00:00:00.000 –> 00:00:04.800
All right folks you have the download button on security assessment podcast
00:00:04.800 –> 00:00:09.800
brought to you by our company Lopani security if you’re interested go to the
00:00:09.800 –> 00:00:14.240
link in the show notes below and check out all of our services software that we
00:00:14.240 –> 00:00:19.680
offer as well as our blogs about security in all our past podcast
00:00:19.680 –> 00:00:25.360
episodes I want to thank you all for listening and let the show begin
00:00:25.360 –> 00:00:39.160
all right and welcome to another great edition of our podcast a security
00:00:39.160 –> 00:00:47.000
assessment podcast hosted by yours truly Brandon so folks a bunch of things to
00:00:47.000 –> 00:00:52.120
talk about this week I hope I get to the news but I have a bunch of other stuff I
00:00:52.120 –> 00:00:57.480
want to go ahead and talk about this week because a lot of a lot of things
00:00:57.480 –> 00:01:05.520
came out and I just want to go over everything with you so first and foremost
00:01:05.520 –> 00:01:12.240
Apple a lot of news coming out of there first of all the vision pro as that was
00:01:12.240 –> 00:01:16.240
released this past week and Apple so far I said they sold a hundred and
00:01:16.240 –> 00:01:22.200
eighteen thousand units now I know this isn’t security related but I’m gonna kind
00:01:22.200 –> 00:01:27.560
of bring this full circle so if you guys remember over the years Apple’s policies
00:01:27.560 –> 00:01:32.560
with their app store and all that kind of stuff have been very much based on
00:01:32.560 –> 00:01:37.320
security so in other words we have to you know take a third of this because it
00:01:37.320 –> 00:01:42.240
caused us to run you know the app store it costs us to do this that well
00:01:42.240 –> 00:01:46.840
apparently now a lot of these companies that they have really messed with
00:01:46.840 –> 00:01:55.680
Netflix Spotify Google are coming back now and kind of striking back at Apple a
00:01:55.680 –> 00:01:59.360
little bit they are actually a lot of these companies are saying well yeah
00:01:59.360 –> 00:02:04.440
we’re not making an app for the vision Pro sorry Apple so there’s no Spotify
00:02:04.440 –> 00:02:09.040
support no Netflix support no YouTube support on it there’s quite a few things
00:02:09.040 –> 00:02:11.520
that are not going to be available in the vision brokers people are not making
00:02:11.520 –> 00:02:17.160
apps if the thing really takes off I’d imagine that they probably woke they
00:02:17.160 –> 00:02:21.520
don’t want to mix out on that part of the market but apparently a lot of these
00:02:21.520 –> 00:02:25.860
companies are a little upset with Apple’s tough tactics and what they
00:02:25.860 –> 00:02:30.160
think they’ve done to them over the years and stuff and they are not going
00:02:30.160 –> 00:02:33.800
to take it and they’re gonna hit Apple where it hurts and that’s app support
00:02:33.800 –> 00:02:38.120
for the vision Pro so while Apple has always done it on the gaze you know guys
00:02:38.120 –> 00:02:43.120
of security apparently now coming back to kind of bite them a little bit so
00:02:43.120 –> 00:02:49.520
that was in the news with the vision Pro do I think all of that over the years is
00:02:49.520 –> 00:02:54.840
all for security I don’t necessarily think at all I think was to help Apple’s
00:02:54.840 –> 00:03:02.240
business but I do think that now this visa may either way I like I said it’s
00:03:02.240 –> 00:03:06.080
going to you know it’s gonna be a thing for them now and going forward they’re
00:03:06.080 –> 00:03:10.840
gonna have I think a tough time with this app support I know Microsoft apps
00:03:10.840 –> 00:03:15.280
and stuff are on it but apparently a lot of the other entertainment apps that
00:03:15.280 –> 00:03:21.400
people are gonna want are not on it so 17 an app update did come out before the
00:03:21.400 –> 00:03:25.920
iPhone will begin to patch a vulnerability but also Apple added
00:03:25.920 –> 00:03:30.200
something called stolen device protection for the iPhone and what this
00:03:30.200 –> 00:03:33.920
actually is stolen device protection adds a layer of security to your phone
00:03:33.920 –> 00:03:38.200
that basically like if you’re trying to use it when you’re at home or work
00:03:38.200 –> 00:03:42.760
places it recognizes it will actually help protect your account and and so no
00:03:42.760 –> 00:03:46.840
words when if your device you know like if your devices phones it’s stolen it’s
00:03:46.840 –> 00:03:49.440
gonna be someplace where you’re not normally so what this will say is hey
00:03:49.440 –> 00:03:54.400
this isn’t you know this device really has never been here before why are you
00:03:54.400 –> 00:03:58.360
trying to change your password right now and then it’s gonna obviously force you
00:03:58.360 –> 00:04:04.640
to do face face ID biometrics as well as part of it because in case somebody’s
00:04:04.640 –> 00:04:09.960
shoulder surfing and you know you know they just catch catch your code like I
00:04:09.960 –> 00:04:13.040
said if they open it and then also to the so in order if you want to change
00:04:13.040 –> 00:04:15.640
your password it’s actually be your code anymore if you’re in a weird place
00:04:15.640 –> 00:04:20.240
you’re going to have to actually scan your face and put in the code so more of
00:04:20.240 –> 00:04:24.280
a two-factor kind of thing I think I think it’s gonna be really lovely I said
00:04:24.280 –> 00:04:26.960
well this could make you know changing your password a little more of a pain
00:04:26.960 –> 00:04:32.400
the way it sounds you can read through Apple support document the way it sounds
00:04:32.400 –> 00:04:35.720
is it’s only going to be an issue if you’re going someplace you’re normally
00:04:35.720 –> 00:04:39.200
not and you’re and you’re trying to change your password so it looks like
00:04:39.200 –> 00:04:41.920
Apple’s being really intelligent about that now like I said it’s gonna really
00:04:41.920 –> 00:04:45.840
be more of a thing where okay I’m out and about you know I’m at a place I’ve
00:04:45.840 –> 00:04:49.400
never been before I went to change my password and now it’s gonna make me scan
00:04:49.400 –> 00:04:53.600
my face put in my passcode and it’s gonna make me wait you know so it’s one
00:04:53.600 –> 00:04:56.840
of those things it looks like I think it’s a good idea definitely not gonna
00:04:56.840 –> 00:04:59.960
hurt I think it’s gonna be much more of an issue if you’re hook oh someplace
00:04:59.960 –> 00:05:02.320
you’ve never been before it’s gonna be like your credit card if you try to use
00:05:02.320 –> 00:05:05.720
your credit card someplace you’ve never been before you know it’s gonna make it
00:05:05.720 –> 00:05:11.160
a little more difficult so I’m all for it I think that’s a good thing also to
00:05:11.160 –> 00:05:17.320
Apple they actually the beta now is out for 17 for which is gonna be the next
00:05:17.320 –> 00:05:23.960
update which is coming in March and apparently now Apple in in the EU very
00:05:23.960 –> 00:05:31.040
key part here in the EU they are going to allow side loading of apps and in
00:05:31.040 –> 00:05:35.840
loading things outside of the App Store but however there’s gonna be the saying
00:05:35.840 –> 00:05:39.940
a fee for it or a charge for it or something like that Apple hasn’t said
00:05:39.940 –> 00:05:44.560
what yet this is all speculation because if you can do see in the code that there
00:05:44.560 –> 00:05:50.840
is actually slide loading that’s going to be available but like I said it’s
00:05:50.840 –> 00:05:54.960
going to be an issue because you’re gonna have to pay for it I think I think
00:05:54.960 –> 00:05:58.600
Apple’s gonna use it as a is hey you want this great you got to pay for it
00:05:58.600 –> 00:06:02.600
now so that was something that a lot of people is talking about too on the
00:06:02.600 –> 00:06:07.720
