1
00:00:00,000 –> 00:00:05,640
All right, folks, you’ve hit the download button on Security Assessment Podcast, brought
2
00:00:05,640 –> 00:00:08,560
to you by our company, Lipani Security.
3
00:00:08,560 –> 00:00:12,640
If you’re interested, go to the link in the show notes below and check out all of our
4
00:00:12,640 –> 00:00:19,800
services software that we offer, as well as our blogs about security in all our past podcast
5
00:00:19,800 –> 00:00:20,800
episodes.
6
00:00:20,800 –> 00:00:34,280
I want to thank you all for listening and let the show begin.
7
00:00:34,280 –> 00:00:39,680
And welcome to another edition of the Security Assessment Podcast.
8
00:00:39,680 –> 00:00:44,120
I am your host, Brandon, as always.
9
00:00:44,120 –> 00:00:50,520
I want to, first of all, folks, apologize for my voice today and the way I sound.
10
00:00:50,520 –> 00:00:54,560
He caught my daughter’s cold and I’m kind of getting over it, so my throat’s a little
11
00:00:54,560 –> 00:00:55,760
scratchy.
12
00:00:55,760 –> 00:00:58,560
So I do want to apologize for the…
13
00:00:58,560 –> 00:01:00,520
It’s not the audio, it’s my voice.
14
00:01:00,520 –> 00:01:05,440
So I do apologize for that today.
15
00:01:05,440 –> 00:01:08,040
Some big… couple of things I wanted to talk about.
16
00:01:08,040 –> 00:01:11,800
Real quickly, some big news as far as I’m concerned.
17
00:01:11,800 –> 00:01:18,640
Microsoft releases, officially releases, Copilot this week for Windows.
18
00:01:18,640 –> 00:01:23,440
And you can get it for… they have the free version you could use or you can get the paid
19
00:01:23,440 –> 00:01:24,440
version.
20
00:01:24,440 –> 00:01:30,080
$20 a month for personal, $30 if you want their pro version.
21
00:01:30,080 –> 00:01:36,040
And obviously if you’re in business, you have a $20 a month or $30 a month program as well.
22
00:01:36,040 –> 00:01:39,720
Microsoft really hoping… they sent in their earnings report call that this is going to
23
00:01:39,720 –> 00:01:44,560
be kind of a thing where they’re going to try to… they’ve kind of saturated the market
24
00:01:44,560 –> 00:01:50,000
with Office, but they’re hoping this is going to help them sell per seat.
25
00:01:50,000 –> 00:01:52,680
They’re hoping this is going to up the amount of money that people are spending.
26
00:01:52,680 –> 00:01:55,880
So Microsoft Copilot, pretty big thing.
27
00:01:55,880 –> 00:01:57,680
I have been messing with it.
28
00:01:57,680 –> 00:02:01,240
I know controversy has always surrounded it on GitHub.
29
00:02:01,240 –> 00:02:08,920
I really like it as a programmer, being able to have it as a copilot and really using it
30
00:02:08,920 –> 00:02:17,840
as, like I said, as a kind of a coding… something extra when I’m coding as a tool
31
00:02:17,840 –> 00:02:21,440
to help you if you get stuck or to help you if you have to do repetitive code over and
32
00:02:21,440 –> 00:02:25,800
over again or if you’re like me, not a great typist, just to have it.
33
00:02:25,800 –> 00:02:27,280
And it really does help.
34
00:02:27,280 –> 00:02:32,520
I know there has been some controversy about it because it did learn on all of GitHub’s
35
00:02:32,520 –> 00:02:38,280
code and some people saying, well, that code is… there’s been controversy about the licensing,
36
00:02:38,280 –> 00:02:41,880
how the copilot uses the code and some of that.
37
00:02:41,880 –> 00:02:47,520
But I do think it actually is going to be a big thing for people.
38
00:02:47,520 –> 00:02:52,360
And I’m sure it’s going to be integrated into many different security products if it isn’t
39
00:02:52,360 –> 00:02:53,360
already.
40
00:02:53,360 –> 00:02:56,680
And there’s just so many things that it can do.
41
00:02:56,680 –> 00:02:58,680
And like I said, I’ve seen it the other day.
42
00:02:58,680 –> 00:03:01,720
I was messing with it in Excel, all these kinds of things.
43
00:03:01,720 –> 00:03:09,240
So I do think it is something that is definitely going to be a tool that we’re all going to
44
00:03:09,240 –> 00:03:13,040
use as time progresses, going to get more and more popular.
45
00:03:13,040 –> 00:03:16,680
And just like I said, I’m just really excited to see where it goes.
46
00:03:16,680 –> 00:03:17,680
I actually…
47
00:03:17,680 –> 00:03:19,000
I’m not sure if I’m going to stay paying for…
48
00:03:19,000 –> 00:03:23,920
I will stay with paying $10 a month for GitHub, but I’m not sure if I’m going to…
49
00:03:23,920 –> 00:03:27,920
Well, I’ve been paying for the GitHub copilot for a while, but I’m not sure if I’m going
50
00:03:27,920 –> 00:03:28,920
to actually stay with it with…
51
00:03:28,920 –> 00:03:35,440
I don’t know if I use Excel and Word enough to justify $20 a month, but like I said, I
52
00:03:35,440 –> 00:03:37,520
might pay for chat GPT and just use that.
53
00:03:37,520 –> 00:03:39,120
I’m not sure yet.
54
00:03:39,120 –> 00:03:40,720
I’m still deciding what I’m going to do.
55
00:03:40,720 –> 00:03:45,500
But like I said, really big news as far as I’m concerned, because I think that’s going
56
00:03:45,500 –> 00:03:50,960
to be really huge going forward, especially with the search market and all that kind of
57
00:03:50,960 –> 00:03:51,960
stuff.
58
00:03:51,960 –> 00:03:52,960
So we’ll have to see.
59
00:03:52,960 –> 00:03:54,640
Also, two big news this week.
60
00:03:54,640 –> 00:03:59,880
I think Blue Sky opened up to everybody.
61
00:03:59,880 –> 00:04:03,240
Blue Sky is supposed to be like Twitter, but it’s decentralized.
62
00:04:03,240 –> 00:04:08,480
So I think it’s going to be like Mastodon to a certain degree and like Twitter to a
63
00:04:08,480 –> 00:04:09,480
certain degree as well.
64
00:04:09,480 –> 00:04:15,000
So I’ve messed with it a little bit, not a huge fan of it, but I thought that was pretty
65
00:04:15,000 –> 00:04:17,520
interesting that they opened up this week as well.
66
00:04:17,520 –> 00:04:22,000
Decked Dorsey saying his goal with this is that it’s going to be like Twitter, but decentralized.
67
00:04:22,000 –> 00:04:25,800
I think Mastodon is kind of onto that, but they have a little way to go yet.
68
00:04:25,800 –> 00:04:31,760
So we have to remain and see what happens with that going forward.
69
00:04:31,760 –> 00:04:37,240
Speaking of Check Dorsey, Square had a large outage the other day.
70
00:04:37,240 –> 00:04:42,000
They haven’t announced why it went down yet, but Square had a big outage.
71
00:04:42,000 –> 00:04:43,400
Didn’t affect us too much here.
72
00:04:43,400 –> 00:04:47,960
We’re very fortunate, but I know a lot of places were upset that Square was down.
73
00:04:47,960 –> 00:04:50,040
They couldn’t take credit card payments and stuff like that.
74
00:04:50,040 –> 00:04:53,720
So that is actually quite big news.
75
00:04:53,720 –> 00:04:55,400
And like I said, they got it back up.
76
00:04:55,400 –> 00:04:59,000
They’ve had outages before, but especially with credit card processing, the money they’re
77
00:04:59,000 –> 00:05:04,320
losing as well as the people that can’t take credit cards, it’s quite a big deal.
78
00:05:04,320 –> 00:05:07,160
So that was something that happened this week as well.
79
00:05:07,160 –> 00:05:11,360
I thought that was pretty important news.
80
00:05:11,360 –> 00:05:16,380
Also too, since we’re kind of going into the news already, that’s fine.
81
00:05:16,380 –> 00:05:18,740
Also news I thought was relevant.
82
00:05:18,740 –> 00:05:24,380
Disney has announced that they’re going to be cracking down on the password sharing.
83
00:05:24,380 –> 00:05:26,740
They’re doing this because they’re trying to do what Netflix is doing.
84
00:05:26,740 –> 00:05:28,580
They want to make sure people aren’t sharing passwords.
85
00:05:28,580 –> 00:05:29,840
That’s revenue loss.
86
00:05:29,840 –> 00:05:32,860
So they’re going to go ahead and start fighting that.
87
00:05:32,860 –> 00:05:37,980
I can’t stress enough to everybody that listens how important it is not to share your password
88
00:05:37,980 –> 00:05:39,340
to anything.
89
00:05:39,340 –> 00:05:40,660
I’ve said this a million times.
90
00:05:40,660 –> 00:05:43,720
People say all the time, “Well, I’m just sharing my password with them.”
91
00:05:43,720 –> 00:05:48,660
No, you should not share your password because the odds are a chance that password is going
92
00:05:48,660 –> 00:05:52,500
to be something that you’re using for something else.
93
00:05:52,500 –> 00:05:57,220
Now that person knows one of your passwords and it doesn’t take much for them to go ahead
94
00:05:57,220 –> 00:06:00,840
and try to get into other systems using that one password.
95
00:06:00,840 –> 00:06:06,260
The other problem is if that person should get compromised, now somebody has your password
96
00:06:06,260 –> 00:06:08,500
since you gave it to a friend.
97
00:06:08,500 –> 00:06:10,140
So I can’t stress it enough.
98
00:06:10,140 –> 00:06:14,220
I understand people are sharing passwords and logins should help somebody save some
99
00:06:14,220 –> 00:06:15,380
money.
