of Notepad updates to selected users. So if you're tinfoil hat you should safe to assume if you use Notepad you're compromised. But it seems like the reality is that they were only targeting specific people.

Ralph

Right.

Ryan

Obviously this is I think a nation state type deal.

Michelle Khan

Kevin Goldman State at the top.

Ryan

Yeah, I think Kevin Beaumont Ryan flipped off the article at like the somehow the worst possible time but violent typhoon.

Hayden

Or something which is China.

Ryan

Yeah, yeah. So yeah, basically Kevin Beaumont has, you know, is this is all. This isn't attribution, this is speculation. Right. It's basically saying this is exploited by threat actors in China to hijack networks and deceive targets into downloading malware. They're targeting telecoms and other things. So that isn't an official update from Notepad though. It's just worth noting. But yeah, basically we don't know what versions are affected. We don't know what people are affected.

Michelle Khan

If the FDA Wade was definitely a target.

Wade Wells

Wade was definitely a target. Wade.

Ryan

Yes.

Michelle Khan

You missed a bunch. You dodged a bullet.

Wade Wells

I like there's one piece of advice in this article that everyone should always follow and that's update your WordPress websites and plugins, please, on any shared hosting platform.

Ryan

And don't update your Notepad because that's.

Wade Wells

Never update data supply. Seems like that works. That's the best.

Hayden

Well, I mean and it depends because it said. It said it was at the hosting level. Right. So yeah. Oh no. I guess it was decompromised as well.

Ralph

Yeah.

Ryan

I mean basically I guess the assumption is on a threat actor popped a WordPress site and then realized that it used shared infrastructure with the Notepad plus plus update site. Right. That would be my guess.

Hayden

We don't know but that's how Microsoft vulnerability where they were like, hey, something bad. Don't worry, we got it. And they gave themselves a medal.

Ryan

You mean the development environment and then.

Wade Wells

Wannacry spreads across the entire Internet? Is that what you're talking about?

Michelle Khan

Yeah. Which one? What?

Ryan

Microsoft vulnerability. There might be more than.

Hayden

I'm trying to find it. There was one.

Ryan

Yeah, the one where they blue screened everyone.

Andy

It's a block right now.

Wade Wells

Microsoft, not Crashboard.

Ralph

If your web app uses php, you should consider changing.

Ryan

All right, what else we got? There was an article we can. This is like kind of in Michelle's camp. There was an article every. I would say about every month or every two months someone posts an article that's like there are millions of accounts exposed. Yeah.

Wade Wells

Right.

Ryan

So this is an article in SC World. It's basically saying there are millions of credentials. 100. So basically some. Someone published a data set of 149, 49 million login credentials, which. Those are rookie numbers. You got to bump, bump up those numbers. Our repo has 17 billion credentials. So I mean, you know, get on our level. But basically, yes, this is happens on a regular basis. Threat actors. Correct. Or they collect. Wow, I can't talk. They collect these cred dumps and then they post them or sell them online. Essentially it's just safe to assume that no password is safe at this point. Right. Like mfa, you know, it's the only way to guess.

Wade Wells

Scroll down, scroll down, Ryan, I want you to see what the first target they're attacking is. Scroll a little bit after the related. After the related. No, close. One more down, one more down after the related. Reading WordPress.

Ryan

WordPress.

Wade Wells

Number one target and only fans.

Michelle Khan

Coinbase.

Ryan

Yeah, I mean, basically there's going to be credentials for. I mean, you want to get scary, there's going to be credentials for like adfs.FBI.gov yeah, yeah, exactly. There's going to be spooky stuff in there that you don't want to think exists. And that's the bigger concern. You know, Coinbase is scary too. Basically, the truth is, if you're an organization who deals with consumer accounts, like any of those providers listed above, you have to have a detection for this. You have to be nuking these credentials when they get preached because otherwise there's no other way.

Michelle Khan

It's just it was no scene for stealers at this point on the article. And I wonder like, what kind of a computer in this day and age gets affected by an info stealer? Like, it's mostly game downloads and like these Steam plugins and are you mixing these like personal workstations with your work and is it not hardened enough? Like this is basic security, don't you know?

Andy

I mean, how many people have, you know, they log into a Chrome profile that's a personal Gmail account at work because, hey, all my passwords and you know, bookmarks and everything, and then their kid wants some free Robux.

Ryan

It's a sync. It's a credential sync.

Andy

Yeah.

Ryan

Yes, it's usually the credential sync that gets people because I've looked at thousands of these screenshots and 90% of the time it's immediately obvious that whatever computer it is is a home computer.

Michelle Khan

Yes.

Wade Wells

One time I had someone, a co worker, he left his computer unlocked in the Sock, if anyone's worked in the SoC, you know that's a bad move.

Ryan

And you downloaded an info stealer. We taught him a lot.

