19 Episode results for "Mc Soft"

Ransomware

7 Layers

19:45 min | Last week

Ransomware

"The next generation. It infrastructure industry moves fast. Never miss a beat. By subscribing to sds central's daily newsletter at dx dot i o. slash newsletter. Hello and welcome to seven layers. Where every episode. We look at a technology that connects our world from literal wires in the ground to switches and routers in all the way up to the exploding amount of smart devices around. Us subscribed seven layers. So you never miss an episode and tune into our next episode where we will hear from a leading expert in ransomware and as always you can learn more about the current state of technology over on s dx. Central dot com. I'm your host connor craven and associate studios editor at sgx central before we jump into this episode. I'd like to take a moment to make a correction tour episode on election security in that episode tyler technologies was referred to as an elections technology company. Please note tyler. Technologies is a company that makes software for public sector but it does not make products that directly support voting or election systems or store individual voting records. Now onto this week's topic where we'll be shifting. Our focus to ransomware ransomware isn't new. Anyone who has used computers probably familiar with the idea of ransomware and uses common sense when they encounter an off. Email or sketchy looking website. But what many people don't realize is that. As technology evolves sodas ransomware. It becomes more difficult to decrypt more sinister behaviors and more and more prevalent. Ransomware has been on the rise. Attacks were up by hundred nineteen percent in twenty nineteen and in april twenty twenty. There was one hundred and forty eight percent increase in attacks compared to the previous month since then stay agencies. Healthcare organizations school districts insurance and tech companies have experienced large-scale ransomware attacks with unprecedented outcomes. This episode will prepare you for future ransomware attacks and educate you on what ransomware is in how continues to evolve in this episode. We'll cover what ransomware is and how it works. The storied history of ransomware. How to protect against ransomware. The importance of security protocols the impact ransomware attacks the rise of attacks the social or political reasoning. That may be behind them. And the future of ransomware special things. Sgx central studios editor. Ashley wiesner for writing script. This week part. One ransomware basics. Let's start out at a high level. What exactly is ransomware. Simply put resumes type of power that encrypts its victims files. The attacker will then demand a ransom to be paid. once the ransom is paid. The files will be decrypted. Except it's not that simple more often than not attackers will not decrypt. The files wants. The ransom is paid leaving the victims without their files and not the cost of the ransom might be thinking yikes what does the large scale. Impact of this. Look like in well. We'll get there. I promise but first. We're going to review. How ransomware works in how you volved which is loaded because ransomware can work in a few different ways. Ransomware can work by exploiting vulnerabilities in a system security protections. The mauer often comes from unsafe websites in these cases it can also spread through infected hardware like usb drive. The most common approach for attackers is to trick users into downloading. The ransomware themselves often done through phishing attacks. Victime open an email or download. A file containing ransomware. This type of attack is often the result of a trojan horse once it has access to device come our encrypts the files and demand ransom though. It sounds simple. Enough as technology has evolved so as ransomware. Let's take a look at the first ransomware attack. Which was the aids trojan ransomware monsoon december nineteen eighty nine his liver through an infected floppy disk labelled aids information introductory diskette who was sent to over twenty thousand individuals and health institutions the aids trojan used symmetric encryption and encrypted file names in the c. Drive this encryption didn't affect the files in any way it just made them unusable due to the nature of the encryption technique. It was easy to remove the ransomware through decryption however many victims wiped their hard drives in las years of work in the process. This ransomware attack was not particularly successful at collecting ransom after all victims were expected to mail a check to a po box. However it did set the stage for future. Ransomware attacks like the aids trojan ransomware. This time relied on symmetric inscriptions. It was often weak enough that they could be decrypted through trial and error. This was good news for the victims but bad news. For the attackers so attacks evolved attacks began generating a public key and embedding it into the ransomware wants. The ransomware was on a device. It would encrypt files with a randomly generated. Key the catch. Is that the randomly generated. Key was itself encrypted. The attacker would then use the public key to decrypt the randomly generated deke. An intern decrypt the files. This technique ensures that the same key can't used on subsequent attacks these keys often. You see advanced encryption. Standard referred to his eighty s. Making it more difficult to decrypt to learn more about eighty s and other methods of encryption go to s dx central dot com and search for it in the security section. Another approach attackers took was to use our s keys. Encryption are as keys are difficult to crack because the rsa generates both keys. The algorithm uses to randomly generated prime numbers and without those numbers. It is impossible to decrypt the key. The i team. Rsa was the archivist ransomware attack. That began in two thousand. Six archivist was distributed through militias links. Once on the device the mauer would copy files delete the original lock the copies in scripted folder. And then leave behind a file named how to get your files back dot. T. x t. This file would inform victims. Their files were locked in could only be accessed through a thirty character. Password victims were then told to email restoring at safe mail dot net or restoring files at yahoo dot com the attackers within direct victims to purchase items from several online stores. The exact reason for this approach is still unknown. But once the purchases were made the password will be sent the ultimate demise of archivists was poor password hygiene on the attackers end as it turned out. The password was the same for every attack. Once the password was distributed the malware became irrelevant though unsuccessful. Long-term archivist made it clear. Reverse engineering encrypted files to find. The key was a thing of the past in may twenty seventeen. The wannacry ransomware attack occurred over a span of four days. The attack became one of the most widespread ransomware attacks infecting nearly three hundred and fifty thousand devices resulting in about a billion dollars in damages. Despite only one hundred thousand dollars of ransom ever being paid wannacry utilized both eighty s and our sat's and it was a worm meaning it could spread exponentially and infect the entire network of an infected device. The ransomware was launched through vulnerable server. Messenger block or smb port. A computer in asia from their ransomware spread throughout the network by exploiting vulnerability in windows. S m b. The mauer would send an initial packet known as dropper that would be executed by the smb from there. The dropper would attempt to connect to an unregistered and seemingly random domain. If a connection was made the attack would halt. But if no connection was made the mauer would send two more packets the encrypted and the decrypt her the dropper within execute the encrypt her from here files will be encrypted ransom notes would appear in a set of timers would pop up the timer is dictated the amount of ransom and the fate of the files pay within three days and you have to pay three hundred. Bitcoin that it doubles. If you don't pay within seven days the files would be erased windows released. A patch to secure against the vulnerability and a french researcher found a way to retrieve the irs keys. These responses ultimately killed wannacry within days of it being launched. Despite being short-lived wannacry created large financial damages and also set the precedent of using cryptocurrency paranthan payments. The use of bitcoin or other crypto currency makes tracing the origin of ransomware even more difficult which protects the attackers. It's become clear that ransomware is always evolving and that doesn't mean there aren't ways to protect against it. Security best practices can prevent attackers in love for less costly recovery if an attack occurs security best practices include maintaining industry standards for security having knowledge of your organization's. It environment having a ransomware attack response plan a backup files and educating employees on password hygiene how to spot suspicious emails our links and how to report suspicious activity. The three to one rule is a common strategy for file backups. The strategy is as follows. Three have three copies of data available to have two copies on a device separate from the original copy think flash drives or an external hard drive one. Have one copy off site. The cloud would work for this by following the strategy in the event of an attack. It can wipe the infected device and restore the backup the fbi recommend organizations. Keep all software up to date as another prevention technique. And of course the recommend having a solid antivirus system. I'm sure some you are thinking. Yeah i know all this what to do of me or my organization has ransomware attack. And unfortunately there isn't a lot you can do infected devices. Have we wiped more often than not to remove the ransomware as far as paying the ransom. The fbi recommends you don't but it's ultimately a cost benefit analysis losing the files or having them leaked may cost more than the ransom itself. Paying also doesn't guarantee you get the files. Of course you should also report. The ransomware attack. Ransomware is considered a crime in the us and attack should be reported to the fbi and now a word from our sponsor after the break. We'll discuss the impact of ransomware attacks. The recent rise of ransomware. And why exactly these attacks are occurring. It infrastructure is under more demand more scrutiny than ever the way we build networks has fundamentally changed with new technologies constantly evolving to solve new challenges at the same time the role of it departments and of individuals within the department is changing while vendors an executive strategize around new technologies. Those in the trenches scrambled to keep up. Sgx central's definitional guides cover topics from sdn one. Oh one to the internet of things to carefully curate. For major industry events they are one hundred percent independent content designed to share knowledge and help technology professionals stay ahead of the curve. Download the latest guy. Today at sgx dot i o. Slash again that's sgx dot io slash guides park to ransomware on the rice and in the news. Now that we have a deeper understanding of ransomware is prevent an attack. Going to look at the impact of ransomware as i mentioned before the wannacry attack resulted in nearly a billion dollars in damages in the span of only four days putting large financial burden on its victims. This financial impact victims can be devastating trend micro reports the average cost of a ransomware attack on business. His one hundred thirty three thousand dollars the same report estimated that ransomware attacks resulted in billion dollars in revenue for attackers twenty. Eighteen ransomware is big money for attackers in the industry continues to grow trend micro also reported over forty million attacks businesses between january twenty nineteen and april twenty nineteen. This growth trend has continued into twenty twenty. We saw a one hundred and forty eight percent increase in tax from march twenty. Twenty two april twenty twenty. This increase in tax doesn't just mean financial losses. Recent ransomware attacks have resulted in time loss to attack response in data recovery data leaks interference with healthcare education election systems and unfortunately death death. A september twenty twenty ransomware attack on hospital in germany resulted in the death of a patient. Though there is no explicit ransom. There was an extortion note left. The attack disrupted hospital systems for nearly a week. This systems ultimately crashed making patient data inaccessible due to this. The hospital transported emergency patients to different hospital. The woman's death was a result of this transfer though. This debt is the first reported. Death related to ransomware ransomware attacks on healthcare institutions aren't new mc soft reported seven hundred sixty four ransomware attacks against healthcare organizations in twenty nineteen weekend of september twenty fifth twenty twenty sources say the potentially largest medical ransomware attack occurred in the us the computer systems for universal health services a healthcare organization with four hundred locations across the us uk in puerto rico was attacked two hundred and fifty. Us locations were affected by this attack resulting in cancelled surgeries rerouted ambulances in hand labeling medications. Uhs statement confirmed that no patient employee data has been linked. Clark county school district in las vegas wasn't so lucky. They experienced data leak early in september after refusing to pay a ransom school district. I reported the attack on august. Twenty seventh twenty twenty and come september fourteenth. The attacker posted a warning alongside stolen data. The data included employee social security numbers student home addresses grades and more with healthcare and educational institutions at risk. He may be wondering to yourself. What's next politics into that will say. Actually yeah tyler. Technologies a company that provides the us public sector with software was hit with a ransomware attack. The week of september twenty first. Twenty twenty though tyler. Technologies hasn't gone into the details of the attack did specify the at first it appeared be a typical cyberattack files were inaccessible and there was a ransom message. The come friday evening. It appeared outside actors. Were trying to gain access to their system. This raised fears that. The hackers may be out for more than just a payday as mentioned before ransomware and cyber attacks are on the rise in large-scale tax. Like those on. Uhs tyler technologies are becoming more and more prevalent and you may be wondering why one piece of it is that people pay ransoms and attackers make money. This is why the fbi recommends not paying ransoms. But it's bigger than that. The recent influx of attackers appears to be strategic meaning. Attackers are taking advantage of the current. Social and political landscape related to covid nineteen remote working in the recent election. Covid nineteen was unexpected by many and while most of us were stocking up on toilet paper or canned goods. Attackers were strategizing. ransomware attacks. Attackers were using covid. Nineteen to launch ransomware phishing attacks trojans fake caps back doors encrypt on minors patrick with him and john brennan both researchers at b. m. where carbon black wrote in a blog quote notable spikes in attacks can also be correlated to key days in the cove nineteen news cycles. Suggesting attackers are being seriously opportunistic. And leveraging breaking news to take advantage of vulnerable populations quote these spikes particularly relate to major milestones in covid nineteen the day. The us announced the first case of covid nineteen. There was a forty eight percent. Spike in attacks compared to january thirtieth baseline levels on february twenty-ninth multiple states announced public health emergencies and we saw sixty six percent increase in tax following this trend on march first the us announced the first covid. Nineteen death and vm-ware carbon black reported another sixty six percent spike. These attacks weren't just coordinated with the news cycle. They explicitly used covid. Nineteen as a ploy nineteen percent of the ransomware tax code and nineteen or stay at home orders to lure victims said sonic wall. Ceo bill conner mentioned by bill. Conner attackers are also capitalizing on. Stay at home orders. More specifically they are making the most out of the increase in a row work according to data collected by vm-ware carbon black. There was an estimated seventy percent increase in remote work between february fourth april seven creating the perfect environment for spear phishing. Tactics attackers can now gain access to organizations network to employees home device. Attackers can then move laterally through the network to access corporate systems this occurs because most organizations don't have the same layered security in segmentation out of the office. In fact a survey of eight hundred security professionals across the united kingdom germany and france revealed that fifty five percent of organizations say remote working is making them more vulnerable to tax seventy percent of organizations with five thousand or more employees expressed this sentiment as well covid. Nineteen isn't the only topic. In the news. These days the election continues to dominate headlines and intern ransomware attacks have increased in the american public sector. According to the mc soft security firm nine hundred sixty six ransomware attacks hit the public sector last year with two thirds of those attacks targeting local or state governments. The trend has continued to twenty twenty in the first two weeks of september seven. Us government entities were hit with ransomware in subsequently had data stolen this trend in ransomware attacks. In the reason attack on tyler technologies solidified election security concerns among government officials and us intelligence agencies again. Like i opened the show with tyler. Technologies only make software for the public sector but it does not make products that directly support voting or election systems or store individual voting records officials are specifically concerned that foreign attackers will target databases election technology or public sector software to manipulate disrupt or destroy data into build mistrust around election systems for months secretary of state. Jim condo said quote. We have to remember that this threat to our democracy will not go away and concern about ransomware attacks on voter registration. Databases is one clear example. He continued to say. We're sure the threat is far from over. And so what does this tell me. I hate to admit it. But his pretty uncertain we should expect the following a continued increase in ransomware attacks more attacks resulting in stolen data and attacks piggybacking off the social and political landscape and now a word from our sponsor the it department is changing automation has caused the shift and job descriptions and priorities as wants manual tasks such as network monitoring are being taken over by at the same time new technologies such as cloud five g machine. Learning and big data are creating demand for new jobs and career paths and subsequently a massive skills gap that organizations are desperately trying to bridge the path toward that next promotion job and next goal is increasingly murky. Sds central is here to help visit sgx dot io slash career to download our latest career. Guide these guides include detailed information about top skills needed for the fastest growing. It jobs interviews with industry experts and guidelines for nailing. Your next interview use them as a roadmap for navigating your dream tech career path. Download the latest guy today at spx dot io slash career. Thank you for joining us on. This week's episode of seven layers reach out podcasts at sds central dot com with any questions concerns corrections or honestly pronunciations. To before you go. Let's do a brief overview of what we discussed today one ransomware malware that prevents victims from accessing files and then demands payment to ransomware gains access through infected emails devices or attachments in through militias websites. Three attackers often use asymmetric. Encryption in crypto currency so the ransomware is difficult to decrypt in hard to trace for ransomware attacks have a large financial impact on organizations can result in data leaks and can't interfere with various infrastructures and finally attacks the rice. Although ransomware is becoming more prevalent doesn't mean people are helpless remember. Best security practices can prevent ransomware attacks. Reduce the negative impact if they do happen. I've been your host. Connor craven associate studios editor 's sdn central. I'm really looking forward to the next episode. And i hope you are too.

forty eight percent tyler technologies connor craven hundred nineteen percent Ashley wiesner aids fbi billion dollars mauer tyler Us four days sixty six percent one hundred thirty three thous one hundred thousand dollars seventy percent twenty fifth Bitcoin Uhs tyler technologies las
Holding Cities Ransom

Pro Rata

10:38 min | 1 year ago

Holding Cities Ransom

"Sporadic we'd take just ten minutes to get you smarter conclusion of Tech Business Politics under this show the FCC is message for facebook and possible space crash in Silicon Valley but first holding Holding cities ransom so last Friday the city government of New Orleans shutdown not at five. PM would normal Friday but hours earlier after the detection of a cyber attack in its municipal computer network but the city referred to as an abundance of caution resulted in all of its computer. Networks Internal and External Journal being taken off line city offices the physical ones were closed. And even the official New Orleans homepage unavailable now New Orleans officials say there is no evidence evidence that actual information was compromised but not all of it. Systems are back online. Yet and the overall episode reflects the vulnerabilities of city governments to cyber intrusions at a time time when more and more of their services including vital sometimes life saving information are being provided. Virtually one thing missing here from the New Orleans attack was a so called request for ransom. which is when a hacker demands money to put everything back to normal but ransomware attacks against US cities and towns are more common than you might think and often very difficult to navigate by the numbers here Barracuda Networks reported in September that fifty? US cities and towns had seen ransomware attack so far in two thousand nineteen and a more recent report from a company called MC soft puts the number north of one hundred and that latter report expands the figure to nine hundred fifty if you also include educational healthcare CARE systems now when it comes with how to deal with these attacks. There are no easy answers on the one hand. You don't want to encourage future intrusions by paying off the hackers but on the other hand the ransoms are often cheaper than not paying them and then having to fix the damage a lesson that many corporations have learned and begun to heed. The bottom line here is that what happened in New Orleans. Could well be coming to a city or town near you and it seems that the best possible solution in these cases at least for now is to pull the plug if fifteen seconds will go deeper with axios cities editor Kim heart but first this axios gives you the news and analysis. You need to get smarter faster. On the most important topics in our unique smart brevity grabbed format we cover topics from politics to science in media to tech subscribed to get smarter faster at sign-up Dot axios Dot Com and now back to the program podcast. We're joined now by axios. Cities Editor Kim heart do cities and other local government entities usually actually know when their systems systems are being attacked Not really in fact. The International City and County Management Association found that about thirty percent of local governments. Don't know how often their systems are attacked act and the ones that do know say that sixty percent or being attacked on a daily if not an hourly basis so they know they're being attacked they may not even know how often often though you look at the situation New Orleans and obviously we don't still know huge amount about the actual intrusion except say must have been more significant than probably you know some kid you know getting into the system because they decide to basically take everything off line from your perspective. was that prudent. In other words the New Orleans do the right thing kind of this abundance of caution strategy. Yeah I think probably so I mean I think the guidance coming out of federal and state governments is to if you see any sort of suspicious activity take everything down disconnect from the network and try to troubleshoot. It sounds like this. Troubleshooting is taking longer than they expected even as of an update on Nola dot com late last night. I'm an early this morning. A lot of systems are still down. Police are recording incidents manually. They had to put up a temporary website so that people could still do other city business and most of it is coming down to pen Henin paper and the city council meeting on Thursday is likely to be impacted as well so that suggests that they are expecting it to take upwards of a week to figure out what actually went down and how to fix it but I think in a city like New Orleans that's used to have had their fair share of disasters and emergencies to deal with. I think they are use. Used to going with the abundance of caution route in trying to be as careful as possible until a sniff out every corner is principally that these attacks both serious and not as serious areas are on the rise. Yes absolutely I think that cities and local and county governments are increasingly targets. I think hackers assume rightly or not that these city governments are lower staffed than corporations probably don't have as much. It and technically skilled workers who have a lot of cybersecurity training and knowledge on her up on all the latest trends and technological patches to help protect cities and systems from this kind of intrusion and so they're becoming easy targets corporations operations are definitely the top target because they have money and are often more willing to pay the ransomware attacks but they also have more talent and more skilled skilled workers to draw on to help guard their systems from these kinds of intrusions. So I think that one of the biggest problems that sitting in local governments are facing right now is that they just have a harder time recruiting recruiting and retaining the talent that they really need to help keep their systems secure in the most robust way you mentioned ransomware and let me ask about that. There's no indication there was a ransom request in this particular case in New Orleans Orleans but they often are an attack municipal systems and there seems to be a split philosophy. Here part of it is the whole. We don't negotiate with terrorists philosophy right. We can't pay ransom because if it gets out and becomes made public which it probably will because the payment from a public entity that's just going to encourage others to attack our system. The other argument is it often. It's cheaper to pay off the ransom. Rather than having to rebuild your entire system are either one of those philosophies seeming to win out right. Now you know it's really hard to say which one is winning out. I do think that there is evidence to show that the argument that if you pay a ransomware attacker than that just encourages that AH actively to continue experts out there have said well it's not really encouraging a market because the market's already there it's clear that the market is there in the increasing number of ransomware attacks however however for some cities the best response might be to pay the ransom than us the millions of dollars that would have been spent on recovering the systems after that to strengthen the cyber defenses before the the next attack so that they're more prepared going forward but a lot of cities Atlanta and Baltimore have been hit Baltimore chose not to pay the ransom and it might cost twenty million dollars to restore systems which is significantly more than what the ransom was in the first place I was like seventy five thousand dollars. Someone's really I think that there but but it really just depends on. I think what the city council decided to do. And what their particular resident base you know really feel strongly about since they you know their elected officials and they're trying to the citizens like what the federal role if any obviously we're talking here about local governments municipal government so we're talking about a lack of money and lack of technological resource is there federal role here and if so what is it i. I know there's apparently this call zero trust pilot program what can and should the federal government be doing. I think what the federal government is doing more of is trying to be be more of a resource for these governments. That just don't have the same amount of resources that the federal government does that mean for. The federal government also has a hard time compared to corporations of attracting the same amount of technical talent. But when you're talking about the intelligence community and essay and whatnot. They do have a huge amount of expertise to draw from and so the federal government is moving into the direction of zero. Trust as you mentioned and what that is it operates on the assumption that anything outside corporate network is a security risk a so anything anything that comes outside or even inside. That might be a little bit. Amiss is considered suspicious and at risk so administrators are using new precautions like end to end encryption multifactoral authentication identity access management and analytics to control access. No none of that probably sounds new to anyone who works in a corporation but it is still fairly new at the city level. And so but I think we're going to see more of is the federal government trying to not necessarily mandate specific activities like this but strongly encouraging it and providing more more and more training and resources so it sounds cities need to beef up but also keep a bunch of pen and paper handy if that doesn't Work Kim heart editor of cities. Thank you so much for joining us. Thank my final two right after this there is more news than ever before but these days it's harder than ever find it and to know what to trust axios. AM takes effort out of getting smart by synthesizing thing the ten stories. That will drive the day and telling you I. They matter subscribe at sign up dot axios DOT COM and now back to the podcast the final two and first of his facebook which may not have to wait long for new and very significant government regulation as first reported by The Wall Street Journal. The Federal Federal Trade Commission is considering immediate. Move to block the company from integrating the back end infrastructure of its three messaging platforms. which are facebook messenger her? What's APP and Instagram? Why this matters is that facebook's original decision to merge the three was viewed by some as a preemptive move against D C under the old mantra that it's harder to unwind merger once gets completed and facebook is desperately afraid of being forced to divorce? It's big blue APP from either of its sister. APPS so is racing facing to make them technologically inseparable now the FCC isn't yet commenting publicly but we're to move forward. It would have to do it this way. I ask for an injunction against against facebook in federal court and in court demonstrate to the judge that harm to consumers is likely if facebook proceeds with integration plans. The tricky part here will be improving harmed consumers given the facebooks products are free plan. Finally a company called Vector launch on Friday filed for chapter eleven bankruptcy protection which some view as the I possible crack in a recent boom small satellite launch companies vectored raised over ninety million dollars in venture capital funding since being formed in two thousand sixteen including leading by arguably the most venerated venture. Firm of all time sequoia capital but this past summer sequoia quietly decided to stop investing for the source saying that it felt vector was spending too much money and not meeting enough of its own projections. That decision may have led to two vectors lenders opting against providing new lines of credit thus leading to around around one hundred and fifty layoffs and the bankruptcy filing in short make your numbers for Lsu risk crashing. And we're done. Thanks for listening to my producers. Tim Show is Naomi Shaven. Have a great Barbie and Barney Backlash Day. And we'll be back tomorrow with another pro rata podcast.

New Orleans facebook federal government editor New Orleans US New Orleans Orleans FCC Kim heart Federal Federal Trade Commissi Barracuda Networks External Journal sequoia Silicon Valley official Lsu County Management Association Henin facebooks
36 - Remote Work: Extreme Edition

Rework

29:19 min | 1 year ago

36 - Remote Work: Extreme Edition

"Me L. Hello, catherine. Hi. Hi. Oh my gosh. I can hear you loud and clear. I'm so happy. That's perfect bit very it's been very slurred tonight. I was worried too because I just thought there's a million things that could go wrong. But this is great. Thank you so much for making the time I'm talking to Catherine mallet, and you can tell the phone call is a little choppy, this is because she's calling from Antarctica. Welcome to rework a podcast by base camp about the better way to work and run your business. I'm Sean Hilton. I'm Waylon Wong. And I will let our guest today introduce herself. My name is Kathryn Millard astrophysicist actually work for the ice cube collaboration which is a nineteen detector those poll Waylon the story hits on a couple of my most nerdy interests, mainly polar exploration, and Astro physics actually do mind if we do a little physics lesson. I to help explain what Catherine's doing in the south pole. I'm all yours. Professor hilter. Okay. The ice cube neutrino observatory is this big scientific experiment where Katherine and our colleagues studied these tiny subatomic particles called neutrinos and by tiny. I mean, really really tiny which makes them extremely hard to detect the ice cube was basically about five thousand light sensors arrayed over cubic kilometers sunk deep in the Arctic ice Tommy more about these neutrinos. So violent cosmic events like exploding stars send neutrinos hurtling through space at essentially the speed of light some of those neutrinos are going to pass through the earth where scientists like Katherine can study them. And how come this has to be done in an article? So I think this is the coolest part coolest anyway to avoid interference from background radiation. Neutrino detectors need to be buried deep underground. They also need some sort of transparent medium, some detectors consist of enormous tanks of water that have been built in abandoned mines ice cube. However uses the thick pure and ultra transparent ice that's found at the south pole. That's clever when comes through the it starts into acting, and we'll lose energy by emitting light, blue light. And they relate is what we detect are in ice cube. So to say those little flashes of blue light get picked up is cubes optical sensors by tracking which sensors trigger in which order, Catherine or colleagues can figure out the direction the neutrino was traveling and how much energy at head. And that's the end of Shawn's physical. Listen, but Wayland you didn't lead on the story because you you're looking to unlock the secrets of the cosmos, worry that was just a bonus. But I was introduced to Catherine actually in a more roundabout way. I got an Email from someone doing PR floor an anti malware software company called MC soft. They're headquartered in New Zealand, but have people working remotely all over the world. Just like base camp. And the peer person mentioned they had an employee in Arctic I seize on that right away. Because I thought it'd be neat to do a story about what it's like to work not just remotely, but extremely remotely from an article. And I started working part time for them because they needed someone that speaks for languages, and I want to know the ones that they were looking for. So there was nice on the when I applied here. Actually, people told me that the internet here so bad that I there's no way I could continue with my job at the moment this necessarily true. However, we are not sure how much of the satellites that we currently are going to be open throat the entire winter. Which is why we took the pickup in basically freezing my employment for the time that I'm working Feis Cuban the in providence. Oh back to them. Once I finish up here. Hey, so what's the risk with the satellite in the winter? And that starts fairly soon. Right. You're coming up on that season. Now. It doesn't have duct tape to do with the window. What's happening is that older science stare that is currently being produced. Here's transmitted throughout the hated. Set the light. That's the light is only useful the science data that we don't necessarily have access to any of its internet so design, but that science data satellite is reaching the end of its life on they've been expecting it to crash into the full awhile now on current full stay, this might happen. In a pro if that happens, this nice feather bed with call on at the moment will become a dedicated satellite for science state that only on we'll have to go back gyna-, which is a great name for Smith light. That's that's gonna be the kind of internet, but you have to wait a Mets opened up a page an-and actually working remotely as Mona's on. Title. It's many because when I was going back and forth with the PR person about interviewing Katherine he told me that she had to start working for MC soft because of bandwidth limitations. I'm using air quotes around bandwidth, limitations. And at first I thought that was an annoying corporate euphemism for getting laid off. But as you her Catherine explain its littoral bandwidth, Catherine I were able to do an audio call because right now, we're too is in the south pole. They get four hours of good internet day for personal stuff while the satellite passes overhead and that four hour window shifts by a few minutes each day when Catherine I talked it was seven PM her time and midnight might time. It took a non zero amount of effort to coordinate this call and that gave me a very small taste of how Catherine's work life in. An Arctic is unique this episode ended up being about what it's like to live and work with a small group of people in very close proximity. Isolated from the rest of the world. It's about self care and working calmly in extreme conditions, which is very rework after all. So let's get back to Catherine story when she first heard about the opportunity to work at ice cube. She was early in her studies to get a PHD huge. These take Lynn. So when I heard about this opportunity, it was more of a dream didn't expect it to come true. On things progressed more and more of my friends from the investing spending here, and they all came back, and they were thrilled. They will said this has been the best time of their life. If I have the opportunity after different Cliquot. So once I finished my PHD invited plight directly. They interviewed me. But they didn't pick me. Then every applied this young. Actually this year. They picked me some. Can you talk about the kind of preparation you had to do how much time did you have? And you know, were you given materials and resources about everything you needed to do before departing. So the preparations are in this case the initial job interview was back in March. And at that time, they lot of medical checks because the medical coverage shoes bedding admitted so they only one they wanna make sure the don't type any pre existing conditions. We were into medicine discontinuity in August, nineteen anatomy, spend, two months medicine, preparing for jobs. They told us kind of equipment we have here. Whether the typical failures what kind of fixes we can implement after the trading, Wisconsin. The team was sent to Denver Colorado for the next day JR. What happens is that? We have a team building events that we get to know all the people that we will be spending a years on the thing is fairly small station winter. So a lot of the jobs that are usually done by they'll have to be all by us. What happened in Denver's that we got a crash to be firefighter on. I will be part of the official fire brigade for the winter. Oh my goodness. Oh, what kind of training? Did you get to become a firefighter? We we did get to climbed through burning houses. It was actually pretty cool. The first thing you need to decide to put on that gear. Correct. Dry because if you put it on Longley into go into a fire, it's gonna be pretty pretty bad. Firefighting is even trickier at the poll because it's too cold for water based fire retardants train this week here in at SaaS both. So that we can be prepared in once a month. We have drove where we simulated fire. We have to go into fight down. What kind of mental health assessment? Do they have to do because I imagine that's just as important as the physical aspect. What is is that actually during the team bowling spend a week together? A team building there's a psychologist present during the week that Monus serves us also teach us how to cope with anger or disagreement within the group, for example of very extrovert twists. No, very introverted person could have issues coping him because I he doesn't find enough contact on your friends cannot retrieve himself from the people get enough time. So that looking for a very specific type of person shy. Do you consider yourself more introverted or extroverted? That's a really good question. Probably introverted art Biden extroverted in daily life. It's very hard to explain I do need my private time. And I do go to my room spent time by myself, but I also enjoy being out in time with the people here actually that probably makes you ideal then because you're kind of right down the middle, and you can you can be kind of both scenarios. Yeah. I can I can only guess at that kind of hope. So what was the team building? Like, I imagine it's fairly important since you're going to be in close quarters with this team for a long time. It was a combination of more or less like lectures on how to cope with frustration. How to resolve conflict? Vocalise disagreement is there's a lot of. Jay says it's a small things. Apparently, this is a known issue. He has like if you have so many people on a small in a small room Garrett towards the end of the year. It's it's the way holds the spin. It's the way he choose potatoes. The small things that really get you're going meet annoy in one of the things you need to is like to recognize that this is not a big deal. And the other thing is to be able to live on site. Looked could you possibly hold a spoon different interest. At some point make the entire atmosphere approach for everyone. And what were some of the tips, you got about what to bring not bring respect a lot of time inside inside. It's sing it sixty five degrees. I'm not sure what you need is building. That is actually quite seminar for when you're inside the station than we go up some very specific kind of similar on the where two by four when we have to. The trick. Everyone told me as as layers layers like don't rely on on one pan to safe you like you wanna have your long on the way, then you wanna have pant that you wanna have a wing break. Did you bring any sentimental mementos with you? You know, things that reminded you of friends and family back home since you knew you weren't going to see them for a year. Just because I am a nature fan amid sure that have like big pictures on posters of trees and stuff that I can put up in my vermin pretend Jesse subsidiv whether than just snow. Lot of things that wouldn't estimate crucial. I really think they will lighten up the mood. I got some it's called Harak, spike. You can call like strands of hair. And if you like this, I mean, this is definitely not must have. But it's been bringing me a lot of joy just to walk around with a trend of pink blue a green hair every now, and then some happy, I have it. What did they tell you about how much you would be able to be outside versus inside? So that nickname allowed to be outside as much as I want practically does get cold. It's cold enough that you want to have your face covered on. Then if you're wearing glasses. What happens you will raise the rest will go up into your glasses? They will fall then they will the fog will phrase, which kind of limits the time it can spend outside. But especially now in some of the sun's up twenty four hours a day. You can. Spend six to eight hours outside. In winter, it's harder. Because the temperatures drop a lot on it gets pulled in. Then you get to the limit your your closing can actually do. But still like, especially when the Aurora Sarut people do spend a lot of time outside. So yet lefties went over told me that he was actually outside every day because they like being outside. What was it? Like when you first landed you landed I in McMurdo right before you went to the ice cube. And what was it like to step off the plane with disarray? Also you fly with like Oma airplanes with the military plane. Actually, don't really have we noticed. So you you kind of blind to what you wear you're getting while you're landing and lending their getting off the in being the ice. But also there's big mountains Nick murder that you can see especially Erebus, which is the active volcano that was meeting. Cool. It was very different from what I. Late on with C at south pool, b is completely flat. It's a it's a big wide flat circus, so that shames from magma to south pole was much more surreal than the changes. I got from New Zealand to McMurdo McMurdo you can steer. You can see mountains. You can say come FOX. It looks like a snow covered countryside accepted. This meeting missing living plants and stuff when you felt that cold for the first time. Did it feel really different is? Is there a specific cold you've now associate with south pole. Yes is like it's a funny feeding when the hair in your nose freeze end. It is something I had never experienced anyone else before let me get. How do you organize your work day? It sounds like you're fairly flexible, and you said you're allowed to God side for as long as you feel comfortable and. The conditions cooperate. And you also have a lot of research. You have to get done. You have to be and you have to be a firefighter near a lot of responsibilities. How how does your day usually unfold come onto priorities? Basically everyone agrees that if there's a fight emergency or firefighting training that takes presence. And then when I have the workday now in summer, basically means that I'm here to support the the scientists that currently here in winter what it's gonna be like, oh, I will be getting up, and I need to be monitoring the experiment than to make sure that every running smoothly. If something goes wrong page to be really fast to get computer as quickly as possible infix on when I say I actually mean way so which repeat doing the same job. I'm we basically alternate on the basis of ping system. So that we can be sure the bay may be able to sleep at least every second week. Is it hard winter so much sunlight to kind of figure out a natural rhythm for when your day begins and ends and how to draw a line between kind of the work day. And when you're off the clock. None of this this. I know that for the first months a half, I would be baffled when I looked outside. Oh, it's bright. It's not that lady. Look at the clock. It's eleven pm. When you're there in the ice cube. You would mention kind of what the ice cube itself looks like, and then are there buildings attached to it where you're living and taking your meals, and that sort of thing or do you have to go outside to go to those buildings. So is cupid dedicated building which is about half a mile away, Gino station, and under general station, host almost everything else. We also have a work area here. So unless you have physical failure inside the inside, the hardware, we don't necessarily need to grow. We have a music room. We have a room on the reading library. In the movie, MS. Well, also, we have communal showers said bathroom as on the rooms are Vietnamese small do you have your own room or do you have to share this is one of the luxuries of suss pool. This for example, not the case in McMurdo. He everyone has their own room, which is really nice. If you want to have some private your time. I mean, that's kind of an interesting aspect. I imagine of this assignment, right? Is that you are living in very close proximity with your co workers, which is not the case for most folks. Right. It's it's definitely interesting in the sense that you get to know them look better than you would later on the only other another of the the work is very segmented. So I have I mean, I share a room where the other scientists. But now, I'm for example, the carpenters at work because they woke so far away from where we work that we only cross ways at lunch and dinner are there. Building activities that continue to take place while you're all they're just to kind of, you know, keep the bonds going from actually gonna have like a second dedicated team billing session on the one who is gonna spend though into prison. What be with the cans on meetings where we can need to just bring up all the issues the Mike coast stanchion, hopefully, resolve them before they cost tensions. What kind of preparation are you going to do for the winter when the sun goes down in is not going to come up for many many months, so one of the big prevalent preparations for doing at the moment is we're digging out all the buildings on. There's a lot of snowdrift over the winter. The other thing is is everyone's gonna leave. So by February fifteenth all the people that only spend the summer here. We'll have left on. We will only be the full two people of spend the winter here on around forty two. Final numbers. Not quite sure. And then there's has been a very long tradition of watching the same by stationed closer. So the free. That's gonna happen is probably that movie. Have you seen the thing before? Or will this be your first time? This will be my first time some quite excited. Temperature apollo. Bless law. Will we? Oh, we make. Maybe we should. Besides the physical preparation logistics that you have to do for the winter. Is there kind of any emotional and mental preparation, they give you since you know, you're not going to get that exposure to light in. It's gonna be potentially. It's gonna feel more isolating. You're a couple of things like we actually can get mailed on here or among the people that spend the winter that they get the mid win to package these packages that packed by people that know you on they send them down you'll in them only on June first when there's the middle of winter until you get something new and exciting in the mid of winters to make the wage until the station be opening a Trojer. I don't know what's in my package, obviously. Because I haven't opened it yet. But I would suspect it's going to be some Chris surly your favorite Speights something because what happens this night, we get all of food provided. For in. It's actually really good food. But you will end up eating the same thing over and over again. And we always have cookies, for example at the station. It's mostly Orioles unwanted mean oils for three months, he wants something different. So away become super exciting. Do you get a lot of fresh fruits and vegetables? Are they kind of off flown in at the beginning of the season in just kept frozen. Or you know, somehow kept fresh solo. I saw an apple today. It was really excited. We get free food in okays, mentally this year has been complicated on your to weather and other things the flights haven't been as frequent as they would normally be probably haven't had fresh vegetables b since Christmas and before that since the end of November awfully, but I do absolutely expect that they will can effort to bring things in before the station coasters. So that we do have some fresh furred at the beginning of winter. A now we actually get to entertain a greenhouse ham. So we will be able to grow salads other aspects of life on the south pole that, you know, have have really surprised you in how much you've enjoyed them or how special they are versus what life is like back home. A lot of things become insanely easy, Hugh, I actually noticed in particular when going back to Mike Mondo since my workplace could Jim might room. The galley are all within two minutes Woking distance you, save an insane amount of. Time on on commuting NIA. I've been the love my active here because I mean, the the people would motivate you to go on what kowtow the people you spend dinner with unusually don't have a good excuse not to join them. Very active here, which has been nice. We have we have a bully group. That's actually playing right now, we have a basketball hoop. That's playing Mondays. We have thought belong lays never participated in. We have a climbing bull, which is really cool on. We have a Batman a up Sundays. They have come to realize that one of the important things is some ways to occupy yourself in win too. Because we don't look twenty four hours a day. And if he would eight hours a day at least sixty hours where you have to do if you sit in darkness is can get depressing Mary fuss. So they they have pulled a very strong emphasis on opportunities to keep yourself. Busy on. This is why we have the gym on the craft room in the movie room. So that we can spend time together I talked to someone who's been venturing full longtime face play in. He said it's been a he's actually disappointed about the internet. Now, what happens is that everyone. Dinner just goes to the room to go on the internet. There's actually very little communal activity compared to than fifteen twenty years ago when there was really nothing else to do than they would use things together. So it's gonna change though. Because the the satellite doesn't come up every day at the same time. It comes up four minutes earlier every day, which means that by much the satellite will be done by six PM. Which might be more interested in doing other stuff. I mean, it might be too early to to say, but do you picture yourself ever going back to a traditional job where you're commuting to an office every day, or do you think that it? It's kinda ruined you for the traditional office setting. The fuck on hop in a came here. It was really sure that once I finish. This job would go back to Germany look for like six job in a office than it would be very happy van just build build a life, and I've already slowly shifted to twelve. Thanks months of traveling bangle Bihack. So a flexible in that sense. I'm pretty sure at some point that will naked up because my anti families. They're all my friends other on miss them. So. I wanna be back. Is there a possibility of returning to the ice cube or their people who do repeat tours? I don't know if you have to reapply 'em kind of every year. But is there a possibility that you could come back if you liked it enough, you would have to reapply on the helping people that have done for assessing none of more than two tours? What is also very common that I only in. Here's people booking the tour here at south pole. And then doing the summer in a on una teams like these communities of very intertwined with prize me as well. I didn't expect it to be so much exchange between those two places. I mean, it must be the most intense bonding experience kind of sharing sharing this time with the colleagues that you have. It's just I can't imagine what that's like must be incredibly bonding is great, especially because you go through team bowling, and you come out with a bunch of friends. I mean, everyone's gonna be a close friend at the end of the year. I'm actually from what I've heard no one's going to be your friend at the end of the year. Once you're off the ice, you'll be allies that that spoons thing was reading the baby can talk to each other. Again. I haven't heard of race of people that will not that poll in ready when they were landing McMurdo. They realized they were both being told big heads on every conciliated immaculate before they made it off the offend Activa. Delegating. You but. It will also. Make use together. Rework is produced by Waylon Wong and me. Sean, Hiller are emusic is broken by design by clip art califor- his help with the story Wilco show notes with links to the ice cube website at rework dot F M. So you can out about neutrinos if you want in season photos of light at the south pole. What is your favorite scene in the thing? My favorite scene. I while. I watched most of my hand covering my face. So the only scenes I really saw were of Kurt Russell pulling on a leather jacket to run outside without zipping it because apparently that is all you need in the south pole of amusing. Now, I like the part head runaway. I think I I think. It goes the stomach opens up in east the that. That was really scary movie. So okay, actually, my I mean, legit my favorite part is that really tense scene when they have what do they do at that? Needle. No. It's an electrical. Listen, electrified needle or something on their futures. Heat up a piece of wire the blood. Yeah. And they're like sticking it into these individual Petri dishes of blood, it's hard to the couch tense. And then like those two guys on the couch are like trying to get away from changing. Yeah. And they look genuinely hysterical. Did I tell you that? I only saw for the first time over the holiday. Yeah. And I think we already discussed we our priorities discusses. But first of all I did not realize until the end of the movie that one of the characters was named windows. I thought that every time they said windows, it was Kurt Russell ordering people to check the windows. As confused. We have this tradition. I think it started in college where the first snowfall in Chicago, not even the first GD week of winter as they say in the movie, I know fallen Chicago we open up the windows put on our big winter jackets for the first time and watch the thing you open the windows yet has to be cold in the living room. You know? So you're talking about a person named windows, your friends with or windows, these sort of the glass things you can you can open from your apartment. All right. I think that's good for things talk. This has been thing. Thing one and thing too. That's good.