iPhone which is okay so Apple is going to allow side loading now in Europe and
00:06:07.720 –> 00:06:12.520
please it’s not in America yet just point that out in Europe but in order to
00:06:12.520 –> 00:06:16.920
do this you got to pay a fee now somebody had said what if I use a VPN I
00:06:16.920 –> 00:06:19.960
don’t think that’s gonna work because I think the Apple knows where the phones
00:06:19.960 –> 00:06:23.880
purchased if it’s purchased over in Europe or purchased here so even if you
00:06:23.880 –> 00:06:27.840
use a VPN that’s not gonna make a difference they’re still gonna know
00:06:27.840 –> 00:06:32.320
where the phone was bought so even if you would use a VPN now if you bought a
00:06:32.320 –> 00:06:38.700
phone overseas and brought it here I think it would be okay so I’m wondering
00:06:38.700 –> 00:06:42.520
now if people that want to side load apps are gonna buy apps overseas and how
00:06:42.520 –> 00:06:46.480
Apple’s gonna regulate this is this could start to be a pretty big thing for
00:06:46.480 –> 00:06:51.400
Apple and then – if people figure if they are going to allow side loading how
00:06:51.400 –> 00:06:54.960
are they going to control it and if there is a way to do it can people over
00:06:54.960 –> 00:06:59.000
here so people here make start cracking their iPhones and doing it so I’m
00:06:59.000 –> 00:07:03.520
curious to see what this is gonna once you start opening that little box there’s
00:07:03.520 –> 00:07:06.200
no way to go back now Android has been able to people to andrew’s been able to
00:07:06.200 –> 00:07:11.400
do this for since the beginning of it because androids open source but I’m
00:07:11.400 –> 00:07:18.360
very curious to see how this is going to play out over the next you know as it
00:07:18.360 –> 00:07:23.480
starts happening because Apple is doing this to comply with EU regulations which
00:07:23.480 –> 00:07:26.640
I mean I understand them allow you I mean it’s your phone you bought it it’s
00:07:26.640 –> 00:07:33.440
not like Apple owns it but I’m very curious to see what is what how this is
00:07:33.440 –> 00:07:36.400
gonna play out and how people are gonna make it work over here in America you
00:07:36.400 –> 00:07:41.100
know people over here in America and I figure it out so well that remains to be
00:07:41.100 –> 00:07:44.680
seen but it looks like Apple is going to start allowing sideloading but it is
00:07:44.680 –> 00:07:47.960
going to cost it’s not going to be free there may be a monthly subscription to
00:07:47.960 –> 00:07:53.400
do it Apple’s gonna I’m sure figure out a way to have control over it so we will
00:07:53.400 –> 00:08:00.720
have to wait and see with that also – some other interesting things that have
00:08:00.720 –> 00:08:05.360
come out of Apple this week that I found this was actually a couple like this is
00:08:05.360 –> 00:08:09.180
a couple weeks ago but I wanted to wait and see to talk about it so apparently
00:08:09.180 –> 00:08:15.640
Apple hasn’t now Apple has somebody had discovered a back door in iOS where
00:08:15.640 –> 00:08:21.180
Apple can get into your phone Oh Apple’s kept it a very tight-knit secret not
00:08:21.180 –> 00:08:24.600
many people have ever been able to nobody’s been able to they say they
00:08:24.600 –> 00:08:29.560
don’t know if you like to explain it or not only Apple’s able to do it but the
00:08:29.560 –> 00:08:34.920
reason why I’m bringing this up is because this really is going to set a
00:08:34.920 –> 00:08:38.960
precedent now be now that people know this exploit is out there and not really
00:08:38.960 –> 00:08:42.860
an exploit it’s something Apple can do but if you remember a couple years ago
00:08:42.860 –> 00:08:49.640
Apple was trying to get there FBI was trying to get Apple to unlock an iPhone
00:08:49.640 –> 00:08:53.740
of somebody that they thought something you know whatever they wanted to get into
00:08:53.740 –> 00:08:58.120
this person’s phone and remember Apple says once the phone is locked we can’t
00:08:58.120 –> 00:09:02.620
we can’t unlock well apparently Apple can so they kind of lied to the
00:09:02.620 –> 00:09:06.880
government saying that no we can’t get into that device when they actually can
00:09:06.880 –> 00:09:11.440
now the fact that people know what the exploit is nobody they’re saying that
00:09:11.440 –> 00:09:14.520
they don’t believe it’s being exploited because only Apple knows about it it’s
00:09:14.520 –> 00:09:21.080
been very kept very very tight but my issue with this though is is if Apple
00:09:21.080 –> 00:09:24.920
knows about it one have they used it which they have said they haven’t but we
00:09:24.920 –> 00:09:29.560
don’t know about that and then two now that it’s out there Apple’s you know
00:09:29.560 –> 00:09:33.840
gonna I’m sure Apple’s gonna patch it now but even if you patch it you can’t
00:09:33.840 –> 00:09:37.440
what’s to say somebody figures out a way to unpack it by putting an old version
00:09:37.440 –> 00:09:42.880
of iOS on a phone or something like that so this is gonna make things a lot a lot
00:09:42.880 –> 00:09:47.120
so our security goes I think it really hurts Apple tremendously now because the
00:09:47.120 –> 00:09:52.400
fact is it was there you could get in not I mean Apple I think on whatever but
00:09:52.400 –> 00:09:58.920
now that it’s there I’m sure these the state-sponsored company you know FBI
00:09:58.920 –> 00:10:02.600
are gonna try to find how to get into it how to use it so they can get in after
00:10:02.600 –> 00:10:06.160
Apple told them they couldn’t so I imagine Apple is gonna probably get some
00:10:06.160 –> 00:10:09.200
crap for lying to government which whatever that doesn’t really I don’t
00:10:09.200 –> 00:10:12.520
really care about that but I’m curious now what they are going to do and how
00:10:12.520 –> 00:10:16.600
they are gonna try to exploit this especially on phones that they want if
00:10:16.600 –> 00:10:21.380
you remember during that whole thing where Apple were refusing to unlock the
00:10:21.380 –> 00:10:27.660
iPhone I remember distinctly Apple was going to so when you back your phone up
00:10:27.660 –> 00:10:35.160
to the cloud to iCloud that that backup is not encrypted all the iPhone if you
00:10:35.160 –> 00:10:38.680
back up your phone to that cloud it’s not encrypted Apple was going to have a
00:10:38.680 –> 00:10:42.820
feature on the phone where you can swipe and say hey I want my all my backups to
00:10:42.820 –> 00:10:49.360
my iCloud encrypted the Apple actually took him had to kind of be nice to the
00:10:49.360 –> 00:10:53.060
FBI said listen we’re not going to give people the ability to encrypt their
00:10:53.060 –> 00:10:58.960
backups in the cloud now if you plug your phone into a computer and I – I
00:10:58.960 –> 00:11:03.380
called iTunes with something iTunes open up iTunes and hit you know make backup
00:11:03.380 –> 00:11:06.560
and notice did you want to encrypt backup yes it will encrypt it on your
00:11:06.560 –> 00:11:12.480
computer but the iCloud backup that’s saved up to iCloud is not encrypted and
00:11:12.480 –> 00:11:16.960
they say the reason why Apple does this is to help the FBI out because if they
00:11:16.960 –> 00:11:20.420
can at least get into some his iCloud account they can at least get an
00:11:20.420 –> 00:11:24.680
unencrypted backup of the phone and you know at least that way they you know it
00:11:24.680 –> 00:11:27.500
was basically like Apple saying hey we’re gonna play nice so at least if you
00:11:27.500 –> 00:11:31.940
hacked the person’s iCloud you know bag up you can get a copy of the it was kind
00:11:31.940 –> 00:11:36.920
of like because I guess the I guess they said the FBI and some of that actually
00:11:36.920 –> 00:11:42.120
do use iCloud iCloud backups of that to get to phones and stuff or people of
00:11:42.120 –> 00:11:45.560
interest and things like that so I guess it was Apple’s way of saying okay well