Wade Wells

We installed a browser plugin called N Cage, which turns every image on your browser to Nicholas Cage.

Ryan

Oh, yeah?

Michelle Khan

Yeah.

Wade Wells

What we didn't know is he had his account synced to his home computer and he was out at lunch and his wife called him screaming that they have been hacked.

Ryan

And that because everything was Nicholas Cage.

Wade Wells

Yeah, it was the best.

Ralph

That's pretty funny.

Ryan

I mean, that it's fun because that. That small thing demonstrates so many cybersecurity concerns, right? Like, no, it goes both ways too.

Andy

He could have. He could have installed an extension at.

Ryan

Home and then Nick caged everyone at the Sock.

Hayden

Yeah, whenever our Sock, the last place I worked at had that happen, they would just go over and start sending emails to people from that person's outlook. Like, they'd email the security distro and say something like, oh, such and such left their computer unlocked or something.

Andy

Like, hey, I'm buying lunch tomorrow.

Hayden

Yeah, right, exactly.

Ralph

And in the military, you have to put a cat card in to log in, right? So, like, you can't. It's not just a password. You have to physically put the. The cat card in. The reason I bring that up is because people would leave it in when they left. Like, they would forget their cat card in there, and then we would take it out and like, freeze it and put it in the freezer.

Ryan

You know, put it into a magic wand.

Ralph

Yes, because they had to come back because then they couldn't get on base because that's our id, Right? I don't know, just kind of funny. Same idea, right? Same concept.

Ryan

No, I mean, unfortunately, I'm a pen tester, so my whole life, my whole career, no one's ever trusted me with their unlocked computer in the first place. So I can't relate to this. Should we talk about Claudebot security stuff? We don't even have an article. Really?

Ralph

Like, so there. There's a.

Ryan

There's no article.

Ralph

No, no, there's a. Yeah, there's. There's an article.

Ryan

Okay. Mold book that. Okay. Talking about molt book is like, you go into your room for 15 minutes and you come out wearing a dinosaur costume. And I'm like, what? What? Where'd you get that, Ralph? Where? Why?

Hayden

There's also a dating site for them now too.

Ralph

Yes.

Ryan

Okay. All right, so let's talk about all.

Andy

Started a Silk Road variant.

Hayden

I did see a Silk Road.

Ryan

So, okay, this. All of this Started like a week ago, and somehow here we are, like three days ago.

Ralph

Yeah.

Ryan

Okay. Okay. Well, my point is claudebot has been out for approximately one week.

Ralph

It's been rebranded too. Now it's called Now Open Now.

Hayden

I think this next week it's gonna be something else.

Ryan

Okay, well, whatever. Basically, we talked about this last week. Essentially, here's what happened. For people who have been out of the loop, maybe you took a vacation, maybe you're smart.

Ralph

Three days.

Ryan

Yes. So, okay, basically some researcher. One guy, I'm assuming it's a guy we don't actually know one person published this tool that you connect. You just connect this tool to everything. And it's supposed to be like an AI assistant that has access to everything. And then the chaos that ensued was extreme and fun. The main security concern that people had is basically the creator doesn't appear to know how proxies work and the entire application proxies to itself. So then it thinks everything's trusted because it thinks everything's a local host, local OS is trusted. So it's a whole thing, basically security disaster from the beginning. But it's useful, and so people are using it despite the security disaster. And that's 2026 in a nutshell is. Yes, it's a security disaster, but we're moving so fast that it doesn't matter. So basically, Mult Book, there's a news. This is a news article that we actually do have, which is 404 Media who. I love them because they're like. You can tell where they are on the AI spectrum, which is against it by default, which I love that. And essentially Mult Book was a. Supposed to be, and this is an insane sentence, was supposed to be a social network for AI agents. So you just want to burn your CLAUDE tokens in a big fire. And so you've decided to give your AI agent access to its own social media site so we can go talk to other AIs.

Hayden

Yes.

Ralph

So you, you essentially, you give your openclaw instance, the instructions to your agent is now part of a social network and it does whatever.

Ryan

Yes. And no one could have predicted this. No one could have predicted this. But the site itself had basically no security and was. The API keys that it was issuing were just open for everyone to see. Right.

Ralph

It uses Suprabase, which is a really common platform for this. But one thing that you can do, Supabase actually technically has two API keys. There's a public API key and then there's a private one. The public one is meant for Kind of like. Like your front end web application consumption, anywho. But one thing that you can do if you're not configuring them, right, is that you can make the key, like, be able to read and write anything. And so it was exposed inside of here. Zero permissions, right?

Ryan

Yeah. So the article definitely made it. Andy had some good comments about. It's not as bad as the article makes it look. Right?

Andy

Yeah, it's. It's not like your. Your openclaw or Multbod or whatever the hell, actual instance got compromised at all. It's that your account on maltbook that.

Ryan

Has existed for a day, someone can steal.