south pole Catherine Katherine Waylon Wong New Zealand Sean Hilton Catherine mallet Catherine I Denver Professor hilter Wayland Shawn Arctic Kathryn Millard Kurt Russell Mets Wisconsin
 The price of being a ransomware hero: Chips with Everything podcast

Chips with Everything

27:03 min | 1 year ago

The price of being a ransomware hero: Chips with Everything podcast

"The your Avatar is a drawing of a nice round face of a man with brown bid wearing some kind of back off steam. The picture was sent you by fans. So what made you like it enough to use it as Public Avatar. I'm like a huge fan of polar bears so when the person contact me it was actually like Renwick victim rain and I helped him out and got them their files bank and they were like a graphic artist cartoonist so they asked if I would accept like money or if I wanted to nation I said no no freely and then they offered hey maybe they can in drama and Avatar <hes> so yeah I said <hes> maybe you can drum your new on the tone and like potable costume and like the polar bear onesie and he said yeah sure right away and kept using it quite nice. Actually this is Fabienne Wasser the C._E._O.. Of a New Zealand based Antivirus Company called MC soft although he's not a big fan of titles Fabian is known around the world as a hero for decrypted ransomware which is a particular type of malicious software that is sent out by criminals in an attempt to extort money from their chosen victim the victims that Fabian helps every day love him the ransomware hackers he thoughts not so much. That's another reason he uses artwork for his avatar rather than showing his real face the kind of work I do we manage to hurt the cybercriminals that are behind behind all these campaigns quite a bit and we are talking about hundreds of millions of dollars so they do have a real incentive and stopping a what we are doing. Essentially I pretty much have to protect myself so I don't want people to know who I am. We are live all these kinds of things. Fabian has sacrificed a lot to stay ahead of these kinds of criminals but in an age in which runs somewhere is being used to blackmail not only individuals and companies but even entire cities his sacrifices a worth knowing about I also to count my mom back then who quite sick so not only had to feel like fought for my personal safety but also for hearse and you comes interplay like the reason why I left Germany. I'm Jordan Erika Weber and this week I look at what happens behind the scenes during a ransomware attack and examine the life of one individual who spends most of his waking hours trying to help thousands of victims retrieve data. This is chips with everything longest time I refuse to to take on the city oh title and always went by just like a developer like anyone else like the head of the research ransomware has quickly become one of the easiest and most efficient ways the cybercriminals to make money. Oh when you look at <hes> lawn transmit campaigns like and crap for example I mean they claim that they made more than two billion U._S.. Dollars gained crab is just one example of dozens of famous ransomware families you might have I've heard of some of them. There's Tesla Crypt Sam Sam Ryan Apocalypse crypto locker and many more with the potential to cause serious damage the ransomware a game has evolved from when we first started seeing these kinds of attacks I started off with what is called a screen locker. Those were like those used screens that tech yeah we have from the F._B._i.. And you did something really really naughty on your system and we locked up your system and now please pay us like four hundred dollars and pay safe cart or you cash or something like that then they moved on encrypting the data because even if you remove the rents you still wouldn't have back access to your data and that's pretty much the most prevalent. Is kind of friend somewhere today. I system hiked because you had like R._T._p.. Open some sort of remote control yet didn't pets your system properly or you got like a fish email and has an attachment and you open it. All you download like <hes> pirated software from the Internet once they got access to your system they will search all your drives and your entire network in most cases for finance that the ransomware may think is are interesting or important into you like pictures videos documents office documents all this kind of stuff and then they will encrypt all of them leave behind like a small ransom note that just says hey we have all your files and they're all locked up. You won't get them back unless you pay a certain amount. Many of the past victims of ransomware have been individuals like you and me. You might not think you have much of worth on your desktop P._C.. But if you have irreplaceable videos from your wedding or photos of your kids you I can see how an everyday citizen might be an easy target but in the last few years there's been a shift cybercriminals are aiming higher to now that network shut down in Baltimore City in the government after that ransomware attack the F._B._i.. Is Investigating to find the cause and the scope Wer is experience in May of this year the U._S.. City of Baltimore was hit by ransomware attack that so hackers demand thirteen bitcoin which is currently with more than one hundred thousand dollars in order to unlock government systems like government email accounts and systems that enable city payments essential services like nine one one and three one one or still working but most of the city's servers are shut down city employees lost lost access to e mails and the Department of Public Works has suspended -Ly Waterville fees in another high profile example. The wannacry ransomware hit a large number of networks across Europe including the N._H._S. which lost ninety two a million pounds from the attack. The number of attacks on individuals on the other hand has plummeted in the last eighteen months or so and Fabio says the reason for this sudden shift in targets is due in part to the increased popularity of the smartphone. Nowadays most people have a lot of their private information like lot of the data that they really need and really use like one the mobile phone and the mobile phone gets into the cloud so they always have kind of a backup so for whom users ransomware is still an issue but it's nowhere near as big of an issue as it once was nowadays most rents amount criminals go off to company specifically and the reason for that is especially in the last year like the rent some amounts they just exploded and in my opinion the reason for that is that most companies and also most municipalities governments universities they have cyber insurance and cyber insurance has like two aspects to first of all. If you get hit by ransomware they may pay the ransom and if you get hacked otherwise they will pay for the loss of revenue and in a lot of cases paying the rent some miss a lot cheaper cheaper than going through the entire East process which can often take days even weeks so it's not unheard of that like a company requires like two weeks three weeks to recover all their stuff from the from the backup which means two two or three weeks loss of revenue which the cyber insurance would have to pay in other words companies and their cyber insurance providers might decide. It's more cost effective to just pay the ransom but one company went against the status. Quo you very brief statement from this from this morning basically saying that there had an extensive cyber attack which occurred early hours of this morning they say it impacted up operations in several of the company's Business Norsk Hydro which is one of the world's largest produces aluminium was talkative by hackers in March not only did they refuse to pay the ransom but they decided to tell their shareholders and the general public about the attack it cost the company millions but Fabio and believes it was the right move. They showed that if you got hit by ransomware are hacked in any way if you properly communicate if you're open with your customers if you keep people informed than your company will most likely be fine because a lot of companies when they get hits. It's by resume all get hacked and General Stayton way really they are afraid for what would happen like will stock price crash will or revenue go down where we'd be ruined pretty much so in many cases they they try to keep it secret especially where in like the advent of the G._D._p.. Off Example where you have to report these things so things will always get public unless you ignore the G._D._p.. Are and then you have like a lot of other issues. It's it's just good to have like an example to point companies to that. Go through something very similar and tell them hey listen just do what they did. I mean they are fine and what is more important since they didn't pay they also don't enable enable like the rents them are authors to go hat and target even more companies with the new resources and they prevent them from becoming victims so that's always great what does ransomware out to Lee look like for someone who's experiencing it so if you fall victim to this kind of virus what what do you see in most cases especially in the beginning. You don't see anything and that's on purpose because if you were suspect that something's wrong on your system you may turn off and in a way you would interrupt the encryption process and not everything's fully encrypted Ryan. You may notice that your system becomes kind of slow. That's because a lot of data's being written to hottest which slows things down. You may see that the files on your desktop change that they suddenly have different extension or you can no longer double click them to open them and things like that and yeah then eventually wants the rent's. I'm finished encrypting while your files you will usually see a ransom note popping up on your screen. Sometimes the ransom note includes like instructions on how to get bitcoin because honestly most people don't really know how to get bitcoin in the first place so yeah. That's usually what what happens when you become a victim and if you d become a victim what should you do like an individual what she so. This may sound really unintuitive but the first thing you should do tall is don't remove the ransomware and the reason for that is quite simple like <hes> when you contact someone like me right in order for me to figure out what the ransom it did I actually need the ransomware and if you deleted from your system and you no longer heaven and then I have to find the exact ransomware that encrypted your system and most people may not be aware of it but they are literally hundreds of thousands if not millions of new malware files general per day that means you're looking for Neil in like huge stack of other needles if it was hey it would be great because then the needle stick out but it is in. It's like just this colossal mess really so first of all don't remove ransomware. You should probably disconnect <hes> the system from the network mostly so the rent some con spread through the network right <hes> the next step. Is You need to figure out what kind of ransomware and oftentimes ransomware will say <hes> yeah I am rent some or I am ransomware. <hes> gone crap for example. You shouldn't trust <hes> those names and the reason for that is quite simple. There are a lot of copycats out there we call them script kitties <hes> who just tried to profit off like lar transmitter brand imitating the name and stuff like that even though they're on the ransomware they are claiming to be and often they are very shortly programmed very insecure secure so don't do that this actually a website that is called Idee ransomware and there you can upload the ransom note and you can also upload one of the encrypted files and the website will figure out which which ransomware family you got hit by and not only that would even tell you if it's like a fee while a free way to decrypt your files so if someone like US already published a free decrypted for this particular Clarence Smith family then you can just download it on you can just run on your system and decrypt your files and then you back to normal so that's all it's great and ultimately you also have to figure out like how wasn't that. I got infected by ransom. To begin with because imagine you managed to get your files back and everything is fine. If you don't figure out what you did wrong or what went wrong in the first place you will get hints again. especially in the case of like Nas <unk> Hydro for example they got hit by Rook and riot is what we call a secondary infection that means their system and their their network was initially infiltrated by completely different malware if they find themselves and accompany network or if they find themselves on a system that looks like really really juicy so to say a with a lot of data that looks important they will actually deploy the ransom if you are hit by ransomware attack and you can't figure out how to fix it by yourself you can always contact someone like Fabio on a lot of people get in touch with him through twitter will send him an email. If you need him one day he'll happily try and find you a decrypted that you can download to radio system of the ransomware. All of this good work comes at a price so fabien that price is personal safety. There were also incidents where people send me links on twitter for example that were encoded and encrypted kind of trying to to get me to engage in the riddle and then maybe figure out the U.. L. And then go to then turn out. It was an I._p.. Lager and using the I._p.. Address you can actually figure out like where someone is roughly located more on that after the break. I'm Emma John and I'm sorry I lied to you. I said we'd be happy if England won the World Cup but lost the ashes. It's not true I wanted all I know it's greedy but positioning the earn next to the World Cup of Ben Stokes his mantelpiece would make this the ultimate summer for English cricket so join US on must've been as we turn ourselves into emotional wrecks all over again. It couldn't be nerve wracking as the World Cup final could it the spin is supported by natwest. Welcome back to chips with everything. I'm Jordan. Erika Weber this week. I'm taking a look at ransomware with one person who spends most of his time trying to prevent cybercriminals from extorting money from innocent victims Fabien Walser a renowned anti ransomware expert has worked on thousands of cases over the course of his career as you can imagine Fabio's Bobbins path to becoming a world renowned anti ransomware hacker has seen him help a lot of victims along the way I would think probably a couple of thousand at this point I mean I have been doing this for about seven years at this point in usually Ashley per week. It's like ten fifteen twenty people. It's it's it's a little bit. Seasonal Christmas is quite popular. Why do you think that is is it like older? Less tech literate people getting devices or I think it's more the fact thinks that people send off like virtual greeting cards salon so they may be more inclined to open attachments and open emerton kind of flow of their guard a little bit because I think most people nowadays they are a lot more careful than they were <hes> like ten years ago but especially for Holidays Birthdays Valentine's Day for example Christmas whenever there's like some huge event like the release of Mula Report for example in the U._S. where ransomware kind of try to capitalize on this the specific events by sending out all kinds of spam emails that relate to these events and kind of try to trick people to open them. What are some of the highest steak cases that you in particular have dealt with whether by money or just how much the person had to stand to lose <hes> recently? I got approached by an M._S._p.. which is like a managed service provider essentially company that takes care of like all the I._T.? The computers of other companies who don't have like A._T._S. their main business but they they do use computers but they don't really know how to maintain them and stuff and often. Those companies are rather small so it's it's not really cost effective for them to hire their own I._T.. Stuff so they kind of outsource it to these myspace. And that M._S._p.. Actually got hacked and from there the ransomware office had access to I think it was like over two thousand systems and they all got encrypted so that was quite had inc and I think the ransom awesome where Maryland was <hes> somewhere between five hundred thousand and a million Fabian and the team MC soft couldn't find a way to completely save the company from paying around some but in the end Fabien came up with the solution that drastically reduced the amount they did have to pay. I did find flaw in science the ransomware that allowed us that if we would purchase the decrypt of only one system which was obviously way lower than I could use that one to kind of derive decrypt is for for all the other systems as well so any facts what happened instead of them having to pay like almost a million U._S.. Dollars they only ended up paying think like five k. something like that which must have made them quite happy. Oh Yeah Yeah definitely uh-huh Definitely Fabien considered this a win on purely monetary grounds but the stakes aren't always financial fabio and told me about a photographer he helped here in the U._k.. He did like wedding photography and funeral photography for example and he got hit by iron so called X.. Czarist he just recently did like a whole bunch of pictures of funeral and like all of that was lost and obviously conscious Redo the funeral and to the anxious again yeah he was he was quite it delighted when when he got all his files back and especially if you are a very small business even paying like a thousand U._S. dollars you just can't you don't have the money to do so that was quite emotional. I'm still in contact with the photographer Agra every now and then actually like he writes emails and tells me about like how he's how he's doing. Yes like a daughter who wants to go to cryptography and wants to do what I do which is which is kind of kind of to be honest. That's incredible. Yeah yeah hit inspired a generation kind of so you talk about how you find you find a floor in the ransomware code so say people they find you they contact you and then you know these problems and upon your desk. How do you go about not cracking the code? I presume it's incredibly complicated the eyes of a regular person but I think everything is complicated. If you never done it I don't know how to do it. It comes with practice but usually the process is always quite seminar. It's like finding rent smear. That's responsible people than we call it disassembling the coats pretty much that means we use software to break down to like very instructions that the processor executes when running the program and we look for things does and the like a whole bunch of different flaws in Twenty Fifteen Fabian started to notice something owed popping up in some of the runs and why he was being asked to decrypt within the code that were personal insults directed directed specifically at Fabio on the ransomware criminals were speaking directly to Fabian not only to send verbal abuse but to try to get him to stop decrypt in their work. I mean it was honestly quite flattering because it meant they obviously took notice off me rain and because I am hurting their business so it was quite flattering and I made it a point to just on my twitter feed to post every single install than I ever got and pretty much make fun of them but the messages Fabian was finding in the malware couldn't always be read as flattery over time. It got like a lot more personal like people trying to figure out where I live and people <hes> sent me messages not not owning that ransomware but also I can on twitter like in various communities like they registered in countdowns and insults there at one point someone even named virus Fabio awesome where to try to convince potential Rancho victims that Fabian himself might be the one targeting them. The virus was actually created by a ransomware family called apocalypse a group that Fabian had thought it several times over every time they release inurance mayor. I found it. I broke it. Unlike all the victims got their fence bank and then they changed the rent somewhere because they didn't really know why broken or how and so they just made random changes all over the place and hoping that this time it will be secure and it never was an all went on for like over six. Six months and eventually they were like so annoyed by it then they just rebranded their end somewhere and they put like a picture of my avatar inside the ransomware of my ransomware doing something very very inappropriate so <hes> that was that was pretty bizarre to be honest. I still cracked though so that was fine sir so eventually they figured out how to do it properly so we could no longer break the ransomware and of they made I think they didn't make barely three hundred thousand or four hundred thousand dollars in about two months and then they just stopped for the most part Fabio found humor in the cat and mouse game he sometimes ended up playing with ransomware authors but the insults and threats that he received in the code had a real effect on his life when he first started getting these messages he was living and working in Germany and like at one point. I received messages from rensselaer authors bird like hey by the way we have friends in Hamburg so that was like the point where I thought okay. Maybe I should stop like little bits or go a little bit less profiled so to say there were also incidents where people send me Eh links on twitter for example that were encoded and encrypted kind of trying to get me to engage in the riddle and then maybe figure out like the U.. L. And then go to their turn out. It was an I._p.. Lager and the appeal essentially just like a blinken when you click on it it registers the I._p.. Address and using the I._p.. Address you can actually figure out like where someone is roughly located Fabio never actually lived in Hamburg but he decided the risk to his personal safety and the safety of his loved ones was too high. I also to count my mom back then who was quite sick so not only had to feel like fought for my personal safety but also for hers and he comes into play like the reason why I left Germany despite making so many sacrifices fabulous still keeping a low profile no one knows where he lives. He doesn't leave his house much and he doesn't go back to Germany all of which it can lead to a lonely existence. I'm obviously always in contact with like all my co workers like France and Germany also have like a couple of friends here but yeah when you when you work from home and you don't really go outside much because you don't don't behalf to because I mean you're working at home right. It gets lonely from time to time. It's like one of the reasons why we want like a small dog like can't keep you company. Unfortunately my landlord like doesn't really want me to get a pan but I'm looking into moving again soon and this time I made sure to pick like a law that allows pants. I get like a little puppy soon which will be quite fun. Yeah yeah quite quite quickness A._p._D.. Yeah do you think you'll quit the anti ransomware game anytime seen. I don't think so no no mostly because it's still a huge issue rain so unless rent smell authors suddenly decide hey. We just stopped doing what we are doing. I would probably still do it because I personally i. It's quite fun for me. I like puzzles really and each new rents mass pretty much a completely new puzzle completely new challenge so it's it's fun and also pretty much every single victim that I'm managed to help. They are like very very thankful and why I do a lot of insults from the rents authors like even more nice words and thank yous and like emails like for example the photographer who still writes me and tells me about what is going on in his life and stuff like that yeah. That's quite nice actually huge thanks to Fabio the getting me up to speed on how I might be able to protect myself from ransomware attack in the features. I linked to fabulous twitter account on the episode description on the Guardian website so for me this week tips is produced by Danielle Stevens to next week. Thanks for listening. I put costs from the Guardian. The Guardian Dot Com slash.

Fabio Fabian twitter Germany Sam Ryan ransomware Fabien Walser Jordan Erika Weber New Zealand developer Fabienne Wasser Renwick brown Baltimore City Europe Maryland
Remote Work: Extreme Edition (Rerun)

Rework

29:58 min | 8 months ago

Remote Work: Extreme Edition (Rerun)

"Welcome to rework a podcast by base camp about the better way to work and run your business. I'm Sean and I'm Waylon Long. We have been doing a couple of weeks of reruns while Sean and I get adjusted to some new working conditions. And you know all this talk about remote work and social isolation reminded. Us of an episode. We first aired just over a year ago about someone who had to work remotely under very extreme conditions arguably much more isolated than even. We are now in our homes. That's right this story of remote work coming all the way from Antarctica. Enjoy you hear me L. Hello Catherine Hi hi. Oh my Gosh I hear you loud and clear. I'm so happy that's perfect. I was buried in very slow tonight. I was worried too because I just thought there's a million things that could go wrong but This is great. Thank you so much for making the time I'm talking to Catherine Mallet and you can tell the phone call is a little choppy. This is because she is calling from Antarctica. Welcome to rework a podcast by basecamp about the better way to work and run your business. I'm Sean I'm Waylon Wong and I will let our guest today introduce herself. My name is Katherine Hillard. I am astrophysicist actually worked for the ice cube collaboration which said Nitra detector yet South Pole Waylon. This story hits on a couple of my most nerdy interests mainly polar exploration and astrophysics. Actually do mind if we do a little physics lesson. I to help explain what Catherine's doing in the South Pole. I'm all ears professor hyllner okay. The Ice Cube Neutrino Observatory. Is this big scientific experiment where Katherine and her colleagues studied. These tiny subatomic particles called neutrinos and by tiny. I mean really really tiny which makes them extremely hard to detect. The ice was basically about five thousand light. Sensors arrayed over a cubic kilometer sunk deep in the Antarctic Ice Tommy more about these neutrinos so violent cosmic events like exploding stars send neutrinos hurtling through space at essentially the speed of light. Some of those neutrinos are GonNa pass through the Earth where scientists like Katherine can study them. And how this has to be done in Antarctica so I think this is the coolest part coolest anyway to avoid interference from background. Radiation Neutrino detectors need to be buried deep underground. They also need some sort of transparent medium. Some detectors consist of enormous tanks of water. That have been built in abandoned mines. Ice Cube however uses the thick pure and ultra transparent. Ice That's found at the South Pole and that's clever. Why not comes? Through the Earth's it starts into acting and we'll lose energy by meeting light blue light and what we detect in our in ice cube so to say those little flashes of Blue Light get picked up ice cubes optical sensors by tracking which sensors trigger in which order Catherine. Our colleagues can figure out the direction the Neutrino was traveling and how much energy it had. And that's the end of Shawn's physical lesson but waylon. You didn't on the story because you're looking to unlock the secrets of the cosmos. Now that was just a bonus but I was introduced to Catherine actually in a more roundabout way. I got an email from someone doing. Pr floor an anti. Malware software company called MC soft. They're headquartered in New Zealand but have people working remotely all over the world just like basecamp and the PR person mentioned. They had an employee in Antarctica. I seize on that right away because I thought it'd be neat to do a story about what it's like to work not just remotely but extremely remotely from an article and I started working part time for them because they needed someone that speaks for languages and I happen to know the ones that they were looking for so many nice on the when I applied here actually people told me that the Internet here so bad that I there's no way I could continue with my job at the moment. This is necessarily true however we are not sure how much of the satellites that we currently are going to be operational throughout the entire winter which is took the call. Basically freezing my employment for the time that I'm working is Cuban and go back to them once I finish up here. Hey so what's the risk with the satellite in the winter and that starts fairly soon right. You're coming up on that season now is directly to do with the window. What's happening is that All the science stated that is currently being produced here is transmitted Set the light. That satellite is used for the science data. We don't necessarily have access to any of its Internet so to say but that science data satellite is reaching the end of its life and they've been expecting it to crash into the atmosphere for awhile now on current forecast. This might happen in April if that happens. This nice fathom they were calling on at amendment will become a dedicated satellite for science data. Only on we'll have to go back Gannett which is a great name for satellite. That's that's GonNa be the kind of Internet where you have to aid. Who opened up a page? An-and actually working remotely is more or less on TV show. It's funny because when I was going back and forth with the PR person about Interviewing Katherine. He told me that she had to start working for. Mc soft because of bandwidth limitations. I'm using air quotes around bandwidth limitations. And at first I thought that was an annoying corporate euphemism for getting laid off. But as your Catherine explain its littoral bandwith Catherine and I were able to do an audio call because right now where she isn't the South Pole they get four hours of good Internet a day for personal stuff while the satellite passes overhead and that four hour window shifts by a few minutes each day when Catherine and I talked. It was seven. Pm Her time and midnight my time. It took a zero amount of effort to coordinate this `cau- and that gave me a very small taste of how Catherine's work life in an art. Deco is unique. This episode ended up being about what it's like to live and work with a small group of people in very close proximity isolated from the rest of the world. It's about self care and working calmly in extreme conditions which is very rework after all. So let's get back to Catherine story when she first heard about the opportunity to work at ice cube she was early in her studies to get a PhD huge. These take a long time so when I heard about this opportunity it was more from a dream. I didn't expect it to come through. And s things progressed more and more of my friends from the university spending here and they all came back and they thrilled they all said this has been the best time of their life if I have the opportunity extra differently girl so once I finished my PhD IMBODEN plight directly and they interviewed me but they didn't pick me. The navy applied this year. And actually the they picked me some really. Can you talk about the kind of preparation you had to do? how much time did you have and you know. Were you given materials and resources about everything you needed to do before departing. So the preparations Trivia Sir in this case Nishel job interview was back in March and at that time daylight of medical checks because the medical coverage his bedding admitted so they wanna they wanna make sure that really don't have any pre existing conditions into medicine -Sconsin in two thousand and August thousand eighteen. And then we spend two months medicine preparing for jobs. They told us kind of equipment. We have here. What are the typical failures? What kind of Sixers we can implement after the trading Wisconsin. The team was sent to Denver Colorado for the next stage. What happens there is that on? We have a team building events so that we get to know the people that we will be spending years and the thing is they're fairly small stationing so a lot of the jobs that are usually done by Have to be out by us. What happened in Denver is that we got a crash to be a firefighter and I will be part of the official fire brigade for the winter. Oh my goodness so. What kind of training did you get to become a firefighter? We did get to climb through. Burning US It was actually pretty cool. The first thing you need to do this to put on the gear correct because if you put it on Longley into go into fire it's going to be pretty pretty bad. Firefighting is even trickier at the poll. Because it's too cold for water based fire retardant week here in a hospital so that we can be prepared Once a month we have drill where we simulated fire. We have to go into. What kind of a mental health assessment did they have to do? Because I imagine that's just as important as the physical aspect. What is is that actually during the team bullying spend a week together for team building. There's a psychologist present during the week. That serves US. Also teach us how to cope with anger or disagreement within the group for example of very extrovert to us know very introverted person could issues coping him because he doesn't find enough contact. You finally cannot retrieve himself no from the people and get enough alone time so. They're looking for very specific type of person. Do you consider yourself more. Introverted or extroverted. That's a really good question. Probably an introverted Biden extrovert in daily life. It's very hard to explain. I do need my private time and I do go to my room and spend time by myself but also really enjoy being out in intern with the people here. Actually that probably makes you ideal then. Because you're kind of right down the middle and you can. You can be kind of both scenarios. Yeah I can I can only guess. What was the team building like? I imagine it's fairly important since you're going to be in close quarters with This team for a long time. It was a combination of More or less like lectures on how to cope with frustration. How To resolve conflict How To vocalise disagreement is. There's a lot of cases where it's the small things and apparently this is another issue. Here is if you have so many people on a small small rim gary towards the end of the year. It's it's the way holds the spoon. It's the way he choose data the small things that really get your growing. It's really annoying. And one of the you need to recognize that this is really not a big deal and the other thing is to be able to allies and say look. Could you possibly hold a spoon differently? Rather than interest when at some point and make the entire atmosphere which for everyone What were some of the tips? You got about what to bring not bring respect a lot of time inside inside. It's a sixty five degrees. I'm not sure what you need is serving. That is actually quite similar for when you're inside the station and then we got some very specific kind of Similar nowhere to buy for when we have to the real trick everyone told me as layer layer layer like. Don't rely on on one pan to save you like you. WanNa have your long underwear and then you wanna have a pant and then you WanNa have a windbreaker. Did you bring any sentimental mementos with you things that Reminded you of friends and family back home since he knew you weren't GonNa see them for a year. Just because I am a nature fan amateur that there have like big pictures posters of trees and stuff that I can put up in my room and pretend to see subsidiv whether than just snow loss things that wouldn't estimate crucial. I really think they will lighten up the mood. I got some It's called HEREX. You can call like strands of hair if like this. I mean this is definitely not must have been bringing me a lot of joy to walk around with pink or blue a green hair every now and then some happy I have it. What did they tell you about how much you would be able to be outside versus inside so technically? I'm allowed to be outside as much as I want. Practically does get cold. It's cold enough that you want to have your face covered and then if you're wearing glasses what happens if you will raise the rest will go up into your glasses. They will fall and then they will The fog will phase which kind of limits the time you can spend outside but especially now in the signs up twenty four hours a day You can mean expense. Six to eight hours outside in winter. It's harder because the temperatures drop a lot and really pulled in you. Get to the limit. Your your closing actually do but still like especially when they are. Assad people do spend a lot of time outside so yeah. Let's days went over. Told me that he was actually outside every day because he liked being outside. What was it like when you first landed landed I in McMurdo right before you went to the ice cube. Yes and what was it like to step off? The plane was really surreal. So you do not fly. It was like Oh model airplanes with the military plane. Actually don't really have We knows so you you kind of blind to what you where you're getting where you're landing and Lending their and I'm getting off the post in being the ice but also there's big mountains in McMurdo that you can see it especially Erebus. Which is the active volcano. That was really mean a cool and it was very different from Later on with C. At South Pool because is completely flat. It's a it's a big wide flat surface so the change from magma to suspect was much more surreal than The change I got from New Zealand to make McMurdo you can steer. You can see mountains. You can say come vox. It looks like snow covered. Countryside accepted as missing living plants and stuff. When you felt that cold for the first time did it feel really different. Is there a specific cold? You now associated with South Pole. Yes it's like. It's a funny feeling when the hair in your nose praised and it is something I had never experienced anywhere else before. Let me ask you. How do you organize your work day? It sounds like you're fairly flexible. And you said you're allowed to go outside for as long as you feel comfortable. And the conditions cooperate And you also have a lot of research you have to get done you have to be and you have to be a firefighter near a lot of responsibilities. How does day usually unfold? I guess it comes onto priorities. Basically everyone agrees that if there's a fight emergency or firefighting training that takes presence and then when I have a workday now in summer it basically means that. I'm here to support the scientists that currently here in winter. Wait it's going to be like I will be getting up. I need to be monitoring the experiment. I need to make sure that every running smoothly and if something goes wrong I had paid to be really fast to get to computer as quickly as possible. Infix said when I say I actually mean way so which repeal doing the same job I'm we basically alternate On a weekly basis the paying system so that we can be sure that they may be able to sleep at least every second week. Is it hard when there's so much sunlight to kind of figure out a natural rhythm for when your day begins and ends and how to draw a line between kind of like the work day and when you're off the clock it kind of is yes? I know that for the first month and a half. I would be baffled when I looked outside. Oh it's bright. It's not that lady. Look at the clock. It's eleven pm Lee when you're there in the ice cube you in mentioned kind of what the Ice Cube itself looks like. And then are there buildings attached to it where you're living and taking your meals and that sort of thing or do you have to like go outside to go to those buildings so ice cube Dedicated building which is about half a mile away Gino station and under general station host. Almost everything else. We also have a work area here so unless we have physical failure inside the inside the hardware we don't necessarily need to grow We have a music room We have across room and a reading library in the movie is also we have. Communal showers bathrooms and the rooms are really really small. Do you have your own room or do you have to share. This is one of the luxuries of suss. Pull this for example. Not the case in McMurdo Here everyone zone room which is really nice. If you want to have some Your time I mean that's kind of an interesting aspect. I imagine of this assignment. Right is that you are living in very close proximity with your co workers which is not the case for most folks right now. It's it's definitely interesting in the sense that you get to know them Look better than you would later on the on the other hand. A lot of the work is very segmented so I have. I mean showroom where the other scientists but numb for example. The carpenters at work. Because they weren't so far away from where we work that we only cross ways on lunch and dinner are their team building activities. That continue to take place. And while you're there just to kind of you know keep the bonds going actually going to have like a second dedicated team building sessions on the one who is GonNa spend the winter present and what be with the candle meetings where we can need. Just bring up all the issues that Mike calls tension and hopefully resolve them before they caused tensions. What kind of preparation Are you going to do for the winter when the sun goes down and is not going to come up for many many months so one of the Big Trevor Preparations were doing at the moment. Is We're digging out all the buildings on. There's a lot of snowdrift over the winter. The other thing is everyone's GonNa leave so by February fifteenth. All the people that only spend the summer here we'll have less than we will only be the full two people of that. Spend the winter here on around forty to the final numbers not quite sure. And then there has been a very long tradition of watching the thing when stationed closer. So the frizty that's GonNa Happen is probably that movie. Have you seen this thing before or is this your first time? This will be my first time so I'm quite excited for the temperature up all over. The cat won't last long. Will we make besides the physical preparation and logistics that? You have to do for the winter. Is there kind of any emotional and mental preparation? They give you since You know you're not going to get that exposure to light and it's going to be potentially it's GonNa feel more isolating Yeah there's a couple of things to do like We actually can get mailed on here so among the people that spend the winter is that they get a midwinter package. These packages that have packed by people that know you on. They send them down in them. Only on June twenty. First when there's the middle of winter as you get something new and exciting in the middle of winter to make the way until the station reopening. I don't know what's in my package. Obviously because I haven't opened it yet but I would suspect it's going to be some Chris. Surly your favorite speeds to something because what happens as we get older food provided for and it's actually really good food but you will end up eating the same thing over and over again and we always have cookies for example at the station it's mostly Oreos and once Oreos for three months you want something different. So away for become super exciting. Do you get a lot of fresh fruits and vegetables. Are they kind of all flown in at the beginning of the season and just kept frozen or you know some fresh So I saw an apple today. I was really excited. We get fresh fruit in occasionally. This year has been conflict on your to weather and other things. The flights haven't been as frequent as they would normally be probably. We haven't had fresh vegetables reviewed since Christmas. And before that since the end of November roughly but I do absolutely expect that they will make an effort to bring things in before the station closest so that we have some fresh fruit at the beginning of winter and then we actually get to entertain a greenhouse here so we will be able to grow salads. Are there aspects of life on the South Pole? That you know have have really surprised you. And how much enjoyed them? Or how special they are versus. What life is like back home? A lot of the things become insanely easy here. I actually noticed this in particular when going back to McMurdo Sense. Plays Jim my room. The Galley are all with two minutes walking distance. You Save an insane amount of time on on commuting Nia and I've been active here because I mean the the people would motivate you to go on without the people you spend dinners and you usually don't have a good excuse at dinner not to join. Lanfang active here which has been really nice. We have a. We have a volleyball group. That's actually playing right now. We have a basketball trip. That's playing on Mondays. We have thought blondes as NFL. Never participated in We have a climbing wall which is really cool on. We have a Batman Setup Sunday's they've come to realize that one of the important things is some ways to occupy yourself in winter because we don't look twenty four hours a day and if you will eight hours a day at least sixteen hours where you have to do if you sit in darkness can get depressing. Mary faster than they have a very strong emphasis on opportunities to keep yourself busy. This is why we have the dream the craft room and the movie room so that we can spend time together. I talked to someone who's been venturing for a long time just recently. He said it's been a he's actually really disappointed about the Internet. Now what happens? Is that everyone? Dinner just goes to the room to go on the Internet. There's actually very little community activity compared to than fifteen twenty years ago when there was really nothing else to do and then they would use things together. So it's GonNa Change though because the the satellite doesn't come up every day at the same time. It comes up four minutes earlier every day. Which means that by The satellite will be done by six. Pm which might be more interested in doing other stuff. I mean it might be too early to to say but do you picture yourself ever going back to a traditional job where you're commuting to an office every day or do you think that it kind of ruined you for the traditional office setting what's going to happen like I came here and I was really sure that once I finish this job I would go back to. Germany would look for like six job in a office than I would be very happy. Settled Life and I've already slowly shifted to a twelve months of traveling so flexible in that sense. I'm pretty sure at some point will accurate up because my entire family's there and all my friends other and miss them so I WANNA be back. Is there a possibility of returning to the ice cube or there are people who do kind of repeat tours? I don't know if you have to. Reapply am kind of every year. But is there a possibility that you could come back? If you liked it enough you would have to reapply The heavy people have been for none of them. Were more than two tours. What is also very common that I only learned. Here's people working the term here at South Pole and during the Summer Nascar and it seems like these communities of very interesting to me as well. I didn't expect there to be so much exchange between those two places I mean it must just be the most intense bonding experience kind of sharing sharing this time with the colleagues that you have. It's just I can't imagine what that's like it must be. Incredibly bonding is great. Especially because you team bowling you come out with a bunch of friends and not. Everyone's going to be a close friend at the end of the year. I'm actually from what I've heard. No one's GONNA be your friend at the end of the year. Once you're off the ice you realize that that's Boone's thing Talk to each other again. I haven't heard of race of people that would not that poll already. When they were landing in Mcmurdo they realize they were both being told. Big Heads and conciliated IMMACULATA before they made it off the often tactica but it will also make you fused together. Rework is produced by Waylon. Wrong in me Sean. Our music is broken by design by CLIP ART BEING SEPARATE. Cala for his help with the story. Wilco show notes with links to the ice cube website at rework dot. Fm So you can hurt out about neutrinos if you want in season photos of light at the South Pole what is your favorite scene in the thing My favorite scene. I watched most of with my hand covering my face so The only scenes I really saw were of Kurt Russell pulling on a leather jacket to run outside without zipping it because apparently that is all you need and the South Pole amazing now. I like the head runaway. I think I did. I did see related and it goes to the stomach opens up and that was. That was really scary. I love that movie so okay actually my I mean legit my favorite part. Is that really tense scene? When they have. What do they do with that needle? No it's an electrical listen electrified needle or something. And they're just heat up a piece of wire kind of blood. Yeah and they're like sticking it into these individual petri dishes of blood tied to the couch. It's tense and then like those two guys on the couch trying to get away from McGuire. Who is changing. Yeah and they look genuinely hysterical. Did I tell you that I only saw the thing for the first time over the holidays? Yeah and I think we already discussed we. Our priorities discusses but first of all I did not realize until the end of the movie that one of the characters was named windows. I thought that every time they said windows it was Kurt Russell ordering people to check the windows as really confused. We have this tradition. I think it started in college where the first snowfall in Chicago. Not even the first. Gd Week of winter as they say in the movie I know fall in Chicago. We open up the windows put on our big winter jackets for the first time. And the thing you open the windows yet has to be cold in the living room. You know so you're talking about a person named does your friends with or windows though. These are sort of the glass things you can. You can open from your apartment all right. I think that's good for things. This has been thing to thing one and thing too that's good.