00:11:45.560 –> 00:11:49.080
we’re going to go ahead and at least we’re not gonna crack this device for
00:11:49.080 –> 00:11:52.980
you but there is a way of you getting a copy of the phone it’s kind of a little
00:11:52.980 –> 00:11:58.060
hold in Apple’s thing that they do to help out law enforcement but the fact
00:11:58.060 –> 00:12:00.480
that they’ve lied for years and said they have no way of getting into a
00:12:00.480 –> 00:12:03.960
device and they actually could I’m curious to see if there are going to be
00:12:03.960 –> 00:12:08.940
any repercussions for this I doubt there will be but you know it’s it will have
00:12:08.940 –> 00:12:12.720
to wait and see what happens but this is quite an interesting topic to me anyway
00:12:12.720 –> 00:12:16.280
because people said well they’re patched now that people found out about it yes
00:12:16.280 –> 00:12:19.920
they passed it but just because it once it’s there it’s there I mean you could
00:12:19.920 –> 00:12:23.160
patch it but then you know people can install the patch we can use an old
00:12:23.160 –> 00:12:26.080
version of iOS once once they find us there apparently it’s been there since
00:12:26.080 –> 00:12:33.160
the iPhone 6 6 & 7 they said so you know and the new phone has it all the new
00:12:33.160 –> 00:12:36.880
phones have it but now obviously the patch but again it’s there so I’m very
00:12:36.880 –> 00:12:39.680
curious to see what’s gonna go with this this is gonna be an interesting topic to
00:12:39.680 –> 00:12:45.600
watch now especially since there is a way to do this so this am I been on the
00:12:45.600 –> 00:12:51.080
Apple should have ever done this I’m totally against it but you know it is
00:12:51.080 –> 00:12:54.560
what it is it’s out there now and we have to deal with it so but yes I thought
00:12:54.560 –> 00:13:00.220
that was a very interesting topic to say the least as far as that doesn’t mind to
00:13:00.220 –> 00:13:05.000
the authorities all that kind of stuff it was interesting so speaking of another
00:13:05.000 –> 00:13:08.520
thing about Apple we’re just gonna I’m just gonna unload all the Apple news
00:13:08.520 –> 00:13:14.000
first thing in the podcast Mozilla is saying that Apple’s new browser rules
00:13:14.000 –> 00:13:18.440
are a real pain in the butt Apple has new rules in the EU that we talked about
00:13:18.440 –> 00:13:24.840
before that are supposed to support open iOS to alternative browsers supposed to
00:13:24.840 –> 00:13:29.560
be opening up iOS to alternative routers that alternative browsers thank you
00:13:29.560 –> 00:13:35.120
Apple’s new webkit which they’re releasing to meet with EU requirements
00:13:35.120 –> 00:13:38.960
so now you’re not only going to use webkit but you’re gonna have this other
00:13:38.960 –> 00:13:42.720
thing now so what what people are saying is well this is gonna be a pain in the
00:13:42.720 –> 00:13:47.320
butt now because you’re gonna have to maintain you’re going to retain either
00:13:47.320 –> 00:13:50.800
the one for America which is using webkit which yeah and then you have to
00:13:50.800 –> 00:13:55.360
maintain the one in Europe now which supports other things besides webkit so
00:13:55.360 –> 00:13:59.880
it kind of makes it having to maintain both but I get why Apple’s doing this
00:13:59.880 –> 00:14:03.360
you know they’re trying to make it so that at least the you know people that
00:14:03.360 –> 00:14:08.200
want to use the apps in the store and stuff are safe but apparently they could
00:14:08.200 –> 00:14:12.600
say the EU they’re saying that since there’s gonna be two versions of this
00:14:12.600 –> 00:14:15.600
particular way you can do this one with the webkit and the one outside of the
00:14:15.600 –> 00:14:22.360
webkit it’s gonna make it kind of a pain to maintain both you know both browsers
00:14:22.360 –> 00:14:26.560
because like I said the Apple like I said their plan is to restrict their
00:14:26.560 –> 00:14:31.240
newly announced browser engine kit to EU specific apps so you’re gonna have
00:14:31.240 –> 00:14:33.560
webkit which is the general kit that we’re all used to and then you’re gonna
00:14:33.560 –> 00:14:39.120
have the browser engine kit specifically for the EU so again this is more that EU
00:14:39.120 –> 00:14:43.400
regulation stuff so it’s gonna be kind of a pain you got to maintain both
00:14:43.400 –> 00:14:47.480
webkits now and obviously that patch that came out this week obviously patched
00:14:47.480 –> 00:14:51.720
webkit because there’s a vulnerability in it but like I said it was a I guess
00:14:51.720 –> 00:14:56.960
it’s been a pretty crazy week I kind of understand where Mozilla is going with
00:14:56.960 –> 00:15:01.600
this again I would like to see and again you can’t get it’s the only thing I don’t
00:15:01.600 –> 00:15:05.000
like about this it’s only in EU so you can’t I would love to see what the other
00:15:05.000 –> 00:15:10.320
webkit is and compare it to this webkit and want to see but like I said that was
00:15:10.320 –> 00:15:13.800
something I saw it then I was like oh that’s that’s pretty interesting so
00:15:13.800 –> 00:15:18.160
Mozilla is complaining about it I’m sure others will complain about it as well
00:15:18.160 –> 00:15:23.180
but that’s what we’re doing so apparently like I said this is all EU
00:15:23.180 –> 00:15:27.600
stuff because the EU regulations and all that so like I said we’ll have to keep
00:15:27.600 –> 00:15:31.640
an eye on all that and see what happens I’d love to see if you get like I said
00:15:31.640 –> 00:15:34.320
let’s get a hands on the webkit over here in America to see what’s actually
00:15:34.320 –> 00:15:40.320
going on with it but we will have to see speaking of things by the way that I
00:15:40.320 –> 00:15:42.960
want to talk about one of the things that somebody had talked about we talked
00:15:42.960 –> 00:15:47.480
about bitwarden and things of that nature with last no I think last podcast
00:15:47.480 –> 00:15:51.080
before whatever it was but dumb somebody had asked about bitwarden on their phone
00:15:51.080 –> 00:15:55.840
and one of the things I had said I think was last podcast was that if you’re
00:15:55.840 –> 00:16:01.880
gonna go with a password app you have to kind of go with it and stick with it and
00:16:01.880 –> 00:16:04.840
one of the things I was trying to explain I don’t think people know this
00:16:04.840 –> 00:16:10.040
and I’ve tried this before you have you can go into your iPhone or Android and
00:16:10.040 –> 00:16:15.720
you don’t have to use Apple’s password manager you can use a different password
00:16:15.720 –> 00:16:21.080
manager you could go in there and say hey I don’t want you know Apple I want
00:16:21.080 –> 00:16:26.680
to use bitwarden or I want to use one password or whatever and once you do
00:16:26.680 –> 00:16:30.360
that you know you can set up so the biometrics I know a lot of people saying
00:16:30.360 –> 00:16:32.680
what’s ridiculous I’m using this on my device and every time I have to type in
00:16:32.680 –> 00:16:38.240
the password no you have to go in you can enable bio biometrics on it on your
00:16:38.240 –> 00:16:42.480
iPhone you can even enable bio biometrics on your Mac if you want to
00:16:42.480 –> 00:16:45.640
yeah you have to open a bitwarden and sign into it but then once you do that
00:16:45.640 –> 00:16:51.300
you can use biometrics on your Mac also so you can use Windows Hello on Windows
00:16:51.300 –> 00:16:54.240
or you can use your password reader on your on your Windows device I’m sorry
00:16:54.240 –> 00:16:58.020
your password your fingerprint reader on your device and you can use biometrics
00:16:58.020 –> 00:17:03.900
for that so I know a lot of you guys are doing using it in the browser there is
00:17:03.900 –> 00:17:11.680
browser integration for Windows Hello and for Mac or like I said Windows so I
00:17:11.680 –> 00:17:15.860