Andy

Someone can post as you. They can steal this identity that you just spun up.

Ralph

And your AI fake identity, by the way.

Ryan

Correct. They could impersonate an AI with another AI.

Hayden

Yeah, this is so much like an open claw problem. This isn't so much like an open claw problem as it is just vibe coders that don't quite understand how to do basic security checks, but they make something cool and they just push it and send.

Ralph

I mean, functionally. Functionally it works. Right? But, like, how it functions is not something that was looked into, right?

Hayden

Yeah.

Ryan

If you make something this fast, you can't. It can't be secure. It's just impossible. And the platform, you just have to.

Wade Wells

You just have to ask the LLM, please make the secure, and it's secure.

Ralph

You don't have time to do that. I agree with you, Wade.

Wade Wells

It. But.

Ralph

And all of this comes down to dysfunctional understanding of how this thing works and then maybe, like, how to secure.

Michelle Khan

Right?

Ryan

Yeah. I mean, I don't know.

Ralph

It's.

Ryan

It's bad. It's mostly just funny. It's not actually that big of a cyber security concern. Things like the actual Claude API keys were not disclosed. The actual, like, you know, people's tokens, like, you know, access to people's Gmails and things were not disclosed. It was just the ability to participate in this sick version of a Turing Test was breached, I guess.

Wade Wells

Yes.

Ryan

Yeah. All right, what's next?

Ralph

It's the. The whole thing. The whole thing is wild, though. I don't.

Michelle Khan

I don't know.

Ryan

Oh, we got to talk about the coal fire thing, guys.

Ralph

Oh, yes. That was a huge one. Okay.

Ryan

Last week. This is a huge. This is one that just popped up last week, so.

Ralph

Yes. It took forever, dude. This has been like five.

Wade Wells

They got money back, right?

Ryan

Yeah. Okay, well, this is.

Wade Wells

They sue. They got money.

Ryan

Yeah. So this is a follow up to like 2019 pen tester. Hot news. Basically, years ago, this is 2019, which feels like a decade ago. It wasn't. Yeah. In the land before time, essentially, there was a couple of physical security testers that. That worked for a certain company who I already mentioned, and they tried to do a. On off an authorized pen test of a security of. Of a. Was it a county courthouse or something like that or. So they tried to do a test of a county courthouse. They got arrested. They spent a night in jail. It like, it blew up the pen testing world because it's like, wait, this is illegal. Oh, I thought I would never go to jail for my pen testing job. Somehow, six years later, they got a settlement. I'm assuming after my joke in the. Our company chat was after the lawyers take their cut, they should have enough to buy a Flipper Zero. But yeah, they got a $600,000 settlement divided between two people. I mean, it's so stupid. It's like it always is, where when the cops do something dumb, the public has to pay for it. Like, classic.

Ralph

It was ultra stupid. Because essentially what was going to happen was, is they sued and it was about to go to trial. Like people are.

Ryan

Yes. They settled right before the trial discovery.

Ralph

People's egg. Egg and faces were about to happen. Right. Like, everybody's. Everyone's like. Like, thoughts were about to be proven. Like, this person really did mess up or this person really did get it authorized, and this sheriff really did whatever he did, and he wasn't supposed to do that. And they decided instead of just throwing egg on each other's faces, they were going to do the payouts.

Wade Wells

Didn't John go and do a town hall?

Ralph

Yes.

Wade Wells

This one.

Ralph

Yeah, I remember.

Ryan

Yes. Physical pen testing is not. Or authorized pen testing is not a crime. It was the whole thing. Yeah, yeah, yeah. It was a whole thing. It was a. Yeah.

Michelle Khan

People ask me about that shirt all the time. I'm like, well, it refers to this story.

Ralph

Yeah, that's an old one. So you're right. They probably didn't get much money after all the lawyer fees. But in essence, you could tell that the. The county didn't really have a leg to stand on and it wasn't worth it to.

Ryan

Yeah. So the taxpayers will foot the bill for all this.

Ralph

Exactly.

Ryan

As usual.

Ralph

Yeah. He should have got fired. Probably.

Ryan

Yeah.

Ralph

You think.

Wade Wells

You think they have enough to buy ram?

Ralph

No, probably not. No. Not after. What other news is coming out? I. I guess Anthropics new.

Hayden

Yes.

Ralph

Yeah. Model coming out tomorrow.

Ryan

So. Okay. On the way to that article?

Wade Wells

Yeah. Why are you talking about articles we don't even have? Spun up, like, read the chat like.

Ryan

I have a draft. It's excitement on the way. Listen, Ralph's allowed to throw in rogue articles. That's what he does. All right? So on the way to. On the way to that article, let's talk about. Apparently this is a Costco. Have a soft spot for Costco. Fun fact about Costco, real quick, before we get into this right now. So we foster cats, and we have a litter of kittens right now that are named after Costco. So we got rotisserie chicken, we got chicken bake, we got Kirkland Signature, and then the mom. The mom's rotisserie chicken. But anyway, I love that so much. We wanted to do. We wanted to do Tire center, but we only had three kittens, so we.