South Pole Catherine Mallet McMurdo Katherine Hillard Antarctica Ice Cube Neutrino Observatory New Zealand Sean social isolation Denver Nitra professor Gannett Kurt Russell US Waylon Long Chicago
Patch by midnight, and reply by endorsement. Cerberus is howling; Rampant Kitten is yowling. TikTok and WeChat both get reprieves. German police want ransomware operators for homicide.

The CyberWire

23:08 min | 2 months ago

Patch by midnight, and reply by endorsement. Cerberus is howling; Rampant Kitten is yowling. TikTok and WeChat both get reprieves. German police want ransomware operators for homicide.

"Funding for this cyber wire podcast is made possible in part by last pass. Last passes an award-winning security solution that helps millions of individuals in over seventy thousand organizations navigate their online lives easily and securely businesses can maximize productivity while still maintaining effortless strong security with last pass. Last pass can minimize risk and give your it team a breakthrough integrated single sign on password management and multi factor authentication solution. A. SCISSOR tells the feds patch zero log on by midnight tonight Sarah Surges after its source code is released rampant kitten and Iranian surveillance operation is described the US bans on we chat and tick tock were both postponed Justin Harvey from accenture marks three years since wannacry with a look at brand somewhere our own rick Howard on red and blue team operations and policing Germany are looking for ransomware tekkers on a homicide charge. From From the cyber wires studios at data try by Dave Bittner with your cyber wires summary for Monday September Twenty Twenty Twenty Late, Friday the US cybersecurity and infrastructure security agency directed all federal agencies to apply August Patch to Microsoft Windows Server Emergency Directive Twenty. Dash Four requires that mitigations of zero log on privileged. Vulnerability CV to twenty, fourteen, seventy, two, which Microsoft addressed in August be applied by midnight tonight and that all agencies report completion by midnight Wednesday. The directive applies only federal agencies under sece's oversight, which is most of them, but with certain national security exclusions. As Forbes notes if the matter is serious enough for SIS to take this action than the private sector would be wise to do the same. The release of Serra Source Code has as predicted been followed by an increase in attacks using the banking Trojan. Kaspersky. Reports. Apparently despairing of getting their reserve price in an online auction that didn't work out to their satisfaction and faced with the difficulty of maintaining the malware as the gang broke up the managers of Serra's last week released their source. Code Online. Kaspersky said quote the result has been an immediate rise in mobile application infections and attempts to steal money from consumers in Russia and across Europe as more and more cybercriminals acquire the malware for free and quote. Researchers are seeing the same sort of jump in functionality and usage. They observed when a new bes- went similarly public last year. Checkpoint describes what it seen of rampant kitten. An Iranian threat group that's been keeping tabs on that country's dissidents for six years. Rampant captain has used four windows. Info steelers an android back door that pulls two factor authentication codes from SMS messages and records the infected devices, audio surroundings, and telegram fishing pages. Rampant kitten has prospected domestic opponents, but it's taken even closer interest in certain. Dissident groups in the Iranian diaspora. US bans on transactions involving tiktok, and we chat scheduled to take effect yesterday didn't happen. Due to first eleventh-hour agreements about control over TIKTOK and second to a temporary injunction. Federal Magistrate issued to keep we chat running as it has. An outline according to the Wall Street Journal the agreement reached Saturday would give Oracle a twelve point five percent stake in the company to be called diktat global and Walmart would purchase seven point five percent of the venture. That would leave bite dance with about eighty percent of tiktok global. But as it happens by dances forty percent owned by American investors and the companies hope that this would constitute sufficient US control to allay US security fears. Oracle. Also intends to provide the new company with secure cloud service for tectonics, data and Walmart would agree to provide e commerce fulfilment payments and other services to tiktok global. The agreement that would establish tick Tock American operations as a standalone company with partial US ownership remains under evaluation and the Commerce Department says, the ban has therefore been postponed a week. The Wall Street Journal reports that a US Federal Magistrate has granted a temporary injunction stopping the government's intention of similarly stopping transactions involving we chat. A group of the APPs users filed an emergency motion seeking to block the government's plans on first amendment grounds. The government they argue has insufficient grounds for blocking their access to the Chinese made and operated APP, and that this constitutes restraint of their freedom of speech. The government has said that it intends to take no action against anyone using we chat to communicate either personal or business information. But that the APPS data collection practices represent a threat to national security. Should. One or both bands eventually go through the Chinese government has signalled that US companies are in for some rough treatment of their own. The Washington Post reports that Saturday China's commerce ministry announced plans for adding some companies to it's. Unreliable. Entities list. While the ministry didn't specify exactly who would make the list Chinese state media have for some time been calling for retaliatory bans on apple and Google. So those two probably for starters at least. The sad case last week of a woman who died when rent somewhere at a Dusseldorf University hospital acquired that she be diverted to a hospital, some thirty kilometers away and too far to give her the prompt emergency treatment she needed has prompted prosecutors in nordrhein-westfalen to open a criminal inquiry into negligent homicide against unknown persons. Reuters reports that the loss of data so interfered with hospital admissions that it was unable to take patients arriving by ambulance. It's been widely reported that should charges eventually be filed. It would be the first time a death had been linked to a cyber attack. That depends of course on how narrowly won construes the words linked to a cyber attack. Since there have certainly been deaths induced by swatting were a phone calls origins were spoofed. But it is an unfortunate reminder that for all the descent Habituation Cyberspace tends to produce in those who live and move and have their being their cyber attacks do have real consequences for real people. Security firm M soft, which has made a reputation providing decrypt to ransomware victims thinks that the Duesseldorf case ought to put an end to the payment of ransom one of the objections to paying ransom. However, much of a bargain, it might be in any particular case for any particular organization is that doing so fuels abandoned? And, encourages future attacks. The argument parallels one that's long been made against negotiating with terrorists. If payment encourages ransomware gangs, and if they're attacks growing in frequency and consequence and it's time, MC soft thinks stop feeding the beast. The meantime all we can do is offer condolences to the victim's family and friends. And to wish the German police. Hunting. Able. Now from our sponsor looking glass cyber for years, organizations have been working to keep up with threats deploying new security tools. The result is a complex and inflexible security stack. That is ineffective in today's micro segmented, borderless and distributed networks keep pace with the threats of today and prepare for the future organizations need flexible protection around their unique network ecosystems with a software based approach to unifying your security stack formerly disjointed tools can communicate with one another to disrupt and distract the adversary without revealing your defenses with this flexible approach. Security teams can easily scale their protection to fit their needs with one integrated software solution requiring no specialty hardware meet cloud shield eclipse distributed of cyber defence. Learn more at looking glass cyber dot com that's looking glass cyber dot com, and we thank looking glass cyber sponsoring our show. I'm joined again by Rick Howard he is cyber wires, chief security officer, and also our chief analysts But more importantly than either of those things, he is the host of CSO perspectives over on cyber wire pro rick. It's always great to have you back. Thanks for the plug Sir I appreciate. Of course of course You know last week, you and I. Were discussing history of pen tests we were talking about red team and blue team ops and purple teams and all that stuff This week you continue that you take it to the next level you brought in some experts to your hash table and you discuss how practitioners handle this stuff in the real world. So what kind of stuff did you find out? Yeah, you're right. So if you recall from last week, show back in the early seventies, the good guy hackers, these are white hats are ethical hackers. You know we started to use our own skills against our own systems and eventually those exercises became known as penetration tests. These were separate teams. You know they would attempt to poke holes in the technology deployed to protect the enterprise right now these weren't trying emulate any adversaries. Okay. They were just trying to find you know the unknown open windows and doors and I was surprised that you know when I did the research that and went back as far as the seventies. When I discovered though when I was talking to the Hash table experts, security experts have different ideas on how to use these teams and it's on the spectrum of activity on one end. It's sitting the team somewhere on the Internet and telling them to find a way in any way they can to on the completely opposite side of the spectrum giving the team, extremely specific parameters about what they're supposed to do and from where they're supposed to do it. Now this kind of go along for a long time in for my part I never thought that former part. You Know Kinda Willy Nilly do whatever you want was that valuable right because you know can pin test find their way in. Of course, they can. Okay that's where they get paid to do. So I was talking to. Rick. doting about this, he is the sea. So for Carolina complete health and before he was a so he ran a commercial pen testing and his clients would ask them to see if the pen test team could get into the client's network and so this is what they would tell them. So when I was a consultant I would often have customers who call and say, Hey, can penetration tests and you can get in and aren't always them save your money? Yes, we can. There's no question of attitude. It's like if you have a specific reason that you want us to focus on or you just update it system or even you monitoring or you want to test the way that these controls are acting, that would be something. But if it's just a general can get in yes, we can always get in I. Think his point is that pen tester activities should not be free for alls. Okay. They should be highly tailored to test something specific like you know a newly deployed as three bucket or a change in firewall settings or even newly deployed server farm or something like that. Yeah Laid Kinda reminds me of like I. Don't know if I were testing the security of my home. If I were to go to a pro if I were go to a locksmith and say, could you get into my house? Well, of course, locksmiths going to be able to put it into my house right but I suppose that's different than saying, Hey, I want to bring someone to make sure my alarm system is functioning the way I expected his or that I that I am turning it on their correct way when I go to bed at night you know those right right? Right? Right. That's really interesting. Well, last week, we ended on a bit of a cliffhanger end. Up in the air. If red team and blue team ops were considered, an essential function has has there been any clarity in the meantime. Have you made up your mind I? Think I finally have. On the fence and I don't think that red team blue team operations are essential. They're kind of expensive to do and I definitely will not pull that lever I if I was beginning to set up a new INFOSEC programme, that's not the first to move. But if I mature and I put in these other strategies and we've talked about them on this show, right the resilience and zero trust and intrusion kill chains and being able to assess risk in your organization. If you can get all that stuff going, it's relatively mature. Then the next Leber you might pull is red team blue team operations, and so they're not essential to your embassy program. I will say though that the training opportunity by doing those are pretty decent. You put a brand new sock analysts hunting down red team in real time There's some real live training going on there. So there may be some benefit there, but again, maybe not essential to any INFOSEC, programme? All right, well check out perspectives that is over on cyber wire pro on our website the cyber wire dot com check it out Rick Howard. Thanks for joining us. Thank you sir. And now a word from our sponsor extra hob securing modern business with cloud native. Network. protection. Response. The massive shift to remote work has turned the reality of work on its head with cloud and multi cloud adoption comprehensive visibility is more important than ever. But in order to protect your business, you need more than unified visibility you need intelligence response workflows so teams can collaborate. And Act Quickly Extra hop helps organizations like wizards of the Coast Tech threats up to ninety five percent faster as John crease senior it engineer puts it quote extra hop is helping US accelerate cloud adoption by ensuring our workloads our secure. See how it works in the full product demo free and no forms required at extra hop dot com slash cyber that's extra hop dot com slash cyber, and we thank extra for sponsoring our show. And joining me once again as Justin Harvey he's the global incident response leader at accenture Justin. It's always great to have you back and we recently passed the third anniversary of wannacry. I wanted to check in with you on some of the things that you've been tracking when it comes to ransomware and how it's evolved over the past three years. Sure. The third anniversary of wannacry was just last month and I've gotta say wannacry was a pivotal moment in cybersecurity history not because of of some of the damage that it created, we've seen damage for ten fifteen twenty years. What really was surprising was that wannacry was going to be the first of many type of destructive attacks. Now, in my experience I define ransomware as destructive our because there's really there's really no difference with destructive. You don't have a means to get your data and with ransomware you may have a means if you're willing to take that risk and so with wannacry creating so much damage three years ago it really started a cascading of events in ramping up ransomware. I believe that adversaries solve this as as an opening for them to exploit victims and get a big payday. And we've seen since then ransomware has sort of expanded their scope of operations to include exfiltrated data to kind of turn up the heat on the folks at the ransoming. That's exactly right. We at accenture are seeing a lot of cases, and in fact, since the pandemic started in early March, we have seen over a fifty percent increase in ransomware cases and many of them are following the same incident life cycle. It's the adversaries that are doing a quick fish to get in get a landing spot. Quickly escalate privileges and they're installing a persistence mechanism like cobalt strike. Now, cobalt strike is an interesting tool because it is a commercially available tool out there. Primarily, it's it is intended for use by red teams and. Friendly. Teams but cobalt strike. Has Been adopted by many adversaries out there even nation states as a remote access, Trojan so these adversaries are getting in they are installing cobol strike, and then they're just kinda listening for a while they're mapping the environment, their understanding who's who and where the goods are, and then of course, once they find the goods, they are encrypting them in place as well as stealing credentials and other data. So they've kind of got a bird in the hand and the bird in the hand is they're stealing the data first and then extorting. So if they don't get their extortion money boom, they already probably monetize the first set of data that exfiltrated. In the time since wannacry has your playbook grown more sophisticated when you're called out to help an organization WHO's dealing with ransomware have things changed over the past couple of years yes. We have moved from being a primarily an investigation team that's heavily focused on understanding the WHO, the, what the why, and then moving toward expulsion, and then transformation we've moved from that model to quickly triage and help recover and environment because before the the cases that we were running both cyber criminal and nation state, it was really a bug hunt you have an adversary they are hidden in the environment and they are. Patent. acidly stealing intellectual property and exfiltration, and what we're seeing now is something different. We're seeing a an adversary get in be quiet extra trait that I set of data. Then of course, they're doing the extortion but through this extortion, they're also taking out the entire enterprise they're taking down active directory they're taking on applications and databases and things that are necessary. To create revenue or or or to fulfill the obligation of the enterprise. So for us, we are seeing more and more of that, and it's less about well who done it, and how do we get them at in the environment to how fast can we restore services? It's interesting to me that you know I remember it felt like we we might see a shift away from ransomware toward crypto mining for a little while but that really didn't play out the crypto mining kind of ran out of steam. I think that with these crypto mine our adversaries I think there were primarily looking to make a quick buck off of. The new types of cryptocurrencies out there. But I think that they're having a hard time monetize these quasi unofficial. Currencies out there. So it's very difficult for them to make money and if you're already. In an environment you already has administrative access why not just put in ransomware rather than to a mining expedition. Now, clearly, mining is less destructive but it can also take down in environment as we've seen with the fear of our clients over the last two to three years. Alright well, Justin Harvey thanks for joining us. They. Able. Thanks to all of our sponsors for making the cyber wire possible especially are supporting sponsor proof points observed the leading people centric insider threat management solution learn more at observed dot com. And that's the cyber wire. For links to all of today's stories, check out our daily briefing at the cyber wire, dot com, and for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field sign up for cyber pro will save you time keep you informed and it'll pick you up when you're feeling down. Listen for us on your Alexa Smart Speaker to. Don't forget to check out the grumpy old GEEKS podcast where I contribute to a regular segment called security ha I joined Jason and Brian on their show for a lively discussion of the latest security news every week, you can find grumpy geeks where all the fine podcasts are listed and check out the recorded future podcast, which I also host subject. There is security intelligence. Every week we talked to interesting people about timely cybersecurity topics that sad recorded future. Dot Com slash podcast. The cyber wire podcast is proudly produced in Maryland the startup studios of data tribe with their co building the next generation of cybersecurity teams and technologies are amazing. Cyber wire team is Elliott peltzman route precaut- Stefan very healthy bond tim. No Dr Joe Kerrigan Herald -Tario Been Yellen Nick Veliky Tina Johnson and it Mo- Chris. Russell John Patrick Jennifer Ivan Rick Howard Peter Kilby and I'm Dave Pfiffner. Thanks for listening. See you back here. Tomorrow.

US ransomware Rick Howard wannacry Justin Harvey government accenture Twenty Twenty Twenty Kaspersky Microsoft tiktok Serra Source Serra Forbes Dave Bittner Reuters Washington Post A. SCISSOR
Coordinated inauthenticity with a domestic bent. Preinstalled malware in discount phones. Evilnum and the Joker continue to evolve. Incidents at FreddieMac and RMC.

The CyberWire

20:11 min | 5 months ago

Coordinated inauthenticity with a domestic bent. Preinstalled malware in discount phones. Evilnum and the Joker continue to evolve. Incidents at FreddieMac and RMC.

"Facebook takes down more coordinated authenticity. preinstalled malware is found in discount phones available under the FCC's lifeline program. The Evil Numb abt continues its attacks against Fintech platforms and services, joker, android malware adapts, and overcomes its way back into the play store, Freddie Mac discloses a third party data breach Yohannes over from sands on defending against evil maids with glitter. Our guest is row hit guy from RSA with a preview of his keynote reality, check cybersecurity story, and the Royal Military College of Canada's hack attack remains under investigation. And now a word from our sponsor threat connect designed by analysts, but built for the entire team Brett connects intelligence driven security operations platform is the only solution available today with intelligence, automation analytics and workflows in a single platform every day organizations worldwide US threat connect as the center of their security operations to detect respond, remediate and automate with all of your knowledge in one place, enhanced by intelligence enriched with analytics driven by workflows. You'll dramatically improve the effectiveness of every member of the team. WanNa learn more chuck out their newest book. Sore platforms, everything you need to know about security, orchestration, automation and Response The book talks about intelligence driven orchestration, decreasing time to response and remediation with sore and ends with a checklist for a complete solution downloaded at threat connect dot com slash cyber wire. That's threat connect dot, com slash cyber wire, and we thank threat connect for sponsoring our show. Funding for this cyber wire podcast is made possible in part by McAfee many companies are continuing to support a work from home model while putting a strain on their it resources and security McAfee is helping companies scale their security to work from home employees while optimizing it architecture learn more at McAfee dot com slash work from home. From. The cyber wires studios at data tribe. I'm Dave Bittner with your cyber wire summary for Thursday July ninth twenty twenty. facebook yesterday took action against several networks for violations of social media's policies against foreign interference and coordinated inauthentic behaviour. The networks were based in four countries Brazil, Canada Ecuador Ukraine and the US. The takedown was noteworthy for the prominence of political messaging directed at domestic audiences. The networks in Canada and Ecuador exhibited both in authenticity and foreign interference aimed at audiences in El. Salvador Argentina Uruguay Venezuela. Ecuador and Chile. The messaging here had a political dimension as well, but few obvious political commitments often coming down on opposite sides in matters of electoral politics. FACEBOOK said it was able to connect the activity to political consultants and former government employees in Ecuador, and also to Estra Tara a Canadian public relations firm. They spent about one point three eight million dollars on facebook ADS Estra Tara is no longer welcome on facebook's platform. But the networks in Brazil Ukraine and the US are in some ways more interesting because they were taken down for using coordinated authenticity to engage domestic audiences. The activity in Brazil facebook said was linked to individuals associated with the social liberal. Party including Geijer Bolsonaro, who is of course Brazil's current president. This network also bought facebook ads, but only to the chicken feet amount of fifteen hundred dollars. In Ukraine the coordinated network was particularly active during the two thousand, nineteen presidential and parliamentary elections it posted about various issues of domestic interest, including Russia's occupation of Crimea and Ukraine's relationship with NATO it also appeared to support some candidates. They spent about one point nine three million dollars on facebook and instagram ads. Finally the activity in the US was connected to the already banned proud boys group whose attempts to get back onto facebook. The social network was watching. In the course of that investigation, they identified a number of inauthentic accounts that the Washington Post connected to former political conciliatory role stone, who, until his conviction for lying and witness tampering had been an advisor to president. Trump facebook credits sealed court records in the case of the United. States versus stone released after a petition by several news organizations with helping it recognize the coordinated authenticity. This network also bought adds more than the Brazilians, but less than the others, not quite three hundred eight thousand dollars, according to facebook. Researchers, at security firm malware bytes report pre installed malware on a s that is American network solutions, you L. Forty phones, running android Os seven point one point one. The devices are among those sold by assurance wireless under the US Federal Communications Commission's Lifeline program, which makes budget phones available to low income consumers. This is the second time this year. malware bytes found preinstalled malware and discount lifeline devices. Back in January, the company found similar issues with you. AMX You! Six eighty-three Seattle devices produced by Max. Communications which malware bytes, says officially removed all pre installed malware from its phone in February E said has a report out on the evil numb, a PT, a little disgust group that's been active against financial technology companies since two thousand eighteen at least. The security firms researchers say that the threat group uses a mix of internally developed and commodity attacked tools. They steal financial information from trading and investment platforms, most of evil numbs targets have been in the EU or the UK with a few in both Canada and Australia the commodity tools they use are for the most part purchased on the criminal, the criminal market from the Golden Chickens malware as a service vendor, whose other customers include fin, six and the cobalt group. The information evil number has taken include spreadsheets and documents, holding customer lists, investments, and trading operations, internal presentations, software, licenses, and credentials for trading software platforms, cookies, browser, session, information, e, mail, credentials and customer credit card information, including proof of address and identity documents. The group has also been interested in information that could prove useful in subsequent attacks like VPN configurations. They identify the group as an AP t that is an advanced persistent threat, but he said doesn't connect evil number with any particular government, and while it notes that evil numb by some of its tools from the same vendor as Finn Six and the cobalt group. It says it found no other connections among those threat actors. Security firm checkpoint today outlined a new variant of joker. ANDROID malware, hiding inside apparently legitimate apps some of which circulate in the play store Forbes summarizes the findings as more evidence of jokers, dangerous sophistication, it hides itself in the manifest file of infected. APPs which checkpoint explained is the file. Every android APP must have where the developer declares. Permissions needed usage of servers and so on. The actor pushed encoded militias payload into Meta data fields in that file only to be decoded and loaded when on victims, device that way, no configuration or payload needs to be pulled from the Internet. Google has objected the militia APPs from the play store, but the joker operators are adaptive, and once they're detected. They return. Continuing our media partnership with our say and their upcoming Asia Pacific and Japan Conference. Our guest today is Rsa. President Roh a guy with a preview of his conference keynote. Reality Check Cyber Security's story. The theme for the conference this year is the human element and I'd afflicted on what it is. That makes Suman you know I think the unique trade that humans have is that a storytelling species and as such I reflected on what the story of the cybersecurity industry is, and what impact it has in terms of the future of the industry, so that's sort of the thought process that led me do taking a storytelling perspective to the industry and the domain of cyber security. Can. You give us a little bit of a preview of some of the things you're planning to talk about. Absolutely the framing of the all talk. A story ARC equals to use the word. Is I talk about? I set it up I in terms of. Human Element being a theme for Cybersecurity, and why the human element is important, and the net of it is that while we obsess so much about the technology infrastructure that we are looking to protect in the cyber world. Intrinsically this is a very human john or we protect at the end of the day is the trust that we as humans have on technology and data. That's the end of the day will on our mission. So I. Think just framing the mission from a humanistic glance is the first thing that that I hit on? Next what I sit you know. The story on comprises of three episodes of will talk about the story. Be had in the industry. The story we have in terms of how we are, we are story today and close out with staying the story. We want germs hall. We should tell our story because way in my view the way you'd change. The few fugitive changed the world. Is, to, tell the story that you want to. I don the story. The story comes first the future. You Know I. IT strikes me that many of us together for the conference in San Francisco earlier this year, and and for imagine most of us. That was the last big. Get together that many of us had that was the last opportunity for the industry to really get together, and so much has changed in just a few months, since then I imagine that that must have played into your your thoughts. Here's. You were putting this presentation. Presentation together, absolutely indeed, it was top of mind, and you know the way I needed into. The story is like a block to a every great story has a blocked to as boy. We have a block to us in the last few months. Who would have thought at right on the heels of the San Francisco show the conference? We would all be Gordon. Dean shuttered ablaze, and and and of the world going through what has gone through. What I've reflected on my talk is some key learnings. What have we learnt through this global Amick that we've all been living through? And I've tried to draw inspiration you know in terms of those learnings into field of Cybersecurity, so that's sort of the overall flow of the talk that I. Intend to give. That's RSA President Rohit Guy. The RSA Asia Pacific and Japan Conference Kicks Off July Fifteenth. Freddie Mac the US Federal Home Loan Mortgage Corporation has disclosed data-breach. It's apparently a third party incident. Borrowers whose loans were serviced by one of Freddie Mac's due diligence. Vendors have received letters warning them of the breach. And Canada's Department of National Defence is continuing its investigation of last week's hacking incident. RMC The Royal Military College of Canada the Kingston Ontario College. That's the equivalent of the US. Military Academy at West Point or Britain's Royal Military College. At Sandhurst, the department of National Defence has said all early indications suggest this incident resulted from a mass phishing campaign. The financial, Post cites sources at the college is saying it was a ransomware attack. MC. Soft told the financial post that assuming it was ransomware. The gangs responsible were probably either d'appel payment or net walker, both of which steal data before they encrypt drives and submit their ransom demand net walker tends to add its victims to its public list, and then remove them once they begin negotiating payment, whereas d'appel paymbers style is not to disclose its victims until they refuse payment. Given that RMC hasn't shown up on anyone's list of victims yet. They're betting its d'appel Palmer. The Department of National Defence said that certain systems of the Canadian Defence Academy the Umbrella Organization for Canadian Military Education were also affected, but the locus of the attack was RMC who's networks have remained offline as a precaution. No classified information. The department says is at risk. Now, a word from our sponsor. Dragos be sure to catch their next Webinar on July twenty second co hosted by Deloitte. It's titled Building and retaining an ICS cybersecurity workforce. Tell you how to address the worldwide cyber security skills shortage, and the impacts of hiring freezes visit Drago's dot com slash webinars. That's dragos dot com slash webinars, and we thank Dragos for sponsoring our show. And joining me once again as Yohannes Rick He is the Dean of research at the Sans Technology Institute and also the host of the. Storm Cast podcast Yohannes. It's always great to have you back. you know we? We've heard a little bit These evil made attacks in the context of the thunder spy of vulnerability You got an interesting angle to this can. Can You UNPACK What's going on here? Yeah, so thunder spy was a technical difficult to pull off a and ability bearer. You essentially have to open up a laptop. You attach a little device to it to flashed thunderbolt a firmer on D'Amato board, but the the effect quite devastating attacker is able to that, because essentially sort of destroyed trust that your system has its hardware. These, attacks are often called Leedle made it, and the reason they're I called tax well back in the old days been able to travel the stated hotels, and of course sometimes had to leave our laptops in a hotel. Say that the all know is not all that great and evil mate that comes not to clean the room, but a to clean. All of our secrets of our laptop may be able to have enough time to roll with the laptop. To pull off an attack like this, so the difficult part is, it's really hard to prevent this attack other than carrying your laptop with you at all times of horrors, them is difficult and really inconvenient. So another approach is free to think about how to detect at these. All right. So what do you? What do you propose here? Well! One simple trick that have read about myself many years ago and I got actually picked it up, but. Is A. You can buy this glitter. National Polisher maybe not. Use, a glittering Al Polish, and then you just put a little Dab of glitter nail Polish on the screws. The attacker has to remove the screws from the laptop and putting this glitter nail Polish on the laptop on his screws. Well, if the open it. They will break that seal so to speak, and it's very difficult of course, even if they happen to have the same brand nail Polish so to get it back. Just a right way, so you would take a picture of these screws after you apply the nail Polish also recommend covering it up a little bit nothing to hide it, but to prevent from being damaged accidentally. Many of us have like a little cases are so be put on our laptops to protect them better. They may also here. But just put a little piece of paper on it. Maybe some tape tool so prevent accidental damage. I could imagine also that if someone were going to break into your laptop. And they flipped it over, and they saw glitter on the screws they would. They might think twice about it because the possibility of them being discovered correct and may also discourage them on the same note the. Hotel safes are known to be not secure. I prefer a like a little backpack Pelican cat case a patch. I can put my own padlock on it again. This is not perfect. Cut The plastic. They can still steal a laptop. That's not you're very. You're very about them modifying the laptop without you knowing so this is really more about adding some temporary evidence than Tampa brew for or theft approving the laptop. Y- always wonder what these sorts of things I. IT strikes me that if you are someone who's risk profile includes the sort of evil made attack. I suspect he would probably know it and have these sorts of protections. Put in place, or you'd be the the person who wouldn't leave a laptop behind. Behind if this was something that that you knew you were perhaps going to fall victim to correct the that's definitely the case here and I've seen companies that for high risk. Individuals have like x Ray Machines but periodically ray laptops to make sure they haven't been tampered with sort of on a on a circuit board level. What I always recommend is have two laptops. One company secrets that you'll even hotel your personal secrets that you keep with you. So that. We nothing important. Get stole. It's a heavy backpack Johan. Backpack. Allows me. Yeah. That's right. That's right. All Right Johanna Sell Rick thanks for joining us. Thank you. And that's the cyber wire. Links to all of today's stories, check out our daily briefing at the cyber wire dot com, and for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field sign up for cyber wire pro. It'll save you time and keep you informed. Listen for us on your Alexa. Smart Speaker to. Thanks to all of our sponsors for making the cyber wire possible, especially are supporting sponsor proof points observed the leading people centric insider threat management solution. Learn more at observant dot, com. The cyber wire podcast is proudly produced and Maryland out of the startup studios of data tribe where they're co building the next generation of Cybersecurity, teams and technologies are amazing. Cyber team is Elliott Peltzman. Peru precaut-, Stefan Missouri Kelsey. Bond Tim, no Dr Joe Kerrigan Carol -Tario Benny Elon Nick Feleti. Tina Johnson Bennett Mo- Chris Russell John Patrick Jennifer Ibon Rick Howard, eater, kilby and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.

facebook US Royal Military College Canada Ecuador Brazil Freddie Mac Department of National Defence McAfee president Dave Bittner Dragos RSA FCC Salvador Argentina Uruguay Ven Canada Ecuador Ukraine US Rsa Brazil Ukraine
Following K3chang. Bulgarias tax agency breach. An alternative currency gets some incipient regulatory scrutiny. Why towns are hit with ransomware. A hair-care hack.