100
00:06:15,380 –> 00:06:18,940
It’s great and it’s wonderful that you’re helping your friends.
101
00:06:18,940 –> 00:06:21,660
If you’re going to keep doing that, which you shouldn’t, but if you’re going to keep
102
00:06:21,660 –> 00:06:25,620
doing that, I strongly recommend you make it a weird generic password that you don’t
103
00:06:25,620 –> 00:06:26,620
use anywhere else.
104
00:06:26,620 –> 00:06:30,380
So at least if that does get compromised, you at least are safe.
105
00:06:30,380 –> 00:06:36,020
That person, if somebody does get that password, it’s like I said, a different password than
106
00:06:36,020 –> 00:06:37,480
you use for everything else.
107
00:06:37,480 –> 00:06:38,800
So very important.
108
00:06:38,800 –> 00:06:41,380
Make sure you, like I said, change your password.
109
00:06:41,380 –> 00:06:46,180
The other thing you could do if you do want to share password information for a service,
110
00:06:46,180 –> 00:06:52,500
you also, if you have to use a different email even, so that this way at least if the email
111
00:06:52,500 –> 00:06:57,540
gets compromised and the password gets compromised, it’s not your same username and password or
112
00:06:57,540 –> 00:07:01,200
your username and email or email and password combination.
113
00:07:01,200 –> 00:07:02,940
So it’s much, much safer.
114
00:07:02,940 –> 00:07:04,140
I strongly recommend that.
115
00:07:04,140 –> 00:07:07,580
Again, if you want to keep sharing your password information, that’s fine, but you should really
116
00:07:07,580 –> 00:07:12,640
at least be using a different password and even more so a different email address.
117
00:07:12,640 –> 00:07:14,580
So very, very important.
118
00:07:14,580 –> 00:07:18,540
Also too, I want to point out too, Apple did release an update today for iOS.
119
00:07:18,540 –> 00:07:19,980
A couple people had asked me about it.
120
00:07:19,980 –> 00:07:21,100
I just want to point that out.
121
00:07:21,100 –> 00:07:23,940
It is not actually a security update.
122
00:07:23,940 –> 00:07:27,460
It is actually a bug fix for a text prompt.
123
00:07:27,460 –> 00:07:30,000
So if you don’t get it, it’s not a big deal.
124
00:07:30,000 –> 00:07:31,120
It’s just a bug fix.
125
00:07:31,120 –> 00:07:32,620
It’s not a security update.
126
00:07:32,620 –> 00:07:34,900
So very important to know that.
127
00:07:34,900 –> 00:07:40,620
Another thing I wanted to point out is the security through obscurity.
128
00:07:40,620 –> 00:07:47,660
And the reason why I’m saying that is a very large bank in China called ICBC was hit by
129
00:07:47,660 –> 00:07:51,220
a ransomware attack the other day.
130
00:07:51,220 –> 00:08:00,540
And what surprised me in 2024, they are still using a novel network server.
131
00:08:00,540 –> 00:08:07,660
And this just astounded me because a novel network has long been not used in business.
132
00:08:07,660 –> 00:08:11,420
It’s still supported by a third party company as you can run it.
133
00:08:11,420 –> 00:08:14,020
It’s not like it’s completely obsolete yet.
134
00:08:14,020 –> 00:08:20,100
But what’s funny was this ransomware got loose in their system and when it got to one of
135
00:08:20,100 –> 00:08:23,980
their critical systems, the ransomware didn’t actually know what to do.
136
00:08:23,980 –> 00:08:26,420
It didn’t know how to affect the system because it was network.
137
00:08:26,420 –> 00:08:29,620
So I thought that was a little funny.
138
00:08:29,620 –> 00:08:34,860
Like I said, to me it was just funny that it’s kind of the old saying of security through
139
00:08:34,860 –> 00:08:35,860
obscurity.
140
00:08:35,860 –> 00:08:38,260
But like I said, it was pretty funny.
141
00:08:38,260 –> 00:08:42,780
Like I said, it nailed a lot of the workstations that were part of their system.
142
00:08:42,780 –> 00:08:47,860
But like I said, when it got to this, it had no idea what to do with the network server.
143
00:08:47,860 –> 00:08:54,460
So as much as I pick on them for running NetWare, it may have actually saved their systems because
144
00:08:54,460 –> 00:08:59,000
they weren’t able to get into their critical systems because they were still running NetWare.
145
00:08:59,000 –> 00:09:01,160
So I thought that was pretty funny.
146
00:09:01,160 –> 00:09:06,420
And anybody that’s listening right now that is a network guy, I’m sure you’re laughing
147
00:09:06,420 –> 00:09:11,860
because I was too when I read this, I was like, wait a minute, like NetWare in 2024?
148
00:09:11,860 –> 00:09:13,340
I can’t believe it.
149
00:09:13,340 –> 00:09:14,940
But for them, talk about luck.
150
00:09:14,940 –> 00:09:17,400
Like I said, that really saved them.
151
00:09:17,400 –> 00:09:20,620
So maybe that was the, maybe somebody had planned that.
152
00:09:20,620 –> 00:09:22,540
I’m sure somebody’s going to take credit for planning.
153
00:09:22,540 –> 00:09:25,180
If it wasn’t planned, I’m sure somebody’s going to take the credit for it.
154
00:09:25,180 –> 00:09:29,880
So I thought that was a pretty funny, pretty funny story.
155
00:09:29,880 –> 00:09:31,640
And like I said, it made me laugh.
156
00:09:31,640 –> 00:09:34,780
So I thought we’d go ahead and share that.
157
00:09:34,780 –> 00:09:39,440
Also big, I think the biggest news security news of the week was an article that was released
158
00:09:39,440 –> 00:09:40,920
from Slashdot here.
159
00:09:40,920 –> 00:09:46,780
A Chinese state sponsored hacking group known as Volt Typhoon has been living in the networks
160
00:09:46,780 –> 00:09:50,760
of some critical industries for at least five years.
161
00:09:50,760 –> 00:09:57,900
According to joint cybersecurity advisory issued by the US and its allies on Wednesday.
162
00:09:57,900 –> 00:10:02,660
The compromised environments are continents, are in the continents of the United States
163
00:10:02,660 –> 00:10:07,120
and elsewhere, including Guam and others.
164
00:10:07,120 –> 00:10:11,960
It was published in the US agencies that their security counterparts, Australia, Canada,
165
00:10:11,960 –> 00:10:13,740
the UK and New Zealand.
166
00:10:13,740 –> 00:10:18,740
The report comes weeks after the US officially announced that the operation to disrupt Volt
167
00:10:18,740 –> 00:10:24,180
Typhoon by deleting malware from thousands of internet connected devices across the country.
168
00:10:24,180 –> 00:10:27,960
Apparently they have been in systems for quite a while.
169
00:10:27,960 –> 00:10:32,480
The company, the hacker group has been targeting sectors like communication, energy, transportation
170
00:10:32,480 –> 00:10:34,500
and water systems.
171
00:10:34,500 –> 00:10:38,100
So which are, I mean, we all know critical parts of the economy.
172
00:10:38,100 –> 00:10:39,940
So I wanted to point that out.
173
00:10:39,940 –> 00:10:41,100
I got a lot of press.
174
00:10:41,100 –> 00:10:43,060
It definitely deserved it.
175
00:10:43,060 –> 00:10:45,860
State sponsored hacking is quite a big deal.
176
00:10:45,860 –> 00:10:48,860
And with everything, we’ve had some issues with China and some of that over the years.
177
00:10:48,860 –> 00:10:51,900
And it’s been five years, so it’s quite a while now.
178
00:10:51,900 –> 00:10:55,700
But I thought that was, I mean, in my opinion, that was the biggest news of the week.
179
00:10:55,700 –> 00:11:00,020
The other big story of the week, I really believe is that critical vulnerability that’s
180
00:11:00,020 –> 00:11:02,500
affecting most Linux distros.
181
00:11:02,500 –> 00:11:05,620
You know, that, I mean, it’s basically allowing for bot kits to get in.
182
00:11:05,620 –> 00:11:12,800
Linux developers are in the process of patching high severity vulnerability in certain cases
183
00:11:12,800 –> 00:11:18,260
that allows the installation of malware that runs at the firmware level.
184
00:11:18,260 –> 00:11:20,860
So they are in the process of working on that.
185
00:11:20,860 –> 00:11:27,200
The vulnerability did get tracked at CVE-2023-40547.
186
00:11:27,200 –> 00:11:31,260
You know, this is, it’s basically a buffer overflow attack is what it is, but it’s a
187
00:11:31,260 –> 00:11:35,260
coning bug that allows attackers to execute code of their choice.
188
00:11:35,260 –> 00:11:38,920
And like I said, when they affect it, it will actually be able to get into the bootkit.
189
00:11:38,920 –> 00:11:40,800
So they are working on this.
190
00:11:40,800 –> 00:11:46,500
I think the vulnerability resides kind of like I said, in the boot process to a certain
191
00:11:46,500 –> 00:11:47,500
degree.
192
00:11:47,500 –> 00:11:49,740
So it is pretty important.
193
00:11:49,740 –> 00:11:55,300
So I mean, and the scary part about this is even if you’re using secure boot, it could
194
00:11:55,300 –> 00:11:56,940
still be a problem.
195
00:11:56,940 –> 00:12:02,060
So secure boot, obviously the protection that’s built in the most modern computing devices,
196
00:12:02,060 –> 00:12:05,180
Windows, Linux, and Mac, obviously.
197
00:12:05,180 –> 00:12:10,340
You know, it’s a verified process, but apparently this thing is, you know, this is an exploit
198
00:12:10,340 –> 00:12:14,720
of that vulnerability attacks, you know, and actually lets you get, you know, right into
199
00:12:14,720 –> 00:12:16,580
that secure boot firmware.
200
00:12:16,580 –> 00:12:19,520
And that’s actually quite concerning.