think there’s even Chrome support actually too but like I said Chromebook
00:17:15.860 –> 00:17:18.240
support but like I said go ahead and like I said if you want to use your
00:17:18.240 –> 00:17:21.060
bio met like it’s not a lot of people said to me well I’m using bitwarden
00:17:21.060 –> 00:17:24.520
because it’s safe but it’s kind of a pain in the butt you gotta keep typing
00:17:24.520 –> 00:17:28.180
in the password you don’t you can actually have the biometrics on your
00:17:28.180 –> 00:17:32.320
Android iPhone Windows Mac because you can use Windows Hello or your
00:17:32.320 –> 00:17:36.460
fingerprint reader and go ahead and like I said and it does work pretty well I
00:17:36.460 –> 00:17:40.580
have actually used biometrics so I have all that set up I know it’s not so bad
00:17:40.580 –> 00:17:45.480
on a laptop with a full keyboard but when you’re using your iPhone or if
00:17:45.480 –> 00:17:48.560
you’re you know got stuff in your hand and you just want to look at a password
00:17:48.560 –> 00:17:51.700
or something like that you just want to look at your phone like I said there is
00:17:51.700 –> 00:17:55.200
cable that so go ahead and like I said you can set that up you know a couple
00:17:55.200 –> 00:17:58.020
people that asked about that again if you want to reach out to me it’s
00:17:58.020 –> 00:18:03.180
brandon@lipanasecurity.com is the email I’ll put it in the show notes also so
00:18:03.180 –> 00:18:08.940
you can reach out to me like I said on Twitter kb3yua it’s my call sign but
00:18:08.940 –> 00:18:11.720
like I said you can do that as well a couple people had asked about that so I
00:18:11.720 –> 00:18:16.400
just wanted to bring that up also the other thing I wanted to bring up as well
00:18:16.400 –> 00:18:21.680
more information on the Microsoft hack I guess this is kind of the news I was
00:18:21.680 –> 00:18:24.320
worried we’re gonna get to new stories but I guess these are kind of new stories
00:18:24.320 –> 00:18:30.360
I guess Microsoft apparently they got hacked obviously we know that their big
00:18:30.360 –> 00:18:35.240
executives got hacked because of an old an old system that was sitting out there
00:18:35.240 –> 00:18:38.980
apparently it was a test account that got hacked it was basically a password
00:18:38.980 –> 00:18:44.320
spray account and once they got that simple easy password they were kind of
00:18:44.320 –> 00:18:49.120
able to kind of work their way up and stuff like that so it’s it’s like I said
00:18:49.120 –> 00:18:53.960
it’s not like I said it was very basically a very easy simple password
00:18:53.960 –> 00:18:59.280
hack that’s how most of these things happen believe it or not most of your
00:18:59.280 –> 00:19:02.480
big attacks like this happen for stuff like this but it was just a basic
00:19:02.480 –> 00:19:06.160
password spray attack somebody got into their old account you know they’re an
00:19:06.160 –> 00:19:10.980
old account and and that was pretty much it so like I said not you know not a
00:19:10.980 –> 00:19:14.520
whole lot unfortunately like I said I’m not a fortunate but I’m saying in
00:19:14.520 –> 00:19:21.080
general a lot of times these kinds of hacks are not you know overly complex
00:19:21.080 –> 00:19:24.420
also to one of the other things I would like to point out I got a bunch of
00:19:24.420 –> 00:19:28.080
people that reached out we were talking about Microsoft 365 and all that kind of
00:19:28.080 –> 00:19:32.920
stuff Microsoft Teams actually had like an eight-hour outage yesterday Friday
00:19:32.920 –> 00:19:39.120
and Microsoft hasn’t announced why but they had you know they have had you know
00:19:39.120 –> 00:19:42.840
an outage so it’s one of the point that anybody struggled with teams yesterday
00:19:42.840 –> 00:19:48.780
there was an outage also – I would like to point out to anybody that is
00:19:48.780 –> 00:19:51.340
listening I know a lot of you guys that listen are like me like to mess with
00:19:51.340 –> 00:19:55.700
codes of that if you haven’t yet like I said chat I really would recommend if
00:19:55.700 –> 00:20:00.720
you use github go ahead and get copilot for github is 10 bucks a month I really
00:20:00.720 –> 00:20:03.940
do recommend I don’t make any money on this they’re not Microsoft’s not paying
00:20:03.940 –> 00:20:08.420
me I’m just saying it really helps you when you’re in a bind or you’re
00:20:08.420 –> 00:20:11.380
struggling or you can’t find an error in your code or you’re struggling to
00:20:11.380 –> 00:20:15.060
thinking maybe get the right code for an issue you’re working on I really do
00:20:15.060 –> 00:20:18.500
recommend it I’m not saying it’s a replacement for actually being a coder I
00:20:18.500 –> 00:20:22.580
think it’s just a tool that helps you out but the other reason I’m bringing
00:20:22.580 –> 00:20:26.860
that up is I know a lot of you guys say well I don’t like copilot I don’t like
00:20:26.860 –> 00:20:32.520
you know I don’t like github and I use you know was it jet lab or what is it
00:20:32.520 –> 00:20:35.140
one of the other ones they have there’s a bunch of them out there and that’s
00:20:35.140 –> 00:20:39.260
fine you don’t necessarily have to use a github and by the way I would like to
00:20:39.260 –> 00:20:42.980
point out those of you that know I’m really into open source one of the other
00:20:42.980 –> 00:20:47.180
things that I have actually used in the past I don’t use it much now but I used
00:20:47.180 –> 00:20:52.900
you is mantis mantis is actually a really great open source tool for those
00:20:52.900 –> 00:20:56.040
of you that is that a programmers that say handle my stuff in github I like to
00:20:56.040 –> 00:21:00.460
host my own code I like to host my own bug stuff I like to do all that you can
00:21:00.460 –> 00:21:04.620
go ahead and use mantis it’s a great thing you can also use it for help desk
00:21:04.620 –> 00:21:09.500
there’s it’s open source there’s tons of plugins for it I strongly recommend it
00:21:09.500 –> 00:21:13.020
it’s free it doesn’t cost you a dime also like I said there is something
00:21:13.020 –> 00:21:17.180
called jet lab and that ran out like I said I don’t use jet lab too much I use
00:21:17.180 –> 00:21:23.720
it once in a while only because I help out with the fedora project and they use
00:21:23.720 –> 00:21:27.780
jet lab which is fine but that’s also free you can use there’s also an open
00:21:27.780 –> 00:21:32.120
source version of that but like I said mantis or jet lab are fine I do like to
00:21:32.120 –> 00:21:36.260
use github but that’s fine but anyway one of the reasons why I’m bringing that
00:21:36.260 –> 00:21:40.580
up is because a bunch of guys have said to me well I don’t use github I don’t
00:21:40.580 –> 00:21:47.960
want to pay for copilot so if you are a Windows user Microsoft has actually
00:21:47.960 –> 00:21:54.380
announced copilot there’s copilot which is 20 bucks a month and copilot Pro so
00:21:54.380 –> 00:21:59.060
if you’re a personal user you can get copilot for like 20 bucks a month and
00:21:59.060 –> 00:22:04.760
it works on no works on all the office products it works on vs code works on
00:22:04.760 –> 00:22:08.880
Visual Studio all that kind of stuff so you can get that if you don’t want to
00:22:08.880 –> 00:22:13.200
say I mean it probably is the same thing but it like I said it actually is really
00:22:13.200 –> 00:22:17.120
good it’s Microsoft copilot it actually does I’ve actually found it myself when
00:22:17.120 –> 00:22:19.820
I’m actually like if I was typing up a document for the podcast or something
00:22:19.820 –> 00:22:24.160
like that or piping of a document for somebody it actually is nice because
00:22:24.160 –> 00:22:26.960
actually correct your spelling while you’re doing it it helps to finish
00:22:26.960 –> 00:22:32.200
sentences of that I look at I look at it really more as a tool than anything else
00:22:32.200 –> 00:22:37.540