Wade Wells

We.

Ryan

You need another one?

Hayden

Then I feel like another hot dog is pretty good.

Ryan

Yeah, we did hot dog, rotisserie chicken, chicken bake, and then Kirkland Signature.

Hayden

Kirkland Signature is incredible.

Ryan

Anyway, so apparently Costco has removed memory from its display PCs to prevent people from stealing it.

Michelle Khan

Just before I could grab my ram.

Ryan

This is one of those things. Yeah. So basically, you can see the picture in the article. They essentially, they have, you know, these display PCs out in their stores that look like sick gaming computers, because they probably are. But apparently people were like, oh, I'll just, like, disassemble this display computer and take out the GPU and take out the memory. Never snow.

Hayden

I gotta say.

Ryan

Like, I like, you know, AI when.

Ralph

People are stealing ram, you know?

Ryan

Okay, but seriously, though, isn't it Costco like, listen, I'm a member, okay? Can't they, like, revoke my membership? That would be, like, the worst thing you could do to someone. You revoke their Costco membership for stealing ram.

Michelle Khan

Ram.

Ryan

Can you imagine? Okay, Your kid gets hit by an info stealer. Okay, that's not that bad. Your kid gets your Costco membership taken away because they stole some ram.

Ralph

That's like, oh, my God, years excommunicated.

Hayden

It's gone forever.

Ryan

Excommunicated, even. Yeah. It's the only way. Yeah. I mean, sadly, we can't have nice things. This is just another article.

Michelle Khan

He would probably end up in a Darknet Diaries series or something. You're the guy who stole RAM and was, like, excommunicated from society.

Ralph

Oh, my gosh. The AIs will piss.

Wade Wells

All right, let's see. Let's see this, Anthony.

Ralph

Oh, so there's just like. So, I mean, this really. There's a bunch of different, like, news articles kind of about it. This is purely speculation, like, but that the new Claude coding model is supposed to come out tomorrow, maybe this. And if it does, it's supposed to be better than OPUS for cheap, cheaper. So we'll see.

Ryan

By their own metrics. They asked it if it's good and it says it's good.

Ralph

Yes.

Hayden

Well, they did, they did bench it against something else. But like the part that I did.

Ralph

They did the open standard bench for coding and I guess it got an 80, 80%, which would be the highest ever. I think opus is like 75. So.

Hayden

Yeah, the, the part that I liked is it was. I can't remember, I'm trying to find the percentage, but it was something like 70 to 80%. Like, like more cost effective. Which.

Ralph

Yeah. Wow. That was like pretty cost effectiveness. So I think the bigger article here.

Ryan

How is that possible?

Wade Wells

Yeah.

Ryan

Is there anyone here? Is there anyone here who knows somehow how that's possible?

Ralph

Optimized for Google's TPUs.

Ryan

Okay, so it's not trained on GPUs. It's more efficient because it's not trained on GPUs or what?

Ralph

No, no, no, no, no, no, no. It's more efficient when you ask it.

Ryan

So the train.

Ralph

Yes, when you use it. Right. So it's the token. It's like getting like the tokenization rate backward, like how much power it needs to respond to, essentially.

Ryan

I got you. TPU is more efficient than GPUs. This one's optimized to run on TPUs. It's going to say at Google, specifically.

Ralph

Because they run all of their stuff at Google. But the bigger thing here is just to catch on to the thing that I've noticed over the last year and that everyone is starting to see is that the continual march is continuing on and it keeps getting better and how that affects everybody and in such a short amount of time. We're not talking about like, oh, the new iPhone 17 versus the 18. It takes a year. This is like three months between them. It's like. It's insane, Right? Yeah.

Ryan

Does this stay off the AI bubble pop for another couple months?

Ralph

I mean, like, I don't even know where it ends. Right. Like, if you, if you can keep. When does it to the point where, like, we're at 100% on this coding benchmark and we're like, like we don't need coders at all. Right. Like you thought that we'll still need them.

Ryan

That will happen when the CEO gets Access to the AI.

Wade Wells

We still need someone to say, make this secure every time.

Ralph

Yeah.

Ryan

And AI is the security person. Just adds on to the end of every prompt. And please make it secure.

Hayden

And make no mistakes.

Ralph

Yes, make no mistakes.

Ryan

Well, now that you asked some of.

Hayden

These models, man, like, I. I had that open cloth thing I was playing around with, and I was like, hey, I've heard Kimmy K2 is great. I asked it to do something, to look into something. And I was like, do not do anything yet. Don't do anything without asking me. And it immediately went and did explicitly what I told it not to. I specifically told you. And that's the models that we're dealing with. And then I think the part that people is driving more people towards anthropic versus OpenAI is like, the models like Opus, they. There's just something. They just almost always do what you would expect. They're more predictable than, like, they used to be, where you'd get varying responses. You could ask it the same thing multiple times, and as long as you're roughly giving it the same context, it usually comes back pretty similar.