201
00:12:19,520 –> 00:12:21,260
So like I said, they are working on that.
202
00:12:21,260 –> 00:12:25,800
Like I said, the, you have a CVE for it.
203
00:12:25,800 –> 00:12:27,440
And like I said, they are working on it.
204
00:12:27,440 –> 00:12:30,940
I would imagine the patch is coming, it’s going to be out soon.
205
00:12:30,940 –> 00:12:37,220
Looks like it’s tracked as 2023, even though it was, I mean, it was discovered fairly recently.
206
00:12:37,220 –> 00:12:40,100
So, but I guess it’s really being exploited now.
207
00:12:40,100 –> 00:12:43,020
So very important with that.
208
00:12:43,020 –> 00:12:44,020
Same thing with Log4j.
209
00:12:44,020 –> 00:12:46,940
I just saw an article this week, I don’t have it in the show notes, but I wanted to point
210
00:12:46,940 –> 00:12:53,940
that out that Log4j is still an issue because so many, I mean, you’re looking at, you know,
211
00:12:53,940 –> 00:12:57,460
you have, especially with Google was talking about that you have repositories that are
212
00:12:57,460 –> 00:13:00,780
six, seven levels down that still have not been patched for Log4j.
213
00:13:00,780 –> 00:13:05,620
So it’s very important when you’re using open source software that, you know, even though
214
00:13:05,620 –> 00:13:08,660
it is open source and stuff like that, but you got to make sure if you’re using these
215
00:13:08,660 –> 00:13:14,980
abandoned projects, you know, you definitely could, could have a serious issue, you know,
216
00:13:14,980 –> 00:13:19,680
with these unpatched vulnerabilities, especially something like Log4j and this too now.
217
00:13:19,680 –> 00:13:24,060
This shouldn’t be as bad because it’s not so many levels down, but if you’re using,
218
00:13:24,060 –> 00:13:30,380
you know, a fork of a fork of a fork, you know, you’re going to have to make sure that
219
00:13:30,380 –> 00:13:31,380
it’s patched.
220
00:13:31,380 –> 00:13:32,900
So very important.
221
00:13:32,900 –> 00:13:36,860
And I think those were the two real big news stories.
222
00:13:36,860 –> 00:13:41,960
But the other one that I felt was really big was the one that was released by TechCrunch
223
00:13:41,960 –> 00:13:43,580
and everybody picked it up.
224
00:13:43,580 –> 00:13:47,220
Government hackers targeting iPhone owners with zero day vulnerability.
225
00:13:47,220 –> 00:13:52,000
Apparently Google says that there are three unknown vulnerabilities in Apple’s iPhone
226
00:13:52,000 –> 00:13:56,220
offices that have not been patched and that Apple doesn’t know about them.
227
00:13:56,220 –> 00:14:01,520
And apparently there’s a European startup that’s working with the government just to
228
00:14:01,520 –> 00:14:07,180
help them exploit iPhones that they want to get into using these vulnerabilities.
229
00:14:07,180 –> 00:14:13,240
Like I said, according to Google, the government hackers took advantage of the three iPhone
230
00:14:13,240 –> 00:14:19,040
zero days, which are vulnerable to no, which are vulnerabilities not known to Apple.
231
00:14:19,040 –> 00:14:20,600
So that means that they weren’t reported.
232
00:14:20,600 –> 00:14:23,380
So Apple has not yet patched them.
233
00:14:23,380 –> 00:14:28,200
So this is why this is such kind of a big deal because as long as they keep making sure
234
00:14:28,200 –> 00:14:32,260
they’re not reported to Apple, they still have this exploit that they can use to get
235
00:14:32,260 –> 00:14:33,500
into the phones.
236
00:14:33,500 –> 00:14:35,420
So that’s why this is a big deal.
237
00:14:35,420 –> 00:14:39,120
Like I said, I don’t know if it was the biggest deal because they’re only doing it to phones
238
00:14:39,120 –> 00:14:41,940
they want, but if you’re one of the phones they want, it is a big deal.
239
00:14:41,940 –> 00:14:46,260
So but like I said, this is not the first time.
240
00:14:46,260 –> 00:14:48,740
This startup apparently has done stuff like this before.
241
00:14:48,740 –> 00:14:52,300
It was reported in 2002 and 2003.
242
00:14:52,300 –> 00:14:55,780
So like I said, this isn’t the first time they’ve done this, but it is kind of big news.
243
00:14:55,780 –> 00:15:01,760
Like I said, I have a serious problem when startups do this because I think it’s the
244
00:15:01,760 –> 00:15:03,320
security companies.
245
00:15:03,320 –> 00:15:06,720
I understand they’re providing a security service to the government by showing them
246
00:15:06,720 –> 00:15:11,200
how to get into these phones using, finding these zero days and then kind of saying, “Hey,
247
00:15:11,200 –> 00:15:12,200
we have this.
248
00:15:12,200 –> 00:15:13,200
We can help you.”
249
00:15:13,200 –> 00:15:14,200
I get it.
250
00:15:14,200 –> 00:15:18,600
I understand it, but I don’t particularly agree with the business model.
251
00:15:18,600 –> 00:15:19,880
I just don’t agree with it.
252
00:15:19,880 –> 00:15:26,860
I mean, Apple pays very, very well for security vulnerabilities.
253
00:15:26,860 –> 00:15:33,180
And what this is is probably the government is paying them a lot more than Apple is.
254
00:15:33,180 –> 00:15:38,460
And like I said, I really think I have a serious ethical issue with this, but I know this is
255
00:15:38,460 –> 00:15:43,100
what companies are doing now and I really don’t agree with it.
256
00:15:43,100 –> 00:15:47,180
But I thought that was another thing that I wanted to bring up that I did have it in
257
00:15:47,180 –> 00:15:48,180
my notes.
258
00:15:48,180 –> 00:15:51,360
I mean, it is a big deal just because the…
259
00:15:51,360 –> 00:15:55,800
To me, it’s a big deal because Apple doesn’t know about them and these companies, they
260
00:15:55,800 –> 00:15:59,000
have security features to define these holes and then they use these holes until they’re
261
00:15:59,000 –> 00:16:00,000
patched.
262
00:16:00,000 –> 00:16:02,840
And like I said, I don’t particularly agree with this.
263
00:16:02,840 –> 00:16:08,320
I know their businesses are doing this now, but to my opinion, it is borderline.
264
00:16:08,320 –> 00:16:09,960
Well, not borderline.
265
00:16:09,960 –> 00:16:12,500
It is unethical.
266
00:16:12,500 –> 00:16:16,100
It is, in my opinion, the government using loopholes.
267
00:16:16,100 –> 00:16:26,740
If any of us did this to people to steal data, we would be charged and we would be in so
268
00:16:26,740 –> 00:16:27,740
much trouble.
269
00:16:27,740 –> 00:16:31,480
But because the government’s doing it, it’s okay.
270
00:16:31,480 –> 00:16:36,220
And because this company is working with the government, they’re okay.
271
00:16:36,220 –> 00:16:40,220
I just think I have a serious problem with this because it does not put everybody in
272
00:16:40,220 –> 00:16:42,000
the same playing field.
273
00:16:42,000 –> 00:16:47,340
It would be like our company finding a security vulnerability and then trying to sell it to
274
00:16:47,340 –> 00:16:50,060
other businesses because they’re selling it to the government.
275
00:16:50,060 –> 00:16:51,060
It’s fine.
276
00:16:51,060 –> 00:16:57,680
I just have an issue, an ethical issue with this.
277
00:16:57,680 –> 00:16:59,240
I don’t agree with it.
278
00:16:59,240 –> 00:17:04,880
It disgusts me and maybe that’s why I was hesitant to bring it up on the podcast, but
279
00:17:04,880 –> 00:17:10,280
I just don’t agree with this.
280
00:17:10,280 –> 00:17:11,960
It gives hackers a bad name.
281
00:17:11,960 –> 00:17:20,340
It gives a lot of people just a bad name because the way they’re using this, I don’t like it.
282
00:17:20,340 –> 00:17:24,500
I find it very disturbing to me.
283
00:17:24,500 –> 00:17:26,060
I don’t agree with it.
284
00:17:26,060 –> 00:17:28,020
And our company would never do something like this.
285
00:17:28,020 –> 00:17:31,900
If we found a bug like this, we would immediately report it to Apple.
286
00:17:31,900 –> 00:17:34,100
We would not be reselling it.
287
00:17:34,100 –> 00:17:36,140
And I can’t just blame this company.
288
00:17:36,140 –> 00:17:38,700
There are other companies out there that do it as well.
289
00:17:38,700 –> 00:17:44,760
And I just have serious issues with it ethically, morally and everything else.
290
00:17:44,760 –> 00:17:48,000
And like I said, I don’t agree with it.
291
00:17:48,000 –> 00:17:52,840
And I apologize for getting a little upset here on the podcast, but I just definitely
292
00:17:52,840 –> 00:17:55,700
this really disturbs me as a security professional.
293
00:17:55,700 –> 00:18:02,600
So Verizon Wireless had a, and it got hit with a hack the other day that kind of the
294
00:18:02,600 –> 00:18:09,900
old saying, you know, the dangers within Verizon apparently had an internal employee that managed
295
00:18:09,900 –> 00:18:12,660
to breach their system.
296
00:18:12,660 –> 00:18:17,980
They actually, it was in an office in the main area.
297
00:18:17,980 –> 00:18:22,120
And the reason why, I mean, they didn’t announce it, but it is the main attorney general.
298
00:18:22,120 –> 00:18:24,780
So it has to be in Maine, at least I think.
299
00:18:24,780 –> 00:18:29,320
And Verizon discovered the breach December 12th of 2023.
300
00:18:29,320 –> 00:18:33,060
Nearly three months later, they determined it.
301
00:18:33,060 –> 00:18:38,700
Apparently they got names, physical addresses, social security numbers, gender, union affiliates,
302
00:18:38,700 –> 00:18:41,900
birth dates and compensation benefits.