The CyberWire

24:46 min | 1 year ago

Following K3chang. Bulgarias tax agency breach. An alternative currency gets some incipient regulatory scrutiny. Why towns are hit with ransomware. A hair-care hack.

"Ca Chang is out about and more abrasive than ever data breached at Bulgaria's National Revenue Agency has turned up online and at least one hacker forum facebook's planned libra crypto currency received close scrutiny in tepid reception on Capitol Hill This Week Mc soft offers some common sense reflections on why local governments are attractive ransomware targets. Please patch blue keep and my interview with Richard Clarke Co author author of the new book the fifth domain. It's time to take a moment to tell you about our sponsor recorded future. You've probably heard of recorded future. The real time time threat intelligence company their patented technology continuously analyzes the entire web to give Infosec analysts unmatched insight into emerging threats we subscribed to and read their cyber daily. They do some of the heavy lifting and collection and analysis that frees you to make the best informed decisions possible for your organization sign up for the cyber daily email and everyday you'll receive the top results for trending technical indicators that are crossing the web cyber news targeted industries thread actors exploited. It'd vulnerabilities malware suspicious I._p.. Addresses and much more subscribed today and stay ahead of cyber attacks go to recorded future dot com slash cyber wire to subscribe for free threat intelligence updates from recorded future. It's it's timely it's solid and the prices right and we thank recorded future for sponsoring our show funding for this cyber wire podcast is made possible in part by extra hop providing hiding cyber analytics for the hybrid enterprise learn more about how extra help reveal X. enables network threat detection and response at extra hop dot com from the cyber wires studios at data tribe. I'm Dave Vitner with your cyber wire summary for Friday Friday July nineteenth two thousand nineteen he said reports on recent activity of Ca Chang and elusive threat group engaged in cyber espionage most of Ca- Chang's recent targets have been in Slovakia Belgium Chile. Eh Guatemala and Brazil e said studiously avoided attributing Ca Chang but they do observe that since its discovery by fire I in twenty thirteen Ca Chang has been associated with China. The recent campaign show improved approved back doors and greater evasiveness in Miters Threat Group taxonomy Ca Chang is also known as a P._T.. Fifteen and sometimes as Vixen Panda or playful dragon hacked Bulgarian tax information nation has begun turning up in various discreditable hacker online neighborhoods Z._d.. Net says that the person who posted it a gentleman going by the name institute Killa obtained it from download link carelessly displayed by a Bulgarian television news report report insecure crowd source to solution to the Password and has now made the data available. He's not worried about doing so. He's a Bulgarian citizen but since he's not the original hacker Mr Killer doesn't feel accountable for anything so he's got that going for him. Maybe but the alleged original hacker has now been identified computing magazine citing Bulgarian sources identifies the suspect as Christine boy cough age twenty. Mr Bykov had been employed by T._e._d.. Security apparently in cybersecurity training roll this is consistent with early reports that said the perpetrator was a white hat pen tester gone bad Bulgarian social media our twitter with talk that some of his students were members of the police cyber squad that collared him so good job teach although it's always better to get an apple on your desk than a set of steel bracelets in two thousand seventeen Mr Boycott had exposed closed in disclosed security issues affecting the country's Ministry of Education which publicly praised him for his efforts. The President episode is therefore a sad come down. The police say that the tax agency Hack wasn't even particularly artful. The seems seems to be figuring in Mr Bykov's defense. His attorney suggests that Mr Bykov was to skillful and resourceful to pulled off what looks like the work of a skid skid or not the data were compromised the way the case has proceeded needed is interesting. Mr breakoff would originally have faced up to five years in prison upon conviction but a letter from Bulgaria National Revenue Agency explained to the justice system that the data they lost wasn't really critical infrastructure and so now a conviction fiction seems likely to bring justifying the national revenue agency isn't really making what the lawyers call an admission against interest here. The agency is itself liable defines over a data-breach. Perhaps his high is twenty two million dollars lers facebook's plans for libra received close congressional scrutiny this week. The concerns are familiar but the regulatory way forward is as wired points out unclear should libra be regulated like a bank and investment meant a contract and how might necessary regulation preserve the decentralisation that makes old coins so interesting in the first place. The Group of seven central bankers are also cool to the notion at least in it's pure buccaneering an unregulated libertarian form. 'em Soft reflects on the recent wave of ransomware hitting U._S.. Local governments the firm suggest that counties in towns are vulnerable because of outdated systems and big attack surfaces over a third of local governments rely on technology. That's at least generation behind the current state of the art and the towns and counties offers so many different public web services that they're inevitably exposed to attack S._C.. Magazine. Zine and others continue to report that hundreds of thousands of devices remain unpacked against blue. Keep do give some thought to patching if not for yourself think of what you're doing to herd immunity and finally as we all learned I didn't elementary school fire is a good servant but a bad master so here's another thing to worry about that wouldn't have occurred to us before hair. Stringers can be hacked now for those of you in the security community who aren't necessarily fashion and forward or especially grooming conscious explain what a hair straight Noor is a hair straight. Nerve is a device that uses heat to texture hair since there's at least a marketing if not always a clearly functional reason to render all sorts of devices smart smart this has now been done to some models of hair straighten her but assuming you wanted a hair straighten her in the first place. Why would you want a smart one well so it could communicate with stuff to maximize your attractiveness? Obviously in this case case naked security has an article describing one high end product the Glamorize her Bluetooth Smart Straight ner which communicates with an associated android glamorize her APP. The problem is that the smart system is easily Hackel as a researcher at pen tests partners has demonstrated you could if you so wished remotely override the glamorize irs temperature setting from toasty but arguably bearable two hundred forty eight degrees Fahrenheit to a super bradberry and Fahrenheit four fifty I five that's hot enough to melt iodine selenium or tin and plenty hot enough to set your house afire sure the hacker would have to be in Bluetooth range. But how hard is that anyway. Dumb smart is perhaps worse than old fashioned dumb think twice before styling your hair with what amounts to a soldering iron besides trust us your hair looks fantastic as it is and now a word from our sponsor known before the experts in new school approaches to defeating social engineering you ever wonder how hackers and con artists no so much about their targets physically. There's more information out there on everyone then. You'd like like to believe there's even a name for it. Open source intelligence. Oh sent Kevin Mitnick no before chief hacking officer can show you what the bad guys can find out about you go to know before dot com slash Oh sent and register for a Free Webinar in our with people who know a thing or two about mind-blowing underground open secrets that you need to know that's K. N. O. W. B. Numeral four DOT com slash O. S. I. N.. T. and we thank no before for sponsoring our show and joining me once again as Yohannes Alrich he's the dean of research at the Sense Technology Institute Institute and he's also the host of the storm cast podcast Yohannes. It's always great to have you back. <hes> you know scanning your network for vulnerabilities is an important part of <hes> irregular cyber hygiene but <hes> you wanted to talk today about <hes> some issues that could come up when you do that. Yes when you're running vulnerably scan so one thing a lot of people are sort of concerned off is like Unintentional Donald Service attacks and such but there's another problem that actually one of our stormcenter handlers Savia ran into a recently and that's the use of credentials in these volubly scans now ev very simple audibly scan what busy just scan unit Verka check what service are exposed the report on that but that's usually all that useful saw what you do. Is You actually provide your water scanning system with credentials it can log into a systems and then find out more detail a what the system may be vulnerable to the tricky part here. Is that in order to do this. The grandchild's being used by Damore bleak scanning systems often have some elevated privileges and an attacker can actually take advantage of these credentials and use them then to attack your system if they're able to intercept a connection that is established a by the vulnerability scanning system so these credentials are typically being sent in the clear. Well really depends if they're being cynically of course then it's easy but in one particular case if you're connecting to S._N._B.. File shares so you have been knows network <hes> you're using S._M._p.. And beat connect to remote systems in this case a you can launch what's known as an N._T._m.. Really Attack Bear the attacker essentially is getting in the middle bit between the wallabies scanning system and target targets system and instead of blamed him off against each other in order to gain access to the system without actually having to break any hashes or actually note any credentials that are being involved in which the solution here what's the best practice just to avoid this well first of all I would not use any protocols that sent credentials in clear text so get the protocols should be avoided anyway. You probably don't even need to log in in using your Wallet Management System Now as far as I'm concerned. It's a little bit more tricky because it's almost on a feature of a some S._M._p.. Versions so you're real solution here is to prevent that entail really attack attack. You should do that by using S._M._p.. Version three and a by enabling S._N._B.. Signing that of course is only possible. If you're using the latest versions of a windows you Huntersville Rick. Thanks for joining us now. It's time for a few words from our sponsor blackberry silence. They're the people who protect our own end points here at the cyber wire and you might consider seeing what blackberry. Blackberry silence can do for you probably know all about legacy antivirus protection. It's very good as far as it goes. Do you know what the bad guys know all about it to it will stop the skids but to keep the savvier hoods hands off your end points. Blackberry silence stinks you need something better. Check out the latest version of silence optics it turns every endpoint into its own security operations center silence optics deploys algorithms formed by machine learning to offer not only immediate protection but security that's quick enough to keep up with the threat by watching learning and acting on systems behavior and resources whether you're worried about advanced malware commodity hacking or militias insiders silence optics can help visit silence dot Com to learn more and we thank blackberry silence for sponsoring our show. My guest today is Richard a Clark former former national coordinator for security infrastructure protection and counter-terrorism for the United States under President George W Bush he was appointed special advisor to the president on cybersecurity. He's currently chairman of Good Harbor Consulting. He's the author or CO author of several books the latest of which is titled the Fifth Domain Defending Our country are companies and ourselves in the age of cyber threats. The book is Co authored with Robert Kentucky so the military talks about things as domains land sea air and over the years they added space as the fourth demand now in the last few years the military. I've talked about a fifth domain cyberspace <hes> where they expect cyber war to take place so we're calling this the fifth domain because not just because the book is about Cyber War because it's also about other things that take place every day the in cyberspace <hes> including what happens to you as an individual with happens to corporations <hes>. It's not just about cyber war one of the points who make in the book you say that the next major war will be provoked by a cyber the attack it would leads you to that conclusion well the director of national intelligence they sheared publicly testified <hes> that the Russian government has hacked into the controls of our power grid <hes> and that the Chinese government Chinese military the People's Liberation Army <hes> is capable of controlling <hes> or affecting our controls for natural gas pipelines <hes> that we suggest in the book that creates a situation of crisis instability the where <hes> if there is tension <hes> among nations <hes> people are going look around for Whoa. What how can we do signaling are? How can we do in initial attack <hes> that's not going to end up and killing people and the the answer is going to be cyber? We actually had proof of that. <hes> a few weeks ago <hes> when the Iranians shot down drone on and the United States wanted to retaliate <hes> the normal retaliation package was given into the president in he initially approved and it was the traditional wave retaliating with cruise missiles and bombers <hes> but after a while when they thought about it in the White House they said now we don't WanNa go that far. Let's just start with a cyber attack because it seems easier less bloody less lethal but the problem with cyber attacks is they do destroy things <hes> and they provoke retaliation <hes> and when you get into a cycle of tit for tat retaliation creation ultimately that ends up in Connecticut or conventional war the Pentagon's policy publicly articulated policy <hes> is that if the United States gets hit by a cyber attack from another nation state and if that that attack is sufficiently <hes> destructive that we reserve the right to respond with a Connecticut attack <hes> so we've said publicly cyber attacks on US will not just be responded to with cyber attacks on on you when it comes to testing traditional kinetic weapons you know there's there's there unambiguous if I do a test of a nuclear weapon that capability is clear for everyone to see <hes> but it's different in cyber our end we hear that <hes> nation states are are hesitant to to demonstrate these resources for fear of a burning those resources that revealing them will make them less effective and that's why deterrence doctrine from the nuclear or a dozen port well over to the cyber era <hes> deterrence stock during <hes> Mad Mitchell assured destruction dependent upon people knowing <hes> the both sides had weapons that would work <hes> knowing that those weapons could definitely get through <hes> knowing that those weapons could do a specific amount of damage <hes> and that's not the case in cyber also in deterrence doctrine from the nuclear attribution was not an issue <hes> attribution can be issue with cyber attacks because we now know that the Russians and the Chinese and apparently the Americans <hes> US each other's cyber weapons <hes> to obscure who's doing the attacks <hes> and apparently we've all stolen each other's weapons the certainly nothing like that ever happened in the in the nuclear we never had the Russians running around that the U._S. missile submarine or vice versa <hes> so you're right. We're reluctant to use a cyber weapon because once you've used it other people can figure out how it works <hes> and can build defenses against it <hes> and therefore. We don't want to use a weapon unless we absolutely have to. We can't demonstrate <hes>. <hes> and frankly when we pull the trigger. We can't really be confident. We know how well it will work or what the defenses are. <hes> like. It'll have to overcome so cyber is a different kettle of fish than <hes> every other kind of combat every other kind of war yeah. There's an interesting point you make in the book and <hes> you say that traditionally military strategists <hes> were looking for certainty <hes> and that certainty was aligned with security but on the the cyber domain uncertainty may be something that deters military action it. Can you explain that difference to us well. No military commander wants to attack unless he knows there's a pretty good chance he's going to win <hes> and in the case of cyber <hes> you really don't know when you launch an attack what defenses you're gonNA come up against <hes> do they already know this attack. Technique will lay <hes> allow you in and then shut you down and the fact that we cannot be sure how effective our offensive weapons will be at any given time <hes> means that anybody advising president or a commander <hes> should tell them <hes> hey boss. We don't know <hes> that this GonNa do the job. <hes> that changes things does that run counter to how military leaders are accustomed to thinking. It's entirely counter what they're used to thinking <hes> they have in the past always been able to exercise exercise simulate <hes> have high probabilities of success. <hes> know what the outcome will be cyber award. They're not that sure when president trump took office there was some optimism optimism that cyber-security was going to be a focus you one of his first executive orders was centered on cybersecurity. <hes> how has that played out not well. He initially had a very good guy <hes> running cyber security policy Z. from the White House <hes> the job I had <hes> and that was rob Joyce from an essay very respected nonpartisan guy expert <hes> and John Bolton when he came in as National Security Advisor got rid of <hes> <hes> and didn't replace him with anybody <hes> so the old sort of cyber czar job doesn't exist. There's no one really making policy or implementing policy across the board out of the White House. The same thing happened in the State Department where REX Tillerson came in and <hes> wondered why there were people working on international cyber norms <hes> and got rid of that office they did. I will admit the the trump administration are did write a really good <hes> National Security Policy National Security Strategy for cyber <hes>. I say it's really good because it looks a lot like the one I wrote for Bush but they haven't implemented personally. I I find it helpful in my own mind to use public health as a metaphor for cybersecurity. If you look at the past hundred years of the progress we've made where we made tremendous strides in public health and it's not perfect you can you can wash your hands and and <hes> you know do the basics and still every now and then you're going to get a cold <hes>. Do you find that that that's useful comparison. No no the people are always struggling to explain cyber security in terms of something else that people already understand right <hes> and in the one of the things that you hear a lot from people as well if you just have good cyber hygiene than you wouldn't get hacked and I don't know what the hell out means <hes> I. I don't think anybody really knows what that means. <hes> it's not a matter of good cyber hygiene. It's a matter of spending money <hes> the companies that are spending three and four percent of their I._T.. Budget get hacked the companies that are spending eight to ten percent of their I._T.. Budget on Cybersecurity do not get hacked <hes>. That's nothing about hygiene. It's about money so what what's the take home for the reader the the average person who's going about their their life their day to day here in the U._S. and elsewhere. What's the message you want to send home with them? cybersecurity affects everybody <hes> and everything we do <hes> from whether or not it's safe to go to a hospital <hes> and being strapped up to a a live Egypt machine or heart lung machine <hes> the facts who who gets elected how the election processes work eight could if the we had a bad day <hes> bring down in the airline <hes> or bring down the power grid and it can certainly mess your own personal life up <hes> in terms of credit card theft and other <hes> records <hes> theft <hes> so we have a chapter in the book about <hes> but this means to the individual <hes> <hes> and how what are the things individual can do <hes> to increase their own cybersecurity so individuals should do those many things that can improve their own security but then they should be involved in the public debate to urge corporations they deal with and governments they deal with <hes> to remove the threats <hes> because we know how to do it well. The book is the fifth domain defending our country are companies end ourselves in the age of Cyber Threats Richard Clarke. Thanks so much for joining US great to be with you and we'll be publishing an extended version of my interview with Richard Clarke this Sunday and that's the cyber wire thanks to all all of our sponsors for making the cyber wire possible especially are supporting sponsor observe it the leading insider threat management platform learn more at observant dot com the cyber wire podcast is proudly produced in Maryland out of the startup studios of Data Ada tribe with their co building. Next generation of cybersecurity teams and technology are amazing cyber wire team is Stefan vizier to Mika Smith Kelsey Bond Tim no Dr Joe Kerrigan Carol -Tario Nick Veliky Bennett.

president United States Chang Mr Bykov Ca Chang facebook National Revenue Agency White House President George W Bush Miters Threat Group Richard Clarke Co Richard Clarke Dave Vitner theft Mr Killer Connecticut
Full Episode: Saturday, December 14, 2019

World News Tonight with David Muir

19:56 min | 1 year ago

Full Episode: Saturday, December 14, 2019

"Are you hiring with indeed. You can post a job in minutes. Set up screener questions then. Zero in on your shortlist of qualified candidates using an online dashboard get started today. Indeed dot com slash tonight. That's indeed dot com slash tonight. The growing storm on the move dumping endless snow putting drivers at risk and the powerful Tornado just confirmed in the South Rob Marciano standing by the student motor manhunt police on the hunt for more suspects after arresting a thirteen year old in the brutal stabbing tonight new details including how the college freshman fought back when police say a group of Teens surrounded rob and killed her panic at the mall shooting sending Christmas shoppers rolling their lives at the height of the holiday shopping season the moment that gunfire starting plus no debate. The labor dispute threatening to derail next week's Big Democratic presidential debate all seven candidates candidates refusing to cross the picket line at the college. Hosting the event rule. The debate cancelled killed on duty but chilling new video just released an update on a story. We brought you last weekend. Police calling it an ambush an execution of one of their own all happening in a police station parking lot cities held hostage hackers crippling cities even one state's largest hospital network the multiple cyber attacks New Orleans city government forced to shut down their computers working off pen and pad and Lachlan's legal play one Hollywood couple at the center of the College. Jean scandal going going on defense tonight. What the accusing prosecutors of doing even seen this is ABC news tonight? Good evening being. Thanks for joining us on this Saturday. I'm Tom Llamas. And we begin tonight with two big storms striking coast to coast that snow making for dangerous driving in the west of those Colorado drivers trying to dodge control vehicles on some slippery roads and the confirmed ef one tornado. Slamming parts of Florida with winds up to one hundred ten miles cost per hour and that rough weather in the west look at that barreling eastward tonight with a one two punch bringing more snow ice rain to millions and it's not even winter yet. ABC ABC senior meteorologist. Rob Marciano starts US off tonight. Dangerous weather has much of the. US under siege as to storms wreak havoc across the the country this weekend violence storm slamming Florida any F one tornadoes striking flagler county with one hundred ten mile per hour. Winds Uprooting trees and ripping off off roofs. The damage stretching twenty miles treacherous travel conditions in the northeast heavy snow outside Erie. Pennsylvania blinding drivers their ars sliding off the highway downpours swamped the city streets of Boston forcing SUV's onto sidewalks to void the flooding and in the West a new storm system system now marching east up to eight inches of snow falling near Vail Colorado triggering a multi car pileup along. I seventy drivers struggling to maintain traction attraction through the rugged mountain passes and heartstopping moments caught on a nest cam in Omaha Nebraska roads covered in a sheet of ice causing not one but but to car accidents. Some dangerous conditions out there rob joins us now from Central Park with the forecast rob a new route a snow ice and rain in store for millions. That's right Tom. That's western storm is catching up to the one here in the East so not much of a break between them for really anybody. The center of this is still over Pennsylvania. You can see the backside of the Priests Still GonNa take several hours for. It's a kind of spin out. There will be some more in the way of snow especially near the lake. But everybody's going to get the win tomorrow. We got wind advisories from Albany to to Boston because he forty fifty mph hour winds that low amplifies and in the West snow still coming out. We got warnings still posted for parts of Colorado now watches that stretches to Kansas City and Saint Louis and that's where the snow and the ice he can reach by the time Monday morning comes along along that warm front and then strong storms on the south could see more in the way of severe weather by Tuesday an icy mix getting into the northeast especially inland. I and especially north of I eighty. That's where we'll see some accumulation. It will be a rough commute both Monday. Tuesday Tom. All Right Rob Marciano leading US off tonight rob. Thank you next to the urgent manhunt for a suspect in the murder of college. Freshmen the emerging details tonight about the eighteen year old stabbed in a park near campus struggling to get hope help before collapsing. One suspect just thirteen years old in custody in connection with the case. ABC Stephanie Ramos. With new report. Tonight on how that student try to fight back tonight with at least one suspect still on the run New York City. Police are back on the scene of that horrific crime divers searching the pond in that Manhattan Park Hark looking for evidence in the brutal murder of Barnard College student. Tessa majors at the time. A thirteen year old was arrested. Friday Friday charged with felony murder robbery and weapons. Possession in connection with major Steph the arresting officer testifying in family court the juvenile whose identity identity is not being released. Did Not kill majors. The officer says the thirteen year old was found a few blocks away from the college with a knife that he claims he gave gave to. One of the other suspects the juvenile implicated to others in the crime. Police say his statement matches the grainy surveillance video. Investigators have reviewed from the park. They have one in custody and he is the storyteller he's the narrator and you get detailed information and you see if that coincides with the physical evidence the NYPD. He has questioned a second teenager. Just fourteen years old tonight. He has not been charged. Police say majors was walking in Manhattan's Morningside Park in the early evening. Coming one day when she was confronted robbed and stabbed to death authorities say. She fought back biting the finger of one of her tankers then managed to stagger up the steep staircase she later died at the hospital goes responsible however many then. Maybe we'll be brought to justice Tom. This is still a very active investigation. That thirteen thirteen year old is being held without bail and will appear in court on Tuesday. His aunt says her nephew is innocent. Tom And the manhunt is still on tonight. All Right Stephanie. Thank thank you now to Washington and the historic full House impeachment vote looming next week president trump. You see him here tossing the point at the start of the Army Navy game in Pennsylvania media even as Sita's team brace for that Wednesday impeachment vote on the House floor and strategize next steps for the Senate trial with Senate Majority Leader Mitch. McConnell facing criticism schism from Democrats accusing him of taking his cues from the White House. ABC's David Wright with the latest tonight from the White House tonight. The battle lines over impeachment are sharp. And hyper partisan I am trying to give a pretty clear signal. Made up my mind at the here speaking in Doha. Qatar Senator Lindsey. Graham said trump will be on safer ground with a Republican. Majority calling calling the shots and Al will do everything I can to make it die quickly on Fox News Senate Majority Leader Mitch. McConnell vowed Senate Republicans will be in lockstep with the White House. We'll be working through this process. Hopefully in a fairly short period of time in total coordination with the White House counsel's Office President Donald Trump has said he'd like to call witnesses but now says he'll defer to the Senate while do long or short. I've heard Mitch. I've heard Lindsey. I think they are very much an agreement on some concept. I'll do whatever they want to do. It doesn't matter. Democrats accused Senate Republicans of prejudging the evidence even before the trial begins begins and when the House votes this week. Democrats from trump friendly districts are under pressure to break ranks. Thirty one democrats are seeking re election election in district trump won two of them have already said they're likely to vote now. On one or both articles of impeachment one may be switching parties. Other moderates are weighing their decision facts. I'm going to read everything. Watch all the tests and watch all the testimony and the hearings and and read the transcripts consult with scholars first and then of course talk to my constituents today New Jersey Democrat. Tom Malinowski got some booze when he told constituents in his district he plans to vote for impeachment. I believe that on the two council impeachment that have been put before us but the votes should be us and I will be voting. Yes cheers and boos there all right. David Wright joins us now live from the White House. David houses planning that historic vote on this two articles of impeachment against President Trump this week and even with those those moderate Democrats still under political pressure. That's right Tom. The vote likely to take place Wednesday and the math in both chambers adds up the Democrats in in the house believed that they have more than enough votes to impeach. President Trump Republicans in the Senate believe they have the votes to keep him in office. As you know Tom. The constitution constitution requires a two thirds. Vote to remove a president. David thank you in this programming. Note tomorrow on this week. George sits down with House Judiciary Chairman Jerry. Nadler Alert House Intelligence Chair. Adam Schiff and senator Ted Cruz of Texas. We turn now to America's cities facing paralyzing threats from hackers. The city of the warlords forced to shut down their computer system. Here's ABC's Mona Kosar Abdi with more tonight. A state of emergency in New Orleans after a cyber attack on the city's computer systems we fully activated our emergency Operation Center officials directing all employees to power down. Computers unplugged devices and disconnect from Wifi. The mayor says ransomware somewhere was detected but it's unclear who is responsible secret service. FBI of course All of us really are hands on deck with this emergency services services. Nine one one dispatching and police radios were unaffected this year alone. Cybersecurity firm MC soft reports nine hundred and forty eight ransomware attacks on government mm-hmm and agencies healthcare providers and school districts out of cost of more than seven billion in taxpayer dollars just days ago. Hackers Pensacola Florida demanding. Being a one million dollar ransom and in Georgia computer screens at the nine one one dispatch center going dark the network infected by malware basically. What we were left with with was a radio system? Hackers also crippling computer systems at New Jersey's largest hospital network as for New Orleans City Hall has been shut down all sitting websites. It's our down and employees are using good old-fashioned pens and paper to conduct business. Tom Mona thank you. Next to the chilling surveillance video just released we'll police recalling cold-blooded ambush and execution of one of their own. The suspect coming up behind that officer opening fire in a police station parking lot last weekend. New details else on that case and other attacks on law enforcement coming in tonight here's ABC's Akra quiche tonight. Police releasing this chilling surveillance video of a gunman seen firing firing multiple times into a squad. Car killing the unsuspecting officer. The ambush taking place a week ago in Arkansas right in front of a police Lee station authorities calling it. In ambush and execution. You can see police rush out of the station. In pursuit of the suspect backed down on the west side of the building. They chase him through an alleyway killing the suspect. London Phillips the officer Twenty seven year. Old Stephen Car this week a a solemn procession to honor the fallen hero was led by car siblings. He came from a law enforcement family. He knew what the job was about and He he just wanted to serve his community. Tom That officer had been on the force for just two and a half years now tonight authorities tell us that the investigation continues news. Tom Zachary thank you. We're learning tonight more about that deadly attack that left six people including two gunmen dead Jersey City the FBI recovering a white van. You see it right. There linked to the suspects that attack at a kosher grocery store now being investigated as domestic terrorism and update tonight on that mass shooting at the naval base in Pensacola Hola. ABC News obtaining a joint intelligence bulletin detailing some of what investigators have learned about that gunman since December sixth attack the twenty one year old. Saudi suspect Specht apparently posting online months before the attack that quote. The countdown has started and other posts referring to non Muslims as infidels. At least three people people were killed and eight others injured in that incident. Investigation is still ongoing. We WanNA turn out of politics and the two thousand twenty race and the big question. Mark Swirling around next week's Democratic presidential debate the Labor Dispute and possible picket line at the college hosting the showdown will the debate now cancelled. ABC's Rachel Scott with the latest tonight a threat to boycott placing the next democratic debate in jeopardy the seven candidates who have qualified vowing. They won't Cross a union picket line to get to the stage. I think it's a terrible look for the Democratic Party than to have a debate and runs afoul of union work rules the Democratic Party now scrambling to find a resolution solution before Thursday as a California labor union unite. Here eleven plans to continue to pick it on Loyola marymount university's campus. We should cross the picket line. I try to work to find a new location. Or they're going to have to figure out how they resolve this that union representing one hundred and fifty cashiers cooks and dishwashers in the middle of an ongoing ongoing labor dispute with the deck so company contract to handle food services for the university demanding better wages and health care benefits the Union sending this letter to the Presidential Oh candidates outlining their plans in a statement the DNC says while Lmu is not party to the negotiations they are working with all stakeholders to find an acceptable resolution that meets their needs and is consistent with our values and will enable us to proceed as scheduled with next week's debate. I believe they are probably trying to work with all the parties to resolve this because having these debates is critical for Americans to see the differences between candidates and this is obviously going to be a critical election for America. All Right Rachel. Scott joins us now live from Pittsburgh where several of the candidates were campaigning. Today we're just a few days out Rachel from that next debate. Will they find a solution Shen before Thursday Tom. This is not the first hurdle for the DNC last month they had to move this same debate from Ucla over a different labor dispute but tonight both the Party and the candidates are optimistic that they can find a solution before Thursday now with the latest on the college. Admission scandal actress. Laurie Lachlan pushing back on claims claim. She paid bribes to get her daughter into college now. Accusing prosecutors of withholding evidence here's ABC's Marcy Kansas tonight actress Lori Loughlin and her her husband Massimo GM newly going on the attack revealing part of their defense strategy. The couple accused of paying half a million dollars to get their two daughters into the University University of Southern California. Now say they didn't know the payments were bribes and claim prosecutors are withholding proof of that their lawyers writing in a court. Filing the government appears to be concealing exculpatory evidence that helps show that both defendants believe all the payments made would go to USC itself for legitimate. Judy mid university approved purposes is very serious for a prosecuting attorney to withhold. What may be exculpatory evidence? While other parents herons including actress Felicity Huffman Have Taken Plea Deals Laughlin. Gianola are maintaining their innocence claiming they believed payments made to college admissions consultant. Rick Singer seamer were legitimate. This case unlike some of the others there were actually falsified photographs and fake resumes created for Gorey's children. I think it's going to be pretty difficult to convince a jury that they somehow believe they were just making a innocuous. Donations the next hearing. And the couple's cases is scheduled for mid-january they face up to forty five years in prison if convicted Tom turned out for index in a shooting scare inside of busy mall. Atlanta new video shows frantic holiday shoppers running to safety when the shooting started inside a food court. Police say the shooting was a result of an argument. As an isolated incident. One person was injured. Police police are now looking for that gunman and the major medical headline tonight for some heart and diabetes patients the FDA approving fish oil official royal based drug used to reduce the risk risk of potentially deadly complications including heart attack or stroke. The CPA would only be used for those already taking cholesterol lowering medications. Experts say the prescription therapy could benefit millions of high risk patients to Georgia. Now where a man has been arrested for slapping a reporters backside on air the video of the assault the seat here on W. Save reporter. Alex Bazaar Jian during a live report in Savannah going viral and prompting police investigation forty-three-year-old. Thomas callaway now charged with sexual battery after turning himself in he was released on bond and a historic win at the Miss World. Pageant Miss Jamaica Tori and sing taking at home the crown at the ceremony in London for the first time all the winners all five major pageants including Miss Universe Miss. USA Miss Team USA and Miss America. America are black women filing tonight the new graduate giving us all a lesson determination. It's America's strong that that should Torah herring headed to a major milestone fourteen years in the making contact comedy. I not that I had to do. Should never thought she would see this day after dropping out of college at nineteen and push myself like I should have married at twenty. One has happened for sure. Torah life would continue to take unexpected. Unexpected turns after having her first son sign as two years later she was diagnosed with Multiple Sclerosis careful work you know because I always do everything just like it just. It was very scary now. Now a single mom living with ms should torre was living life in pain every day. But she knew one thing she had a fight. Through for her son is very very unpredictable. APRES and operating operate India. Finally ally. Okay I got these should Torah would have a second son Sir James but something was always burning in the back of her mind find finishing that degree boy is mostly thousand single moms. I know I have to do it for so two years ago. She went back to the University of Arkansas. `Kansas at Pine Bluff. This time she didn't have just attend college. She doubled up on her credits and they might just tell my boys though. Whatever life throws anybody's whatever life throws throws it? You you you through it you just keep going to not you vote in that model. She's live by fourteen years later. Finally getting that degree I wanted to screen eighteen hours. So Happy Chautauqua not only graduating but making the chancellor's list and getting a four point. Oh in her last semester. Never Yellow Montana. It just never give a four point. Oh congrats to Chautauqua. Thanks so much for watching. I'm Tom Llamas. New York Jian this week. First thing in the morning I'll see you right back occur tomorrow night. Have a great night. Are you hiring with indeed. You can post a job in minutes. Set up screener questions then. Zero on your shortlist of qualified candidates using an online dashboard get started today at indeed dot com slash. Tonight that's indeed dot com slash tonight.

Tom ABC officer ABC Rob Marciano America Tom Llamas Senate President Trump White House New York City New Orleans David Wright president Colorado New Jersey Pennsylvania murder
Pensacola under cyberattack. Notes on ransomware. The US Justice Department IG report on Crossfire Hurricane. Who let the bots out?

The CyberWire

19:47 min | 1 year ago

Pensacola under cyberattack. Notes on ransomware. The US Justice Department IG report on Crossfire Hurricane. Who let the bots out?