I know $30 is a bit steep I did get the personal version just because I thought
00:22:37.540 –> 00:22:42.360
it was better in the sense of I mean I have an office professional account for
00:22:42.360 –> 00:22:47.160
testing and stuff but like I said instead of having the professional one
00:22:47.160 –> 00:22:50.160
and going through the business version of Microsoft office I just got the
00:22:50.160 –> 00:22:54.900
personal co-pilots test and it actually works like I said with office it
00:22:54.900 –> 00:22:57.960
works with all their stuff it actually works with their power apps and things
00:22:57.960 –> 00:23:01.600
like that so I mean it basically built into all Microsoft products so if you
00:23:01.600 –> 00:23:05.640
are on got somebody that does a lot of Microsoft work if you are somebody that
00:23:05.640 –> 00:23:09.300
codes if you’re even if you you know somebody like you know a friend or a
00:23:09.300 –> 00:23:13.860
wife that uses office a lot or excel a lot it could really be a great tool for
00:23:13.860 –> 00:23:19.540
them I know 20 is a little steep but it really is a very powerful tool and I
00:23:19.540 –> 00:23:23.520
really do recommend it like I said I’m trying like I said I’m not getting any
00:23:23.520 –> 00:23:28.140
paid from Microsoft to sell you anything but I do think it’s really a great tool
00:23:28.140 –> 00:23:33.540
and I really think you could all a lot of people could benefit from it so like I
00:23:33.540 –> 00:23:36.960
said be something to work looking into you could also go to chat cheap teens
00:23:36.960 –> 00:23:42.360
you get $20 version there it’s not built into as much as the Microsoft one is if
00:23:42.360 –> 00:23:46.560
you use Microsoft products it even works the Microsoft co-pilot on on office even
00:23:46.560 –> 00:23:50.840
works on Mac that kind of shocked me because I do use a Mac so for some
00:23:50.840 –> 00:23:53.600
things so I was kind of shocked I was like hey I works on my Windows machine I
00:23:53.600 –> 00:23:58.000
can’t expected that but then I hopped over on my Mac and like works on that
00:23:58.000 –> 00:24:02.220
too the other thing is – it’s kind of neat that I did like with it and of
00:24:02.220 –> 00:24:04.920
course security is a thing you know I wonder what this thing’s reading and
00:24:04.920 –> 00:24:08.920
keeping the logs that’s something I thought about too but I don’t think it
00:24:08.920 –> 00:24:13.440
summarizes emails it can I all that kind of stuff so a pretty neat could be for
00:24:13.440 –> 00:24:17.080
somebody who maybe is a small business owner that can’t afford to pay a
00:24:17.080 –> 00:24:20.920
secretary or can’t afford to pay an assistant this could be something that
00:24:20.920 –> 00:24:25.000
could really help you out so like I said I know we all worry about what it’s
00:24:25.000 –> 00:24:28.400
collecting what it’s learning but it is something I just wanted to bring up it
00:24:28.400 –> 00:24:33.640
is it was a pretty powerful tool a little bit of old news here but I didn’t
00:24:33.640 –> 00:24:37.840
want to bring this up Google has obviously got hit with that big thing we
00:24:37.840 –> 00:24:42.040
talked about last week for the incognito mode we all remember that whether it
00:24:42.040 –> 00:24:45.880
wasn’t really incognito they were still recording your stuff apparently Google
00:24:45.880 –> 00:24:51.620
settled that lawsuit and now they have actually updated the information in
00:24:51.620 –> 00:24:54.240
their incognito window in the new Chrome so if you update the latest version of
00:24:54.240 –> 00:24:59.480
Chrome you’ll notice the incognito is worded a lot differently saying yes we
00:24:59.480 –> 00:25:03.620
you know it is called conneal we can’t you know you know they did change the
00:25:03.620 –> 00:25:06.880
wording or not a big deal but I just thought just thought that was kind of
00:25:06.880 –> 00:25:11.920
funny that they changed went ahead and changed around a bunch of that stuff so
00:25:11.920 –> 00:25:16.640
it was funny also – I also wanted to bring up somebody had sent me a question
00:25:16.640 –> 00:25:21.000
asking me about global leaks I had talked about that I am gonna publish an
00:25:21.000 –> 00:25:23.960
article on the website this week or next week I did a whole review on it I
00:25:23.960 –> 00:25:28.880
actually loaded in on a VM and I’ve been messing with it somebody had asked me
00:25:28.880 –> 00:25:34.160
about using a VPN and uploading to global leaks I do want to point out too
00:25:34.160 –> 00:25:39.420
that while you should always use a VPN even if you’re using Tor if you if you
00:25:39.420 –> 00:25:44.720
once you actually load up global leaks it actually does a dot onion domain so if
00:25:44.720 –> 00:25:48.720
you are more comfortable with VPN and then opening up Tor and then going to
00:25:48.720 –> 00:25:53.080
that onion site you could do that as well that would probably be the way they
00:25:53.080 –> 00:25:56.120
that’s actually the way they recommend on their documentation as I was looking
00:25:56.120 –> 00:25:59.940
through it I was actually checking the sound like oh okay that’s interesting so
00:25:59.940 –> 00:26:05.880
they actually do recommend using the onion site and not and actually doing it
00:26:05.880 –> 00:26:12.120
that way so but like I said if you you do load up global leaks and all that you
00:26:12.120 –> 00:26:17.160
do notice it will automatically make a dot onion site so that you can go ahead
00:26:17.160 –> 00:26:22.960
and you know use it with Tor and be much more secure again VPN and a
00:26:22.960 –> 00:26:28.120
Tor if you use VPN and use Tor it’s almost anonymous I would say I would say
00:26:28.120 –> 00:26:32.240
it’s pretty pretty close to anonymous so like I said I wanted to point that out
00:26:32.240 –> 00:26:34.540
so if you do see anything I know a couple people say well what is a dot
00:26:34.540 –> 00:26:39.400
onion domain that’s all part of the Tor stuff so very important and I just
00:26:39.400 –> 00:26:42.460
wanted to bring them because that was a question that somebody messaged me and I
00:26:42.460 –> 00:26:45.640
just didn’t want to address it on the podcast so thank you very much I love
00:26:45.640 –> 00:26:49.520
all the emails that I’m getting we get a couple I got a couple last week and I
00:26:49.520 –> 00:26:52.900
got a couple this week so like I said I’m gonna put the email it’s Brandon
00:26:52.900 –> 00:26:58.600
the pain security send me questions if you have also to my Twitter kb3 yua like
00:26:58.600 –> 00:27:02.440
I said reach out to me with your questions and like I said I’ll try to
00:27:02.440 –> 00:27:06.220
answer them on the podcast so I really appreciate that it was really cool you
00:27:06.220 –> 00:27:08.880
know getting emails and stuff like that from you guys knowing that everybody’s
00:27:08.880 –> 00:27:13.160
listening and I like I said I really do appreciate that you guys listening and I
00:27:13.160 –> 00:27:17.260
really appreciate you guys commenting back so like I said really really
00:27:17.260 –> 00:27:21.460
appreciate it so I wasn’t sure I was going to get to the gets all the news I
00:27:21.460 –> 00:27:26.540
had but we’ll get to some of it anyway important stuff anyway so apparently
00:27:26.540 –> 00:27:30.140
WordPress obviously is always under attack by lots of things but apparently
00:27:30.140 –> 00:27:34.100
hackers are targeting a WordPress database plug-in active in they saying
00:27:34.100 –> 00:27:39.020
over a million sites that’s pretty big it’s something called better search
00:27:39.020 –> 00:27:43.100
replace is the WordPress plug-in and hats like I said it’s being exploited
00:27:43.100 –> 00:27:48.580
apparently they have released an update so go ahead and update that if you are
00:27:48.580 –> 00:27:52.340
like I said running WordPress a very important update to WordPress site
00:27:52.340 –> 00:27:55.780
regularly let me tell you there’s so many vulnerabilities out there it’s just