303
00:18:41,900 –> 00:18:45,780
This seems to be actually Verizon’s employees information.
304
00:18:45,780 –> 00:18:46,900
And I’m not mistaken.
305
00:18:46,900 –> 00:18:51,900
It was actually, it doesn’t say it here, but another article I read had said that they
306
00:18:51,900 –> 00:18:56,160
were speculating that, here we go.
307
00:18:56,160 –> 00:19:03,420
An employee gained unauthorized access to a file containing sensitive employee information
308
00:19:03,420 –> 00:19:09,740
on September 21st, but they didn’t discover it until December 12th.
309
00:19:09,740 –> 00:19:13,580
So they had three months to get all that data together and get it out.
310
00:19:13,580 –> 00:19:19,900
But apparently, like I said, they have, I believe they have intent.
311
00:19:19,900 –> 00:19:22,860
I believe they have not referred, who is it?
312
00:19:22,860 –> 00:19:27,440
They haven’t released who it is yet, but they are on it.
313
00:19:27,440 –> 00:19:28,900
And like I said, but it’s been three months.
314
00:19:28,900 –> 00:19:30,000
That’s pretty bad.
315
00:19:30,000 –> 00:19:33,020
But like I said, it was an internal employee.
316
00:19:33,020 –> 00:19:36,920
And that’s why I brought this up because sometimes you have to be, sometimes, you know, we’re
317
00:19:36,920 –> 00:19:40,940
always trying to, as security professionals, we’re always trying to keep people from outside
318
00:19:40,940 –> 00:19:45,040
to coming in, but sometimes it’s the people inside we’ve got to worry about too.
319
00:19:45,040 –> 00:19:47,260
And that sometimes is a tough thing as a security professional.
320
00:19:47,260 –> 00:19:50,000
We’re always worried about what’s coming in from the internet, what’s coming in from the
321
00:19:50,000 –> 00:19:51,000
internet.
322
00:19:51,000 –> 00:19:54,120
Sometimes it’s the people that are already in your network that are the issue.
323
00:19:54,120 –> 00:19:57,560
And that was the case here.
324
00:19:57,560 –> 00:20:04,760
Also too, another thing I wanted to bring up only because JetBrains actually warned
325
00:20:04,760 –> 00:20:11,380
about this, and I do use JetBrains once in a while for some of my programming, but they
326
00:20:11,380 –> 00:20:17,380
are warning of a new TeamCity authority bypass vulnerability.
327
00:20:17,380 –> 00:20:22,180
JetBrains urged customers today to patch their TeamCity on-prem servers.
328
00:20:22,180 –> 00:20:26,900
Okay, so it’s an on-prem server issue, especially servers against a critical authentication
329
00:20:26,900 –> 00:20:32,380
bypass vulnerability that can let attackers take over vulnerable instances with admin
330
00:20:32,380 –> 00:20:33,380
privileges.
331
00:20:33,380 –> 00:20:37,940
It’s CVE 2024-23917.
332
00:20:37,940 –> 00:20:43,260
So if you do use, this is probably going to be most, probably most people are going to
333
00:20:43,260 –> 00:20:44,260
be developers.
334
00:20:44,260 –> 00:20:49,960
I know there’s a lot of people using this, it’s more of a developer-based kind of thing.
335
00:20:49,960 –> 00:20:54,700
But if you are using it, I strongly recommend that you patch immediately.
336
00:20:54,700 –> 00:21:00,060
So some news that I really wanted to bring up, just because it is relevant and important.
337
00:21:00,060 –> 00:21:08,140
Apple has released Apple Music, Apple TV, and then a third app, which is going to be
338
00:21:08,140 –> 00:21:12,340
their iPhone sync app for your computer.
339
00:21:12,340 –> 00:21:15,100
This is for Windows, obviously not for Mac.
340
00:21:15,100 –> 00:21:19,140
But the reason why I bring this up is Apple has announced that these are going to be the
341
00:21:19,140 –> 00:21:23,740
apps they’re going to use, and that they are going to be, they haven’t announced when,
342
00:21:23,740 –> 00:21:27,340
but they will be deprecating iTunes on the Windows PC.
343
00:21:27,340 –> 00:21:35,060
So this will eventually be, you know, will replace iTunes, which we’ve all been using
344
00:21:35,060 –> 00:21:37,100
on Windows for a while now.
345
00:21:37,100 –> 00:21:41,300
I don’t have, I mean, I’ve used it in the past, I haven’t used it in a while, but pretty
346
00:21:41,300 –> 00:21:42,300
important.
347
00:21:42,300 –> 00:21:44,840
So, there’s something to keep an eye on.
348
00:21:44,840 –> 00:21:48,900
If you get these new apps, you can go ahead and uninstall iTunes.
349
00:21:48,900 –> 00:21:52,440
And like I said, the reason why I’m bringing that up is because as iTunes gets deprecated,
350
00:21:52,440 –> 00:21:54,280
they won’t be patching it.
351
00:21:54,280 –> 00:21:58,820
And you know, they will, I mean, it’s deprecated, it’s not officially gone yet.
352
00:21:58,820 –> 00:22:02,740
But like I said, you know, it says right here, after you download the Apple Music app, Apple
353
00:22:02,740 –> 00:22:06,700
TV app, and the Apple Devices app, which is the one I’m talking about that you use for
354
00:22:06,700 –> 00:22:13,980
syncing and all that on your phone, you won’t see your music or video content in iTunes.
355
00:22:13,980 –> 00:22:21,140
So this is pretty big, and you can’t use iTunes to mainly sync or manage your phone or iPad
356
00:22:21,140 –> 00:22:22,140
anymore.
357
00:22:22,140 –> 00:22:24,740
It must go through the Apple Devices app.
358
00:22:24,740 –> 00:22:30,660
However, you can use iTunes to access only your podcasts and audiobooks.
359
00:22:30,660 –> 00:22:35,900
So I think eventually they’re going to release an audiobook app, and then iTunes will be
360
00:22:35,900 –> 00:22:38,860
completely deprecated eventually.
361
00:22:38,860 –> 00:22:43,820
But as of right now, once you install those three apps, iTunes will only do your podcasts
362
00:22:43,820 –> 00:22:45,060
and your audiobooks.
363
00:22:45,060 –> 00:22:50,460
My feeling is that they will eventually release an audiobooks app for iTunes, and probably
364
00:22:50,460 –> 00:22:54,700
eventually the Apple Podcasts app will go ahead and come to Windows.
365
00:22:54,700 –> 00:23:02,380
I don’t know a ton of people that are using those services on Windows, but Apple is in
366
00:23:02,380 –> 00:23:06,180
the services business, and they do need to go where customers are, and Microsoft does
367
00:23:06,180 –> 00:23:11,760
have over two billion people on Windows, so they have to accommodate that.
368
00:23:11,760 –> 00:23:19,840
But very important to keep an eye on this, because this will mean that eventually iTunes
369
00:23:19,840 –> 00:23:26,700
won’t be patched, and you could have a piece of software on your device that is vulnerable.
370
00:23:26,700 –> 00:23:30,940
So very, very important just to know that.
371
00:23:30,940 –> 00:23:36,700
And I also think it’s cool too that years ago, if you remember, Apple refused to put
372
00:23:36,700 –> 00:23:41,620
iTunes on Windows, and then eventually somebody talked to Steve Jobs and said, “Listen, if
373
00:23:41,620 –> 00:23:49,100
we want the iPod to take off, we have to put it on Windows,” because Windows at that time
374
00:23:49,100 –> 00:23:52,620
was the biggest, and it still is the biggest desktop platform by far.
375
00:23:52,620 –> 00:24:00,060
Apple only has, I think they said about 125, 150 million PCs out there compared to Microsoft’s
376
00:24:00,060 –> 00:24:02,700
two, I think over two billion.
377
00:24:02,700 –> 00:24:05,340
So plus Microsoft too also has the Xbox and stuff like that.
378
00:24:05,340 –> 00:24:10,260
So it is very important to understand that Microsoft does have a much bigger computing
379
00:24:10,260 –> 00:24:16,340
platform, but again, they also have people that work.
380
00:24:16,340 –> 00:24:20,920
They also have the people that work, the people that have at home, and it’s a little bit different.
381
00:24:20,920 –> 00:24:27,460
But like I said, it’s nice to see Apple saying, “Hey, even though these people aren’t using
382
00:24:27,460 –> 00:24:32,500
Macs, they’re using Windows machines, we still should really cater to our customers who want
383
00:24:32,500 –> 00:24:33,500
to use our services.”
384
00:24:33,500 –> 00:24:38,140
So definitely a different Apple than it was under the Jobs era.
385
00:24:38,140 –> 00:24:43,700
But like I said, as far as security-wise goes, it is important to be careful as the, like
386
00:24:43,700 –> 00:24:46,420
I said, and that goes for any app.
387
00:24:46,420 –> 00:24:51,900
I see people all the time that have outdated software on their computer, like Java and
388
00:24:51,900 –> 00:24:54,180
stuff, and that is how people get hacked.
389
00:24:54,180 –> 00:24:57,780
So very important.
390
00:24:57,780 –> 00:25:02,180
One of the things, the other thing I do want to bring up, a couple of, this is kind of
391
00:25:02,180 –> 00:25:03,180
interesting.
392
00:25:03,180 –> 00:25:08,460
Earlier in the week, Apple had an issue with the Vision Pro, their new product that we
393
00:25:08,460 –> 00:25:10,860
just talked about that they released last week.
394
00:25:10,860 –> 00:25:17,020
And if you’ve got your password, you had to actually go to the Apple store to get it fixed.
395
00:25:17,020 –> 00:25:21,780
Apparently Apple has fixed this issue now, and you can reset your password on the Vision
396
00:25:21,780 –> 00:25:22,780
Pro.