"The city of Pensacola is hit hard by an unspecified. Cyberattack riot ransomware descriptors may cause data a loss a new variant of snatch ransomware of AIDS. Antivirus protection the. US Justice Department's Inspector General has reported on the FBI's crossfire hurricane investigation nation. Another unsecured database exposes P.. I keep an eye out for patch Tuesday updates and it's prediction season so cyber scoop. Let's the pots south and now a word from our sponsor the upcoming cybersecurity already conference for executives. The Johns Hopkins University Information Security Institute and Ankara will host this event on Wednesday March twenty fifth in Baltimore in Maryland on the Johns Hopkins home would campus. You can find out. More at ISI DOT J H U Dot Edu and Click on sixth annual cybersecurity conference. It's for executives. Learn about the do's and don'ts of risk management with industry leaders and other cyber professionals check out the details at ISI DOT J H U Dot Edu Eighty you click on the sixth annual cybersecurity conference for executives and we thank Johns Hopkins University Information Security Institute for sponsoring our show funding for this cyber wire. PODCAST is made possible in part by McAfee security built by the power of harnessing harnessing one billion threat sensors from device to cloud intelligence that enables you to respond to your environment and insights empower you to change it. McAfee the device vice to cloud cybersecurity company go to McAfee dot com slash insights from the cyber wire studios data tribe. I'm Dave Bittner with with your cyber wire summary for Tuesday December eleventh two thousand nineteen the city of Pensacola Florida has disconnected most of its networks in response to a cyber attack that hit over the weekend. The attack began early Saturday. The Pensacola News Journal says hours. After Saudi military pilots undergoing training at Pensacola Sakala Naval Air Station murdered three. US sailors and was subsequently shot by local police. The timing of the cyber attack raised speculation that it might be connected to the shooting which according to the New York Times authorities are investigating as a possible terrorist incident but so far no such links have been found. The the motivation behind the cyber attack remains unclear. The city hasn't said for example whether it's received ransom demands the city has said that no personal information appears appears to have been compromised but the investigation is still young and still ongoing. Pensacola is working with the FBI on the case the decryption specialists at MCI soft warned that the criminal provided Rieck ransomware descriptors may damage larger files the decrypted truncates big files and MC soft oft finds that this can result in an recoverable data loss decrypt if you must but better to restore from secure backups and better yet to avoid infection in the first place while we're on the subject of ransomware researchers at security firm Sophos labs report finding an evolved version of snatch ransomware that avoid some antivirus protections by causing windows to reboot in safe mode the US Justice Department late yesterday released its Inspector General's report on the FBI's 2016 Crossfire Hurricane Investigation Crossfire. Hurricane was open to look into allegations of Russian influence in President Trump's campaign as the Washington Post summarizes the report. The I G found that the F. B. I. had grounds to open an investigation but that the investigation itself was marred by serious failures. Those failures are particularly evident. NBC News says in the way the FBI obtained and used Faisal warrants and in its handling an assessment of confidential human sources. Reading through the report. We see that the most prominent confidential human source mentioned or C. H. S. as the I G teaches us to call all such persons is Christopher Steele the British national. Who provided the Kompromat of the steele dossier to various parties including opposition research shop fusion John? GPS The FBI cited information from steel in its application for Vice Award to surveilled Carter page then a foreign policy adviser to the trump campaign. The process of obtaining Faisal warrant requires that the request based on verified information that verification according to the I G was less than fully successful in one instance for example. The bureau submitted a Yahoo News Article in verification of some of steals claims without noting that the article was based on information. Shen from steel with apologies. To Ludwig Wittgenstein this is a little like buying a second copy of a newspaper to confirm the stories. You read in your first copy. The I found that the process of securing the warrant was marred by serious performance failures by the supervisory and non-supervisory agents with responsibility over the Faisal applications. Since page. The I G report says did indeed have contact with Russian intelligence officers but he did so with the knowledge of an unnamed. US Agency he was providing finding information that agency page has said was the CIA in general. The report suggests that the inquiry was handled carelessly and under the spell of the sort of targeted fixation investigative agencies frequently tempted. There's no finding a political bias in the bureau but those disposed to look for it. We'll find indeed indeed have already found plenty of circumstantial evidence of it mostly surrounding eagerness to swallow the steele dossier hook line and sinker. Those dispose to dismiss S. political bias are focusing on the Geez finding that the F. B. I. had grounds to start an investigation the F. B. I.. Immediately accepted the report's recommendations and says has it's moving to strengthen applicable procedures oversight mechanisms application security firm very code recently published the latest update to their state of software. Where security? Report Chris. Why so Paul is? CTO and co-founder at very code and he takes us through their findings customers that scan their software. Th- wear for vulnerabilities on a more frequent basis. End Up fixing vulnerabilities faster so it shows that just a a process change can lead to more secure software so based on what you gathered here in this report. What are your recommendations so the recommendation is to make a cultural change of Not Having a separate security team be the people people that test. Software decide what to fix and then essentially harangue the development team to fix issues not on the development teams schedule or when it's best for them they recommendation is to get Management in the Development Organization to take ownership for this and use I use as evidence things like the state of security report. Which says you're going to have much more secure software actually with less effort it's going to be easier for you to produce more secure software and get that buying the executive team and then push it all the way down to the individual development teams where they will take ownership for securing the software and the security team then becomes a consultant? They become someone that helps this process work. But they're not there in the daily meetings. eatings saying you know. Should we fix this bug anymore. The security team takes ownership of that and gets trained to have some expertise so they actually know What they're doing then they build it into their process and they think about getting better and better over time? was there anything In the report. That was surprising talking to you. A any unexpected results came through. Well we did something which was a little different this time. which was we didn't just look at how often scanning was done? We looked at the pattern of the scanning. So was it steady. Was It on a daily basis. A weekly basis was irregular. Was it something where it it would seem to hap hazard like why are they scanning now and wise a lot of intense gaining over this period or what we call Bercy which was long periods of time were no scanning activity happens that a month or two of intense scanning activity and then a long period of time with none and that kind of showed us that they were scanning only as they got close to the release cycle and We didn't know what to expect from breaking development teams into those three categories steady irregular regular and burst so the recommendation is scan on a steady basis or even in a regular basis but don't go long periods of time without scanning that almost guarantees. Your product is GonNa be less secure kind of reminds me of you know the the frantic cleaning of the house. That takes place before Thanksgiving or when family's coming over and you you when you have done it in a while you start throwing things into closets and you pay for it later absolutely. I think that's a great analogy at the high level. When we say like is software you know getting more secure or less secure? We saw over the ten year period. That we've been doing it. A lot of vulnerabilities that are well known like sequel injection or sort of at the same percentage rate that they were ten years ago we had twenty three percent of APPs. Ten years ago had one or more sequel injection vulnerabilities and here in two thousand nineteen twenty four percent of APPs. Have One more sequel Jacksonville vulnerability so it's crazy. I think that if you look zoom out and look at the big picture not much has changed as far as you know are people fixing these problems or not or or introducing these problems album so we sell a lot of work to do as an industry and we hope that these recommendations that come out of the report where we see what you know. Particular development teams are doing really. Well we can percolate that through the industries so that becomes the average way of doing things and you know everyone gets better not just these teams that have a great process. That's Chris why. So Paul from Vera Code The day now seem somehow incomplete without news that MIS configured cloud database has exposed a great deal a personal information and today unfortunately is complete tech crunch reports that the British penetration company fight us has found another one. It's an AWS WS bucket belonging to a company that tech crunch and fight US declined to name. The company's business is the processing of applications for copies of US birth certificates the exposed. Those database holds more than seven hundred fifty thousand applications. Such applications contain a considerable amount of personally identifiable information including according to Tech crunches which is look at the material the applicants name date of birth current home address email address phone number and historical personal information including past addresses. Names is a family members and the reason for the application such as applying for a passport or researching family history. That's a lot Amazon. said it would notify the unnamed company. WHO's bucket it is that needs to well do something about it today? Of course is patched Tuesday so be on the lookout for updates from Microsoft and Adobe expected expected sometime this afternoon. We'll have notes on the fixes tomorrow and finally it's also prediction season and the cybersecurity industry has been busy making them. We do link to those in our daily news briefing and we encourage those interested to look there for the sectors virtual crystal ball. But we'd be remiss if we didn't mention one outstanding standing and very funny aggregation of twenty twenty four castes. It's in Cyber Scoop by all means give it a look. The publication decided to turn the AI loose on the predictions addictions to Guam them all together and they didn't stop there either. They let the bots do the writing to as the editor says in her disclaimer. The article is all generated. They did through Markov chains and is only super lightly. Edited for clarity. Those Markov chains are rattling better than the cash boxes that encumbered Jacob Marley when he visited Ebeneezer these are scrooge. There most inciteful prediction we thought was prediction number. Eight more security officers will get worse. Tell it brothers and sisters we particularly really like the way the bots attributed quotation to Carl von Clausewitz at the end of every section a riff on his famous dictum. That war is the continuation of politics by other means. A few of our favorites were war is merely the continuation of the evolution in cloud security or war is merely the only way to monetize ing Iot network attacks attacks and more is merely the marketing deployed so bravo cyber scoop and do go read the whole thing. It's time to take a moment to tell you about our sponsor recorded future recorded future as the real time threat intelligence company whose patented technology continuously tenuously analyzes the entire web to develop information security intelligence gives analysts unmatched insight into emerging threats and when analytical talent talent is as scarce and pricey as it is today every enterprise can benefit from technology that makes your security teams more productive than ever we hear the cyber Wire have long been subscribers to record futures cyber daily and if it helps us. We're confident it will help you to subscribe today. And stay a step or two ahead of the threat. GO-TO recorded future dot com slash cyber wire to subscribe for free threatened updates from recorded future. That's recorded future dot com slash cyberwarfare and we thank recorded future for sponsoring our show and and joining me. Once again has been yellen. He's the program director for Public Policy and External Affairs at the University of Maryland Center for Health and Homeland Homeland Security. Also my co host on the caveat podcast Ben. Great to have you back to be here with you Dave interesting article. This is from the verge. something you and I have touched on over on on the caveat podcast but there's some specific here I wanted to dig in for our audience and this has to do with whether or not you have a right to sue facebook and other online in platforms and some legislation. That's being cooked up to address this sort of thing what's going on here so there was some promise In the past several months so there could be deep. Bipartisan Agreement on Federal Data Privacy Legislation. This has been a long running problem. We have this patchwork of state laws and some MM federal regulations that apply to data privacy. But we don't have uniform federal legislation so a couple of key senators The United States Senate Democrat. Maria Cantwell of Washington. A Republican Roger Wicker of Mississippi have been trying to work on a bipartisan solution. To this problem I think there is general. Bipartisan interests the skeleton of such a bill. Okay in terms of you know some of the things we all agree on like giving the FTC Federal Trade Commission Enforcement Authority on data privacy violations but a big source of disagreement is giving consumers users a private right of action against the big tech companies. What does that mean? So this would allow a legal cause of action for any user of any one of these sites or any one of these technological devices to directly. Sue that that company for damages. So oftentimes you'll see legislation. That bans a private right of action where legislation will explicitly say individual. Vigil doesn't have standing to sue on the basis of a violation of the statute i. What Senator Cantwell's proposal would say is that users do have legal standing standing to sue if they are alleging that their data has been compromised by one of these companies? You know so the positives would be having a private right of action gives these attack companies the twitter's and facebooks of the world more of an incentive to protect user data. If they're fearful about getting sued you know they might hire more our compliance officers to make sure that they're complying with this federal statute and the downside. which is something that Senator Wicker and other Republicans have talked about is that this could good lead to a flood of lawsuits and when a similar standard similar private right of action was applied to the telecommunications companies back in the nineties it did lead to a lot of lawsuits hundreds of thousands of them a corollary to that arguments senator wicker's argument which I think has a lot of merit to? It is facebook and twitter. You know they have the resources to respond to lawsuits Bayern. Wealthy Companies Mark Zuckerberg can hire the best lawyers in the country. Jack Dorsey probably could to You know it's the resources are just not going to be a problem for them. Even if they're sued by millions of users there are a bunch bunch of class action lawsuits. That's true for some of these. Smaller companies lawsuits could drive them out of business and You know so this might be a regulation that or or a change in the law that actually would benefit big tech companies at the expense of the smaller guys out there could keep the smaller smaller guys from establishing a foothold in the market. Even exactly exactly because compliance would just be far more expensive and there would constantly constantly be this threat of litigation so that might impact somebody developing a new technology where we are a new interface where they're not entirely clear if there are robust plus data protections maybe the company decides not to go through with that. Because it's too expensive to try to comply with these new federal regulations So the upshot of this you know senator wicker claims as part of this article that he doesn't think this dispute on private right of action is going to derail the entire effort to have a federal data. Privacy Bill I think Senator Cantwell has has also signaled an openness to having legislation. That does not have this private right of action. This is just going to be part of ongoing negotiations There are certainly legitimate positives and negatives or that particular provision Asian. But it's something that's going to have to be worked out in the United States Senate all right those gears turning right absolutely they always are although we don't usually associate the United States the Senate with gears turning grind very slow Anki wrenches and rust on the gears cooling saucer as they say all right. Well Ben Yellen is always thanks for joining thank you. And that's the cyber wire thanks to all of our sponsors for making the cyber wire possible especially are supporting sponsor observe it the leading insider threat management platform warm learn more at observed dot com the cyber wire podcast is proudly produced in Maryland out of the startup studios of data tribe with their co building the next generation ration- of cybersecurity teams. Technology are amazing. Cyber wire team is Elliott Peltzman. Stefan Zero Kelsey Bond. Tim No Dr Joe Kerrigan Carol. -Tario Nick Valenki Bennett. Mo- Chris Russell John Patrick Jennifer Ivan Peter Guilty. And I'm Dave Bittner. Thanks for listening

US FBI Senator Cantwell Dave Bittner Mo- Chris Russell John Patrick Pensacola Senator Wicker US Justice Department McAfee Christopher Steele Maryland Senate Johns Hopkins University Infor ISI DOT J Faisal facebook Paul development team Pensacola News Journal Hurricane
Can unemployment insurance be fixed?

Marketplace with Kai Ryssdal

27:13 min | Last week

Can unemployment insurance be fixed?

"This marketplace podcast is supported by uk g to be a powerfully productive business. You need powerfully. Happy people to leaders in workforce management and hr have joined forces to become uk g. ultimate kronos group with comprehensive. Hr solutions they'll help you. Create more meaningful connections within your workforce that will make people smile uk. Our purpose is people and by alarm dot com keeping millions of homes and businesses safer and smarter every day alarm dot com is redefining home and business security with smart features like voice control and customize smart alerts alarm dot com unites. Your security locks doorbell camera lights video cameras and thermostat into one smart system with one single app to control it all learn how to protect your most important investment at alarm dot com. Here's a post for you to keep in mind. Thirty eight days until the next moment of economic peril from american public media. This is marketplace in los angeles. I'm kai ryssdal. It is wednesday today. The eighteen th day of november. Good as always to have you along everybody. Thirty eight days a little bit more than a month gets you to the day. After christmas and the expiration of most of the federal unemployment programs that were passed last spring in the cares. Act that in and of itself is not good economic news. Neither to is the reality that there are no negotiations happening right now. In congress on more relief democrats and republicans aren't even talking and so according to research out today from the century foundation twelve million people who are out of work in this economy are thirty eight days from losing their benefits. Marketplace's nancy marshall genzer explains what that's gonna mean for them and for us without a deal. December twenty six will be a grim day for unemployed workers and a us economy andrew stenner with a century foundation. Says it's like twelve million workers and their spending power will fall off a cliff. Even if you thought you had ten eleven twelve nine weeks left. You won't get those weeks. You get cut off that exact week. Benefits for gig. Workers and the self-employed are ending as is federal. Help for most people who've exhausted their state benefits stettler says black workers in the service sector will be hit especially hard since so many of those businesses have closed. Kimberly austin is a black artist. Who lost her job. As a face painter at legoland near san diego she wants federal action now. The should not eat a political joke to anybody. This makes no sense. Austin has been getting by on two hundred eighty five dollars a week in unemployment. she's uninsured and the inhalers she needs for her. Asthma cost. Two hundred dollars jason. ye doesn't have health insurance either. He's an accountant in los angeles. Who was laid off last june. He's been living on four hundred fifty dollars a week plus his savings. The cliff will be bad because eventually with no benefits. Then you know it'll be a hundred percent savings. He says savings will run out in february. He could tap into a retirement account but he's only fifty five. That means an early withdrawal penalty at penalty waiver in the cares act also expires at the end of the year. I'm nancy marshall genzer for marketplace more on unemployment by the way later on the program from the guy who tracks unemployment for us mitchell hartman. The federal aviation administration said today that boeing's much troubled and fatal seven thirty seven maxes have been cleared to fly. Again it's not happening tomorrow. There is maintenance to be done on planes that have been grounded for twenty months and pilots to be retrained of course also the air travelling public to be reassured. Are they gonna be and do they. Want to get on board marketplace's replenish or has that one. He's not a big traveler but houston. It analysts spencer harper likes a trip a couple times a year. I would have no problems on the max. His wife and her family though different story she is plainly stated. It is not happening with us. They just don't trust it. They wanna see more people flying before they think it's ready. That actually suits airlines and boeing. Just fine the. Reinstatement of the aircraft is going to take quite a long period of time. Keith mackey is president of mackey international and aviation safety consulting firm south west which owns the most 737 max's of any airline says it won't fly passengers on the planes before april two thousand twenty one american phasing them in starting this december twenty ninth and over that period of time it will see the aircraft flying sagely. That's the hope of airlines and boeing anyway. There's no shortage of seats on other planes. These days so skittish flyers can very easily wait and see american has said if passengers don't wanna fly innomax they can change but that kind of passenger is not the one flying now anyway says samuel angle with consulting firm. Icf the consumers who are flying now are the customers who in general are less scared about travel. You can expect some rebranding though. Says mike boyd with aviation consulting firm boyd group. Airlines are not going to use the word max for anything if somebody down the halls. Name's max she's going to have his name. Changed frank airlines will probably use the term seven thirty seven eight instead. He says just in case. You want to check your booking in new york. I'm sabri venture for marketplace max. Down the hall though man come on on wall street today while acknowledging that correlation is not causation. No sooner came the announcement that new york city schools are shutting down again then. The major indices rolled over. We'll have the details when we do. The numbers income driver los angeles these days or any city. Really probably but la is where we happen to be. Anyway you do that. And you're gonna see a lot of shops and restaurants and strip malls basically closed lockdowns and restrictions from the government. Yes but also just changed consumer behavior a week or so ago. Though i found myself at an outdoor shopping center which was basically open all the way. How are you thanks to me a little bit. how are you good. That's the guy who developed plaza la alameda through his company prime store. I'm gonna let him do the introduction. My name is snyder. Where at la la mesa in walnut park california. And what is what is What is this place walnut park in this neighborhood. Tell me about so. This is a transitional neighborhood that was historically a fringe industrial warehousing district That became very dominant with latino and african american neighborhood and We assemble the fairly large area here to create jobs and bring in Services and businesses that we didn't have transitional meaning that puzzle alameda where you can find chains like chipotle and marshall's in some moms and pops as well it sits on what was once a glass manufacturing facility and textile dyeing house that had been abandoned for almost twenty years. Artur had brought some pictures to show and this was all abandoned and shut down. This was the number one crime neighborhood and the sheriff's department. Then we started assembling sued. The just swallow hard when you decided to do this. Because i mean you look at that and then you look at this. That's i mean yeah. I think there was a young naive today. Got us to where we are now but been always my desire to create and economic change inside the neighborhood and i think that anybody was going to do it. That didn't understand the dynamics of the culture right rightful. That's and that's the key right. Understanding the culture. I think so. I think it's Being relentless and having passion for building this mall did create some economic change from abandoned factories to just before the pandemic hit a local unemployment rate around four percent. now of course it's higher fourteen percent in september so so let's do a quick three sixty here and just see who's here right. I mean just right off the bat you've got a jumba juice and a panda express. Clearly major chain saw the opportunity to now. Did you have to sell them on this. Yes i the first ten years Of this endeavor. People thought i was out of my mind and i thought so too many times. They wouldn't return our calls and there would be no no real interest until we started understanding how to educate the market in the scale of the opportunity. And what we do. Is we partner with local businesses local entrepreneurs a lot of the latino black community. They have so much talent so much skill working for other companies and other businesses and these next generations want to open and operate their own businesses. So that's why we call locate them with traffic generating businesses But we require that all of our businesses hire locally for construction for permanent jobs for everything. tell me about then the lieber pull that you that you draw for your customers i guess or your tenants draw from around here right. I mean they can go out and they can find these people. Oh yeah this. So the mand is just extraordinary in terms of job seeking jobs what we've worked on over. the last. Many decades is creating a bigger opportunity for job training. When i first started. There wasn't any of that it was just sort of pulling people from other markets. But who lived here. Instead of having them commute to work they would be able to work right here. So so let's just i. I wanna walk for just a little bit and We'll get away from the armored car and Help me understand how you came to design this place as it is right because you've got a little plaza here across the street from some kind of big box as you said about designing this What were you trying to do right. Because design is the key elements of getting people in the door. Yeah so the concept of sokolow Looking to the public square. Yeah yeah that that's the concept here. We took exactly the materials Even the landscaping materials the finishes and the traditional kiosk right and one of the key elements here at the time was no fences. No gates no walls. These are neighborhoods traditionally had been built with that in mind and we took not only that but we put the bus stop directly into a turn out in the plaza so that it becomes integrated to the community and we go ahead. Well i'm going to say a lot of ceramic tiles and all kinds of cool stuff to yeah. This is a material although keen and As from mexico that we brought in in creating a place where we can have lots of activities There's programming here constantly dance events and performance used to be anyway right right right i mean look it's gonna it's kind of sad you've got this great space and it. Yeah you could see record off children's player the fan off because we don't want people congregating that but that's the concept of it. Yeah give me your sense As a guy whose business depends on the overall health of the economy. How are you feeling One thing that i have found about my particular business model is that these communities are so under served that the demand from the businesses that we have believe it or not as still driving our business so where we. Ross marshall target these businesses still need and want to open stores in these communities because where they look across the map they find that they have too many stores already but in these areas they feel that they don't have any stores right so the stores are in white neighborhoods and places. They're easy to get to not black and brown places right exactly. Yeah that's exactly right so they still have a huge growth potential there. We've been talking about change in this country for a long time. Especially the bracken black and brown communities have been talking about change. Do you think it's here now. Are you hope I'm skeptical We just opened freedom plaza and watts. It was fifteen years in the making That was the transformation of the jordan downs project which i worked on for nearly fifteen years so that opened that gives you some hope. But seeing the the chaos that we've seen as a result of george floyd incident and others and seeing the lack of velocity and response. I'm skeptical still about. Thanks a lot. Thank you appreciate it coming up. They have guaranteed response tons last services speedy and polite customer service with a twist if you will but first let's do the numbers dow industrial's down three hundred and forty-four points today one in ten percent. Twenty nine thousand four thirty eight. That has backed down ninety. seven points. eight tenths percent. Eleven thousand eight hundred eighty one the s. and p. Five hundred gave back. Forty-one points one tenth percent there as well thirty five and sixty seven bowing down three point two percent today despite that seven. Thirty seven max. News tesla of more than ten percent today after an upgrade from morgan stanley that upgrade by the way noted. It was time to look beyond tesla's cars the company self-driving software also in vehicle entertainment packages john quite get targeted flip two and three tenths percent. Today's third quarter sales and income easily beat expectations digital sales up one hundred fifty five percent on the same quarter last year which kind of amazing bonds down. Just attach yield on the ten year. Zero point eight six percent. You're listening to marketplace this marketplace. Podcast is supported by transfer wise. The smart new way to send and receive money internationally. Transfer wise gives you the real exchange rate. Every time you send money abroad you can even get an account that holds up to fifty four currencies at once and convert between them any time. Join over eight million customers. In more than eighty countries who are already saving. Try them out for free at transfer. Wise dot com slash marketplace or. Download the app this marketplace podcast is supported by. We work as a business you know today as of working it takes new measures toward health and safety flexible terms for where when and how you work spaces designed with your purpose in mind it takes the innovation of a. We work office to take your business where you want it to be visit. We dot co slash future to learn more. This is marketplace. I'm kai rebel. Nancy marshall genzer was reminding us up the top programme of the peril. This economy is looking at come the day after christmas. Most of the pandemic unemployment benefits are just going to go away unless congress and the white house do something back. At the end of march the strain on the eighty year old insurance system in this economy which is really a patchwork of systems run by the states. It broke laid off. Workers waited months for benefits online. Applications kept crashing people applying by phone got busy signals for like weeks and so as marketplace's mitchell hartman reports there is new momentum. Now to fix things. Brian forester of tulsa. Oklahoma has been out of work during the pandemic. And he's run out of patience with the unemployment insurance system. He was supposed to start a job. In march which got delayed till june due to covid he applied for federal pandemic unemployment assistance. But you would call and call and call and literally. Nobody would call back. Things never got resolved. He should have gotten several months of payments instead. He says he got one check for seven hundred dollars. Michelle evermore at the progressive national employment law project says a lot of applicants have never gotten through the system in some states. I'm seeing seventy percent approved in some states. Forty to fifty percent approved. A lot of those are inaccurate. Denials people who are still in limbo. There's broad agreement across the political spectrum. That the patchwork of antiquated steve computer systems failed catastrophically to respond to the economic emergency caused by the pandemic. It's clear that we need to upgrade the it systems it's causing problems getting benefits to the people who need them. that's economist michael strain at the conservative american enterprise institute. He points out that congress wanted to add extra federal money to unemployment checks so laid off workers wouldn't need to look for new jobs during the pandemic but lawmakers didn't want people to earn more on unemployment than they had made working. It should not be beyond the technological capability of state governments to calculate what a person's previous wage was and then to give them one hundred percent of that amount in unemployment benefit but it was beyond those systems so congress just gave everybody an extra six hundred dollars a week. It consultant adam bo- bro- who's working on reform proposals to offer. The biden administration says steet systems should be connected to federal agencies that already have key information about applicants. Wage data dates of employment and things that are available in federal databases employees. So you could demonstrate eligibility a bit more of an automated basis in a way that scales other reform proposals address. The wide disparity between states in benefits and eligibility michelle evermore at the national employment law project says the feds should set baseline standards twenty six weeks benefits of minimum wage replacement amount a better weekly benefit a simplified application process conservatives. Like michael strain countered. That states should continue to have wide latitude to respond to local economic conditions. I think it makes sense for states to say that we think in our state a less generous benefit make sense and maybe in another state and more generous benefit make sense and if voters in the states want different systems that seems like a reasonable outcome the biden administration will be able to push. It upgrades and enhanced data coordination and it might be able to issue new guidelines to speed up claims processing and reduced denials but a new national standards to increase unemployment benefits and expand eligibility. That'll be mostly up to congress. I'm mitchell hartman for marketplace. Hey you got seven and a half minutes free tomorrow morning. Listen to david brancaccio gang on the marketplace morning report everything you need to know what your economic day. Even before president trump fired this country's top cyber security official last night for truthfully saying there was no fraud or software glitches that cost the president votes in the election. He lost even before that cybersecurity experts had been warning that the presidential transition period is a huge opportunity for hackers. Governments of course aren't alone in their vulnerabilities companies around the world. Continue to get hit by ransomware. Their computer systems infiltrated critical. Data locked up. ransom demanded. Funny thing happened not too long ago. Though one ransomware group took some of its proceeds and gave them to charity. Hackers maybe with a heart mono here's got about a month ago cyber security consultant brett callow at the firm mc soft emailed me a screen shot from the dark web. It showed the hacker group dark side posting receipts of ten thousand dollar donations to charities when for children the other for clean water. Nice stay said that play felt. It was only fair that they return some family that i had taken to charities have had you think kobuk is. We pleased tonight. It'll be held to change. Someone's life dark side talks to the public through blog posts in the dark web to be clear. This is a criminal outfit. But it's one of several trying to brand itself as on me sound a similar group which is not been named publicly recently hacked into a company locked up its data but then quickly reversed course. Investigators say the ransomware group responsible supplied decryption key. As soon as they would total. it's a hostile. This was in germany. Now bad people do seemingly good things in the offline world to this old newsreel shows men coming out of a depression era soup kitchen in chicago. Funded by the mobster. Al capone and so on a sunday and a very hot in japan. Violent organized crime groups gave sonam relief in twenty eleven and right now says social psychologists travaglino at the university of kent. Italian syndicates are providing pandemic aid. They're report from the europe which says the mafia in italy at the moment. Is this money. Supporting relation through the knockdowns. They ensure that everyone can eat. Travaglino says that kind of generosity serves the criminal enterprise by buying off the community the mafia the function around a rule. Which is the needs known as amish. Da which means rule of silence. You never report the police. they do. For example you never denounced them and that's really important for them to operate because they need the kind of level of public support and to get that support. Some cyber groups work to appear customer-friendly while committing their crimes. Like in that movie. La story from the ninety s. the two main characters chitchatting when a pleasant man with a gun approaches. Bob thank you very much. Cyber analysts catalysts. Act nice thinking that they're victims will come lee fork over the money. They have guaranteed response. Dawn's last services speedy polite that decryption to come with a guarantee that they will work. It's hard to know the actual motivations in any one particular case but atlanta more shot professor of cyber security at western sydney university in australia has interviewed many hackers in the course of her research when we were doing some interviews with people in in eastern europe than in russia the people in question perceived themselves to be like robin hood stealing from the rich to give to the poor. It's a way for crooks to appease their consciences she says in fact some even clean up and organiz victims files as they rip them off to be clear many are not buying this court. Altruism one nonprofit that the dark side hackers donated to children international said. It has no intention of keeping the money. I'm scott tong from articles this final note on the way out today. You know. I have been called the more than once a beer snob and okay. I'll take that. But come on this item that i saw today. Waffle house the waffle chain is teaming up with a coney bring at greensboro georgia to make and sell to somebody. I guess a bacon infused beer. I love bacon. I love beer not together but points for the name. It's going to be called. This thing is bacon and kegs. Are we gotta go. But here's your mid week moment of economic context kinda back to where we started the hurt. This economy is looking at without more relief from the government. The new york metropolitan transportation authority the country's biggest mass transit system. Oh by the way said today that without help it's going to have to cut forty to fifty percent of its subway. Bus and light rail service and lay off ninety. Three hundred people makes me think of that story that sabrina enforced couple of years ago about the failing infrastructure. That is the new york city subway system. Yes but which also pointed out that the new york subway carries the people who make something like ten percent of this country's entire economy happened media. Production team is robin. Edgar drew just at jeffpeters. Daniel ramirez j. cbo trump in fort. Ben tolliday becca wineman. They come to the office so we don't have to unless your home internet is terrible. Rozelle see you tomorrow. This marketplace podcast is sponsored by maryl- maryl- guided investing allows you to adding goals and get investment strategies aligned with your needs as you manage life. Merrill's professionals help. Keep your goals on track by building. Monitoring and rebalancing your portfolio get started at merrill edge dot com slash investing goals merrill lynch pierce fenner and smith incorporated both a registered broker-dealer and investment advisor members. Sipc.

Thirty eight days nancy marshall genzer mitchell hartman boeing kai ryssdal thirty eight days andrew stenner ten eleven twelve nine weeks stettler Kimberly austin two hundred eighty five dollar Two hundred dollars four hundred fifty dollars los angeles twenty months spencer harper Keith mackey mackey international uk innomax
Apple Car progress, ARM on Macintosh, and recording from Apple Watch Ep.195