00:27:55.780 –> 00:28:02.300
unbelievable like I said just just how much you know how many vulnerabilities
00:28:02.300 –> 00:28:05.300
come out for WordPress I mean it’s a great platform but it just drives you
00:28:05.300 –> 00:28:08.540
nuts when you really look how many vulnerabilities there are it’s crazy
00:28:08.540 –> 00:28:12.140
something something else like I said I grabbed my attention today the US
00:28:12.140 –> 00:28:16.020
Federal Trade Commission is continuing to clamp down on data brokers by
00:28:16.020 –> 00:28:21.380
prohibiting in market media from selling or licensing precious location data that
00:28:21.380 –> 00:28:25.020
was on a hacker news this week apparently there’s a settlement that’s
00:28:25.020 –> 00:28:30.620
going on part of out a part of allegations that a Texas based company is
00:28:30.620 –> 00:28:33.980
selling information and not telling customers that they’re selling the
00:28:33.980 –> 00:28:39.020
location information the FTC has kind of stepped in and kind of made the kind of
00:28:39.020 –> 00:28:42.620
is going athletes come and saying hey we’re trying to pass a law here if you
00:28:42.620 –> 00:28:47.780
want to you know if you know in in market what’s the name of the company or
00:28:47.780 –> 00:28:50.740
any company for that matter they’re going after saying if you’re going to
00:28:50.740 –> 00:28:57.740
sell people’s location data you have to have their consent so the FCC FTC is
00:28:57.740 –> 00:29:01.260
really clamp you know cracking down on this I’m wondering how this is gonna
00:29:01.260 –> 00:29:05.820
affect things like Facebook I mean like companies like four squared and yes
00:29:05.820 –> 00:29:08.260
they’re still out there but I know probably like but why four square yeah
00:29:08.260 –> 00:29:11.860
how about four squared it’s not there they’re a location they have all that
00:29:11.860 –> 00:29:15.880
stuff there they still collect you have companies like Google so that I’m
00:29:15.880 –> 00:29:19.100
wondering how this is gonna affect them going forward I know in their terms of
00:29:19.100 –> 00:29:22.620
service they do tell you that they use the location services and stuff but I’m
00:29:22.620 –> 00:29:30.900
curious how this is going to play out as we go you know further and further with
00:29:30.900 –> 00:29:33.820
this sort of thing so we’ll have to wait and see but apparently the FCC is
00:29:33.820 –> 00:29:37.300
starting to crack down if people are going to sell your data they have to
00:29:37.300 –> 00:29:40.340
tell you they’re going to sell your location data so those of you that have
00:29:40.340 –> 00:29:45.700
an HP printer I found this was something that I was on our testing a apparently
00:29:45.700 –> 00:29:50.420
the HP CEO apparently he addressed the company’s controversial practice of
00:29:50.420 –> 00:29:56.100
bricking printers when users use third-party ink this is a serious thing
00:29:56.100 –> 00:30:00.820
now they’re saying that they have hacked we’ve actually seen that you can embed
00:30:00.820 –> 00:30:07.640
viruses in ink cartridges okay and and what HP is saying here is well this is
00:30:07.640 –> 00:30:14.020
the reason why we’re bricking printers because we want you to buy HP ink so you
00:30:14.020 –> 00:30:19.640
don’t get a virus on your printer and in wall okay I do agree with that to a
00:30:19.640 –> 00:30:23.700
certain degree they’re also doing this because they want you to sign up for
00:30:23.700 –> 00:30:28.940
that HP cartridge subscription service they want you to buy their cartridges
00:30:28.940 –> 00:30:32.460
they make the money they want you buying third-party cartridges but the fact is
00:30:32.460 –> 00:30:37.740
it’s your printer and the fact that if you are using a third-party cartridge
00:30:37.740 –> 00:30:42.700
you know that they break your basically brick your thing is hey it’s not a valid
00:30:42.700 –> 00:30:46.540
cartridge you can’t use it is ridiculous and this is all because they’re trying
00:30:46.540 –> 00:30:51.340
to get into the service of okay well you sign up you get an HP printer and you
00:30:51.340 –> 00:30:55.100
sign up for a service and then you know and then every and every time you run
00:30:55.100 –> 00:30:59.180
low on ink will automatically send it to you it’s all I mean it’s all I mean
00:30:59.180 –> 00:31:02.340
they’re saying it’s a guise of security because oh we can get a virus if you use
00:31:02.340 –> 00:31:06.580
a non-authentic ink cartridge you maybe that is some of it I’m not saying it
00:31:06.580 –> 00:31:10.380
isn’t but you know as I know HP is a business they’re not just protecting you
00:31:10.380 –> 00:31:14.940
to be your friend they also want you to buy their ink so I thought that was an
00:31:14.940 –> 00:31:19.140
interesting thing as well so one of the other things I saw online was about
00:31:19.140 –> 00:31:24.860
Maven gate those of you that don’t know what that is Maven gate is also there’s
00:31:24.860 –> 00:31:27.900
several public popular libraries out there for like Java Android and some of
00:31:27.900 –> 00:31:33.020
that and Maven gate is basically a supply chain attack according to the
00:31:33.020 –> 00:31:36.960
site access to projects can be hijacked through domain name purchases and since
00:31:36.960 –> 00:31:41.940
most default build configurations are vulnerable you know they’re worried so
00:31:41.940 –> 00:31:47.280
what’s happening is and this is a little bit of the problem with open source to a
00:31:47.280 –> 00:31:51.660
certain degree so we saw this with the Apache vulnerability but what’s
00:31:51.660 –> 00:31:56.260
happening is is people are okay they’re working on projects they’re working on
00:31:56.260 –> 00:32:01.140
things you know they get domains or something like that and then they stay
00:32:01.140 –> 00:32:03.420
work on the platform then they either lose interest or they don’t need the
00:32:03.420 –> 00:32:06.580
product anymore or whatever and then these projects just sit there well
00:32:06.580 –> 00:32:09.980
what’s happening with Maven gate is people are saying okay well this project
00:32:09.980 –> 00:32:13.920
has been abandoned a while but I can still see people are downloading it and
00:32:13.920 –> 00:32:19.060
using it oh look this domain is available let me grab it because the
00:32:19.060 –> 00:32:22.760
person lets the domain go because you’re not using it anymore let me grab it let
00:32:22.760 –> 00:32:26.500
me put some infected stuff on this so when people download the repository their
00:32:26.500 –> 00:32:31.220
machines get infected so that’s kind of the what Maven gate is and that’s kind
00:32:31.220 –> 00:32:35.340
of what’s going on right now and they’re saying a lot of Java and Android
00:32:35.340 –> 00:32:40.100
applications are vulnerable because people are still using these calls to
00:32:40.100 –> 00:32:42.820
these you know these repositories but these repositories are not being
00:32:42.820 –> 00:32:48.140
maintained anymore mobile security firm added Maven gate technology included
00:32:48.140 –> 00:32:53.060
vulnerabilities to the attack that seemed reports the 200 companies Facebook
00:32:53.060 –> 00:32:58.980
Google signal Amazon and others were using these repositories that were not
00:32:58.980 –> 00:33:02.460
patched so apparently that you know so it’s this is a pretty big deal and this
00:33:02.460 –> 00:33:05.420
is kind of that whole thing we talked about like when Apache when Apache had
00:33:05.420 –> 00:33:09.500
that big vulnerability you know the problem is some people may not be
00:33:09.500 –> 00:33:14.840
maintaining those repositories anymore so that that log4j thing is still an
00:33:14.840 –> 00:33:19.100
issue in a bunch of stuff I mean if you’re talking you know yeah you know a
00:33:19.100 –> 00:33:22.640
piece of code that’s been patched in three years four years that somebody’s