397
00:25:22,780 –> 00:25:27,020
This was a story that was earlier than we, I think it was Monday or Tuesday came out
398
00:25:27,020 –> 00:25:30,500
that you couldn’t reset your password, and now you can.
399
00:25:30,500 –> 00:25:35,600
They fixed it, like I said, I think it was Wednesday or Thursday, they released an update.
400
00:25:35,600 –> 00:25:42,180
So it was a story that I had in the show notes, kind of fixed at this point, but it was pretty
401
00:25:42,180 –> 00:25:43,180
funny.
402
00:25:43,180 –> 00:25:48,160
People were like very upset that they could not reset their password on Vision Pro.
403
00:25:48,160 –> 00:25:50,860
And we’ll have to see what happens with the Vision Pro security-wise.
404
00:25:50,860 –> 00:25:56,300
And the reason why I say that, is you remember Apple, the iPhone started with the Touch ID,
405
00:25:56,300 –> 00:25:59,340
then obviously with the iPhone X, we went to Face ID.
406
00:25:59,340 –> 00:26:05,300
And now with the, you know, with their new headset, they actually now have Retina ID.
407
00:26:05,300 –> 00:26:12,340
I would be very curious to see if Apple will eventually move to Retina ID on other devices.
408
00:26:12,340 –> 00:26:15,660
I don’t know if they will or if they won’t.
409
00:26:15,660 –> 00:26:19,720
We still do not have Face ID on the new Macs.
410
00:26:19,720 –> 00:26:24,580
I thought for sure that would be something by now, but we’re still using Touch ID.
411
00:26:24,580 –> 00:26:28,780
Again, we’re going to have to see what Apple does with this, because this is where they
412
00:26:28,780 –> 00:26:34,900
were in a very interesting phase here, because I really thought that by this point Face ID
413
00:26:34,900 –> 00:26:38,580
would be on the Macs.
414
00:26:38,580 –> 00:26:41,920
We have Windows Hello, but we don’t have Face ID on the Mac.
415
00:26:41,920 –> 00:26:43,060
So I thought that was weird.
416
00:26:43,060 –> 00:26:47,340
But again, I do think it’s very important to point out to everybody, and I say this
417
00:26:47,340 –> 00:26:52,320
all the time, and I mean no disrespect to anybody that’s on a Mac, because I’m a Mac
418
00:26:52,320 –> 00:26:59,280
user myself, but you have to understand they have 100,000, 125,000, 150,000, I’m sorry,
419
00:26:59,280 –> 00:27:03,880
125 million, 150 million Macs out in the world.
420
00:27:03,880 –> 00:27:07,160
Apple has over a billion iPhones in the world.
421
00:27:07,160 –> 00:27:14,260
So what Apple has in phones, Microsoft has in desktops.
422
00:27:14,260 –> 00:27:18,980
You know, Microsoft will always favor the desktop market because they have so many users
423
00:27:18,980 –> 00:27:19,980
on it.
424
00:27:19,980 –> 00:27:21,180
Same thing goes, like I said, with Apple.
425
00:27:21,180 –> 00:27:27,060
They are always going to favor their iPhones and iPads over their Macs just because they
426
00:27:27,060 –> 00:27:29,980
have so many more people on them.
427
00:27:29,980 –> 00:27:37,420
Apple is still, whether they will limit it or not, is still really the iPhone company.
428
00:27:37,420 –> 00:27:39,700
Just because, I mean, don’t get me wrong, they care about their Macs.
429
00:27:39,700 –> 00:27:43,280
It’s a couple billion dollar a quarter business.
430
00:27:43,280 –> 00:27:51,300
But when you look at Mac sales versus iPhone and iPad sales, they definitely are still
431
00:27:51,300 –> 00:27:53,100
the iPhone company.
432
00:27:53,100 –> 00:27:55,620
And I don’t take anything away from them.
433
00:27:55,620 –> 00:27:56,800
The same thing with Microsoft.
434
00:27:56,800 –> 00:27:59,680
They are still the Windows and Microsoft Office company.
435
00:27:59,680 –> 00:28:04,500
Even though they have Xbox, they have other things, those two are still their cash cows.
436
00:28:04,500 –> 00:28:05,740
And the same thing goes for Apple.
437
00:28:05,740 –> 00:28:12,900
So Apple is very slow to adopt these things from their phones to their computers because
438
00:28:12,900 –> 00:28:17,140
it’s just one of those things like, okay, we want to do this, but it’s going to affect
439
00:28:17,140 –> 00:28:20,220
such a small amount of our user base compared to doing something on the iPhone.
440
00:28:20,220 –> 00:28:25,340
So it’s just one of those things, unfortunately, where you just go where the majority of your
441
00:28:25,340 –> 00:28:26,340
customers are.
442
00:28:26,340 –> 00:28:36,700
And by far, by double, triple, quadruple, it’s 10 times almost what the iPhone has user
443
00:28:36,700 –> 00:28:38,420
base compared to the Macs.
444
00:28:38,420 –> 00:28:40,180
It’s just the way it is.
445
00:28:40,180 –> 00:28:41,180
Not taking it away from Apple.
446
00:28:41,180 –> 00:28:46,420
They make great computers, but I’m just saying they are just going to favor their cash cow
447
00:28:46,420 –> 00:28:49,740
markets versus their other markets.
448
00:28:49,740 –> 00:28:51,740
That’s just the way it is.
449
00:28:51,740 –> 00:28:56,180
Some other interesting news that I also found, by the way, I wanted to bring this up.
450
00:28:56,180 –> 00:29:00,380
Mozilla announced today that they are getting a new CEO.
451
00:29:00,380 –> 00:29:05,620
Somebody from their current CEO who’s been with the company for 25 years is stepping
452
00:29:05,620 –> 00:29:09,100
down and somebody else from the board is taking over.
453
00:29:09,100 –> 00:29:13,140
Not really going to affect probably Mozilla too much, but let’s just wait and see.
454
00:29:13,140 –> 00:29:15,020
But I thought that was interesting news.
455
00:29:15,020 –> 00:29:16,820
Mozilla, I really like Mozilla.
456
00:29:16,820 –> 00:29:22,640
I tell everybody to use Mozilla just because they are a security first browser.
457
00:29:22,640 –> 00:29:23,640
Very important to me.
458
00:29:23,640 –> 00:29:27,540
And I tell everybody, use Mozilla if you can.
459
00:29:27,540 –> 00:29:31,460
I push everybody that way and I apologize to them if I feel like I’m preaching it.
460
00:29:31,460 –> 00:29:34,300
I don’t get paid by Mozilla to make this announcement.
461
00:29:34,300 –> 00:29:39,100
It’s just they are very security conscious and very much put the user first.
462
00:29:39,100 –> 00:29:42,580
And I really, that and like a signal, any of those companies that put users first, I
463
00:29:42,580 –> 00:29:44,740
really appreciate.
464
00:29:44,740 –> 00:29:48,240
But Mozilla obviously does have to make some revenue and they have announced today that
465
00:29:48,240 –> 00:29:54,780
their Mozilla Monitoring Plus, which scrubs the internet for personal information from
466
00:29:54,780 –> 00:29:57,480
the web for free.
467
00:29:57,480 –> 00:30:01,740
They have announced that they are having a new $9 per month service called Mozilla Monitor
468
00:30:01,740 –> 00:30:05,900
Plus and this will automatically scrub for you.
469
00:30:05,900 –> 00:30:09,420
So it would tell you where your stuff works and you would have to actually manually go
470
00:30:09,420 –> 00:30:11,760
and do it and do the work yourselves.
471
00:30:11,760 –> 00:30:15,820
Now for $9 a month it will go do the work for you.
472
00:30:15,820 –> 00:30:20,560
Again if you don’t, I know we’re all in subscription fatigue, but if you want to keep your stuff
473
00:30:20,560 –> 00:30:23,360
off the internet this would be worth $9 a month.
474
00:30:23,360 –> 00:30:27,700
If you want to do it for free that’s fine, you just have to do all the manual work.
475
00:30:27,700 –> 00:30:29,180
So very important.
476
00:30:29,180 –> 00:30:31,160
I wanted to bring that up because it is a service.
477
00:30:31,160 –> 00:30:33,060
I do tell people to use.
478
00:30:33,060 –> 00:30:38,320
I would recommend if you do know somebody who is not the most tech savvy person, it
479
00:30:38,320 –> 00:30:41,560
may actually be the right step.
480
00:30:41,560 –> 00:30:46,740
Maybe it’s the kind of person that your grandmother or your mom who’s not overly tech savvy say,
481
00:30:46,740 –> 00:30:50,220
“Hey, maybe it’s worth the $9 a month for you if you’re worried about your security.”
482
00:30:50,220 –> 00:30:54,180
If it’s somebody like us who can handle all the technical stuff, you do it yourself.
483
00:30:54,180 –> 00:30:58,460
So I thought that was really interesting and really important and I just wanted to bring
484
00:30:58,460 –> 00:30:59,460
that up.
485
00:30:59,460 –> 00:31:04,580
So speaking of open source by the way, something else I wanted to point out.
486
00:31:04,580 –> 00:31:10,300
Apple today or this week announced that it is launching a new open source programming
487
00:31:10,300 –> 00:31:13,180
language that’s called PKL.
488
00:31:13,180 –> 00:31:17,340
Now I was going to confuse PKI because I confuse those myself too.
489
00:31:17,340 –> 00:31:19,220
I was like, “Wait, don’t we already have this?”
490
00:31:19,220 –> 00:31:27,100
But no, it launched February 1 of 2024 with Hinta version 0.25.
491
00:31:27,100 –> 00:31:33,300
It’s going to be used, it’s designed around a key value structure in the main system.
492
00:31:33,300 –> 00:31:37,620
I’m not going to get too techy into it, but they have launched this and what basically
493
00:31:37,620 –> 00:31:43,300
the goal of this is, it’s supposed to be an embedded configuration language hoping to
494
00:31:43,300 –> 00:31:49,960
take the stress out of the small to large or simple to complex, ad hoc to repetitive
495
00:31:49,960 –> 00:31:52,560
configurations tasks.