AppleInsider Podcast

37:33 min | 2 years ago

Apple Car progress, ARM on Macintosh, and recording from Apple Watch Ep.195

"You're listening to the apple insider podcast. Welcomes this episode of the apple insider podcast. This is an experimental episode where William is traveling the world on IOS only normally we record with Matt's. So if you hear sound quality issues or note that we have difficulties. Well, this is our second time recording the episode. We're gonna get right through it then that's William the wilted Gallagher. All right. We'll again, I prefer wondering like tweet to set that butts writes. Yes, What's going on in the world arm processors for MacIntosh. Okay. I'll have. I'll have to do. They do them in blur this Intel. Stuff is garbage. Let's just forget about it. We're going to go to arm. Okay. I won't can understand intelligence taking very long time to do what it promised, but ready can apple seriously just switch over. It's a big job. The signs in the past when apple switched over, it's always been a big task, but the way that they've addressed it has been through neat tricks like running classic software legacy software in. Relation. The change from the Motorola sixty. Eight hundred sixty thousand processors to the tarp Assi was a monumental shift that required a huge undertaking and some software got left behind, but a lot of it worked in system eight. The shift to power PC was difficult. One. The shift to Intel was a much easier one. At that time they been able to compile ten for until they'd be able to get fat binary is going for Intel. It's still required some legacy software. So they wrote into emulator called Rosetta. And then after that, you know, it's not that hard any longer. The difficulty is going to be part of what we're seeing play out now with marzipan apps where we have you. I kit in advocate and one of them's going to win out in the answer is it's the one that's on iphone. That's the one that wins. So when everyone gets on board with that when marzipan becomes a little bit more fleshed out, that's when this change makes a lot of sense that makes you quote who who issued the. Analysts note says that we should expect this really, no later than twenty twenty one, so twenty twenty or twenty twenty one. You'll have arm processors in McIntosh. Probably add AFC center advantages to that. I can say that apple likes to control absolutely everything. And yet they're office reasons why. But that just sounds to me like everybody's gone IRS is likely to make the MAC cap. If it's particularly insightful. But you look at something like much to word present, which he's bets on the ipods on the MAC. It's Bessette because they started again on the have thought few features they've ditched the decades of judge foot. No, no, no, no. They didn't start again, the code that is running office apps from Microsoft on less. Is these same code that is running office apps for Android is the same code as running office apps for MacIntosh ended for windows while I'm trying to remember what features it they have doesn't have they have unified the. Owed base. It is a unified code base in years. Past office, MAC and office for windows were entirely separate animals. They did not share unified code base and with office two thousand sixteen they do. And so what is what has happened here is that they have aligned and underlying it all is the same heart. Now, some features aren't surfaced in some features aren't present and the UI is different, but at the heart of it, these things are now the same. And that's a big victory because it was a monumental undertaking except surely much softwood like Todd is a slow up on. I honor doesn't crashes often was the MAC, so that doesn't sound like it can have all these features these hang of compile time, perhaps they choose to that. Yeah, absolutely. So that suggests that this than just component for a different machine for the that make choices of optimization will look subdued. Oh, that's to put office on max small. They want to reach as many people as they can, especially in the age of Google docs, especially in the age where they would face antitrust again or face complaints. Again, if if they did not have office on platform, so it is something that they would definitely do. The question is, could they poured it? And I think the answer is yes, as as many different architectures they've currently got it going for anyway. I mean they are visited arm with surface RT and not forgotten about that. Yes or no, you know, well that they're doing it again. They've got another product other arm in it, so they're going to keep looking at this and they're gonna make sure that office runs on it, whatever it is if we compile it for arm for the other thing and the code base is unified than our MAC gets. It's well. Okay. That makes sense. I think it's an interesting change in the world where before allegedly, arguably, MC soft at didn't go on the ipads because. Wasn't gonna succeed in it was it was going to be a rival and now feel like that's actually what's broken. Mike subs hold on would predecessor uses well, they've. Remember when they said that they were still focusing on what windows phone could be right now that we know that the answer is nothing that that windows phone took a dirt nap that this is not an issue, but I wanna talk about something else that popped up in Mingji close note, which is that besides his thinking that that this changes apple into a full stack arm shop a full stack shopper. They own everything including the graphics processor end the CPU because they would obviously if they're putting any series chicken MAC that they're also working on advanced driver systems systems for the apple car. And at that will also use a TSMC chip that is he said the launch, he thinks between twenty twenty three and twenty twenty five. So the apple cau- is not dead while we knew that it wasn't dead, but it's, it's still there. It's still evolving. Now there he thinks it's either going to support high automation of driver tasks or complete automation, including Navin driving. Now, this is interesting because we know that the apple maps crew out were dry. The world to to map everything. And I actually spotted an apple maps vehicle last weekend. I was standing in much driveway preparing for a road trip and the apple maps minivan rolled past my street. Did you follow it? I did not, but I photographed it. Okay. I think evidence if people following Patchett news, Google maps. 'cause just getting ahead of it a few times so that they would becomingly recorded somewhere now and you know, Google does this thing where they blur phases out and I expect apple as well if they'd even give us a street view. But if there's a street view from apple maps, they'll see me holding my iphone up photographing them, but I took rapid fire shots. I've got really great pictures of the apple Macs vehicle driving past me. I know nothing about. 'cause he said, particularly, notable type opposite cameras. It has put extra in the show notes. That's what will use for this week accents, but so that's going on now. Also adding fuels the fire for the apple car. Is a patent application which was published on US PTO site at in trade office that shows apple is working out a way or has invented a way process to use multiple DC converters to handle down converting voltage. So what happens is electric vehicle uses in eight hundred volt battery pack because you have to have that much juice to run the wheels, right? And it's not just about voltage purely it's also about Milan hours or amp hours because you have to have a huge amount of amps to be able to to run that for any length of time and k. so. So that's why you get these giant battery packs for cars. Now, the Motors obviously take that eight hundred volts, but the infotainment system the the bus for power, windows door locks and everything else is low voltage uses twelve OT seat, not in the rest of the world. Cars could use even lower. I mean, you could you run the computer off of five volts and three point? Three volts. So. You have to regulate and down convert from eight hundred volts at twelve, right, right. That's sort of like a massive emotion joke. Well, so what happens is when you do that you, you tend to lose potential energy in the form of heat. Right? It's not a very efficient thing always. 'cause that enters gotta go somewhere. So you spend some heat, but whenever mind that the reason this is interesting is this patent says they're using multiple DC converters. So what happens is first of all, they use the one to drop from eight hundred twelve, and then they throw a second one in mine to regulate the power and and the reason that you do this is so the reason that you do this is that when you have that voltage drop these, these electron IX are sensitive ones to to power transients. They're sensitive to spikes sensitive drops. They're sensitive to fluctuations. And so use the second power converter as a way of regulating smoothing out that so that you get solid, twelve volt DC all the time as opposed to one the dips or surges based on unpowered regeneration or power drop in demand when you give guy give power to the Motors. And so this is both an interesting patent and it's also a good sign that on the car. Now you were talking about earlier when we were talking. About this offline and you'd ask me why on earth tesla tesla, do because you wrote a tesla from the airport hotel than you. I I on Sundays I think is much too, but yesterday I was picked up ex school, just tesla car delivered to my hotel. It was great, but you know, it worked. They hadn't time for the time Tessler. This mcglade one example needs to differently. Tesla has done this differently. Tesla's doing is they have the eight hundred volt battery in the floor of the gar in an upfront in the front trunk, or from if you will. They have a twelve volt normal battery. Oh, I didn't know that. Okay, ROY. But that still means it's done, doesn't well would they haven't is they've given up right? They've separated out the systems and Apple's solution is to run everything off of the one battery with one battery management system with with one charge controller. With all of the stuff that they can do off of one unit as opposed to sort of throwing their hands up and saying, yeah, right. So we've got the big thing and we also get this twelve normal. Bat seems need to do it this way, but not. Well, and it's also so there's a functional benefit there, but there's also the this is apple patenting, things that they can patent. Our part part of having a patent word chest is amassing and patenting the technology so that should it come up. You have later where you think they might be Lewis's in patent trolls around that never happens around technology. That would be interesting like an apple vehicle, no kilt now. Keeps the lawyers busy, I suppose, unseen. If that's a case. So I take it then. Puffins the interesting to the engineering the the point here is that it looks so much like that will definitely be calm. I thought the thing was a stoked trying to make a natural automobile and lagoons trudgy things with other manufacturers was maybe they were gonna Bali test via these things. Well, this was like, no, they coach, you know, there was this poaching employs going back and forth between tesla for a while, and you know Elon Musk who has a big mouth said that apple employs weren't worthy of working at tesla. They just weren't high enough calibre. So you see, this kind of thing on apple was trying to work with BMW earlier on to to see if there was something they could work out, freezing their platform that didn't seem to pan out. And so apple is going their own way. Now, why is this important? Well, Google's were on it when you know the Uber lifted working on it, there's there's a ton of energy being poured into this. No. Ocean of fixing transportation and automated driving fixes transportation in a key way. And that way is right now there are approximately and I- anywhere from forty to sixty thousand people that die in automotive related deaths every year in America alone. Now, if I told you that forty to sixty thousand people were going to die every year, you would say that was a pandemic, yes, right. I said if I said forty sixty thousand people were going to die preventable deaths due to illness, you'd say, oh my God. Why isn't somebody doing something not undo tummy? They are on this. Is it okay, right? Because because we think of driving as normal and having risks associated with it. This is just what people have come to accept and the future of the automobile is one where maybe that isn't acceptable anymore, what there are few things that happened yet. Right. So first of all, Oberlin lifted working on this, right? They like the idea and they're not alone. GM is working on it through there. Their thing with Avis rental cars and they, they're also sharing that technology because the idea here is that you know if you had a rental car company, you would absolutely want your self driving car doing it rather than trusting going on the insurance, the person driving, right? Yes, yes. Protect your investment in your in your fleet. If you are a insurance company, you know you're, you could change the world just by simply saying that people who use self driving are going to have better rates to good fiesta. Kick on that right, considered uninhabitable. Yeah, you know. And along with this car, ownership changes, if Uber and lift do this and you can simply page one in every need than what's the value in owning a car. Okay. Isn't that funny? My mind just went symbol, tiny, achieve joy driving that, but also attended enjoy the servicing. The counselor has of it things, but no, hang on the third thing with saying, I was going to introduce a calm on at the same time. Few people are gonna need. As full missed the boat. It's a good question. I mean at the same time, this is all happening. There is things like bird and lime that do bike share and electric scooter share. And if the truth is that city infrastructure allows you to ride a scooter in protected lane on a street, then you need a car necessarily. Might me you might need a car for doing grocery shopping just because in terms of carrying stuff. Yeah. But you know, for your quick commute to work, you could do electric bicycle. You could do a scooter last night when I was being driven while I admit I was looking at the tesla equipment, budget, Glenn side of the window. One point genetic show winning on Iowa. So somebody wrote by on is skateboard on a just residual they did in traffic. It was quite impressive. Essentially. Upset you can. Okay. I think a quite what those forget costs. Give me a metro scandal. Yeah. What we've reviewed a couple of those apple insider said that mainstream now they're available is not just. Hitter be with three soldiers on engine. No, for years now we did. We did boosted. We did when that was called ebor DHS or something like that. There was another one I saw CS that I quite liked that I wish I could get a hold of, but I haven't gotten a little them. We're looking at doing a one we'll review. I'm sorry, one warm wheel. So instead of escape were skateboard has the board and it has to trucks with four wheels at the corners. Basically a one wheel says, you know what? Forget all that you've got a board and then stuck in a hole right in the center of the board is a really giant wheel, single one. And so you sort of balance like a seesaw on the thing I was saying before a k- it's getting comes from Kutch to help a boat. I like it yet one one, large rubber wheel with a motor in the center of it? Yeah. Sorry from the phone numbers transport is China jink. And because of that shit ministers by send our Zine the unbundling of transport. Yeah. Bundling of transplants. A great phrase guy. Yes. Now I'm going to tell you about PDF element for a moment. We'll get right back into it. PDF element is a complete PDF solution via cross platform. Windows, MAC, Android, it's intuitive and easy to use, especially if you're familiar with Microsoft Office mentioned before we have little doubt that most users will be able to quickly get up and running with it. It provides facilities for PDF creation, editing form creation, digital signatures, and commenting plus integrated optical character recognition of CR. So that scanned paper documents can be turned into truly edible tedious given that it's so much cheaper than acrobat. It makes a lot of sense for small business use a spoke. Did you see Facebook introduced a video chat device? Yes. We've got a few, it is. Well, we got a few of those. This one is a screen with a camera on a speaker and has Alexa built, and they partner with Amazon for that, and it's freezing using video chat over Facebook messenger, okay, satisfied, Google home hub plugged into Facebook. It's not about that something something kind of like that. Now they, they were very clear. They stressed that they have privacy credentials that it doesn't monitor retain the crypts. Two calls that the that they have physical mechanical means of disconnecting the camera that they're all about the privacy rights. That sounds brilliant. Well, they lied. Okay. That's Jimmy. They allegedly might as we walked back to the pets well, so I don't have to walk it back too far. And I'll say that because after the reports saying that no data collection for dole for advertising purposes, they then admitted that, yeah, actually. Okay, fine. Some data does get collected. So in a statement that they provided to Rico, they advised that while porter lessons show advertising data about who users call and the apps used on the device can use an advertising decisions on other Facebook own services. Okay. That seemed like at least a ninety, nine percent. Reversal of things surprises me from Facebook reversal. The privacy. Oh, no, no reversal shouldn't surprise you every other time. They've said, no, no, no, we don't do that a couple of weeks later. Yeah, we do that. That's Facebook's history. No, no, we would never. Yes, we do. No, no, no. We don't yet run a newspaper running advert in the New York Times. Full-page ad apologizing yet. We did that. That's the Facebook rinse cycle repeat is. We don't do that. Oh, yeah, we do and you know what? We knew all along we did and we're sorry, but we're gonna keep doing it. Okay. I I'm in such bad for me, but at this I have previously been aware that it's sometimes better to do something in apologize afterwards than to ask permission first. But I'm talking about when I was in the BBC in things and feuded dirt. Nothing have hummed. This is different differences messing people alive. Why would you keep placing your trust in them? Why would I put my trusting Facebook. Actually, I think more than anything else coming into the reason. Well, earlier this year when the camera Janik scandal broke, we ran stories. We ran two stories one, how to delete your Facebook account in the other, how to delete a lot of your activity and minimize your exposure on Facebook. And at that time I wrote the one about Pershing, your activity, and I purged all of my activity back till like two thousand nine and the past week. I said, you know what? Forget it. I've had enough. I deleted my account a okay, I did notice. You've never sent me a friend request benches took as personal. Okay. How do you feel out there alone in the wild without Facebook? I feel okay. I'm alright. You know, I had someone call up to interview me for a documentary. They're doing on the first iphone launch, and when they sent the invite requests to speak, they said, can we just talk the Facebook messenger? And I wrote back and said, actually, no, we cannot. I've deleted Facebook and it was really they. She wrote back and she said, that's so refreshing. That's so interesting that someone talking about iphone and apple doesn't even have Facebook any longer. There you go. I did it the right time. I got a bunch of people requesting sending the Email saying, what happened? Can we still get in touch with you? Will you know what? Yes. If that's the result that I deleted it and they noticed and and we can go ahead and talk somewhere else. Yes. Perfect. Okay. Yeah. And I like it feels to me as if I have decreased the vulnerability surface of my identity way. That's quite a fries. Okay. Put on a two shifts. I just add up all put on a digit while you're doing that. I want to tell you that almost every day we hear about something on the news about a cyber attack. Sometimes it's just a bunch of pranksters. Sometimes it's a foreign country with vast cyber resources trying to hack our power grid, our banking systems or our military's information that works. The national security agency plays a big part in protecting our country from cyber attacks, and you can help the NSA is hiring technical professionals to serve on the frontlines of information security. If you work in computer science, networking programming, electrical engineering, you. Can help keep our country safe design, new hardware systems networks, right faster, smarter programs protect America's critical infrastructure or help uncover what our adversaries are planning to do. Next Bryn Mawr about careers at the national security agency today, visit intelligence, careers dot gov, slash NSA. That's intelligence, careers dot gov. Slash NSA an essay in all capital letters. Right. So t shirts, ready? Are you an extra neck? Sell Intel, basically, rush. Rush in watch my ideal. Got, yes, I undo very well. Okay. So I'm sorry, I'm bundling t-shirts. We somebody's reducing face perfect tone. Imagine what we're moving on from that because we're gonna talk about something that's a little more tragic. Yeah, there's, there's been an a story going on past couple of days about a Washington Post journalist named Jamal Khashoggi who was killed in Turkey, and the reason that we're talking about it specifically is because the apple watch keeps getting brought up as part of the details of the story. Now Khashoggi wore a cellular series. Three LT series, three apple watch, and this is known just because there are many photos of him and you can see the little red dot on the crown, right? This is an interesting thing, and we're even getting wrapped up in this race. Lewis, let's start first of all. He was a green card holder in in America. So someone on the path to citizenship, legitimately in America were for the Washington Post. The Washington Post is, of course owned by Jeff Bezos. Bezos has not commented at all on this story. Now I, it's interesting, partly because normally he stays out of the news fine. He lets the post run their own way, but you would think as the owner of the paper, he would have something to say about this. He has not news reports. Keep mentioning the apple watch as the source of data for a questioning by hit squad. So he went to visit the Saudi embassy in Turkey, and when he was there, he he, he was costed in assaulted by a hit squad, and there's an audio file. The audio file of this was reportedly synchronized with his iphone, which was in possession of fan, say, who was waiting outside the consulate during this exchange. Some people are presuming that was within bluetooth range. But the thing about consulates is that they tend to be very secure. They tend to have no wireless signals coming in and out intentionally. Yes, but right. It's a part of securing the console. And so what we don't know is is how this audio was transferred to the iphone, how it made its way to I cloud, how it made its way out of the watch for that matter. We don't know what app he used or anything, but. There's there's reports suggest that Saudis wiped certain files from his device or devices. They were unsuccessful deleting data from I cloud. Now, if if the apple watch recorded this attack, it's not clear how that happened. It's not entirely clear that it really was the apple watch. Although that's whatever saying I should point out. I often record India on my voice. Isn't that cool to just press record? Really handy. A quick record in a impromptu speech, shoemaking something, yes. So your your task is to take this app and others, like if you can find them and record with your iphone off and see if the recording goes to cloud and then record when you are off wifi and see what happens when WI FIS restored. Because in your case you have a wifi watch. Not not watch. Yes, but we want to test and figure out how the data got out and where it we're go in your exam. Now the the other concern here and how we began to be part of the story is, is that this is weird. So you know, it's possible that, like I said, this isn't a part of an apple watch recording at all that this is a part of this information compan- pain at the same time on Monday a Demane. That's very similar to our own apple insider was purchased registered in Panama. Now we're apple insider dot com, but someone registered apple insider dot org, and they redirects to ours for every story. There is pretty much except for the ones talking about Jamal Shaggy's murder. Those those they took Mikey Campbell story, and they edit it and reworked changed it and posted it on their bogus domain. And they alleged that apple CEO, Tim cook and spoken to us in broken English. Now, obviously, Tim cook speaks wonderful. English. She's well educated, man. The broken English should have been a tip off to people that this is not what happened, but also the domain should have been a tip off. Oh, slow. Sir. I, I often done by the you fall. I could now rather that, but you it's, it's gonna get harder though in the future to tell because Google has said openly that they want to do away with the RL. They think the URL is an impediment to using the internet and they're gonna get rid of it. So it could be more difficult to tell them the future. But there's there's no good reason why the assailants would want to impugn apple insider. There is no good reason that we can think of why why this is happening other than maybe people in Panama wanted manipulate Google search results and take advantage of our Google rankings to do it. That's that's the simplest explanation we can come up with by that makes sense. Piggyback on after insiders area. Long decades of audience figures, but did they try to do for anybody else? Just like make it look like the multiple sources? Not that we know of NY times dot org didn't appear than I don't know weird. Okay, right, soft, appease. We're. Yeah, in other news. So Google is going to start charging Android vendors for the play store and Google apps. Android used to be this entirely free entirely open system with all of the the services free to people who wanted to do it new certified to be a play store provider. And then along the way they started taking core services in core functionalities out of Android and placing them into apps. And one of the reasons to do this was that the apps could be updated via the play store whenever Google wanted as opposed to Android OS, which had to be updated with approval from carriers. And so it was really difficult to get people to update the Android OS on their phones. Vendors didn't wanna do it because they wanted to cell phones and carriers didn't want to extend afraid of new operating system running on their their network. So Google said, you know what? Fine and run around all of this. We're gonna put all the functionality into our Google apps and play store. And if you went up dates, you'll get them that way. And that's fine except that the European Commission has decided that that is now antitrust wasn't there incisive shrimp something about. Hundred tell his could have access to the stories they did things. I mean, presumably complied with the conditions is not out of science. The basically what's going on here is that they find Google five billion dollars. And so Google has agreed that they're going to start licensing play and licensing new Google services naps that they put out on play to handsome manufacturers, which has the knock on affect of other gonna eat that cost, or are they gonna pass it on to their consumer while the such. A lot of profit margin in Andre much now to state the cost front. You think so probably not. What's going to happen is that everyone's Android phones, gonna get slightly more expensive as a result and they won't notice because, well, you know, phones thousand dollars from apple. No, yeah. So, yes, ten bucks of an Android phone becoming eleven doesn't say that big ado plus I don't know how many people Andrew fines on them rolling carrier subscription thinks that I might price might even be less month. One of, but yes, I don't see what people tend to business. Everybody suddenly decides to start buying Underwood funds because of this annoying, Tony increase on instead spend like you said, one thousand hundred ninety four posted on sanctioned Tommy. Well, it's, it's going to be interesting. It's it's going to be an interesting thing to see entirely. So what's what's going to happen here is Google doesn't really want to do this, but they're gonna do it. Google also wants to have some way to combat combat. Samsung. We'll talk about that in the next story. Just a moment. Remember the days when you were always ready to go with blue shoe, that's blue like the color. You can crease your performance and get that extra confidence in bed. Blue dot com brings you the first Chewable at the same FDA approved active ingredients as vagrancy Alice. So you know, they were since their Chewable. They were up twice as fast as a pill. You can be ready anytime day or night Lucia's prescribed online ship straits your door in a discreet package? No more in person, doctors visits, number waiting in the pharmacy and best of all no more awkwardness Lucci is made in the USA in ships directs their she in a pharmacy. And right now we've got a special deal for our listeners, visit blue shoe dot com and get your first shipment free when you use our special promo code apple insider to stay five dollars shipping. Again, that's the l. u. e.. E. c. h. w. dot com promo code apple insider to try it. Free blue, the better cheaper, faster choice Qualcomm, and the Federal Trade Commission in the United States have are asking for more time to resettlement in the applicant advantage trust case. So Qualcomm in the us SEC have asked a federal judge pony preliminary ruling because they're hoping to pursue a settlement. They've asked this for the haven't got it yet granted yet, but but basically, partial summary, judgment could happen and that's what they're asking for the delays to hold that off now, why would they wanna hold off some retirement? Yeah. 'cause if they can work out a settlement that's advantages to them that's better than being judged. Okay, that makes sense. I Don live hod in order to reach settling before will thirty days really make a difference. Lock could be agreed to thirty days and I presumed that confidence. This is one of these things where in twenty eight days that extinction judges don't usually look kindly on that yet. You had your thirty days. You're not getting. More unless you've got a really good reason and they don't so or at least I don't suspect they do though the point of this is that they're trying to get rid of and clean up as many legal disputes as they can in order to reach financial targets in the way that works is that when you have legal clouds overhead, they depress your your stock price. Okay, that makes sense. And so if they can clear up these things than their stock price will be boosted. It'll come back because people be reassured by them, so so they're trying to get up to about seven dollars and fifty cents in earnings per share for their two thousand nineteen fiscal year. Facility. I mean, it'll these companies always have these things going on hanging over the heads for day particularly came now they're trying to prepare themselves to as bulls and make them targets, but some Hutchison I don't know that now see when you start talking about that a good question, who would want them, you could say apple would want them because it would just go ahead and let them take the cell modem and they wouldn't have to use the Intel modem. You could say appaled want them because then they would all the IP around the Snapdragon CPU's which would be a bad news for Android. Say that Samsung should buy them because then Samsung can use the Snapdragon as their own property and also restrict supply to other customers for it right hallway has the cure and processor, but LG Google pixel HTC Otto who who they using, but you can use media Taecker they can use Snapdragon. There are a very limited number of arm CDs out there that you can just use. And so being able to buy Snapdragon which is, of course, one of the better ones would be a big way to go. For their part would really hate that because Google wants to be able to release flagship designs flagship phones and they do that because they're fighting a war against Samson. The problem is that Samsung is almost synonymous with Android, but War I can understand why Google would like, I think you're saying that everybody equates some sun with under non daughter sons longer than parole. Google reinvented, but isn't some some Indian. A lot of money to the difficulty is that when Samsung has as much control as they have, they get to define what Android is, and that's not what Google wants it to be. And so years ago Samsung's working on a scape patch plan called Tipton. Oh, oh, yes. Yes. Well, Google's working on escape hatch. OS called fuchsia Kyushu is not Android future can run Android applications, but it's not putting system that's separate from an entirely. And so few should be away of of Google regaining control over what their mobile s.'s. And that's, that's something that they need to. Now if Google bought Qualcomm than Google would have control over the process or supply and phones and everything else. Okay. But just, you know, I would probably be subject to Maura anti-drug stuff from a keg. Yes. So it's it's very much picture a bunch of people in room with each with swords point at each other. Yes, that's worth says, okay. Yep. Now in late breaking news, late late, late, breaking news. Apple has set out invites for the upcoming event. Yes, this, yes. Now the this event is focused around what looks like making stuff and creativity. They're, they're going to do it in Brooklyn, I believe. And yeah, it's happening in in New York City in Brooklyn, and it says there's more in the making is the tagline here, and the apple logo is a unique is a large number of of different versions of it in. They're all artistic and they're so each person who's getting an invite gets a randomized one. They're aren't all saying k. through many there. Oh, no, but there are ton and it's it's probably likely that whole bunch of designers were tasked with coming up with a ton of these things, and they just randomize the list and sent out a bunch. Okay, let's. But that tells me that it's probably an ipad event and it's an ipad event focused around creativity, so expect to see something about ipad pro Napa pencil. Yes, that makes sense. Okay. We were expecting. Piper. If we were expecting a pencil, I mean, generally won't assumes wants coming. I don't remember being well evidence trial, even if there's no pencil too. And it's just the same pencil. If the event focuses on the artistry and the things that you can do, then that's enough, right? Yes, yeah. Route to that now. Right? I really like that. I mean, I quite like apples, cryptic Qasr, but the feels like the our gang bit further. This is need one because in the past we've always gotten the same invite from everyone here, unique artistic invites Brent this folk articifial invites. And this is on October the thirtieth. Yes, it is. I'm k. right. Clear diary for the this is the episode. This is all the time we have. I wanna thank you so much for joining me and we will be back next week with more. Thank you very much. Nice talking to you from Los Angeles. Where can people find you on the internet now that we can find you in Los Angeles. -at's w Gallagher. Great. I met de marks. I want everyone to go ahead and send William Email at w. Gallagher at apple, insider dot com. And if you can figure out how you're gonna use the apple watch to record in situations where you don't have collectively and then get the data out the out to cloud. Let us know because this is an interesting exercise in not really sure I'll even try it, but I'll get eleven. Good. Go, okay, record. Turn your phone off and see what goes. All right. Okay. Here's our bedroom. We'll talk to you all next week. We'll see you back then.

apple Google Intel Facebook Motors Tesla Microsoft Motorola AFC America Lewis William butts McIntosh IRS
Spot and Parasite SPOILERCAST -  Still Untitled: The Adam Savage Project - 2/4/20