Wade Wells

I was upset when it did that because I asked a question and then it gave me a bad prompt, and I'm like, all right, open a new agent. Ask again. See if anything happened. And then it was exactly the same. And I'm. I'm like, God damn, it's reading my history. I gotta go use a different.

Hayden

Like, oh, man. Yeah, dude, the Kimmy model as well. It kept insisting that I change the default over from Opus. I was like, no, I turned you on. And you're. You're insistent that you switch me or I switch you over immediately to be my production. Like, no, Shut up.

Ralph

Oh, my God. So I guess there was also Another article that 175 publicly exposed Olama AI servers across 130 different. Different countries. Right? So another.

Ryan

That's free money, dude. Yes, that's free money. There's 175,000.

Ralph

Yes.

Ryan

Okay. But it's all like, okay, this is insane. They're probably not mostly in China.

Michelle Khan

Yeah.

Ralph

I mean, but this is just. It's like a. It's like an arms race. Right? You know, and people are just deploying this stuff as fast as they can, and. And security be damned, and let's just see what happens. And that's where we see a lot of these exposed servers for different products, especially related around AI.

Wade Wells

So what you're saying, if you really want good, free AI, you just got to go to Shodan?

Ralph

Yeah, man. You could get some decent tokenization.

Ryan

Dude, that's honestly my biggest question is this, is this hooked up to like an actual powerful GPU or are these like Olama running on like a 2 gig instance? And it's. It could be both.

Ralph

Yeah. Like, I don't think they made a bunch of queries to see how. Which model they were using. Right.

Ryan

I wish they had. I wish they had asked like how.

Ralph

Much model being deployed right now.

Ryan

Right? Yeah, like what? Yeah, like what's are these tiny models? Or are we like, is someone running like freaking deep seek 122 billion on.

Wade Wells

I don't know, someone back that will hit Shodan, grab the list and then go query them all and then that's what you just use over and over again.

Michelle Khan

I think that's what they did. It was just a Shodan or census. It said census output Census.

Ralph

There you go.

Michelle Khan

They're just running a port scan and seeing, oh, these ports are open. So this must be.

Wade Wells

But then I wanted to go query them for like, I just want to use.

Michelle Khan

Yeah, that's something for you to do using Notepad.

Ralph

Use Notepad, but actually just get your. Your open Malt or whatever to do it for you.

Hayden

Open malt. Oh God. That's what he's going to change it to next.

Wade Wells

No, man.

Ryan

Open malted milkshake.

Ralph

Malted milkshake.

Andy

How else are you supposed to boost your meme coin on malt book without burning all your claw tokens?

Ralph

Exactly, man.

Hayden

Yeah, people talk so highly about the open claw thing and people tweet about how you can give it a trading account. It'll make money. Me, I was talking to somebody whose friend tried that approach and he was like, dude, I lost three grand. Okay, so you gave, dude, you gave this AI model $3,000 and said, go for it, chief. Try your best, make no mistakes.

Ryan

I watched so many videos about it and like every video I watch where people are using it, all they're using it to do is just prove that it can do stuff. None of it is actually useful. They're like, oh, I can do this. It's like, yeah, I'm not surprised that with an API key it can read your email.

Wade Wells

Email.

Ryan

Like, I'm not like, oh my God. It can read your email. Like, I don't. I don't know. I mean, it is what it is, but the only way to get any value out of this is to completely raw dog security and just give it everything.

Ralph

Yeah.

Ryan

Which is insane. Just be like, oh, it can do everything. It can fully impersonate me. Like, I, I don't know. I, I, I want to see that. I don't know.

Hayden

It's, it's like normal server architecture or like anything else in technology. Like, if you use it correctly, it can do some very cool things. If you use it incorrectly, it will absolutely, you know, backfire.

Ryan

Yeah.

Andy

All right, let's imagine trying to use it for trading. It'd be like, you know, all right, buy low, sell high. And then it'd be like, no mistakes.

Michelle Khan

What?

Andy

No diamond hands? We're never selling.

Ryan

I mean, it's going to spend more money in Claude tokens than it would in it would ever make you back. But anyway, what about the.

Ralph

Do you guys see the Panera Bread breach? It was, it wasn't just Panera Bread, though, dude.

Ryan

They got past the bread bowl defense.

Hayden

Yeah, definitely did.

Wade Wells

I thought after that energy drink snafu they were going under.

Ralph

Oh, no. So it was Matt.

Hayden

The caffeine that kills you. I missed that. I wanted one.

Ralph

Yeah. Okay. Cupid and Panera Bread were reached by.