496
00:31:52,560 –> 00:31:55,620
So go look into it more if you’re interested.
497
00:31:55,620 –> 00:31:58,860
I’m actually not overly interested in this.
498
00:31:58,860 –> 00:32:03,040
I know a couple of people I know on Twitter that were talking about it.
499
00:32:03,040 –> 00:32:09,140
They said it’s very nice, it’s very simple, easy to use, it’s good for simple stuff.
500
00:32:09,140 –> 00:32:11,220
It is actually on GitHub if you want to go ahead and look at the code.
501
00:32:11,220 –> 00:32:15,340
Like I said, I just wanted to bring that up because they have open source another programming
502
00:32:15,340 –> 00:32:16,340
language.
503
00:32:16,340 –> 00:32:20,100
So kind of interesting, thought it was really cool.
504
00:32:20,100 –> 00:32:26,760
And also too, I wanted to bring up another thing that was like, they’ve been very taken
505
00:32:26,760 –> 00:32:30,500
care of it, but it was on bleeping computers, so it’s worth noting it.
506
00:32:30,500 –> 00:32:33,820
Mastodon had a vulnerability that has those hackers to take over accounts.
507
00:32:33,820 –> 00:32:36,300
Like I said, that was very late last week, early this week.
508
00:32:36,300 –> 00:32:38,020
I think we were ready to record the podcast.
509
00:32:38,020 –> 00:32:44,060
It’s already been taken care of CVE 2024-23832.
510
00:32:44,060 –> 00:32:51,580
And like I said, it stems from insufficient origin validation to Mastodon, allowing attackers
511
00:32:51,580 –> 00:32:52,580
to take over accounts.
512
00:32:52,580 –> 00:32:59,500
The reason why I brought it up, it was rated 9.4, which is kind of why I brought it up.
513
00:32:59,500 –> 00:33:04,000
It impacts all Mastodon versions before 3.5.17.
514
00:33:04,000 –> 00:33:09,540
So if you are running your own Mastodon server, go ahead and patch it.
515
00:33:09,540 –> 00:33:15,580
The flaw was fixed, like I said, in 4.2.5 released a couple days ago.
516
00:33:15,580 –> 00:33:19,780
So just go ahead and up your new version.
517
00:33:19,780 –> 00:33:25,420
Like I said, it’s the version before 3.5.17.
518
00:33:25,420 –> 00:33:29,300
So if you’re on 4, you should be okay.
519
00:33:29,300 –> 00:33:31,460
But I would upgrade to the latest version anyway.
520
00:33:31,460 –> 00:33:38,140
Like I said, it’s already been patched, but like I said, that was late last week where
521
00:33:38,140 –> 00:33:39,140
they talked about it.
522
00:33:39,140 –> 00:33:42,700
I just wanted to bring it up because I know a bunch of us here run our own Mastodon instances.
523
00:33:42,700 –> 00:33:46,060
One thing that’s nice, if you’re on something like Masthope or something like that, one
524
00:33:46,060 –> 00:33:50,320
of those hosted platforms, you actually can’t patch it for you.
525
00:33:50,320 –> 00:33:54,300
So I thought that was, that’s one of the nice parts about having hosted solutions.
526
00:33:54,300 –> 00:33:56,180
You know, it does it for you.
527
00:33:56,180 –> 00:34:00,720
So by the way, I wanted to point, the other thing that was on bleeping computer, which
528
00:34:00,720 –> 00:34:05,660
caught my attention again late last week, it didn’t make the podcast because I had recorded
529
00:34:05,660 –> 00:34:12,460
it by the time, but Clorox said they had a cyber attack caused 49 million in expenses.
530
00:34:12,460 –> 00:34:13,460
Unbelievable.
531
00:34:13,460 –> 00:34:19,620
I mean, I mean, they have, sure they have insurance, probably cyber insurance, but like
532
00:34:19,620 –> 00:34:28,820
I said, it affected 8,700 employees and almost 7.5 billion in revenue last year for the company.
533
00:34:28,820 –> 00:34:32,980
And they got hacked on August 11th.
534
00:34:32,980 –> 00:34:36,620
And it actually, like I said, they actually, they’re not saying what it was, but they were
535
00:34:36,620 –> 00:34:43,020
saying that when they reported their final, their earnings for last year, they had said
536
00:34:43,020 –> 00:34:47,360
that they had a big loss because of this cyber attack.
537
00:34:47,360 –> 00:34:52,980
So like I said, it cost the company, you know, quite a bit of money.
538
00:34:52,980 –> 00:34:57,220
Remember Johnson Controls had a hack like that a couple months, it was a couple months
539
00:34:57,220 –> 00:34:59,980
ago that took their whole systems down.
540
00:34:59,980 –> 00:35:02,400
So you know, these cyber attacks are big.
541
00:35:02,400 –> 00:35:05,600
They affect companies, they cost companies money.
542
00:35:05,600 –> 00:35:09,720
And like I said, a lot of these companies have cyber insurance, but it’s just important
543
00:35:09,720 –> 00:35:13,000
to be aware of it.
544
00:35:13,000 –> 00:35:17,820
One thing I do want to talk about with Windows anyway, Microsoft has announced that they
545
00:35:17,820 –> 00:35:21,940
are bringing the Linux pseudo command to Windows server.
546
00:35:21,940 –> 00:35:26,940
That was big news again late last week, but I just want to bring that up because Microsoft
547
00:35:26,940 –> 00:35:30,360
is, I mean, definitely a different Microsoft guys than it was years ago.
548
00:35:30,360 –> 00:35:33,360
I know for a fact Microsoft used to be anti Linux.
549
00:35:33,360 –> 00:35:38,580
Now pretty much the majority of servers on Azure are Linux, but, and obviously you have
550
00:35:38,580 –> 00:35:42,780
the sub, you know, the Android subsystem for Windows and the Android subsystem for Linux.
551
00:35:42,780 –> 00:35:47,300
But Microsoft now says they’re bringing the Linux pseudo command feature to Windows 20,
552
00:35:47,300 –> 00:35:52,400
Windows server 2025 offering a new way for people to elevate themselves.
553
00:35:52,400 –> 00:35:54,080
So I thought that was interesting.
554
00:35:54,080 –> 00:35:57,960
They’re testing it and it’s going to be in an insider preview.
555
00:35:57,960 –> 00:36:00,040
So that was a big news.
556
00:36:00,040 –> 00:36:03,440
It really is news for Microsoft, see Microsoft embracing the open source and Linux.
557
00:36:03,440 –> 00:36:08,360
It definitely is a different company than it was under Balmer or Gates.
558
00:36:08,360 –> 00:36:11,520
And I mean, I think at the time they were the right CEOs, but now with open source being
559
00:36:11,520 –> 00:36:16,040
what it is and stuff like that, you know, adapt or adapt or die, right?
560
00:36:16,040 –> 00:36:17,360
Some news out of Denmark.
561
00:36:17,360 –> 00:36:20,960
And the only reason why I’m bringing this up is this is quite interesting.
562
00:36:20,960 –> 00:36:25,320
Denmark ordered schools to stop sending student data to Google.
563
00:36:25,320 –> 00:36:29,760
Danish, I wonder if this is really important because a lot of school districts in America
564
00:36:29,760 –> 00:36:32,240
use Google workspace.
565
00:36:32,240 –> 00:36:37,840
Danish data protection authority has issued an injunction regarding student data being
566
00:36:37,840 –> 00:36:43,640
funneled through Google using Chromebook and Google workspaces in schools.
567
00:36:43,640 –> 00:36:50,160
The matter was brought up by an agency stating that kids being, one, they don’t think it’s
568
00:36:50,160 –> 00:36:53,840
right that young kids data is going out onto the internet.
569
00:36:53,840 –> 00:37:05,520
They’re saying that Google is analyzing documents with personal data on them, allowing Google
570
00:37:05,520 –> 00:37:10,280
to build a profile on kids before they’re even of age to understand what it is.
571
00:37:10,280 –> 00:37:14,680
They were announced that they must cease the transfer of personal data to Google for specific
572
00:37:14,680 –> 00:37:18,240
purposes.
573
00:37:18,240 –> 00:37:22,440
They want to ensure that Google refrains from processing the data and building profiles
574
00:37:22,440 –> 00:37:23,920
on kids and stuff like that.
575
00:37:23,920 –> 00:37:31,400
Like I said, it’s actually pretty big news because there is no on-prem version of Google
576
00:37:31,400 –> 00:37:35,480
workspace like there is with Microsoft and SharePoint and stuff like that.
577
00:37:35,480 –> 00:37:38,000
So this is actually pretty big news.
578
00:37:38,000 –> 00:37:42,800
Like I said, it’s one of those things where, you know, they want to, I get what they’re
579
00:37:42,800 –> 00:37:43,800
trying to do.
580
00:37:43,800 –> 00:37:47,480
They’re trying to say, well, Google workspace for education, Chrome OS, Chrome, all that’s
581
00:37:47,480 –> 00:37:48,480
gathering data.
582
00:37:48,480 –> 00:37:51,120
They’re building profiles on these kids when the kids are in kindergarten, first grade,
583
00:37:51,120 –> 00:37:52,600
second grade, they don’t understand.
584
00:37:52,600 –> 00:37:55,680
They have no way of knowing what’s going to happen later on down the road.
585
00:37:55,680 –> 00:37:58,440
So I mean, it’s a really tough, tough thing.
586
00:37:58,440 –> 00:38:05,280
I have been saying this for a while, but again, it’s a tough thing because the problem is,
587
00:38:05,280 –> 00:38:14,080
is Google is a much lower cost in the door than Windows or Mac.