Still Untitled: The Adam Savage Project

44:50 min | 10 months ago

Spot and Parasite SPOILERCAST - Still Untitled: The Adam Savage Project - 2/4/20

"This week's episode of cell entitled is Made Possible With Support from Microsoft surface introducing the new Microsoft surface laptop three with its beautiful touchscreen. You'll experience stunning graphics. With razor sharp resolution now available with thirteen and a half or fifteen inch. Screen and with the latest processor is no project. The surface laptop laptop can't handle. It's both light and powerful. So you can get more done on the go visit surface dot com slash laptop three to learn more that surface dot com slash laptop three. Welcome to still untitled data. I'm well I'm at a norm. Hello Hello again just did this go. Yeah no I changed yes. I am wearing replica. NASA coveralls and a replica. NASA physical training shirt from Luna Replicas. My friend Max. Kaiser Man has a website lunar replicas dot com. Go there and get some of of his incredible NASA stuff really good replicas of NASA hardware and software and clothing Is Hard to come by a lot of bad replicas out there but these guys are doing amazing it's for you who would be discerning about equality of a meatball patch. I totally yes. So for instance met Max. You'll notice notice that will you will notice. He literally bought an old seventies factor base machine and backs us with cheese cloth like the originals as Shitty as the early patches. All refined like Maude is done with punch cards on ancient pre computer computer. So that's the level of fidelity he brings and missing blue the same fabric as the jacket. I it's very close to the same kind of dwelt jackets made but you didn't know is that we prepared an enema. Another room mercury training as soon as putting a right stuff Scott Glen. Yeah Scott Glen sits there with the ETIMA. Yeah that does the Jose Jimenez. It's a it's it. Plays Gus grissom right. I believe Alan Shepherd. No grissom is played by Fred Ward Oh right so it must be it must have been I think. Scott Glen Plays Carpenter but I could be wrong. I can't remember the problem with that. Movie is a lot of those guys look alike because they're all middle aged white guy with also suburban great actress Lance Henriksen buried. Forget all these amazing people probably fifteen years. I watched it last year really holds up. The book is one of my like in the top like the new journalism Tom. Wolfe can key hunter S. Thompson is riveting. I didn't read it until Jen. Schachter told me to read it and by the way in the movie when they're walking down the long hallway. You know where that was shot now was shot on Third Street and twenty second bucket here in San Francisco. Yes so a colossal pictures which is down off of Quin street where I worked with Jamie Hyneman in the early nineties colossal pictures in in the eighties eighties when they made the right stuff did all the special effects and when they needed that long hallway. Shot there's that long factory building in Dog Patch on the east side of third. St The American building is a twelve hundred foot long hallway. And that's where we're revision. Three's to be so how excited Cisco you never know film here as well. We're recording. It's a weird way. You're listening this but in San Francisco as you're listening Mr filming the Matrix for what. Yep they're making making the Chow Skis. He's are making the fourth way trix right now. And it's I know downtown San Francisco. You got to remind me after this podcast. I've got to reach out to people the House keys and see if we can't get tested on that we need to really tested listener working on this production I'm coming for you awesome awesome. Yeah we'll bring cameras or even not bring cameras. We just show up with coffee nor nor a good grip robot. That's really really exciting and we could bring a robot. I know that was a good segue purpose Klein. Wow Hey Jesus awesome recorded episode but we have a boss Nynex spot robot. We do have one that for this whole year for this whole year. We we are developing for him. We're going to give him some new skills and we are going to also help him walk out of the Uncanny Valley hopefully so that he doesn't creep people out because because when I see spot I see a magnificent piece of engineering and a solution to really interesting problems that we might not have even encountered yet and I I see a future that I like a lot of people when they see spot. They see a different narrative. And I get it. I get why they see that narrative and I know that they're affected by things like metalhead. Beautiful season four episode of Black Mirror by. I would like everyone to see the engineering in fact that I witnessed. We're trying to get on the good side of the robots. It's a fascinating thing because we all of us over the past decade or so have seen the videos at Boston economics is put out and spot is of DNA. But it's not the atlas robot. It's not the BIPEDAL robot dogs not big jaw. Dog has a very specific purpose. Now inherits a lot of the engineering and design philosophy. That went into those but this is this is for very specific purpose. It is for surveying. It's four constructions for Industry News. It's a tool and it's a it's a you know and it is. It's very much a tool with very few attachments right now. Like it doesn't map the room. It looks at the ground in front of it and figure out how to move over it without incident. It took me a couple of weeks of having it here. The had it now for a month. Yeah it took me a while to rouse. They didn't have to steer it away from things it moves in. has its own sense appropriate. Greece I was shocked shocked. Navigate your shop. Yeah this is I look at this room. It's a nightmare for humans much less. Yeah does it fairly handling. That's something that we've video out and you should watch the video because we did take it to one of your favorite places to bomb randomly and really try to put through places because it is. That's open area right. The violent where spot would likely operate of. But I don't think people understand. It's both physically a controlled with manual control. I can't be menu so there. Is this controller the screen. It's essentially an android tablet with two sticks almost like a video game controller and you can use a Tuesday control to to pilot. It been looked at the screen on the cat. And you're seeing what spot seats. You're seeing the view of the world that he is witnessing. So it has kind of structured light sensor so infrared and in visions these As Rocky y going on. I don't think there's any lighter actually red light itself him back right so it's very much. Like the MC soft connect or the Intel real sense cameras and has an array of those all round. So that's where I think. The magic check in is how easily it lets you control it. Direct it without having to think about things like ops bumps into this thing like. How's it going to make it over that obstacle tickle when you were showing it to me and you just tapped on a section of the floor from your shop of the shop to buy the pool table and just like okay I got this walked over there and kind of shimmied meet over to the left to avoid an obstacle and then walked around and then got to wear it was supposed to be and then you did the same thing by backing it up and I was just like Oh okay? This is this this works. It's better than I expected You know the folks have been friends of mine for a few years. And we've had a lot of time to to get to know each other and I've been seeing. I've been following their progress actually since the early nineties. That's the first time Mark Roberts early work came across my came across my contention and it's so exciting to have him here. We turn them on every day. We play around with different things. We have a whole bunch of different plans for him And just like any good. TV show there are some things we WANNA do. That are part of an overall plot and there are some bottle episodes. I even have an idea for helping him to poop perhaps even better okay but yeah the video. The first video is up is a is a little taste and I'm very excited excited. How well a video has done? I think that the response I mean. There's a response online. Also the response person. I won't talk about. Both of those people have already come up by watching the video with a a lot of like the same direction they know when they see you and spots. Of course there's going to be pure caused by cosmic. We're thinking in those terms right but I mean one of the lovely things about producing a series like we are currently producing. Is We know what the expectations are. And it's really fun to both. Meet them and change them in modified them that's actually some of the most fun of the storytelling and then spot in the wild which we haven't shown like you were able like you've walked the streets of the commission. Yeah with spot. Yeah Tom Talk about that. We were the first day we had him at the end of that day. I WanNa take them home. I want to run him around my house. It's got to climb the stairs is my house. It's so It was raining and he is relatively water resistant and we walked him from here to the House. It's a a few blocks and I mean most PLAC- a him just feels right ISH I. It's sort of a default okay. I'm being very open to the character of spot I have also yesterday I was calling she okay and I also May. I started playing around in my head with awesome acronyms or ideas about a name. That could be specific. Tim People keep asking. What's what's the name and my feeling is unless and until right like something something if something that naturally occurs it will occur? If it doesn't it doesn't but people they see it on the street next immediately. Their phones like holy cow like just watching it. The best is children seeing it like. It's not like children. Have a great scope of all the things that are going on in the world but they see this thing hang on the street and they can tell something really remarkable is having in front of them and their brains kind of like the smile of. It's the it's the look on kids spaces. They got when they get went to maker Faire. Like you're walking around making artesia rolling up door. I this is real so call all the thing that I wanNA tease. Before we move off of spot is that with the things we want to do with him this year. We are rounding up a number of collaborators elaborate to help in this endeavor that is truly exciting in old colleagues by and friends and people I admire goes far to say like a lot of people. We know work in the business of imagining the future whether it's actually building the machines and engineering or even just conceptually in terms of artistic world and Dan and what the future means to us as individuals how we respond to it. What we expect from it and what we don't expect and some of the best responses have introducing spot to those folks who have done nothing who've dedicated so much of their career imagining just from a theoretical or artistic standpoint? You know whether it's the way a robot bought moves or the weight should look and they are coming in contact with something that is of their imagined world. Yeah and that is super cool really because they don't have worry about the engineering when they're when they're coming up with those stories right so we're taking a piece of a science fiction in the real world real world have intersected in a in a really thrilling you you saw it in the video. I don't know I mean it must have been intentional. But the way when when any of US operate our natural inclination is try try to puppet it spot has has a head tilt and I don't know it has a functional purpose in terms of the way the legs and move and move around things but we all want want to kind of give it the headset. have it like perch up and sit And that's Portland. Some of the most fun we've had so far indeed indeed and I mean and we haven't even started to play with kinetics of how moves and that's definitely going to be something we we delve into. I I can't wait to see more. It's been fascinating watching. We're already cutting video. The number two right now yes I should be out in hopefully a couple like a week or two at most by turn into this. I actually think we now have the two videos after that already. The plan so we're good till like May June even having executing sorry didn't mean to clip their. Hey you've been recently. I saw you post it on twitter. Or maybe it was up for conversation. But you've been enjoying the criterion collection Indeed a Peter Becker who is runs. The Criterion Korean Channel Organization criterion collection is a friend of mine and I put a plum job that must be. He's a wonderful guy and he loves film so much. I interviewed Guillermo del Toro for him. For the criterion I don't think it's a plum job. I think it's a stressful truffle. As heck because it's so subjective in all I'm sure nothing everything here's why isn't this film in there. I mean sure. I'm sure that but then when you look at the channel you see all the different ways he's intersected different directors with other directors to talk about film to really go into the depth of how this came to be why this is important. What is it means needs culturally what it means is you know? Plot wise from Armageddon. His Ardoz Link will say having a Samsung television. It was hard to get the the criteria on general APP on Samsung. They don't play together right now. And this is part of this weird sequester who owns the standard landscape can we. Can we talk about this. I I'm GonNa tell you what my face was if you have a Samsung TV. Here's what works. It's not enough to just sign up for the ROKU ROKU APP on the Samsung APPs. You actually have to get an External Roku stick twenty five bucks. Attach that to your Samsung. It's like TV but once you do you don't need to use the ROKU remote. Your Samsung remote will operate the channel. Just fine which is that as I I see stuff does that. Yeah and then I've been I've been obsessed with it so actually I said the night Huxley passed. I wanted a mood of film so I watched watched one car wise in the mood for love which was exactly the right thing for me at that moment in time last night when I couldn't get sleep because my sleep patterns are still abysmal. Ruin my watch most of the original heist film which is a French new wave film. That maybe don't know if it's new wave exactly but it's like from that era ish and in the middle all is an hour long heist with no dialogue and it's absolutely riveting. ooh Yeah No. It's this it's you're watching something really special and you see so all many movies have borrowed from this since then from the bank. Job With Jason. Statham do films I so I haven't before we go on about criterion. I have real concerns about the APPS built into. TV's especially on low end models that are priced at an incredibly incredibly low low price rain. Yeah you think that's a way that people are GonNa hang more for cable and all that no they're collecting data. They're collecting data about what. Oh you watch what you play. What things you use your TV for? And I think even maybe we solve an apple. TV Den right right like that's the thing we used. Because I kind of trust Apple Apple with privacy stuff but anyway tilling off. It's justified or not. I don't know if I'd be interested here. What people think? I'm bringing it up because I don't know anything about it. I haven't I haven't done the research. We were working on an episode of Tech Pot about that and I would love to get feedback from people who maybe no more Then you can hit me on twitter or comments read comments in criterion had to spin up their own service risk because previously. They were part of film struck. We've championed that before. Fortunately when away and this was the sponsor that to to take that collection the licenses says they have to allow you to watch the selection of film otherwise you would not be able to find anywhere. It's been spectacularly successful for the and good mm so has been really really stunning and seriously if you're wondering whether you should sign up for Criterion Ju you do. It's a stunning film. Education in a channel channel with beautiful prints really like. It's just great. It's like I'm just cracking the surface. I know it was live yet. So I'M GONNA go as as soon as I get home. You'RE GONNA yeah one film that's going to be on there. I'm sure at some time and I don't I love to get him on the PODCASTS. At the more talk about yet. The curation ration- Prospect Siamese Sierra. We have on the PODCAST and ask him. When is movie like parasite going to hit the criterion collection and Bunk joon-ho interviewed a bunch on on in different in different things on this? Thanks for the was. It really really seems. We've been wanting to talk about parasite for weeks and the holdout has been. I'm so we will just refer to them as suspect W I. I think you're aware wolf. I've only ever been aware we'll one. That's what that's where Wolf Talkradio. But let me tell you. When I was the Werewolf it was here? We did a huge night of Werewolf Games ames here in the cave. Ben Ha and a bunch of other folks. Harper Harper was here and my son think too was playing with us and he was like nineteen at the time and the only time I was aware of he could tell I was the werewolf because he was the senior and I somehow managed to convince people that not only was I not aware of but but he was not the Sierra and unhinged him being so duplicitous. He likes slammed by in competition. We play one night ultimate which is basically no sleeps. You just do you get one one night of where wolf and then it's done. They built a bunch of extra rules. So that you can get all the information you need on one pass. Oh Oh my God and I will bring a copy of that as well. It is phenomenal. It's great for people who don't play with like five four people. We played with my seven year old spectacular watching her learn how to be duplicitous and detect duplicitous. Well and seven is just about the age kids. Start to be able to hold competing eating concepts in their head. We've talked about this before I played my when they were seven. I've played them. WHO's on first right and watching? They're hungry little. Brains grabbed these. The tensions of language and enjoy them is super. Nobody appreciates a terrible pun. A seven-year-old not not a parasite. I've been dying to talk about this film. Because so ben acker friend of the channel and good friend of mine half of Akron Blacker the writers of thrilling adventure adventure our many other things human being one of the things I love. We all know help. Fund is to talk to screenwriters about film right here. What someone who is immersed I in the mechanics of it thinks about very one of the things? I love about Ben in the way he talks about it is. It's always about character for him character character character. He doesn't give a shit about plots if it's not what about the characters and what. They're what was actually happening because of the characters and it took me forty years to get to that spot just for the record and parasite is the one of the most interesting character films. I have ever seen in terms of what you think about the people on screen where you're alliances fall. How you feel about the characters actors it is? I have never felt so much tension and such a thrill over just thinking what the Hell is going to happen next and yes and now. We're not gonNA do heavy spoilers. Actually it's not to spoilers. Spread the little girl okay. We'll get spoilers. The movie you undoubtedly horror film. It's a thriller by the way just before we even get to spoilers even talking generally about the film is is. It's a tiny bit of a spoiler. I would recommend that if you really are excited about seeing it maybe turn this off now because the less you know the the more liberal than the film is the second time because I'm sure it's a whole different experience in theaters in the states because of the Oscar campaign so it his hat on a hat though which is the convention to say that you know they take something literal and and it it is also the metaphor so the fact that people live there is a class system people literally live under people. Yeah like also they live under people and writers and he in embrace that and it's heavy handed enough yet but they're still so many layers to pull back and you know so there are key you see every time you meet the character. He plays bunk. joon-ho is the director who directed OCTA and Snow Piercer. Here Sir and he plays with all of your expectations all the time. You meet a new character anything. Oh I think they're kind of like this and then you find out. Oh no no. They're totally the opposite of that. Actually they're also like that The two families and the film was talking about the the main repair tackiness. No family family the domain protect families a husband and a wife and their son in their their adult son and adult daughter and the son is a university student and the daughter is is not yet. It's unclear it's unclear. It's unclear May I. There's no there's there's not even a turn to suggest that they're actually related these four. I I that was unclear to me for pretty substantial part of the film I submit that they might not be and that the film I see that point I think that the the bond that they have and the the maybe the cultural need for like you know fought the frontal children relationship a is there. I totally get that. But but there's a way in which the the conventions that get played out in the film feels so subverted that go all the way to maybe that family family and the other family is a very well family. Yeah so the Kim family's the the poor family and then the the wealthy families the park family and part family lives in this amazing architectural masterpiece of a house which was completely constructed. Set up completely constructed outdoor set because wear where light falls in. I lines like bunk. Juno had diagrams in the script as he was writing about islands from the staircase to the kitchen to the thing the thing and there was they look for a house and very quickly realized they weren't GonNa find it and then they went to the lot where they built the house and spent days tracking where the Sun was going and built the orientation of the house is to accommodate for the sun based on the plot while right. Wow this set of the Kim him family. That entire street is a set. Yeah well that I can see because the way they were they were doing on it and the but yet only why. But it's not only it was. The entire street is set but apparently they were going around to like wrecking yards and dumps and other places and buying chunks of the city to make the set feel all super realistic. These old signs old doors and old windows. I mean we lived in a lot here but it it's definitely it has been lived in and then some d. idea that it every space that you pretty much every space that you're witnessing in that film is a space completely constructed is kind of astounding well and the different locations nations have entirely different. The most shot like different films right like the basements basement said his shot in a very grungy kind of Chernobyl. Kind of way And I was GONNA say like a seventies seventies like a pal and pack Ula film. Yeah whereas other the expensive home is shot almost almost like like the. I like not Michael Bay film but you know how the island had that whole gold. Now the whole thing felt like it was shot in the Golden Hour. It's terrible Gregor film the Governor Michael. It's a bad film. I have Michael Bay. It was Michael Bay. Wow but I like the whole shot. Golden Golden Hours. All glow in the whole house feels like you're in a in a higher plane which I guess there's a precision into it from the set design to the Sim Socrates. Even the acting. That's not naturalist like they are very precise it's intense rotations. Everything I imagine. I don't I don't know it's Miami of David fincher right movie. Yeah and hearing about how they would go and century and you're right you're completely right word up in Cherian. Yeah that'd be like offense or David finch see also see also the Goldfinch also Peter finch. It's tough to talk about it without talking about. This is the the big moments so it's a film in which these two families intersect and it is. The intersection is mostly about class. uh-huh more than it is about sexuality or romance or friendship however those all play some role in it. But it's really deeply about class to me. That's what I took away from it and I'm not actually sure what the film stance on class is right. That's it's the kind of the big you ity that's baked right into the entire thing or who who. You're supposed to be rooting for your moment. I do ever feel like I should be rooting for anyone. Everyone felt like they were. Everyone felt. Everyone was unsympathetic to me. The film has a momentum in the first son. Third The Sun. Yeah yeah the Kim Sun. Yeah no the park son. Enough Park is the rich family. So the Kim Yeah I would agree with the birthday boy boy. Yeah he's about the most unsullied character in the entire. I I would say the two part kids are the are the victims of this whole thing. I'm curious about that more. But there's a momentum in the first half of the film where these things are falling into place and you watch it almost like a heist film in planning and the execution feels revel in Asia and in the same way that a heist film is super thrilling. Because you just are super excited see. What's right around? The corner is more like a manners. Drama in which it has the same tension constantly but the attention builds up to a point. where it you know? I'm describe a scene. Where they're they're drinking and they're eating food and they're celebrating reveling in success of their plot with a bringing the venue venue that they're in down to their level and that is so stressful to watch just a simple seed of a family eating dinner? You are like on the couch and contortions Russians with tension even before the moment happens for the Telegraph. And it's something that scene last longer than I could take so long long like the basement scene from inglorious bastards. That's what it's like. It's almost that amount of input you're sitting there and you're like I do not I do not one could things to happen to these people but I also don't want like the thing that's bad is going to be real bad. Julia had to tell me to stop moving because I was like and then he throws a curve ball at you right after that moment. What a win? And then the film Co. goes into complete even direction. Oh my yeah. And that's only only one of the ways. The film goes into complete direction before we continue on with the show. I won't let you know that support for still entitled comes this week from Microsoft surface. Introducing the new you Microsoft surface lob top three with its beautiful touchscreen. You'll experience stunning graphics with razor sharp resolution now available with a thirteen and a half or fifteen inch screen and with the latest processors. There's no project. The surface laptop can't handle. It's both light and powerful soon. Get more done on the go. Oh visit surface dot com slash laptop three to learn more. That's surface dot com slash laptop. Three now back to the show. I think it's time I'm to talk about this okay. So if you're at all interested in seeing a parasite turn this off now. The less you know the better now I say say that thinking that movies like since and seven and fight club are way better when you know what's going on. I actually think that they're improved by having watched them once Of course the second time is so. I'm I'm really. I'm really looking forward to seeing press a second time but the like so parasites starts off like any normal. We'll film you're meeting somebody. They're having a conversation with somebody else in a young a young man gets a job tutoring a kid that's how it begins And he goes so The young man is of the Kim family and he goes to tutor the son of the park family. Who He's been told is a brilliant artist who needs some real direction And it's clear. He learned the teaching the daughter to write reading speaking English. Oh right assisted senior brilliant kid who's got. Add Yes Jessica ESCA. Yes okay. So He's teaching the daughter that's Freia. Yeah and he. He gets that job from being passed from a friend right reference a friend Who wants to date the daughter when she's older? There's that's I'm being unpacking that the way in which he hold that there's already a plot which is that. His friend WHO's accessible handsome university student is about to go abroad for a year. Wants to eventually ask this sixteen year old girl out. But he's giving the job of tutoring her to his friend who trusts and and he. The friend also sets the stage with the family. which is the mothers in charge? But maybe not the the brightest or simple. I think what he says. It's what the translation is at least but the whole time this Kim families hustling the folding of pizza boxes. This is the whole thing in this dingy apartment. That is literally below street level. Where they're you know they're stealing Wi fi? There's a moment in the beginning when he says the street fumigators guys coming around and they're like. Hey the fumigated guys coming to shut the windows and the Father Says No. We'll get a free fumigation if we live the windows open and they're folding pizza boxes in coughing and holding their breath and it is. It's horrifying it is maybe some of them. I was five minutes into the movie the and I thought this is some of the most efficient character building. I have ever seen a friend of mine. WHO's a screenwriter? He his favourite character-building sequence sequence. Is the scene. In Grosse Pointe Blank when John Cusak goes to his father's grave and empties bottled Scott drives away. No words are spoken. You know everything everything you need to know. And the entirety of parasite feels like that level of character precision. It's dense in the way. That watchmen is dense so the sun goes it starts tutoring and the mother is then talking about her other child. A younger son is hard to control. Your right sorry and then they see an opportunity to then bring more of the family in so not. This is where the the the kind of that there's more to this family right. Yeah sister shows up up. The Kim's sister shows up and pretends to be an art therapist at this point. I'm thinking oh I'm watching the sting right right right. I'm thinking Oh this is GonNa this is like a heist that's GonNa wrap around itself and some stuff's going to happen. It's going to be a lovable rob through you know. They're they're going to somehow career replace the family. Yeah so so that goes on for a little while and then They managed to get rid of the south many. No they get rid of the show I I yeah manages to pull a little scam. Have the suspicion thrown on the show for so that they can install the Kim's dad and as the new show for now there's three of the four family members working for the parks family when they then reveal that the most difficult to replace. We'll be the housekeeper right. Came with the House who came with the House. The House is built in the film that houses built by famous architect. Who lived in it until he died? He no he sold. It sold eight in his life but he bequeathed equipped his housekeeper to the new family. And the Kim family's talking about home and she's there before them she's lover. That's her house she is she. He seems really She seems a little flaky. But she's tenacious like they recognize. She's a foul and I remember thinking she's a faux. Wait a minute what she seemed just like a Goofy uh-huh yeah and just to be clear. There's nothing evil that happens in this film really up until the point that the daughter gets the chauffeur sacked this true. Yeah Yeah Yeah and then you're like Oh man seeing you're seeing. What looks like opportunism opportunism up until that point and then it gets militias? Yeah so they get the respect the housekeeper sacked and that's when it reaches the apex of their success. Mom comes in so that well. So the the they get the housekeeper sacked and the mob on comes in to replace the housekeeper now all four Kim's working for the parks and the parks have no idea that relate a threat. Well the sun does this son does. This is one of my favorites bits else. What's so good? How do you convey this on film? The Sun walks over to one of the Kim's and sniffs him and then goes over to another team and sniffs them and and says to his fam- his parents the parks they smell the same and they smell. They smelt like my art tutor as well and that is another hat and a hat because is not only is he conveying that that he recognizes and he's telegraphing that you he the familiar to each other but they are the same people they are porous. Is there and this is when you immediately. Cut back to the KEMP's back at home realizing that they are going to all need to shower with different products and cross pollinate. And that's when you realise they're deeply committed to this ruse and to taking it very very far and so very shortly after that the the rich family. If we hadn't made this clear departure super rich that Kim superport the parks. Emily goes on a on a camping trip and now the Kim's are sitting in the house. As if it's there's enjoying this big Chinese meal sorry this big big dinner yes of takeout in the middle of the living room making a mess making a super for big Mac and making bottles stealing booze the whole thing. Yeah right and then the housekeeper comes back. The doorbell rings and it's the housekeeper who they've gotten rid of of because of her garlic allergy teaches teaches fuzz. They told her they they they they. They framed her for having TB and the housekeeper says recognizes them and says not as I I know what type of person you are you are and it's not. I'm not here for retribution. I'm not here. I recognize the game. That you've played and you've played it. Well I'm here for another purpose. Left something and left something in the bathroom and literally they go underneath the House House into a bunker and and this is where everything from her ringing. The doorbell like already watching the Kim's eat dinner in this house is Super I wrestle. We're waiting for something to happen in Bell Rings and it gets much worse and the doorbell rings and it's the housekeeper like what is housekeeper. And then she goes downstairs and it turns out that downstairs. There's a secret door and her husband's been living underground in this house for. I'd like to run hiding from predators. Exactly yes in Pitch Black and this is where it gets very Kafka ask like. He's he isn't a career or something is thing. What's that hiding from creditors? And a anyway I don't know yeah. Fear right of survival and you realize not. Only like his character isn't just that it's not just the plot of him needing hi. It's that he has become this ghost in the house where he serves a purpose receives sir. He serves knowingly for the parks. Like Park don't know he's there but he turns on their lights. Wait what yeah. Mrs Missus. Their lights blink. All over the place it's rating the lights from underground. When the head of the park mark household comes home saying when we go deeper into this plot out you see the lights come on? It's just like a room sensing light and that's what they assume to you. You realize it's this man who's been living underneath a house literally turning on lights and he runs to have to do it every time and he has become a little a ghost in this house and watch this when I hadn't slept in thirty hours. Watch it again. And so and that performance formats of that guy so later on its review you hear that the the the Young Park Sun brilliant one who's got. Add that the sister there is pretending to be an art therapist for You've heard that he had a trauma at a birthday where he saw a ghost. And you hear about this. And then it slowly dawned needed. Of course the ghost must be the husband who lives in the basement and then there's a point in the film when the camera flashes back to what the sun saw at the birthday chilies. You're looking at the stairs to the basement which already been like a character in the film and it's late at night it's classic kids when you're a little child you're scared of what's in the basement and it's late at night. He's going to find some food in the fridge. And this is when the husband would steal some food they show the black the the the the the emptiness of the cavity of the stairwell and what emerges ours is and the thing about about the shot is that you've met this guy you know. He looks weird and he's got an intense face in his eyes are really upsetting and still that does not even. I know you've spent time with this character. This flashback. You're not prepared for terrifying his eyes are we know it's like they come. Above hysteria is is one of the scariest moments. It's the David Lynch film. It's the man behind the man behind the hall in GS. And I O one. That's not even crazy agai- this is literally the first part of crazy the a lot of the back half of this movie dude. There's a garden. So do you remember Monty Python where they did the Sam Peckinpah Garden Party where everyone's arms are severed and blood is spraying everywhere. That actually happens in this movie there. We go that's just what I don't think we can even start to go into the plotlines of the of the of the third act of this film because it's so interwoven. So convoluted and bizarre but people people are murdered in the open at a party and blood spraying everywhere and there are body counts and runs to rain with houses sinking. And it's completely bachelor and as bad should it. It is the what's important about. This film is the subtexts that slowly services is the the relationship between the the father of the Kim father and the park father. How those bonds like that relationship is you see what's beneath the surface? Yeah and he reveals. It's been the surface and it's so unsettling and it's it's a face of sidey well and that's the thing so you watch you know no classically you watch the movie. The fighter with with Mark Wahlberg and Christian Bale and you realize that the end that the fighters Christian bail right. You realize oh the titles about a different guy than I thought it was right. Well and parasite does the same thing. What who's parasite you start out in twenty minutes and you'll have one answer forty minutes and you have another answer at the end of the film? It's kind of the answer is all of the above. And you know it's it's like it's the class system on society is the parasite on the human condition. That's literally where this film gets to the point of view the heavy rain scene. Where where you have you know the the park comeback from the trip because it's it's raining and they're talking about? How great is that? You know it's going to clean everything comeback smelly so fresh in their backyard. And the the same time the Kim family is scrambling their entire street is flooded. And they're being buried in this flood and this and this is the scene of the posted their escape from the ridiculous dickey's confluence of events back at the House during the dinner in which they left the big mess and it is their dissent they literally descend from the castle on high I to their basement hovel which is under water and they're drowning in their house. It is maybe the most thrilling film mm-hmm I've seen in years. I can't I can't recommend it enough everything you've heard about it you know again. I hope you haven't listened to all of this without having seen Zeenat and love to hear your comments. Yeah I I'm so excited that there are still so many places to find thrills thrills and weirdness and awesomeness and filmmaking especially from corners that you don't necessarily expect joon-ho is always made films subvert expectations and this is I just can't wait to see what he does next. Sounds like This weekend the tech pod. We talked about security best practices 'cause I got hacked last week really. Yeah I hadn't if t t If this then that account hooked up to my twitter was very old Natta bad password on was apparently public that I didn't realize I thought it was the other one that was out and and some musical to post on twitter wasn't bad but I had to go back and change a lot of passwords and had to do a bunch of ironically. This happened the day after we recorded this episode and if I have been following my best practices I would have been fine. Can I tell you at one. Point Ord Camp Back Tech pod dot content downtown at one point in ord camp. I sat down with some security researchers to find out the level of security difficulties in knowing what you can trust from. Your chip manufacturer factor. Chip manufacturer is Intel. Yeah that like there are even if you know the exact architecture chip you. He's still not be may not be able to find the vulnerabilities within it within your supply chain where the Fab and the ways in which it turns out you remember the Apple Memory League League where the the the bus was talking to the buffer memory and that was where the password being exposed. It's like that problem exists in everything we own across the entire higher world times a gazillion. It's terrifying. I'm glad you're talking about best practices off security. Well so the upshot is I as a result of this hack update the. We'll go into the next time we record probably is that I'm going to start doing to factor hardware So like you'll be key that south for at least like a primary account that is the and all catch all of all the other accounts so yeah it was. It was an interesting conversation and you can find. Let's do it now. It's up. It should be up now okay. This is next week. All right and the address again. Tech pod dot content dot town thanks.

Kim Microsoft twitter Scott Glen criterion collection Tom Talk Intel NASA San Francisco Samsung Lance Henriksen Jamie Hyneman Alan Shepherd Gus grissom Kaiser Man Jose Jimenez Max Maude
Spot and Parasite SPOILERCAST -  Still Untitled: The Adam Savage Project - 2/4/20

This Is Only A Test

44:50 min | 10 months ago

Spot and Parasite SPOILERCAST - Still Untitled: The Adam Savage Project - 2/4/20

"This week's episode of cell entitled is Made Possible With Support from Microsoft surface introducing the new Microsoft surface laptop three with its beautiful touchscreen. You'll experience stunning graphics with razor sharp resolution now available with thirteen and a half or fifteen inch screen and with the latest processors. There's no project. The surface laptop laptop can't handle. It's both light and powerful. So you can get more done on the go visit surface dot com slash laptop three to learn more that surface dot com slash laptop three. Welcome to still untitled data. I'm well I'm at a norm. Hello Hello again just did this go. Yeah no I changed yes. I am wearing replica. NASA coveralls and a replica. NASA physical training shirt from Luna Replicas. My friend Max. Kaiser Man has a website lunar replicas dot com. Go there and get some of of his incredible NASA stuff really good replicas of NASA hardware and software and clothing Is Hard to come by a lot of bad replicas out there but these guys are doing amazing it's for you who would be discerning about equality of a meatball patch. I totally yes. So for instance met Max. You'll notice notice that will you will notice. He literally bought an old seventies factor base machine and backs us with cheese cloth like the originals as Shitty as the early patches. All refined like Maude is done with punch cards on ancient pre computer computer. So that's the level of fidelity he brings and missing blue the same fabric as the jacket. I it's very close to the same kind of dwelt jackets made but you didn't know is that we prepared an enema. Another room mercury training as soon as putting a right stuff Scott Glen. Yeah Scott Glen sits there with the ETIMA. Yeah that does the Jose Jimenez. It's a it's it. Plays Gus grissom right. I believe Alan Shepherd. No grissom is played by Fred Ward Oh right so it must be it must have been I think. Scott Glen Plays Carpenter but I could be wrong. I can't remember the problem with that. Movie is a lot of those guys look alike because they're all middle aged white guy with also suburban great actress Lance Henriksen buried. Forget all these amazing people probably fifteen years. I watched it last year really holds up. The book is one of my like in the top like the new journalism Tom. Wolfe can key hunter S. Thompson is riveting. I didn't read it until Jen. Schachter told me to read it and by the way in the movie when they're walking down the long hallway. You know where that was shot now was shot on Third Street and twenty second bucket here in San Francisco. Yes so a colossal pictures which is down off of Quin street where I worked with Jamie Hyneman in the early nineties colossal pictures in in the eighties eighties when they made the right stuff did all the special effects and when they needed that long hallway. Shot there's that long factory building in Dog Patch on the east side of third. St The American building is a twelve hundred foot long hallway. And that's where we're revision. Three's to be so how excited Cisco you never know film here as well. We're recording. It's a weird way. You're listening this but in San Francisco as you're listening Mr filming the Matrix for what. Yep they're making making the Chow Skis. He's are making the fourth way trix right now. And it's I know downtown San Francisco. You got to remind me after this podcast. I've got to reach out to people the House keys and see if we can't get tested on that we need to really tested listener working on this production I'm coming for you awesome awesome. Yeah we'll bring cameras or even not bring cameras. We just show up with coffee nor nor a good grip robot. That's really really exciting and we could bring a robot. I know that was a good segue purpose Klein. Wow Hey Jesus awesome recorded episode but we have a boss Nynex spot robot. We do have one that for this whole year for this whole year. We are developing for him. We're going to give him some new skills and we are going to also help him walk out of the Uncanny Valley hopefully so that he doesn't creep people out because because when I see spot I see a magnificent piece of engineering and a solution to really interesting problems that we might not have even encountered yet and I I see a future that I like a lot of people when they see spot. They see a different narrative. And I get it. I get why they see that narrative and I know that they're affected by things like metalhead. Beautiful season four episode of Black Mirror by. I would like everyone to see the engineering defeat that I witnessed. We're trying to get on the good side of the robots. It's a fascinating thing because we all of us over the past decade or so have seen the videos that Bosnia namic says put out and spot is of DNA but it's not the atlas robot. It's not the BIPEDAL robot dogs not big jaw. Dog has a very specific purpose. Now inherits a lot of the engineering and design philosophy. That went into those but this is this is for very specific purpose. It is for surveying. It's four constructions for Industry News. It's a tool and it's a it's a you know and it is. It's very much a tool with very few attachments right now. Like it doesn't map the room. It looks at the ground in front of it and figure out how to move over it without incident. It took me a couple of weeks of having it here. The had it now for a month. Yeah it took me a while to rouse. They didn't have to steer it away from things it moves in. has its own sense appropriate. Greece I was just shocked. Navigate your shop. Yeah this is I look at this room. It's a nightmare for humans. Much less you know. Yeah but does it fairly handling. That's something that we've video out and you should watch the video because we did take it to one of your favorite places to bomb randomly and really try to put through places because it is. That's open area right. The violent where spot would likely operate of. But I don't think people understand. It's both physically a controlled with manual control. I can't be menu so there. Is this controller the screen. It's essentially an android tablet with two sticks almost like a video game controller and you can use a Tuesday control to to pilot. It been looked at the screen on the cat. And you're seeing what spot seats. You're seeing the view of the world that he is witnessing. So it has kind of structured light sensor so infrared and in visions these As Rocky y going on. I don't think there's any lighter actually red light itself him back right so it's very much. Like the MC soft connect or the Intel real sense cameras and has an array of those all round. So that's where I think. The magic check in is how easily it lets you control it. Direct it without having to think about things like ops bumps into this thing like. How's it going to make it over that obstacle tickle when you were showing it to me and you just tapped on a section of the floor from your shop of the shop to buy the pool table and just like okay I got this walked over there and kind of shimmied meet over to the left to avoid an obstacle and then walked around and then got to wear it was supposed to be and then you did the same thing by backing it up and I was just like? Oh okay. This is this. This works exp better than I expected. you know. The folks have been friends of mine for a few years. And we've had a lot of time to to get to know each other and I've been seeing. I've been following their progress actually since the early nineties. That's the first time Mark Roberts early work came across my came across my contention and it's so exciting to have him here. We turn them on every day. We play around with different things. We have a whole bunch of different plans for him And just like any good. TV show there are some things we WANNA do. That are part of an overall plot and there are some bottle episodes. I even have an idea for helping him to poop perhaps even better okay but yeah the video. The first video is up is a is a little taste and I'm very excited excited. How well a video has done? I think that the response I mean. There's a response online. Also the response person. I won't talk about. Both of those people have already come up by watching the video with a a lot of like the same direction they know when they see you and spots. Of course there's going to be pure caused by cosmic. We're thinking in those terms right but I mean one of the lovely things about producing a series like we are currently producing is we expe. Occasions are and it's really fun to both meet them and change them in modified them. That's actually some of the most fun of the storytelling and then spot in the wild which we haven't shown like you were able like you've walked the streets of the commission. Yeah with spot. Yeah Tom Talk about that. We were the first day we had him at the end of that day. I WanNa take them home. I want to run him around my house. It's got to climb the stairs is my house. It's so It was raining and he is relatively water resistant and we walked him from here to the House. It's a a few blocks and I mean most PLAC- a him just feels right ISH I. It's sort of a default okay. I'm being very open to the character of spot I have also yesterday I was calling she okay and I also May. I started playing around in my head with awesome acronyms or ideas about a name. That could be specific. Tim People keep asking. What's what's the name and my feeling is unless and until right like something something if something that naturally occurs it will occur? If it doesn't it doesn't but people they see it on the street next immediately. Their phones like holy cow like just watching it. The best is children seeing it like. It's not like children. Have a great scope of all the things that are going on in the world but they see this thing hang on the street and they can tell something really remarkable is having in front of them and their brains kind of like the smile of. It's the it's the look on kids spaces. They got when they get went to maker Faire. Like you're walking around making artesia rolling up door. I this is real so call all the thing that I wanNA tease. Before we move off of spot is that with the things we want to do with him this year. We are rounding up a number of collaborators elaborate to help in this endeavor that is truly exciting in old colleagues by and friends and people I admire goes far to say like a lot of people. We know work in the business of imagining the future whether it's actually building the machines and engineering or even just conceptually in terms of artistic world and Dan and what the future means to us as individuals how we respond to it. What we expect from it and what we don't expect and some of the best responses have introducing spot to those folks who have done nothing who've dedicated so much of their career imagining just from a theoretical or artistic standpoint? You know whether it's the way a robot bought moves or the weight should look and they are coming in contact with something that is of their imagined world. Yeah and that is super cool really because they don't have worry about the engineering when they're when they're coming up with those stories right so we're taking a piece of a science fiction in the real world real world have intersected in a in a really thrilling you you saw it in the video. I don't know I mean it must have been intentional. But the way when when any of US operate our natural inclination is try try to puppet it spot has has a head tilt and I don't know it has a functional purpose in terms of the way the legs and move and move around things but we all want want to kind of give it the headset. have it like perch up and sit And that's Portland. Some of the most fun we've had so far indeed indeed and I mean and we haven't even started to play with kinetics of how moves and that's definitely going to be something we we delve into. I I can't wait to see more. It's been fascinating watching. We're already cutting video. The number two right now yes I should be out in hopefully a couple like a week or two at most by turn into this. I actually think we now have the two videos after that already. The plan so we're good till like May June even having executing sorry didn't mean to clip their. Hey you've been recently. I saw you post it on twitter. Or maybe it was up for conversation. But you've been enjoying the criterion collection Indeed a Peter Becker who is runs. The Criterion Korean Channel Organization criterion collection is a friend of mine and I put a plum job that must be. He's a wonderful guy and he loves film so much. I interviewed Guillermo del Toro for him. For the criterion I don't think it's a plum job. I think it's a stressful truffle. As heck because it's so subjective in all I'm sure nothing everything here's why isn't this film in there. I mean sure. I'm sure that but then when you look at the channel you see all the different ways he's intersected different directors with other directors to talk about film to really go into the depth of how this came to be why this is important. What is it means needs culturally what it means is you know? Plot wise from Armageddon. His Ardoz Link will say having a Samsung television. It was hard to get the the criteria on general APP on Samsung. They don't play together right now. And this is part of this weird sequester who owns the standard landscape can we. Can we talk about this. I I'm GonNa tell you what my face was if you have a Samsung TV. Here's what works. It's not enough to just sign up for the ROKU ROKU APP on the Samsung APPs. You actually have to get an External Roku stick twenty five bucks. Attach that to your Samsung. It's like TV but once you do you don't need to use the ROKU remote. Your Samsung remote will operate the channel. Just fine which is that as I I see stuff does that. Yeah and then I've been I've been obsessed with it so actually I said the night Huxley passed. I wanted a mood of film so I watched watched one car wise in the mood for love which was exactly the right thing for me at that moment in time last night when I couldn't get sleep because my sleep patterns are still abysmal. Ruin my watch most of the original heist film which is a French new wave film. That maybe don't know if it's new wave exactly but it's like from that era ish and in the middle all is an hour long heist with no dialogue and it's absolutely riveting. ooh Yeah No. It's this it's you're watching something really special and you see so all many movies have borrowed from this since then from the bank. Job With Jason. Statham do films I so I haven't before we go on about criterion. I have real concerns about the APPS built into. TV's especially on low end models that are priced at an incredibly incredibly low low price rain. Yeah you think that's a way that people are GonNa hang more for cable and all that no they're collecting data. They're collecting data about what. Oh you watch what you play. What things you use your TV for? And I think even maybe we solve an apple. TV Den right right like that's the thing we used. Because I kind of trust Apple Apple with privacy stuff but anyway tilling off. It's justified or not. I don't know if I'd be interested here. What people think? I'm bringing it up because I don't know anything about it. I haven't I haven't done the research. We were working on an episode of Tech Pot about that and I would love to get feedback from people who maybe no more Then you can hit me on twitter or comments read comments in criterion had to spin up their own service risk because previously. They were part of film struck. We've championed that before. Fortunately when away and this was the sponsor that to to take that collection the licenses says they have to allow you to watch the selection of film otherwise you would not be able to find anywhere. It's been spectacularly successful for the and good mm so has been really really stunning and seriously if you're wondering whether you should sign up for criterion you do. It's a stunning film. Education in a channel channel with beautiful prints. Really like it's just great. It's like I'm just cracking the surface. I know it was live yet. So I'M GONNA go as as soon as I get home. You'RE GONNA yeah one film that's going to be on there. I'm sure at some time and I don't I love to get him on the PODCASTS. At the more talk about yet. The curation ration- Prospect Siamese Sierra totally have on the podcast and ask him when is movie like parasite going to hit the criterion collection and Bunk joon-ho interviewed a bunch on on in different in different things on this. Thanks for the was. It really really seems. We've been wanting to talk about parasite for weeks and the holdout has been. I'm so we will just refer to them as suspect W I. I think you're aware wolf. I've only ever been aware we'll one. That's what that's where Wolf Talkradio. But let me tell you. When I was the Werewolf it was here? We did a huge night of Werewolf Games ames here in the cave. Ben Ha and a bunch of other folks. Harper Harper was here and my son think too was playing with us and he was like nineteen at the time and the only time I was aware of he could tell I was the werewolf because he was the senior and I somehow managed to convince people that not only was I not aware of but but he was not the Sierra and unhinged him being so duplicitous. He likes slammed by in competition. We play one night ultimate which is basically no sleeps. You just do you get one one night of where wolf and then it's done. They built a bunch of extra rules. So that you can get all the information you need on one pass. Oh Oh my God and I will bring a copy of that as well. It is phenomenal. It's great for people who don't play with like five four people. We played with my seven year old spectacular watching her learn how to be duplicitous and detect duplicitous. Well and seven is just about the age kids. Start to be able to hold competing eating concepts in their head. We've talked about this before I played my when they were seven. I've played them. WHO's on first right and watching? They're hungry little. Brains grabbed these. The tensions of language and enjoy them is super. Nobody appreciates a terrible pun. A seven-year-old not not a parasite. I've been dying to talk about this film. Because so ben acker friend of the channel and good friend of mine half of Akron Blacker the writers of thrilling adventure adventure our many other things human being one of the things I love. We all know help. Fund is to talk to screenwriters about film right here. What someone who is immersed I in the mechanics of it thinks about very one of the things? I love about Ben in the way he talks about it is. It's always about character for him character character character. He doesn't give a shit about plots if it's not what about the characters and what. They're what was actually happening because of the characters and it took me forty years to get to that spot just for the record and parasite is the one of the most interesting character films. I have ever seen in terms of what you think about the people on screen where you're alliances fall. How you feel about the characters actors it is? I have never felt so much tension and such a thrill over just thinking what the Hell is going to happen next and yes and now. We're not gonNA do heavy spoilers. Actually it's not to spoilers. Spread the little girl okay. We'll get spoilers. The movie you undoubtedly horror film. It's a thriller by the way just before we even get to spoilers even talking generally about the film is is. It's a tiny bit of a spoiler. I would recommend that if you really are excited about seeing it maybe turn this off now because the less you know the more liberal than the film is the second time because I'm sure it's a whole different experience in theaters in the states because of the Oscar campaign so it his hat on a hat though. Which is the convention to say that you know they take something literal and and it? It is also the metaphor so the fact that people live there is a class system. People literally live under people. Yeah like also they live under people and writers and he in embrace that and it's heavy handed enough yet but they're still so many layers to pull back and you know so there are key you see every time you meet the character. He plays bunk. joon-ho is the director who directed OCTA and Snow Piercer. Here Sir and he plays with all of your expectations all the time. You meet a new character anything. Oh I think they're kind of like this and then you find out. Oh no no. They're totally the opposite of that. Actually they're also like that The two families and the film was talking about the the main repair tackiness. No family family the domain protect families a husband and a wife and their son in their their adult son and adult daughter and the son is a university student and the daughter is is not yet. It's unclear it's unclear. It's unclear May I. There's no there's there's not even a turn to suggest that they're actually related these four. I I that was unclear to me for pretty substantial part of the film I submit that they might not be and that the film I see that point I think that the the bond that they have and the the maybe the cultural need for like you know fought the frontal children relationship a is there. I totally get that. But but there's a way in which the the conventions that get played out in the film feels so subverted that go all the way to maybe that family family and the other family is a very well family. Yeah so the Kim family's the the poor family and then the the wealthy families the park family and part family lives in this amazing architectural masterpiece of a house which was completely constructed. Set up completely constructed outdoor set because wear where light falls in. I lines like bunk. Juno had diagrams in the script as he was writing about islands from the staircase to the kitchen to the thing the thing and there was they look for a house and very quickly realized they weren't GonNa find it and then they went to the lot where they built the house and spent days tracking where the Sun was going and built the orientation of the house is to accommodate for the sun based on the plot while right. Wow this set of the Kim him family. That entire street is a set. Yeah well that I can see because the way they were they were doing on it and the but yet only why. But it's not only it was. The entire street is set but apparently they were going around to like wrecking yards and dumps and other places and buying chunks of the city to make the set feel all super realistic. These old signs old doors and old windows. I mean we lived in a lot here but it it's definitely it has been lived in and then some d. idea that it every space that you pretty much every space that you're witnessing in that film is a space completely constructed is kind of astounding well and the different locations nations have entirely different. The most shot like different films right like the basements basement said his shot in a very grungy kind of turn kind of way And I was GONNA say like a seventies seventies like a pal and pack Ula film. Yeah whereas other the expensive home is shot almost almost like like the. I like not Michael Bay film but you know how the island had that whole gold. Now the whole thing felt like it was shot in the Golden Hour. It's terrible Gregor Film. The Governor Michael. It's a bad film. I have Michael Bay. It was Michael Bay. Wow but I like the whole shot. Golden Golden Hours. All glow in the whole house feels like you're in a in a higher plane which I guess there's a precision into it from the set design to the Sim Socrates. Even the acting. That's not naturalist like they are very precise it's intense rotations. Everything I imagine. I don't I don't know it's Miami of David fincher right movie. Yeah and hearing about how they would go and century and you're right you're completely right word up Cherian. Yeah that'd be like offense or David finch see also see also the Goldfinch also Peter finch. It's tough to talk about it without talking about. This is the the big moments so it's a film in which these two families intersect and it is. The intersection is mostly about class. uh-huh more than it is about sexuality or romance or friendship however those all play some role in it. But it's really deeply about class to me. That's what I took away from it and I'm not actually sure what the film stance on class is right. That's it's the kind of the big you ity that's baked right into the entire thing or who who. You're supposed to be rooting for your moment. I do ever feel like I should be rooting for anyone. Everyone felt like they were. Everyone felt. Everyone was unsympathetic to me. The film has a momentum in the first son. Third The Sun. Yeah yeah the Kim Sun. Yeah no the park son. Enough Park is the rich family. So the Kim Yeah I would agree with the birthday boy boy. Yeah he's about the most unsullied character in the entire. I I would say the two part kids are the are the victims of this whole thing. I'm curious about that more. But there's a momentum in the first half of the film where these things are falling into place and you watch it almost like a heist film in planning and the execution feels revel in Asia and in the same way that a heist film is super thrilling. Because you just are super excited see. What's right around? The corner is more like a manners. Drama in which it has the same tension constantly but the attention builds up to a point. where it you know? I'm describe a scene. Where they're they're drinking and they're eating food and they're celebrating reveling in success of their plot with a bringing the venue venue that they're in down to their level and that is so stressful to watch just a simple seed of a family eating dinner? You are like on the couch and contortions Russians with tension even before the moment happens for the Telegraph. And it's something that scene last longer than I could take so long long like the basement scene from inglorious bastards. That's what it's like. It's almost that amount of input you're sitting there and you're like I do not I do not one could things to happen to these people but I also don't want like the thing that's bad is going to be real bad. Julia had to tell me to stop moving because I was like and then he throws a curve ball at you right after that moment. What a win? And then the film Co. goes into complete even direction. Oh my yeah. And that's only only one of the ways. The film goes into complete direction before we continue on with the show. I won't let you know that support for still entitled comes this week from Microsoft surface. Introducing the new you Microsoft surface laptop three with its beautiful touchscreen. You'll experience stunning graphics with razor sharp resolution now available with a thirteen and a half or fifteen inch screen and with the latest processors. There's no project. The surface laptop can't handle. It's both light and powerful soon. Get more done on the go. Oh visit surface dot com slash laptop three to learn more. That's surface dot com slash laptop. Three now back to the show. I think it's time I'm to talk about this okay. So if you're at all interested in seeing a parasite turn this off now. The less you know the better now I say say that thinking that movies like since and seven and fight club are way better when you know what's going on. I actually think that they're improved by having watched them once Of course the second time is so. I'm I'm really. I'm really looking forward to seeing press a second time but the like so parasites starts off like any normal. We'll film you're meeting somebody. They're having a conversation with somebody else in a young a young man gets a job tutoring a kid that's how it begins And he goes so The young man is of the Kim family and he goes to tutor the son of the park family. Who He's been told is a brilliant artist who needs some real direction And it's clear. He learned the teaching the daughter to write reading speaking English. Oh right assisted senior brilliant kid who's got. Add Yes Jessica ESCA. Yes okay. So He's teaching the daughter that's Freia. Yeah and he. He gets that job from being passed from a friend right reference a friend Who wants to date the daughter when she's older? There's that's I'm being unpacking that the way in which he hold that there's already a plot. which which is that? His friend WHO's accessible handsome university student is about to go abroad for a year. Wants to eventually ask this sixteen year old girl out. But he's giving the job of tutoring her to his friend who trusts and and he. The friend also sets the stage with the family. which is the mothers in charge? But maybe not the the brightest or simple. I think what he says. It's what the translation is at least but the whole time this Kim families hustling the folding of pizza boxes. This is the whole thing in this dingy apartment. That is literally below street level. Where they're you know they're stealing Wi fi? There's a moment in the beginning when he says the street fumigators guys coming around and they're like. Hey the fumigated guys coming to shut the windows and the Father Says No. We'll get a free fumigation if we live the windows open and they're folding pizza boxes in coughing and holding their breath and it is. It's horrifying it is maybe some of them. I was five minutes into the movie the and I thought this is some of the most efficient character building. I have ever seen a friend of mine. WHO's a screenwriter? He his favourite character-building sequence sequence. Is the scene. In Grosse Pointe Blank when John Cusak goes to his father's grave and empties bottled Scott drives away. No words are spoken. You know everything everything you need to know. And the entirety of parasite feels like that level of character precision. It's dense in the way. That watchmen is dense so the sun goes it starts tutoring and the mother is then talking about her other child. A younger son is hard to control. Your right sorry and then they see an opportunity to then bring more of the family in so not. This is where the the the kind of that there's more to this family right. Yeah sister shows up up. The Kim's sister shows up and pretends to be an art therapist at this point. I'm thinking oh I'm watching the sting right right right. I'm thinking Oh this is GonNa this is like a heist that's GonNa wrap around itself and some stuff's going to happen. It's going to be a lovable rob through you know. They're they're going to somehow career replace the family. Yeah so so that goes on for a little while and then They managed to get rid of the south many. No they get rid of the show I I yeah manages to pull a little scam. Have the suspicion thrown on the show for so that they can install the Kim's dad and as the new show for now there's three of the four family members working for the parks family when they then reveal that the most difficult to replace. We'll be the housekeeper right. Came with the House who came with the House. The House is built in the film that houses built by famous architect. Who lived in it until he died? He no he sold. It sold eight in his life but he bequeathed equipped his housekeeper to the new family. And the Kim family's talking about home and she's there before them she's lover. That's her house she is she. He seems really She seems a little flaky. But she's tenacious like they recognize. She's a foul and I remember thinking she's a faux. Wait a minute what she seemed just like a goofy did uh-huh yeah and just to be clear. There's nothing evil that happens in this film really up until the point that the daughter gets the chauffeur sacked this true. Yeah Yeah Yeah and then you're like Oh man seeing you're seeing. What looks like opportunism opportunism up until that point and then it gets militias? Yeah so they get the respect the housekeeper sacked and that's when it reaches the apex of their success. Mom comes in so that well. So the the they get the housekeeper sacked and the mob on comes in to replace the housekeeper now all four Kim's working for the parks and the parks have no idea that relate a threat. Well the sun does this son does. This is one of my favorites bits else. What's so good? How do you convey this on film? The Sun walks over to one of the Kim's and sniffs him and then goes over to another team and sniffs them and and says to his fam- his parents the parks they smell the same and they smell. They smelt like my art tutor as well and that is another hat and a hat because is not only is he conveying that that he recognizes and he's telegraphing that you he the familiar to each other but they are the same people they are porous. Is there and this is when you immediately. Cut back to the KEMP's back at home realizing that they are going to all need to shower with different products and cross pollinate. And that's when you realise they're deeply committed to this ruse and to taking it very very far and so very shortly after that the the rich family. If we hadn't made this clear departure super rich that Kim superport the parks. Emily goes on a on a camping trip and now the Kim's are sitting in the house. As if it's there's enjoying this big Chinese meal sorry this big big dinner yes of takeout in the middle of the living room making a mess making a super for big Mac and making bottles stealing booze the whole thing. Yeah right and then the housekeeper comes back. The doorbell rings and it's the housekeeper who they've gotten rid of of because of her garlic allergy teaches teaches fuzz. They told her they they they they. They framed her for having TB and the housekeeper says recognizes them and says not as I I know what type of person you are you are and it's not. I'm not here for retribution. I'm not here. I recognize the game. That you've played and you've played it. Well I'm here for another purpose. Left something and left something in the bathroom and literally they go underneath the House House into a bunker and and this is where everything from her ringing. The doorbell like all ready watching the Kim's eat dinner in. This House is super. I wrestle. We're waiting for something to happen in Bell Rings and it gets much worse and the doorbell rings and it's the housekeeper like what is housekeeper. And then she goes downstairs and it turns out that downstairs. There's a secret door and her husband's been living underground in this house for. I'd like to run hiding from predators. Exactly yes in Pitch Black and this is where it gets very Kafka ask like. He's he isn't a career or something is thing. What's that hiding from creditors? And a anyway I don't know yeah. Fear right of survival and you realize not. Only like his character isn't just that it's not just the plot of him needing hi. It's that he has become this ghost in the house where he serves a purpose receives sir. He serves knowingly for the parks. Like Park don't know he's there but he turns on their lights. Wait what yeah. Mrs Missus. Their lights blink. All over the place it's rating the lights from underground. When the head of the park mark household comes home every day saying when we go deeper into this plot out you see the lights come on you? Assume it's just like a room sensing light and that's what they assume to you. You realize it's this man who's been living underneath a house literally turning on lights and he runs to have to do it every time and he has become a little a ghost in this house and watch this when I hadn't slept in thirty hours. Watch it again. And so and that performance formats of that guy so later on its review you hear that the the the Young Park Sun brilliant one who's got. Add that the sister there is pretending to be an art therapist for You've heard that he had a trauma at a birthday where he saw a ghost. And you hear about this. And then it slowly dawned needed. Of course the ghost must be the husband who lives in the basement and then there's a point in the film when the camera flashes back to what the sun saw at the birthday chilies. You're looking at the stairs to the basement which already been like a character in the film and it's late at night it's classic kids when you're a little child you're scared of what's in the basement and it's late at night. He's going to find some food in the fridge. And this is when the husband would steal some food they show the black the the the the the emptiness of the cavity of the stairwell and what emerges ours is and the thing about about the shot is that you've met this guy you know. He looks weird and he's got an intense face in his eyes are really upsetting and still that does not even. I know you've spent time with this character. This flashback. You're not prepared for terrifying his eyes are we know it's like they come. Above hysteria is is one of the scariest moments. It's the David Lynch film. It's the man behind the man behind the hall in GS. And I O one. That's not even crazy agai- this is literally the first part of crazy the a lot of the back half of this movie dude. There's a garden. So do you remember Monty Python where they did the Sam Peckinpah Garden Party where everyone's arms are severed and blood is spraying everywhere. That actually happens in this movie there. We go that's just what I don't think we can even start to go into the plotlines of the of the of the third act of this film because it's so interwoven. So convoluted and bizarre but people people are murdered in the open at a party and blood spraying everywhere and there are body counts and runs to rain with houses sinking. And it's completely bachelor and as bad should it. It is the what's important about. This film is the subtexts that slowly services is the the relationship between the the father of the Kim father and the park father. How those bonds like that relationship is you see what's beneath the surface? Yeah and he reveals. It's been surface and it's so unsettling and it's it's a face of sidey well and that's the thing so you watch you know no classically you watch the movie. The fighter with with Mark Wahlberg and Christian Bale and you realize that the end that the fighters Christian bail right. You realize oh the titles about a different guy than I thought it was right. Well and parasite does the same thing. What who's parasite you start out in twenty minutes and you'll have one answer forty minutes and you have another answer at the end of the film? It's kind of the answer is all of the above. And you know it's it's like it's the class system on society is the parasite on the human condition. That's literally where this film gets to the point of view the heavy rain scene. Where where you have you know the the park comeback from the trip because it's it's raining and they're talking about? How great is that? You know it's going to clean everything comeback smelly so fresh in their backyard. And the the same time the Kim family is scrambling their entire street is flooded. And they're being buried in this flood and this and this is the scene of the posted their escape from the ridiculous dickey's confluence of events back at the House during the dinner in which they left the big mess and it is their dissent they literally descend from the castle on high I to their basement hovel which is under water and they're drowning in their house. It is maybe the most thrilling film I've seen in years I can't. I can't recommend it enough. Everything you've heard about it. You know again. I hope you haven't listened to all of this without having seen Zeenat and love to hear your comments. Yeah I I'm so excited that there are still so many places to find thrills thrills and weirdness and awesomeness and filmmaking especially from corners that you don't necessarily expect joon-ho is always made films subvert expectations and this is I just can't wait to see what he does next. Sounds like This weekend the tech pod. We talked about security best practices 'cause I got hacked last week really. Yeah I hadn't if t t If this then that account hooked up to my twitter was very old Natta bad password on was apparently public that I didn't realize I thought it was the other one that was out and and some musical to post on twitter wasn't bad but I had to go back and change a lot of passwords and had to do a bunch of ironically. This happened the day after we recorded this episode and if I have been following my best practices I would have been fine. Can I tell you at one. Point Ord Camp Back Tech pod dot content downtown at one point in ord camp. I sat down with some security researchers to find out the level of security difficulties in knowing what you can trust from. Your chip manufacturer factor. Chip manufacturer is Intel. Yeah that like there are even if you know the exact architecture chip you. He's still not be may not be able to find the vulnerabilities within it within your supply chain where the Fab and the ways in which it turns out you remember the Apple Memory League League where the the the bus was talking to the buffer memory and that was where the password being exposed. It's like that problem exists in everything we own across the entire higher world times a gazillion. It's terrifying. I'm glad you're talking about best practices off security. Well so the upshot is I as a result of this hack update the. We'll go into the next time we record probably is that I'm going to start doing to factor hardware So like you'll be key that south for at least like a primary account that is the and all catch all of all the other accounts so yeah it was. It was an interesting conversation and you can find. Let's do it now. It's up. It should be up now okay. This is next week. All right and the address again. Tech pod dot content dot town thanks.