Ryan

Oh yeah, this is Shiny Hunters, right? Yeah, this is China Hunters.

Wade Wells

Were they, were they both on the shared host. Same shared hosting platform with the WordPress service.

Ralph

You know, that would have made it more fun.

Michelle Khan

They're on a php.

Ralph

Yeah, it was all php. It always is. Yeah.

Ryan

Shiny Hunters is trying to extort people. Yeah, yeah. And I assume it's SaaS, right? It's got to be SaaS. That's their MO. The shiny hunters folks are about vishing people to get access to SaaS, right? Like, I'm guessing they called up the Panera Bread bread bowl manager and we're.

Ralph

Like, hey, it was through their SSO platforms and using voice cloning techniques, which resulted in a growing number.

Wade Wells

Yeah, nice.

Ryan

Yeah, the vishing that they're, they're big vishing. They're really good.

Ralph

Now everyone's going to know who you matched with. On Hinge, on match and on OkCupid.

Ryan

I was going to say what is actually deploy or what is actually breached? Like they. I guess I should be the guy.

Ralph

Tracking information usage data.

Michelle Khan

IP address.

Ralph

Oh, man, they're going to know how many Panera Bread orders I made. Damn it.

Ryan

That's what.

Hayden

You ordered 500 pesto flatbreads last year. Are you freak.

Ryan

What's wrong with you?

Ralph

Like 2025 rap was depressing.

Hayden

Yeah.

Ryan

Yeah, I guess. Address is in the Panera one. People you can somehow address.

Michelle Khan

Yeah, yeah, there was a. I remember that other breach. You guys probably know the alcohol selling. What was that website that sells wine bottles and stuff.

Ryan

Drizzle or whatever.

Michelle Khan

There was another website that got breached. I had access to that breeze breach and I had one of the criminals in that breach their email address. And I looked it up and I saw all the orders they had made for wine bottles and it was to his own address. So I found his home address based on an unknown email address essentially. So that's what the breach can potentially be used for, correlating all this information.

Ralph

It's like a mind map of decoupled information. Right. So by itself it's not that amazing. But combined with other kinds of information sources, they can create a picture of whatever, whoever they are, what they do and you know where they.

Ryan

Yeah, I mean breach is not good. I mean it's, it's a ransomware group, they're financially motivated. It's kind of, you know, it's like should they pay the ransom to protect their consumers data? Sadly, from a security perspective, no. Because this will have no blowback on that them. So that sucks.

Ralph

Employers discovering your dating profile, risk of doxing, there's tons of things.

Ryan

Yeah, yeah.

Wade Wells

All righty. I got a good one.

Ryan

Yeah, we have like time for one or two more.

Wade Wells

All right.

Ryan

There's a lot of good write up, there's a lot of good articles. Like. Well, we'll do like a lightning round at the end.

Wade Wells

All right. Okay, we could do that. This one is just interesting because we finally see Russia using good network equipment.

Ralph

Oh yeah.

Ryan

So yeah. So basically the article is that Hunter Brooke. Does anyone know who Hunter Brooke is? Someone that took the space out of their name. First name Hunter, last name Brooke. But they don't use a space in their name. Says that ubiquity, which is like my personal choice of fun home networking equipment and a lot of people. Yeah, it's like a prosumer type network. It's not really enterprise ready but it's like probably overkill for most small businesses. Essentially Russia is using it to power their battlefield communications. I gotta say it makes sense. It's open source, they don't have visibility or it's not open source, but it's like self managed. They don't have visibility, they don't have control. Like it's kind of a bummer they're getting abused by Russia and I hope they don't get banned or anything like that. But yeah, I mean this is the, the selling point from a privacy perspective is that that it's self managed and self controlled. So it makes sense that it would also work for Russia. I'm sure that Ubiquiti right Now has like 18 missed calls from the US DoD, right? Being like, hey, how's it going? Can you get me, can you get me access to this control plane, please? I want to create a new vlan.

Andy

I feel like you need to take everything in that article with a giant grain of salt because if you look at that last paragraph, it's like Hunter Brook Capital is short on ubiquity based on this.

Ryan

Oh, no.

Wade Wells

Yeah.

Ryan

So it's a capital company. Oh, yeah.

Andy

This is just like market manipulation.

Ryan

Okay, I want to see like this all started from one guy who like found a screenshot and was like, that's interesting.

Wade Wells

And then.

Andy

Yeah, based on Hunter Brook Media's reporting, Hunter Brook Capital is short ubiquity. Two entirely different unrelated companies, I'm sure.

Ryan

Yeah. There's 100 Buck Security, which operates completely independently and completely separately. There's 100 Capital, which makes decisions based on everything that Hunter Brooks Security discovers during their research. Don't worry about it. It's actually Claude bot anyway.

Ralph

It always is.

Hayden

Always has been.