588
00:38:14,080 –> 00:38:18,520
Obviously iPads, obviously, you know, the iPad could last a kid, you know, his whole
589
00:38:18,520 –> 00:38:22,960
career because Apple really, you know, has let the iPad, you know, kid may only need
590
00:38:22,960 –> 00:38:27,940
two iPads over the course of his entire 13 years or three where a Chromebook is every
591
00:38:27,940 –> 00:38:29,640
three or four years yet to replace it.
592
00:38:29,640 –> 00:38:33,920
But Chromebook is also like 200 bucks compared to an iPad.
593
00:38:33,920 –> 00:38:41,080
So you know, that’s how Google kind of got in the door with these sorts of things because,
594
00:38:41,080 –> 00:38:45,120
you know, a Chromebook is, you know, 200 bucks and then, you know, three years place, you
595
00:38:45,120 –> 00:38:49,600
know, 200 bucks, 200 dollar device and then the kids has now, now it’s been in service
596
00:38:49,600 –> 00:38:50,600
for eight years.
597
00:38:50,600 –> 00:38:54,080
Whereas an iPad, you know, you’re looking at, we got to lay out five, six, $700.
598
00:38:54,080 –> 00:38:56,160
So that’s kind of how Google got in the door.
599
00:38:56,160 –> 00:39:01,520
But and then two windows machines, you know, are expensive to, you know, they’re looking
600
00:39:01,520 –> 00:39:04,560
at, well, windows machines, you got to maintain it.
601
00:39:04,560 –> 00:39:07,680
You got to upgrade it where the Chromebook was simple and easy.
602
00:39:07,680 –> 00:39:11,880
I mean it, I mean, both, both platforms do have their advantage.
603
00:39:11,880 –> 00:39:17,960
I will say that, but I guess what they’re saying now is, you know, it’s getting, I kind
604
00:39:17,960 –> 00:39:19,360
of get what they’re saying.
605
00:39:19,360 –> 00:39:23,060
It’s, it’s, you’re, you’re building profiles on kids and they don’t even understand what
606
00:39:23,060 –> 00:39:26,760
they’re sharing or what they’re sharing and how they’re sharing and they’re, I mean, it
607
00:39:26,760 –> 00:39:30,240
is, it is a pretty interesting topic.
608
00:39:30,240 –> 00:39:35,320
I’ve always said to, I don’t understand how Google gets around the whole, you know, you’re
609
00:39:35,320 –> 00:39:38,720
not 13, you’re, so you’re not supposed to have an account on the internet, but yet they
610
00:39:38,720 –> 00:39:43,920
get around it because it’s their workspace product or their education product or, you
611
00:39:43,920 –> 00:39:46,840
know, the years of, okay, well kids can’t be on the internet till they’re a certain
612
00:39:46,840 –> 00:39:47,840
age.
613
00:39:47,840 –> 00:39:51,560
Well, Chromebook is always connected and Google specifically collects everything in the cloud
614
00:39:51,560 –> 00:39:53,600
so that they can have it, analyze it, look at it.
615
00:39:53,600 –> 00:39:56,520
I mean, it’s, it’s definitely a controversial topic.
616
00:39:56,520 –> 00:40:01,760
I’m not saying I don’t, I don’t necessarily disagree with Denmark personally, but unfortunately
617
00:40:01,760 –> 00:40:04,320
it’s the way it is in America.
618
00:40:04,320 –> 00:40:09,320
And I don’t think Google has gotten a big foothold in America and muscled out Microsoft.
619
00:40:09,320 –> 00:40:13,020
You remember when I was younger growing up, everybody had Microsoft windows and those
620
00:40:13,020 –> 00:40:15,600
kids were conditioned to be Microsoft’s future customers.
621
00:40:15,600 –> 00:40:16,600
That worked out.
622
00:40:16,600 –> 00:40:20,040
Well now Google’s saying, well, if we do this, those people will be our future customers.
623
00:40:20,040 –> 00:40:24,640
You know, it’s, it’s, you know, it’s the same reason why Apple’s trying to keep iPhones
624
00:40:24,640 –> 00:40:28,800
in schools and stuff like that because they want kids to learn iOS so that they become
625
00:40:28,800 –> 00:40:30,800
future customers.
626
00:40:30,800 –> 00:40:33,160
It’s just, you know, it’s conditioning, man.
627
00:40:33,160 –> 00:40:35,040
It’s just the way it is.
628
00:40:35,040 –> 00:40:38,480
The other thing I think this is the last funny story I want to bring up, and this will be
629
00:40:38,480 –> 00:40:41,320
the last news story of the week.
630
00:40:41,320 –> 00:40:47,360
Apparently there was a 3 million electric two buses were used in a DDoS attack.
631
00:40:47,360 –> 00:40:52,120
Apparently the news site announced that a cyber security firm for tonight, fortunate,
632
00:40:52,120 –> 00:40:57,120
excuse me, said three million electrocute buses were infected with Java malware and
633
00:40:57,120 –> 00:41:01,000
were used to conduct a DDoS attack against a Swiss company.
634
00:41:01,000 –> 00:41:07,080
Um, again, any internet connected device can be used as a weapon.
635
00:41:07,080 –> 00:41:10,720
Uh, it’s the same thing like the refrigerators that were being used.
636
00:41:10,720 –> 00:41:15,000
Uh, remember in a DDoS attack a while back, this is a very similar thing.
637
00:41:15,000 –> 00:41:18,320
So it’s made funny that it’s electric toothbrushes.
638
00:41:18,320 –> 00:41:20,680
So I thought that was really funny.
639
00:41:20,680 –> 00:41:24,840
And uh, you know, like I said, any internet connected device can be used as a weapon folks.
640
00:41:24,840 –> 00:41:30,980
Like it’s just, you know, if somebody can hack it, somebody can, uh, can use it as a
641
00:41:30,980 –> 00:41:31,980
bot.
642
00:41:31,980 –> 00:41:33,260
But I thought it was funny.
643
00:41:33,260 –> 00:41:38,520
It was three, it was three million electric toothbrushes.
644
00:41:38,520 –> 00:41:40,080
That’s just hysterical.
645
00:41:40,080 –> 00:41:44,780
Um, shows you that you should, you know, not be using Java.
646
00:41:44,780 –> 00:41:49,160
And uh, what’s even more funny is they, uh, when they were testing these things, they
647
00:41:49,160 –> 00:41:55,080
found that most of the toothbrushes were using default passwords and default, um, all the
648
00:41:55,080 –> 00:41:56,080
defaults were set.
649
00:41:56,080 –> 00:42:01,820
Yeah, because who the heck thinks that, you know, who thinks to change the password on
650
00:42:01,820 –> 00:42:02,820
their toothbrush?
651
00:42:02,820 –> 00:42:04,820
I mean, think about it.
652
00:42:04,820 –> 00:42:07,940
Uh, you know, and this is what the tweets out of this story were great.
653
00:42:07,940 –> 00:42:10,460
Somebody was like, somebody was like, what is wrong with people?
654
00:42:10,460 –> 00:42:11,460
There’s no details.
655
00:42:11,460 –> 00:42:14,600
Like who, who is the target of the DDoS?
656
00:42:14,600 –> 00:42:15,600
What happened?
657
00:42:15,600 –> 00:42:16,600
What brand of toothbrushes?
658
00:42:16,600 –> 00:42:19,640
Uh, you know, people are like, I don’t understand this.
659
00:42:19,640 –> 00:42:22,420
This is why would somebody hijack somebody’s toothbrush?
660
00:42:22,420 –> 00:42:24,740
I mean, it was just, some of these were funny.
661
00:42:24,740 –> 00:42:27,780
I mean, again, they haven’t released much of it yet.
662
00:42:27,780 –> 00:42:31,840
Uh, the devices, I’m sure there’s going to be an update for the devices to patch them.
663
00:42:31,840 –> 00:42:35,660
But um, you know, it’s just hysterical.
664
00:42:35,660 –> 00:42:37,660
Uh, it’s just unbelievable.
665
00:42:37,660 –> 00:42:39,660
I just, it’s funny.
666
00:42:39,660 –> 00:42:43,260
I mean, uh, toothbrushes, you know, it’s just, you always get that one story of the week
667
00:42:43,260 –> 00:42:44,260
that always makes you laugh.
668
00:42:44,260 –> 00:42:49,120
And uh, here you are brushing your teeth and meanwhile you’re, uh, you’re DDoSing somebody.
669
00:42:49,120 –> 00:42:50,580
So I thought that was pretty funny.
670
00:42:50,580 –> 00:42:56,200
That along with the, uh, the, uh, the novel one, uh, my opinion were the two best stories
671
00:42:56,200 –> 00:42:58,060
of the week this week as far as funny goes.
672
00:42:58,060 –> 00:42:59,820
Um, I do want to point out folks as well.
673
00:42:59,820 –> 00:43:03,420
Uh, I do want to get to one thing here before we get to the end of the show.
674
00:43:03,420 –> 00:43:04,620
Uh, listener feedback.
675
00:43:04,620 –> 00:43:07,220
I cleaned out the mailbag today.
676
00:43:07,220 –> 00:43:09,140
I do appreciate all listener feedback.
677
00:43:09,140 –> 00:43:12,260
A bunch of people that they really like to show.
678
00:43:12,260 –> 00:43:13,980
Shows really well, well done.
679
00:43:13,980 –> 00:43:16,420
Uh, most, most comments pretty positive.
680
00:43:16,420 –> 00:43:19,140
Um, I will say that, but I do appreciate the feedback.
681
00:43:19,140 –> 00:43:22,660
Again, it’ll be in the show notes, brandon@lepaniesecurity.com.
682
00:43:22,660 –> 00:43:23,660
Send in all your information.
683
00:43:23,660 –> 00:43:24,900
That’s the best way to reach me.
684
00:43:24,900 –> 00:43:30,340
Um, and I will go ahead and take care of trying to get as much as I can on the show.