00:33:22.640 –> 00:33:25.260
downloading that repository and using it to build an app that thing is still
00:33:25.260 –> 00:33:29.760
vulnerable so this is kind of the whole supply chain attack thing comes from but
00:33:29.760 –> 00:33:33.060
like I said Maven gate is pretty interesting because like I said people
00:33:33.060 –> 00:33:35.940
are actually going through old repositories hackers are going through
00:33:35.940 –> 00:33:40.800
old repositories and saying okay well I see this domains available let me grab
00:33:40.800 –> 00:33:45.720
this domain and let me you know make this repository something I’ll clone
00:33:45.720 –> 00:33:48.780
repository but I’ll put some code in there so when people download that
00:33:48.780 –> 00:33:55.400
repository you know it you know it gets you know they get hacked so very
00:33:55.400 –> 00:34:01.460
important there the other thing I wanted one other article I saw that really kind
00:34:01.460 –> 00:34:06.580
of shocked me a little bit was there was a data breach of 1 million cancer
00:34:06.580 –> 00:34:11.600
patients on slashdot and what happened was and this is I mean very common it
00:34:11.600 –> 00:34:15.560
does happen but apparently what happened was you had a million patients
00:34:15.560 –> 00:34:21.740
information got out in November and since the breach hit in South Lake Union
00:34:21.740 –> 00:34:25.060
Cancer Center research I’m also giving the name out just so you guys know in
00:34:25.060 –> 00:34:28.880
case anybody goes there but apparently they’re saying that they are receiving
00:34:28.880 –> 00:34:34.160
apparently again more swatting stuff because they have over a thousand over a
00:34:34.160 –> 00:34:41.340
million emails and then here’s the even scarier part through how they got into
00:34:41.340 –> 00:34:45.360
the system was that Citrix bleed vulnerability that was just released not
00:34:45.360 –> 00:34:48.820
that was released so that just means somebody had a patch their machines in
00:34:48.820 –> 00:34:52.980
forever or a patch their Citrix systems in a while so that’s concerning as well
00:34:52.980 –> 00:34:56.820
but apparently they have over a million emails and they’re swatting all these
00:34:56.820 –> 00:34:59.720
people and you think about these people are sick they’re dealing with a lot they
00:34:59.720 –> 00:35:03.860
might not be paying attention as much they might not be feeling well you know
00:35:03.860 –> 00:35:08.780
it’s kind of a kind of a sick thing to do to attack sick people but again they
00:35:08.780 –> 00:35:13.580
got into that Citrix bleed vulnerability and you know apparently now they like I
00:35:13.580 –> 00:35:16.800
said they’re swatting emails so that’s and that’s concerning because what they
00:35:16.800 –> 00:35:19.340
could say you owe bill I mean it’s easy enough to see when somebody’s not paying
00:35:19.340 –> 00:35:22.580
attention to a lot going on like this you can go ahead and say oh hey you owe
00:35:22.580 –> 00:35:29.740
a bill you know or something like that so again concerning by the way hundred
00:35:29.740 –> 00:35:36.260
seventy thousand sonic walls by the way exposed to a security incident that
00:35:36.260 –> 00:35:39.180
apparently makes them vulnerable to DDoS that was also in the news this week so
00:35:39.180 –> 00:35:45.460
if you are using a sonic wall make sure you are patched speaking of something
00:35:45.460 –> 00:35:49.540
that came up this is actually on the rot calm I really like Paul throughout he
00:35:49.540 –> 00:35:54.940
does a wonderful job really top-level journalism but apparently as we all know
00:35:54.940 –> 00:35:59.680
if you don’t know Microsoft is moving from mail and they want they want to go
00:35:59.680 –> 00:36:04.360
to move everybody to outlook on the desktop and all that kind of stuff we
00:36:04.360 –> 00:36:08.100
all know that’s been you know that’s been coming they’ve been talking about
00:36:08.100 –> 00:36:14.300
it for a while now but apparently somebody had looked through there’s a
00:36:14.300 –> 00:36:18.320
actually a barely of a lot of people are saying that it looks like outlook is no
00:36:18.320 –> 00:36:26.080
longer simply an email service in a new post the privacy focused company is not
00:36:26.080 –> 00:36:30.020
so privacy focused anymore meaning Google I’m sorry I mean Microsoft its
00:36:30.020 –> 00:36:37.500
data collection mechanism for Microsoft 772 external partners and ad delivery
00:36:37.500 –> 00:36:41.660
systems are linked into Microsoft’s email system which would be outlook comm
00:36:41.660 –> 00:36:47.300
or any or any of their general outlook in general whether it’s email or not the
00:36:47.300 –> 00:36:51.480
disclosure explains that Microsoft and 772 of its partners are scanning the PC
00:36:51.480 –> 00:36:58.080
on which the new outlook runs specifically to identify the user what
00:36:58.080 –> 00:37:02.840
they’re storing and information apparently a separate choose your ads
00:37:02.840 –> 00:37:07.380
layout window is also shown only in the EU because obviously EU has different
00:37:07.380 –> 00:37:11.220
rules in here in America but so apparently you know if you’re using
00:37:11.220 –> 00:37:15.980
outlook mail you know Microsoft always claimed to be their privacy security
00:37:15.980 –> 00:37:20.020
but apparently they’re tracking you and I’ll tell you why this is Microsoft
00:37:20.020 –> 00:37:25.340
wants they they spend all money on chat GPT they want to really boost their bit
00:37:25.340 –> 00:37:30.020
their advertising business using chat GPT and other things but now apparently
00:37:30.020 –> 00:37:33.580
like I said they’ve got over hundreds and hundreds of trackers in the new
00:37:33.580 –> 00:37:38.720
outlook so if you are using outlook either on your computer or on the web
00:37:38.720 –> 00:37:43.180
just be aware that there are a lot of trackers in there not sure not sure how
00:37:43.180 –> 00:37:47.400
many Google has I’m sure Gmail has some or quite a bit but like I said that was
00:37:47.400 –> 00:37:52.940
rather concerning and Microsoft really didn’t even deny it which is or didn’t
00:37:52.940 –> 00:37:56.100
you know it was just really a I just didn’t really care for the way Microsoft
00:37:56.100 –> 00:38:04.180
you know handled it also to hackers have exploited Windows Defender smart screen
00:38:04.180 –> 00:38:10.620
flaw to spread data stealer malware by the way the vulnerability Microsoft
00:38:10.620 –> 00:38:14.420
Defender it’s a critical flaw in Microsoft Windows Defender apparently
00:38:14.420 –> 00:38:19.980
Microsoft has released an update for it so run your Windows updates if you have
00:38:19.980 –> 00:38:25.700
not so like I said all that was that was like I said a little concerning
00:38:25.700 –> 00:38:28.060
Microsoft really getting hit hard last couple weeks with security
00:38:28.060 –> 00:38:34.500
vulnerabilities on the another thing too on the hacker news there is apparently a
00:38:34.500 –> 00:38:41.740
new NPM Trojan bypass that installs any desk with so apparently what it does is
00:38:41.740 –> 00:38:48.420
the Trojan gets on your machine and then uses JavaScript file and actually
00:38:48.420 –> 00:38:52.780
installs any desk so I thought that was interesting I do any desk is pretty
00:38:52.780 –> 00:38:57.660
secure but you do have to be careful it has been lately not as good as it used
00:38:57.660 –> 00:39:00.140
to be they’re getting a lot of hacks and stuff like that so you gotta be careful
00:39:00.140 –> 00:39:06.460
but apparently yeah this actually like I said actually installs any it infects
00:39:06.460 –> 00:39:10.460
your machine but it doesn’t just it doesn’t figure malware it infects it
00:39:10.460 –> 00:39:14.340
with with any desk and that allows people and obviously I’m sure ensures
00:39:14.340 –> 00:39:17.540
it’s also as a service and set the password or something like that and
00:39:17.540 –> 00:39:19.900