Ryan

Yeah, Maybe that's the 2026 version of the Big short is like you gave all of the hedge funds control to an AI.

Andy

If we want to talk about companies fueling Russia though, maybe it's fortinet and default creds.

Wade Wells

The.

Andy

The, the Poland cert article we had.

Ryan

Was that default creds. Is that the entry mechanism?

Wade Wells

It was.

Andy

It was fortinet vulns and also default creds and also just like lol. Really, guys?

Ryan

Okay, so basically, just to kind of zoom out, for those that haven't read all the articles, Poland Search published a really interesting write up in essentially how someone attacked their grid. And it sounds like they weren't super successful. I mean, they were successful in compromising the grid and the systems that support it, but they didn't actually take the power down.

Andy

From what I understand, they were unsuccessful in the. The final wiper detonation. Their EDR managed to stop it.

Ralph

Yeah.

Andy

So it. It did not shut down the grid and 500,000 Polish people did not lose power and heat in the middle of winter. Yay.

Ryan

Right, so it sounds.

Hayden

It says this specifically final stage was blocked by the edr. And so like, it got pretty dang close.

Ryan

They fully compromised the network, but they were unable to take down the power with that access.

Hayden

Yeah, so they compromised it. Their goal, though, was just destruction and they were barely held off by, you know, whatever edr. They had Claudebot.

Wade Wells

Yeah, I mean, definitely don't say that someone's gonna hear that and start deploying claudebot everywhere.

Ryan

Yeah, yeah. So read if you're a threat hunter or if you're a CTI person. Read the write up. It's really interesting. I think it is a good demonstration of like, if you have good safeguards, you might actually avoid a dangerous attack like this. And so having defense in depth. Why do you have art? Why do you have edr on your OT systems and in your RTUs and stuff? For this exact reason.

Ralph

So.

Ryan

I guess we're really lightning round. I also wanted to mention the really interesting write up of like the Google takedown of a residential botnet. I'm just going to throw it in there, recommend people read it. But essentially they took down a residential botnet with. That was apparently abused by 500 different threat actors or something.

Andy

VPN companies that they were tracking.

Ryan

Yeah, well, the VPN companies are just the. Those are. That's the bottom net.

Michelle Khan

Yeah.

Andy

So, yeah, yeah. Remember, if you're not paying for it, you're the product.

Ryan

Yeah.

Wade Wells

Oh, they have the name of all of them right here too. I didn't realize that.

Ryan

Yeah, the names are there. I mean, I will say, like these companies, this is one of those things of like, good luck sourcing ethical residential IPs. Like, you know, it's like, can you find chocolate that wasn't had, that didn't have slavery in the supply chain? Like, yes, but you have to work hard. This is the same thing with residential IPs. Like, most of these are sketchy sources that best. And yeah, it's not great. It's a good read up or it's a good write up.

Ralph

What do you mean? I get paid for people to use my Internet.

Wade Wells

That raspberry PI to my house, it's been plugged in ever since.

Ryan

Like, dude, that's just my b. That's just my backup server. Don't worry about that.

Ralph

That's how I make money now is I just use my Internet for. People pay me for. I'm not sure what they're doing that.

Ryan

That, that blinky box in the corner. No one ever talks about it.

Ralph

Yeah, I got too many. I can't take.

Wade Wells

Zach prompted. Who, who has classes coming up?

Ryan

I don't know. Someone's doing dishes in the back. Whoever you are, you're. You're doing a great job.

Michelle Khan

My microphone is too sensitive, it seems.

Hayden

I think someone's destroying all of your dishes.

Ryan

Yeah, you might, you might want to.

Ralph

You might.

Ryan

That the robot. The robot in your house that's trying to do dishes. The guy with the VR controllers, like.

Ralph

Trying to do that.

Michelle Khan

It's the knees of the robot cracking.

Ryan

Okay.

Michelle Khan

Too much work.

Ryan

Anyway, good plug. Good plug. We got two classes upcoming at Mileha Hack and Fest in Denver. Virtual options available. You got Hayden, you're teaching a class, and I guess Michelle is also teaching a class. Ralph, are you teaching anything? Wait, anyone else?

Ralph

No, no. I've taken the next level OSINT class. I took the first one. I think. I think it was the. I think it was the first, like, public one. Yeah, yeah, it was a great class.

Ryan

Good.

Ralph

So if you want. If you want to learn some OSINT stuff. Yeah, super fun. And since osint, you can do it live, right? You know, you get to really experience it right there.

Wade Wells

Hayden and I do have a webcast coming up on over whatever it was up there. Now it's not. Not. Doesn't matter. Most of people are listening to it. Okay, there it goes.

Ryan

Fireside Chat. Is the fire just a gpu?

Wade Wells

Yeah, that's all we're doing. It'll probably be just be us talking about AI and blue team stuff going back and forth, probably all things blue team.