685
00:43:30,340 –> 00:43:35,740
Uh, somebody had pointed out to me that the co-pilot, so we talked about co-pilot last
686
00:43:35,740 –> 00:43:36,740
week.
687
00:43:36,740 –> 00:43:41,780
We talked about it again this week, but a co-pilot does not run on Firefox.
688
00:43:41,780 –> 00:43:43,260
Only chromium based.
689
00:43:43,260 –> 00:43:47,100
Uh, the chat GPT though works on Mac and Firefox.
690
00:43:47,100 –> 00:43:48,100
So they want to play on them.
691
00:43:48,100 –> 00:43:55,380
Microsoft co-pilot, if you’re going to use co-pilot by co-pilot, it does not run on Firefox.
692
00:43:55,380 –> 00:43:56,620
Only chat GPT does.
693
00:43:56,620 –> 00:43:59,540
And chat GPT also works on the Mac and Firefox.
694
00:43:59,540 –> 00:44:03,900
I will say, I do know that chat GPT is much more cross platform.
695
00:44:03,900 –> 00:44:06,180
Uh, obviously Microsoft’s not really that worried.
696
00:44:06,180 –> 00:44:10,980
I do know office for the Mac does have co-pilot, but Microsoft obviously not as worried about
697
00:44:10,980 –> 00:44:15,240
bringing co-pilot to the Mac desktop because it’s their co-pilot.
698
00:44:15,240 –> 00:44:16,980
They want you to use Windows.
699
00:44:16,980 –> 00:44:21,380
Um, but chat, if you do want to spend $20 a month, chat GPT does work on all platforms.
700
00:44:21,380 –> 00:44:22,660
It’s more cross platform.
701
00:44:22,660 –> 00:44:26,880
So a very, very important that.
702
00:44:26,880 –> 00:44:30,500
Also too, somebody had pointed out to me, and I did want to bring this up on the show
703
00:44:30,500 –> 00:44:32,460
because I felt it was really important.
704
00:44:32,460 –> 00:44:40,100
Um, if you go to Microsoft OneNote, uh, it actually comes up with a message that said,
705
00:44:40,100 –> 00:44:42,860
this browser has no longer supported.
706
00:44:42,860 –> 00:44:49,900
Um, kind of implying that Microsoft is very focused on edge and chromium based browsers
707
00:44:49,900 –> 00:44:51,980
and really doesn’t care about Firefox anymore.
708
00:44:51,980 –> 00:44:56,660
Um, I do notice that some other people have pointed out too, that certain things, uh,
709
00:44:56,660 –> 00:44:58,100
don’t work in Firefox.
710
00:44:58,100 –> 00:45:03,500
Um, certain sites, um, you know, that, and unfortunately that’s just the way it is.
711
00:45:03,500 –> 00:45:10,640
Firefox is, uh, definitely the, the smaller, and unfortunately if you are using the smaller,
712
00:45:10,640 –> 00:45:13,560
less known browser, you’re going to run into issues like this.
713
00:45:13,560 –> 00:45:17,220
Most of the companies now are focused on the chromium based browsers.
714
00:45:17,220 –> 00:45:22,780
Um, the only thing I can recommend to you if you, if this is a problem for you, um,
715
00:45:22,780 –> 00:45:28,320
is to go ahead and use Brave, which is a security focused browser, but it is built on chromium.
716
00:45:28,320 –> 00:45:33,420
So that is the only option I would recommend, but I am glad somebody pointed that out and
717
00:45:33,420 –> 00:45:35,060
I really do appreciate that.
718
00:45:35,060 –> 00:45:38,780
Um, like I said, if you are, if you do have to use a chromium based browser and some people
719
00:45:38,780 –> 00:45:42,300
do, um, like I said, I recommend using Brave if you can.
720
00:45:42,300 –> 00:45:45,520
Um, also too, I didn’t want to, nobody else put this into me.
721
00:45:45,520 –> 00:45:48,240
We were talking about hard drives and stuff like that.
722
00:45:48,240 –> 00:45:55,480
Um, I, I didn’t get a chance to really too much dig into it, but a recent report declared
723
00:45:55,480 –> 00:46:06,220
that the quality of, of actual micro SDs and USB sticks and stuff like that, uh, are actually
724
00:46:06,220 –> 00:46:07,220
on the decline.
725
00:46:07,220 –> 00:46:11,980
They’re saying that they’re finding that, that USB sticks and micro SDs are becoming
726
00:46:11,980 –> 00:46:13,620
less and less reliable.
727
00:46:13,620 –> 00:46:16,220
Uh, so I thought that was really interesting.
728
00:46:16,220 –> 00:46:18,420
Um, I have talked about Spinrite a few times.
729
00:46:18,420 –> 00:46:22,280
I know Steve Gibson over on Twit, uh, does the security now podcast.
730
00:46:22,280 –> 00:46:23,280
He creates it.
731
00:46:23,280 –> 00:46:25,820
It is, I think it is one of the best hard drive recovery tools.
732
00:46:25,820 –> 00:46:27,860
I actually do buy a copy of it.
733
00:46:27,860 –> 00:46:29,980
Um, I think I’m, I’m thinking I have six right now.
734
00:46:29,980 –> 00:46:34,700
I didn’t get his latest version, but I did get six and, uh, it is a really great, you
735
00:46:34,700 –> 00:46:35,780
can use it on drives.
736
00:46:35,780 –> 00:46:36,780
It works on solid states.
737
00:46:36,780 –> 00:46:41,380
It works on all stuff and, uh, it will work on jump drives and, and SD cards and stuff
738
00:46:41,380 –> 00:46:42,380
like that.
739
00:46:42,380 –> 00:46:43,980
So, um, go ahead and use that.
740
00:46:43,980 –> 00:46:49,580
I do understand that a lot of the quality, unfortunately, of these, these sticks and
741
00:46:49,580 –> 00:46:52,540
stuff is all going to be made in a cheaply in places.
742
00:46:52,540 –> 00:46:53,540
And that’s unfortunate.
743
00:46:53,540 –> 00:46:57,500
Uh, I always tell everybody, if you’re going to buy USB sticks, if you’re going to buy
744
00:46:57,500 –> 00:47:03,140
micro SDs, uh, cards, stuff like that, try to buy name brand like scan disc and stuff
745
00:47:03,140 –> 00:47:07,780
like that, just because you know, they’re not going to come from this little place in
746
00:47:07,780 –> 00:47:11,020
China that puts viruses and stuff like that on them, because that’s what happens.
747
00:47:11,020 –> 00:47:14,620
A lot of these cheaper sticks, yeah, they’ll work on your machine, but they also infect
748
00:47:14,620 –> 00:47:15,620
your machine.
749
00:47:15,620 –> 00:47:19,180
Um, and I don’t know if a lot of people don’t know that, but that’s kind of a gimmick is
750
00:47:19,180 –> 00:47:23,100
I’ll buy these, these jump drives, infect them with something and they’ll post them
751
00:47:23,100 –> 00:47:26,900
up on Amazon cheaply and hope people will buy them.
752
00:47:26,900 –> 00:47:31,380
That’s a cheap way of me, uh, distributing my virus and an easy way of me building a
753
00:47:31,380 –> 00:47:34,460
botnet for relatively cheaply and I don’t have to worry about hacking or anything like
754
00:47:34,460 –> 00:47:35,460
that.
755
00:47:35,460 –> 00:47:37,140
Just people sticking their USB sticks in.
756
00:47:37,140 –> 00:47:38,500
So very important.
757
00:47:38,500 –> 00:47:44,220
Um, also too, uh, I do want to point out too, I made a mistake yesterday and, or the other
758
00:47:44,220 –> 00:47:48,820
day, last week on the podcast and they pointed out to me yesterday, um, Spinrite will actually
759
00:47:48,820 –> 00:47:50,500
work on an Intel based Mac.
760
00:47:50,500 –> 00:47:54,300
I did say that it does not work on Mac and I was wrong.
761
00:47:54,300 –> 00:47:57,420
It works on Intel based Macs.
762
00:47:57,420 –> 00:48:00,820
Uh, but you need the latest version 6.1.
763
00:48:00,820 –> 00:48:02,580
So I do want to point that out because that was really important.
764
00:48:02,580 –> 00:48:03,860
Somebody did bring that up to my attention.
765
00:48:03,860 –> 00:48:08,300
He said, Hey Steve, on the last couple episodes ago said that it does work on Intel Mac 6.1.
766
00:48:08,300 –> 00:48:11,620
Uh, does not work on M1 Macs, but still works on Intel.
767
00:48:11,620 –> 00:48:15,580
So if you have somebody on Intel Mac that’s having hard drive issues, uh, you could actually
768
00:48:15,580 –> 00:48:16,900
use Spinrite to help them out.
769
00:48:16,900 –> 00:48:20,620
So I just wanted to bring that up and, uh, cause I misspoke.
770
00:48:20,620 –> 00:48:24,780
So also too, again, folks, if you do have anything that you want to send in, uh, anything
771
00:48:24,780 –> 00:48:28,700
again, go to brandon@lipanasecurity.com is my email.
772
00:48:28,700 –> 00:48:29,700
Please send it in.
773
00:48:29,700 –> 00:48:31,500
I appreciate all the feedback and I love it.
774
00:48:31,500 –> 00:48:33,340
Uh, I want to thank you very much for listening.
775
00:48:33,340 –> 00:48:36,020
I apologize for my voice and not feeling well today.
776
00:48:36,020 –> 00:48:39,580
Um, but like I said, I do want to get the show out because I really enjoyed doing it
777
00:48:39,580 –> 00:48:41,220
and I felt it was important.
778
00:48:41,220 –> 00:48:44,900
I want to thank everybody for listening and we will see you on the next episode.
779
00:48:44,900 –> 00:48:45,900
Thank you very much.
780
00:48:45,900 –> 00:48:47,940
(dramatic music)
781
00:48:47,940 –> 00:48:48,440
you