there are people that obviously know that so they’re able to get in that way
00:39:19.900 –> 00:39:25.180
so that was interesting also apparently Walmart Financial Services I’ve been the
00:39:25.180 –> 00:39:31.060
target for they’re saying since since 2013 Walmart they’re saying Americans
00:39:31.060 –> 00:39:37.140
have been swindled out of 27 billion dollars in 2013 and 2022 apparently pro
00:39:37.140 –> 00:39:42.980
publica investigated the company and apparently it’s only refunded four
00:39:42.980 –> 00:39:47.860
million dollars in gift card fraud and others it refused to it actually refused
00:39:47.860 –> 00:39:53.340
to actually refund and all that so apparently Walmart now is under heavy
00:39:53.340 –> 00:39:58.060
scrutiny over this saying that Walmart doesn’t really want to refund those gift
00:39:58.060 –> 00:40:00.900
cards because they make money on people buying gift cards and that’s why they
00:40:00.900 –> 00:40:05.180
don’t refund them and apparently like I said Walmart as under investigation by
00:40:05.180 –> 00:40:10.660
the F the FTC over how they don’t you know they have Walmart this is where
00:40:10.660 –> 00:40:16.460
Walmart has a financial incentive to avoid cracking down it makes money each
00:40:16.460 –> 00:40:21.500
time Walmart gift card is used and earns a fee when another brand of card is
00:40:21.500 –> 00:40:26.380
bought as a result Walmart has never cracked down on their gift cards or
00:40:26.380 –> 00:40:30.020
money transfer services because they do have money transfer services at Walmart
00:40:30.020 –> 00:40:33.940
and apparently they have been proud of just kind of turning a blind eye to it
00:40:33.940 –> 00:40:36.820
because the more people that you know use these gift cards of that more money
00:40:36.820 –> 00:40:40.440
they make so they don’t care if people are getting hacked or fraud out of it
00:40:40.440 –> 00:40:47.700
because they’re making a fortune on it so apparently 20 think about that 27
00:40:47.700 –> 00:40:55.700
billion dollars that’s a lot of money between 2013 and 2022 so Walmart now is
00:40:55.700 –> 00:40:58.900
apparently under investigation for this they’re possibly gonna be a big
00:40:58.900 –> 00:41:02.860
class-action lawsuit against this but apparently Walmart does not crack down
00:41:02.860 –> 00:41:07.540
on this because they’re making a fortune on it isn’t that lovely so it doesn’t
00:41:07.540 –> 00:41:10.780
matter screw the consumer that buys you all the time as long as you’re making
00:41:10.780 –> 00:41:15.460
money so one thing I did want to bring up in while it’s not security related I
00:41:15.460 –> 00:41:22.140
thought it’s pretty cool apparently this past week was the 40th anniversary of
00:41:22.140 –> 00:41:28.500
the Macintosh being released never Steve Jobs released it like I said on
00:41:28.500 –> 00:41:32.820
right after the smoothie of the big huge Super Bowl ad that was huge and I wasn’t
00:41:32.820 –> 00:41:37.100
I was 84 I wasn’t alive yet but I’ve seen it in movies I’ve watched on
00:41:37.100 –> 00:41:42.500
YouTube for that but apparently 40th anniversary of the Macintosh so I
00:41:42.500 –> 00:41:46.180
thought that was really cool a lot of places are covered in stuff like that I
00:41:46.180 –> 00:41:50.300
know I just Dean on YouTube she actually brought him brought one of the old max
00:41:50.300 –> 00:41:53.740
all the way to Cupertino and stuff like that so it was a lot of fun this week
00:41:53.740 –> 00:41:58.940
like I said I really I am a Mac user I think I said I do use Windows as well
00:41:58.940 –> 00:42:03.340
but I do use a Mac as well so I thought that was pretty cool and like I said
00:42:03.340 –> 00:42:08.340
40th anniversary of the Mac so that was pretty cool a lot of people don’t
00:42:08.340 –> 00:42:12.140
realize that was the user interface on that as well son of Windows by the way
00:42:12.140 –> 00:42:16.580
the GUI the instant interface wasn’t actually Apple it or Microsoft invented
00:42:16.580 –> 00:42:20.660
they actually stole it from Xerox Park who came up with it and Xerox was like
00:42:20.660 –> 00:42:24.380
too worried about the copier business and didn’t want to get into the PC
00:42:24.380 –> 00:42:28.460
business so they decided to go ahead like I said they didn’t care about it so
00:42:28.460 –> 00:42:32.740
those guys took it but I thought that was pretty cool like I said 40th
00:42:32.740 –> 00:42:37.780
anniversary of the Macintosh release and like I said I thought there’s a lot of
00:42:37.780 –> 00:42:40.060
fun a lot of people covered it on the internet and some of that so I’m sure
00:42:40.060 –> 00:42:43.660
you guys might probably saw it but if not like I said a lot of fun
00:42:43.660 –> 00:42:48.900
Leo Laporte on twit.tv actually they on MacBreak Weekly they actually booted up
00:42:48.900 –> 00:42:53.940
an old Macintosh that he actually has as part of it and they it was really a
00:42:53.940 –> 00:42:57.860
whole thing was a lot of fun it was cool to see how revolutionary it was like I
00:42:57.860 –> 00:43:02.580
said the first Macintosh really had a lot of it was revolutionary but had a
00:43:02.580 –> 00:43:06.780
lot of problems the Macintosh Plus was the game plus was they came up with
00:43:06.780 –> 00:43:11.980
after Steve Jobs left which is basically just the second version of it had a lot
00:43:11.980 –> 00:43:16.060
less issues and stuff like that but again still revolutionary still amazing
00:43:16.060 –> 00:43:22.820
still really cool and obviously became a major success after you know Jobs left
00:43:22.820 –> 00:43:25.820
and of course after Microsoft’s are really pushing the GUI everybody wanted
00:43:25.820 –> 00:43:28.860
GUI based and that’s when a lot of people started jumping on the Apple
00:43:28.860 –> 00:43:33.020
bandwagon and stuff along with Windows so I thought that was pretty cool and
00:43:33.020 –> 00:43:36.940
like I said 40th anniversary Mac a big moment pretty cool especially for
00:43:36.940 –> 00:43:40.260
somebody like me as a Mac guy really like it and like I said I was really
00:43:40.260 –> 00:43:44.860
neat to like I said to see it and just all the different stories you hear and
00:43:44.860 –> 00:43:47.140
stuff like that about people you know the swap of death because you always
00:43:47.140 –> 00:43:51.340
keep swapping disks because it didn’t have any local hard drive so you every
00:43:51.340 –> 00:43:53.620
time you want to do something you got a swap disk and people usually call it a
00:43:53.620 –> 00:43:57.940
swap of death I’m just a lot of cool stuff like I said not really security
00:43:57.940 –> 00:44:01.740
related but like I said it was definitely a lot of fun and a lot of
00:44:01.740 –> 00:44:06.420
people don’t realize too with the the original Mac there was like I said there
00:44:06.420 –> 00:44:09.340
was there was just so many issues with the original was it was a revolutionary
00:44:09.340 –> 00:44:15.500
yes but it really didn’t take off until after it like I said after they came out
00:44:15.500 –> 00:44:19.540
with the second version of it which was the Macintosh Plus which had a hard
00:44:19.540 –> 00:44:23.700
drive in it which had well the other promise and he those things used to
00:44:23.700 –> 00:44:27.580
overheat all the time because Jobs didn’t want a fan so they reworked the
00:44:27.580 –> 00:44:31.100
internal things like that like I said I mean anything is you know the first-gen
00:44:31.100 –> 00:44:34.540
is gonna have issues but like I said but it was really cool I liked it and I
00:44:34.540 –> 00:44:37.720
wanted to bring that up because like I said I am kind of a little bit of a fan
00:44:37.720 –> 00:44:42.500
boy to a certain degree you know not all the time but definitely with with their
00:44:42.500 –> 00:44:48.500
computers anyway so I want to thank everybody for listening and we will see
00:44:48.500 –> 00:44:55.100
you on the next episode thank you very much