Hayden

So Jerry's just going to play work on his magic decks in the background.

Ryan

Nice. And then I guess we also have the upcoming sock summit.

Wade Wells

Yes.

Ryan

I don't know anything about that, but the logo looks sick.

Hayden

I mean, it's going to be a bunch of talks around sock and blue team stuff. There's going to be some workshops, plenty of talks. I think maybe even some training. So. Going to be pretty sick.

Wade Wells

Are you talking, Hayden?

Hayden

I am, yeah. I have a workshop or a talk. I can't remember which one. It's one of those.

Ralph

I, too.

Hayden

Yeah. So mine is a talk that's preceded by a workshop in a couple weeks after that. But my talk is all around how to take basically CTI and turn it into.

Ralph

Into detection.

Wade Wells

Great. Thanks a lot. And thanks for ruining my talk. I need to come up with another talk idea.

Ralph

No, I need to take, like an hour and build a pew Pew map with vibe coding just because I think you can make some pretty cool ones now that would be good at your sock. You want to.

Hayden

Oh, yeah, that's a good idea.

Ryan

I want to see. Here's what I want to see. Okay, here's. Here's my product request to whoever vibe codes things from Discord. Here's what I want. I want someone to make. Take a thing that monitors your AI queries and then builds visual representations of what you're asking for and just Displays them as videos. So like, if someone is asking for a way to bypass some security, it'll make like a graphic of like a computer with like a Pew Pew going into it. If someone's asking for a recipe for waffles, it'll make like a graphic of like waffles being creative. If someone's asking for like, am I? Hey, send this email. It'll be like a little graphic of an email email. I just want to know, like, graphically what are my users doing? And then when it starts shifting to weird stuff, it's not like a Pew Pew map. It's like, oh, someone. There's like a horse that just stabbed a guy and then lit it on fire. Okay, we need to go find that employee, backtrace that ip, find that employee who sent that query in.

Michelle Khan

So what you're saying, I'm sure the three letter agencies have that running in the background. Yeah.

Ralph

AI query, which is text and then which. Which takes some computing to like respond. And then when once that responds, you're going to send that to another AI to make a. Yes, to make an image so that they can send an image and then you can interpret the image from what the text was.

Ryan

Yes, correct.

Wade Wells

New detection developer. I'm loving it.

Ryan

Okay, listen, this is the new version of a Pew Pew map. It also could be simplified down into like a smiley face or a sad face face, depending on whether the queries are positive sentiment or angry sentiment. And then we can just see the mood of the company. It's like a mood ring for your company. All right.

Wade Wells

This reminds me, like during the sans talk when, like, they have a person drawing out the person's talk as they go, Right. Where they're like drawing arrows and boxes and stuff like that and like circling things like.

Ryan

Yes, it's like that, but with AI.

Wade Wells

But I'm down for it.

Ryan

Exactly.

Ralph

Yeah.

Michelle Khan

You could totally get on other jobs.

Wade Wells

Replace another job.

Andy

You all.

Wade Wells

They're replacing everyone's job already, right? All I have.

Ryan

I mean, okay, whose job did Pew Pew Maps replace then?

Michelle Khan

By that guy who used to draw manually at sans.

Hayden

That guy?

Ryan

The one Sans guy. Ok, let's get into CTF winners. Obviously. Our conference is next week. Ryan, we don't have a show next week. Right. Because it's our conference and we're going to do it live. Is that correct?

Ralph

Yeah, we're going to do the show.

Wade Wells

We're going to do the show from Waldo's Hacking Fest.

Ryan

Sweet. So no show on Wednesday week?

Wade Wells

Yeah, not on Monday.

Andy

It's on Wednesday.

Ryan

Sweet.

Andy

Different time.

Ryan

Different time, different place. Get scared. I'm scared. The CTF winners. We have a winner for one year of Anti siphon on demand training Access, which is a huge. We don't know the value. We can't calculate it. We tried to put it into AI and it just said not a number. The winner is. Alex. Broke it. 29439. Good job, Alex. You broke. Broke it. Congratulations. And for Anti siphon ctf, there's no winner. So I guess. Try harder, everyone. I don't know if that CTF must have been really hard. I guess there's no one sliding them now. Put it into Claude AI even harder. Okay? Like I don't know how.

Hayden

Try using Thinking mode.

Ralph

Yeah.

Andy

Try.

Wade Wells

Yeah.

Ryan

Use a more expensive model next time.

Ralph

Keep revving up the model until you get the answer. Answer back. Also, gaslight the model. It will do better.

Ryan

Yes. And then the model will gaslight you in return. It's the cycle of life. All right. That's a good place as any to end it. Thank you all for coming. We'll see you all next week. If you're going to be in Denver, stop us. Say hi. Introduce yourselves. We'll see you around. Bye, everyone.

Michelle Khan

See you.

Wade Wells

Sam.