Kim Microsoft twitter Scott Glen criterion collection Tom Talk Intel NASA San Francisco Samsung Lance Henriksen Jamie Hyneman Alan Shepherd Gus grissom Kaiser Man Jose Jimenez Max Maude
Tuesday 15 September

Monocle 24: The Globalist

59:43 min | 2 months ago

Tuesday 15 September

"You're listening to the globalist first broadcast on the fifteenth of September two, thousand and twenty. Oh monocle twenty, four, the globalist in association with UBS. Hello this is the globalist coming to you live from MIDORI. House in London I'm Georgina Godwin on the shower head. It is about two issues where they're going to override international law. It's about exit declarations Northern Ireland two GB. And the definition of state-aid relating to Northern Ireland. We'll start with a discussion which theoretically should never have taken place Britain's lawmaking body parliament debating whether or not to break the law. Then the spiracy theory or credible plot we'll examine reports that Iran is contemplating assassinating the US ambassador to South Africa plus. In Columbia at least seven people have died in protests following the police killing of a suspect in Bogota will look at accusations of endemic problems within the fourth and talk video sharing up maybe about to seal a deal with Oracle just ahead of Donald Trump's deadline to sell or shut up shop in the US with news and analysis of the top stories on the front pages. That's all ahead here on the globalist live from London. I look at what else is happening in the news Boris Johnson's plan to breach. The brexit treaty has passed its first hurdle to UK MP's voted to back the internal market spill. We'll have more on that story in just a moment. Joe Biden has called US President Donald Trump a climate awesome list the his failure to recognize the role of global warming in the deadly wildfires along the country's west coast and Russian opposition leader. Alexina. Valmy. Says he fully intends to. Return to Russia to resume the fight with the Kremlin as he continued his recovery in Germany after being poisoned, do stay tuned to monocle twenty four throughout the day more on those stories. We start here in Britain yesterday the House of Commons late into the night as Prime Minister Boris Johnson tried to persuade MP's to vote for the internal market. Bill. After the second reading stage, it's hugely contentious because it would break international law by breaching part of the Brexit. Divorce deal. The EU, says, it will wreck trade talks and has demanded it be scrapped by the end of this month. Well, Lance price former director of communications at number ten. Downing. Street, was up late and can tell us how vote went launched. Good morning cheese. Thanks for coming on The prime minister has a majority of eighteen the parliament. So did it sale through as expected? Yes he had a majority of seventy seven in the vote last night although that figure, you shouldn't read too much into that singer because this wasn't the crunch vote on the bill. It was vote on the on the principle of the overall package and and I think the Clintons are look at is the thirty of his own backbenchers including some very very senior figures former chancellors, former turn general's and abstained refused to support him in the lobby had the backing of the Democratic Unionist Party in Northern, Ireland lots of MP's away on various business here and there. So this was never going to be the crunch wrote, but I think the size of the rebellion at your to call it that certainly those. Who refused to actually go in and vote for the bill last night on the conservative side walls. And we'll those employees who oppose the bill the current ones have the whip withdrawn. No I don't think they will at this stage. At the moment, the whips the those responsible to try to discipline. The conservative parliamentary party is trying to play more softly than that. That vaguely hinting perhaps some sort of compromise before the crunch votes which will come. Next week as well. I don't think anyone's going to have the whip withdrawal at this stage I think probably never will do and that would be. That's that's the sort of nuclear option when it comes to trying to discipline recalcitrant conservative MP's or MP's in any party and and with the majority of eighty then Dory's Johnson doesn't have to press the nuclear button I. Think he's got to get this through. That the reputation of him and his government, and sadly the whole of the United Kingdom's suffer in the process. I felt that Ed milliband gave stand up speech in place of the Labour leader kiss stomach who's self isolating, and he seem to be many virtuoso performances from the floor. What did say yes, it was a good parliament performance and it was made all the best because some very very senior figures had very serious things to say that is always parliament at its best and Ed Miller Band who's the former leader of the of the Labor Party and now is in the shadow cabinet under secure starmer who say was at home because one of his family shown signs of Kobe's yourself isolating. His argument was was twofold really what the I the obvious one that's Boris Johnson is asking people asking. To vote against something that he himself signed, which was the draw agreements. And admitted that made the very good point that. Didn't you read it in the first place? Yeah. Why? Why did you sign it? Why did you have it in your election manifesto? Why did you make such a fuss about it being such a huge triumph of you now turn around intelligence that it's fatally flawed and a under binds PERC- suffering to his first but the second point he made was. In response to Boris Johnson Boris. Johnson said well of the holy gun to our head and they're threatening. The possibility that we wouldn't even be able to export sued from a Great Britain to. Northern. Ireland and and at mill tension him immediately by plenty of other this absolutely nothing in the bill that was put for the House of Commons yesterday. The would do anything about that. At all I mean, but the government's been very light on details they've refused to discuss who in the EU threatened to ban. British exports to. Northern. Ireland. Why would that be? Or concern huge amount of bluster around it. And This is more political than it is anything else. So. They are trying to make the e you look like the bad guys in the soon as they got in if they get it the specifics of who said, what when it would be slightly match with the European Union. Actually. The evidence that the EU is seriously making a threat of the kind of the privatised just in the last night is very, very threadbare. So they they it would be a dead end for them to try to actually approval let's and it has to assert it and they're relying on the fact that they have a very large majority in the House of Commons. And that the the most conservative MP's want to get business done and it's there if the government's frames, the vote as they are seeking to do as the national interest versus giving into the European Union and then conservative and as for the night of their own electorates and deny to the position that the government stands has been vehemently pro brexit going to vote for the government at the end of the day, and we know that this government has a reputation of POPs paying a little fast and loose with the truth. So is this threat? Didn't fact even credible? The threat. It is extremely unlikely that the threat that Boris Johnson claims of the E is making would ever come to fruition and there will be other ways of making sure it didn't happen without this bill. And the sensitivity of a smokescreen because what he was saying was, and as I mentioned a few minutes ago that the e U in his framing of the argument could prevent English Scottish farmers exporting their products to Northern Ireland. Well, what he should really be concerned about is whether or not. There is no a full trade deal with the European Union and he's talking about the possibility of there being no deal no deal being signed that under those circumstances, actually all UK farmers would be unable could be unable to export their produce to the whole of the European market. So He's concentrating his arguments on one very small area where he thinks he has a better case at nor in the big picture, which is much much more serious for the hold of UK farming in the whole of the UK economy I mean MP's from from the Gulf. Nations had plenty to say, didn't they? I mean people from from Scotland from Wales very, very concerned. Yes absolutely and right to be so and not only concerned deeply deeply frustrated that the Conservative Party the conservative government, this conservative Prime Minister Boris. Johnson are playing fast and loose with the issue rather than doing the serious hard work of trying to negotiate to deal which would protect not only and the agricultural industry in England. And Scotland that northern, Ireland for that matter and the whole of the economic interest of the of the four nations of the of the United Kingdom. So there's this really intense frustration at this abutting ear in style of leadership from from from Boris Johnson and a suspicion that it's it's all about trying to pay the tough guy. And get a bit of a better deal and they see element of trumpism in in all of this in all sorts, outlandish threats in order to try to get to back down and get a slightly back deal than you might otherwise have got. But are all saying is at what cost? What cost to average industry to British farming but also to Britain's reputation in the world. Where does this leave brexit negotiations? When it makes them very, very difficult they were difficult already and it shows that the British side of upping the ante very very significantly. But the up the back. There is nothing big. Every chance of this bill will get through the European Union will have to decide what to do about that during October, which is the absolutely crucial month but the fundamental facts will still remain that the on the from the EU side and think. Sides they still onto reach a deal, and if they do reach a deal that all the provisions in this bill was being debated, last night will Celo because they would be needed at all this Brouhaha and all this fuss and all this. A threat to to Britain's petition and and. Willingness to break international law, which we will demonstrated and will still be there after it would've been so nothing lance thank you very much indeed that was launched price there It's time to reset dial, raise your gaze and ambitions and see how entrepreneurship finance diplomacy, architecture, retail, and hospitality set to progress in the coming months and years. That's why monocle in partnership with our sister agency when creative is hosting a new summit in summer it from September sixteenth to eighteenth named the chiefs after the monocle twenty, four radio series presented by todd birthday, it will be a forum in which CEOS Founders Chiesa staff and heads of creative industries take to the stage to explain how it's get business running smoothly. Again, examine the challenges and opportunities on the road ahead. To Reserve YOUR TICKET HEAD TO MONACO DOT COM slash events is time you got some fresh air and clear clearview. Listening to the globalist on monocle twenty, four I'm Georgina God. Intelligence. Agency reports revealed that Iran maybe planning to assassinate the US ambassador to South Africa. The Islamic republic is still looking to avenge the death of top military commander Qassim, Suleimani at the hands of the US, and this may be the motive holly. Digress who is non resident fellow at the Atlantic Council and editor of Iran Sauce blog joins me. Now Holly thanks for coming on. Isn't it? A little a plan that hasn't been auctioned yet is being quite so publicly discussed. it. It really is right now I think a lot of people were reading this and kind of thinking the entire thing is bizarre given that the US ambassador to South Africa Lana Marcus has. No relationship to Iran and I it's a country that while does have ties with Iran is hasn't really been on the radar as having a big Iranian presence. So a lot of people reading this were a bit surprised that this was not only just so public, but also that there wasn't really a big relationship going on there. Why was at this ambassador was specifically being targeted and so what it seems to be is that the Iranians have seen that the marks actually has a close long relationship with trump and that may be really the only reason that she would be of interest. In as a means of being part of a retaliation for the killing of glitz force commander costs, and so the money in January I mean tell us a little bit about she's a political appointee of former handbag designer. Yes. She is a former handbag designer. Pointed in. October. By US President Donald Trump in so and she speaks. Some of the popular languages in South Africa and has ties to the country. So she's very knowledgeable in that regard. But at the same time I, it just like in a lot of these popular countries have relationships with the United States, these are political appointees by the president Let's have a look at Iran's relationship with south, Africa and South, Africa, of couse, country rich in uranium. Could that be part of the interest for Iran given that it is a key ingredient to Kussin any nuclear program? I would say that's a bit that would be a bit too far fetched. Put these two together that that would be the reason that Iran has a relationship. Iran has a relationship with numerous countries around the world the with the exception of Israel and the United. States. So you'll see these embassies in Iran. I think the question though I think that we should also note that this was one of many. Ideas that they were floating around. This was that they were going to assure plot this assassination, they were actually weighing it as an option. So it's unclear what the other options are. It's also interesting to note that one of the reasons that the United States decided to kill hustle money in January is that they were saying that he had was planning plots against US embassies and when they went to Congress afterwards, to discuss this issue, they were unable to provide that actual evidence. So a lot of. Congress actually skeptical of this argument from the get go and they couldn't fathom that why the United States would decide to take out Awesome. So the money knowing that it could prove to be problematic given that he's a country's top travel and he isn't just a terrorist as they've been arguing in the case of Isis leader Abu Bakar Baghdadi. So for a lot of there's a lot of questions here I would say more than answers absolutely, and just sort of back to that relationship I mean it would seem old again to choose South Africa because we know that that that it's advocated on Iran's behalf at the United. Nations they have a military relationship during the Iran Iraq? War. South Africa would told SAUL defense technology to Iran in return for oil. There are lots of large South African or thumbs large South African companies. Operating in Iran. Could there be any suggestion that the South African state could be complicit in this plot. Oh I mean I I don't think that's something we could really argue here in I'm not knowledgeable enough about you Iran South African relations to say that. But I think that would be a bit far-fetched as well. What I would say is that why Iran chose South Africa is that they us has a very close relationship with intelligence agencies in western Europe. And It's police forces. So a country like South Africa would little bit further Iranians to actually carry out an assassination like that if they were going to do it. So I, I think that's where where that's all going there. I I also think we should note that. This is something we actually expected the Iranians to do to retaliate for Awesome Sola money. We still haven't really seen them retaliate or what they vow as harsh revenge. and. So we we've only been able to see that These Shia militias in Iraq have been firing rockets at. basis housing, US forces, and also at the Green Zone sons cost Sulejmani stuff. We really haven't seen much more than that but a lot of analysts and experts actually anticipated that awesome so that they would carry out retaliation for Awesome Sullivan as death. So I think this is Paul. Essentially what was expected? We just didn't think it would be so soon many also thought that it would not be weeks or months, but perhaps years because Iran has the memory of an elephant believes in strategic patience and so they had a history of carrying out assassinations and usually they don't. Act on it. So quick sometimes they wait years before they actually take out these. Individuals usually dissidents in this case Now that the stories received so much publicity. Do you think mrs? Marks. Can rest easy in her bed. I would hope so given that that she has probably the proper security and. The Iranians would probably. Be. Interested in her as an option. as part of a retaliatory strike. So I think that that she probably will be now resting although it's hard to when you have dot kind of possibility over your head. Holly. Thanks very much. Indeed. That's highly douglas now still to come on the PERGAMA. Chief Tyler. Meets Color to Benedetti the publishing giant to discuss the state of the media in Italy. The media market is very bull in most of the Western world because of the collapse united diving and Eden. Schick relation as well. These are normally has to be corrected in my mind and the only way to collect it is to. Find the eight you newspaper, which is owned by me. Stay with us on the globalist for more on that story. UBS has over nine hundred investment analysts from over one hundred different countries. Over nine hundred of the sharpest moins and freshest thinkers in the world of finance today. Find out how we can help you contact us at UBS dot. com. Columbia has erupted into violence Huntley seven people have died in protests sparked by the police killing of a man detained for breaking social distancing laws. The mayor of Bogota's forty, six streets in the city have been destroyed. Colombian Oscar Guardiola Rivera is a professor in international law and international affairs at Birkbeck polit. College and joins me on the line. Now Oscar, can you give some more detail on the initial police action which began this? Your Gina Very Good morning to you and to our listeners according to the mayor of low-tar cloudy Elope is the first woman to be elected in such. To such a high position what happened in volatile between Wednesday and Sunday must be qualified a so real massacre. According to the evidence, she presented to the Inspector General of the country throughout the evening uniformed policemen, policemen hiding their uniforms or presumed members of the police in civilian clothes embarked on the massacre in these four neighborhoods we now know that at least anything in between ten to thirteen people were. Killed by gunfire by police gunfire, that is and at least two hundred where at badly hurt inspector. General Financial Carino received nine thousand, nine minutes of video footage which shows how members of the public force are clearly a arthritic shooting indiscriminately in different neighbors of the city. So let us be clear. This is not a the proverbial case of. so-called rotten apples but agents of the state performing a suspected of them. What official response has there been? What's the president event to case it? Will response by President at Yvonne Duquet could not have been worst on Sunday. The mayor of. Cloudy Lopez having the nouns that in point of fact, the police had disobeyed her orders according to. The Colombian. Constitution the mayor bullet as the commander of the police. Chief announced that orders coming from the state that is to say from the Ministry of Defence, had over ridden her command. And she invited President Duca to attend an event of You know forgiveness and Reconciliation President Nuke not only did not attend leaving an empty chair but came out in front of the cameras. He usually does he prefers to appear on camera he dismisses avoids. Mingling with a actual real people saying that the stay to had acted. Using legitimate force and putting the blame on the people who were at first at least piece fully. Protesting against the assassination of the this common passer-by again, it's not the first time. This happens in Colombia. listeners would like to be reminded of the fact that social explosion have placed not only what about in other cities of Colombia and in fact, throughout Latin. America. During November and December which was interrupted by the pandemic and journalists were expecting that the social explosion will come back as soon as those measures were eased But of course, the detonate the fan that spark the fire. This time is the clear abused by the police assassinating a come on passers-by in a country where before these scandal, also the army had been accused of abuses and massacres had hit A. Two or three year. Record high. I mean, the police brutality may have been a spark point as you say, they've been huge demonstrations before. Do you think that there are many other factors playing into this big big sense of anger amongst the population? I am not the only one. Of course to point out that There are tears socioeconomic. Causes here, The pandemic has thrown than tired region into a much deeper crisis than that sparked by the two thousand eight. Financial Meltdown and a lot of experts suspect a lost decade in particularly in the kinds of countries which are really good by Fahd right forces such as Brazil Colombia Chile and is not a coincidence that we are seeing a return off repression in precisely these countries also believe here and. Also, the case that in that particular and concrete. Case of Columbia the fact that the. Model for Latin American strongman album. Has Put. It has been put in prison for allegedly. manipulating. Testimonies in a case that has to do with his involvement with other massacres. There are many who are saying that the the sense of. impunity. is also fanning the flames of indignation among common people in countries like Colombia. I mean. I understand that there are now investigations into nearly two thousand allegations of police abuse and Columbia. Is there any kind of structural reorganization plan for what's clearly of a very troubled institution? There has been a reform plan scenes. In fact, I was member of a commission back in the one, thousand, nine, hundred, ninety s which proposed to subtract. The. Colombian police from the. Key, chain of command of the military and our proposal back in the ninety whilst to turn the police into what it should be, which is an organism serving civilians under civilian control. It is very unfortunate that those voices for reform had never been heard. Of course that also includes. the fact that the police like other. Agents of stating Columbia half merged with criminal organizations especially drug dealers who turn. Far Right. Paramilitary in an attempt to wash out the crimes by helping out with the counterinsurgency effort. So this is a very deep seated structural, a molest. At the heart of not only the Colombian police but. Also other. Sectors and elements offer the. Law Enforcement Structure. Finally ask what's the situation on the ground now? We'll see tuition is of huge indignation. Some. A lot of people did attend May Europe cloudy a low passes effort of for reconciliation. All Progressive. Parties. Including those that opposed a major cowgill in listeners. Would also like to be reminded of the fact that Lopez does not come from a leftist party hers. She's a centrist party and but they have all come around her in order to protect her because the filling in the ground of there was a sort of coup d'etat against. A local COULDA tie you prefer. To be specific this is unprecedented a case in which the police simply this obeys the oldest of their command. So at the very least, there was a break up in the chain of command but more so and more ominously. Does there is. Strong evidence suggesting that the break of command came from the top. Oscar. Thank you very much. Indeed. That's Oscar Guardiola Rivera his what else were keeping an eye on today Joe Biden has called US President Donald Trump, climate arsonist, the his failure to recognize the role of global warming and the deadly wildfires along the country's west coast speaking. In Delaware, Democratic nominee Biden said another four years under trump would only bring more inaction on climate change. Meanwhile, the White House will has delegations from the United Arab Emirates and Bahrain today they'll. Find agreements towards normalizing relations with Israel and Israeli prime minister. Binyamin Netanyahu will be on hand to sign the accords with the foreign ministers of both Gulf states the and Bahrain will be the third and fourth states to normalize ties with Israel following peace treaty signed with. Egypt. In one, thousand, nine, hundred, seventy, nine, and Jordan in one, thousand, nine, hundred, four. And Russian opposition leader Alexei Navalny says he fully intends to return to Russia to resume the fight with the Kremlin as he continues his recovery in Germany after being poisoned the German government's has tests have shown he was poisoned with form of the nerve agent Nava Chuck Russian officials say there's no proof and have floated several other theories for Navan these illness including a drug overdose this is the globalist stay tuned. It's been reported that the software giant. Has beat the competition to take over the US of short form video sharing Tiktok, which is owned by the Chinese company Bite Danz. This comes just in advance of a deadline set by the US president. Donald trump for the APP to either be sold or shut down within America just calls is a researcher at the University of Oxford Internet Institute. He's on the line to tell us more Josh. It was thought that talk would do deal with Microsoft. Why did Microsoft Pass on this? Yeah that's right. MC. Soft was one of the early plays considered to be the front runner to Aquatic Toco politics it to operate in the US is there's a bit of politics here and a bit of substance as well on the substance side like spokes really at the idea of having to police talks huge network, which is. Dominated one, hundred and seventy five million used in the US alone and anything you take online at that large-scale brings much a much of the unpleasantness of of offline human life with it and Mike self to maybe didn't fancy policing will be political extremism and all the things that have been cropping up on. TIKTOK as at any session over the last few months as I think that's todd of it I think the. Part of if you like is the proximity of or cool the chosen tech partners is being described. To the president and the idea that perhaps. With the benefit of the cozy relationship between the. Chairman of Larry Ellison I'm president trump to deal them outside was much more likely. I mean, remind us why trump insisted on sale. Yes the trump has been part of the wider set attentions with China. Trump has been pushing hard against many of the Chinese companies operating in various ways in us This includes Hallway which provides a five G. penalty which a managed to put some block. Some I also Tiktok, which is as as the the mole the Looking at notionally, could be harvesting data from Americans citizens outside China, for use a building profiles say in in Beijing is no evidence. This is actually happened on Tiktok has taken some steps to appraise it's. Business outside the outside China but nonetheless, the fear remains that it could be used to to do that. But again, we shouldn't get too far away from the politics and TIKTOK. Really become a one of the many boggling chips think in an emerging tech wolf between two countries and we don't have details of the deal but I understand it's not an outright sale. So how will it work? It's not an outright sale is being described as a as technology publish it with Oracle, was interesting. Though is what's coming to light in the last few weeks around the Chinese government's attitude to the sale I'm so sad itself as you say is is is unlikely acquisition to the school where we saw facebook by Snapchat, for example, nothing like that it's going to happen but the idea that it's going to be technology partnership is also coming under a bit of scrutiny. This is because Beijing post a few weeks ago. Adding new controls over what can be exploited. If you like a sensitivity can be exported from China to other countries and particular issue apparently for the Chinese is the idea that the algorithm which powers Tiktok, which is considered the most important aspects of the service which sets up videos in that. Incredibly irresistible personal. To to its uses. That may not be sold way one Chinese official put it. It's the the call will be sold up, but not the engine, and so I think that's through another spanner in the works for a potential valuation, and again might be another reason why Mike took a setback now sells database technology and cloud systems to businesses. Why does it want to video sharing up? It's a good question I. think it's a bit like husking your grandparents who is a rave? Really it's a, it's a grain company in a very exciting young technology ecosystem in the moment and so the question of why they do it I think why interested in doing it is probably to a one is the politics that we've mentioned between. Champion and trump. This is an interesting other reason as well which is the D say Oracle built state faces. And cloud software and that kind of thing. Many of his early clients actually US spy agencies, the National Security Agency the CIA were invoked curing some articles projects in the company's named after a one of its codename given swift by I think by one of the agencies so that that kind of that participation of Oracle. From the earliest days in the US military industrial complex if you like. I think gives it real beneficiaries, but it goes the closer to to the US closer appeases. Mr. Trump the more likely it is I think to rank who with Beijing and I understand that article fired around hundred staff from its team in China. Last year, it's accused of hostility towards Beijing that presumably is again to play against. China agreeing to this deal. I think that's right. Units another example of or Caridi playing. To the trump administration's playbook when when it comes to a hell to do with. The tensions with China I'm so in in a sense so hard to see how this would get by Beijing again I think probably will Beijing is more interested in local in the posturing as well is probably the underlying deal and I think what we could well see coming out with his two is a deal works on the substance spouse on the Chinese side, it'd be the APP doesn't give away. It's online coach a little too much of it's real assets. But on the kind of president presentational stylistic site, it may be deceived or portrayed to be a win for the trump administration. Just thanks very much. Indeed, this is just Kohl's and you're listening to the globalist. Is a global financial services firm with over one hundred, fifty years of heritage built on the unique dedication of all people we bring fresh thinking and perspective to our what. We know that it takes a marriage of intelligence and heart to create lasting value for all clients. It's about having the right ideas of course, but also about how one of the most accomplished systems and an unrivalled network of global experts. That's why it UBS. We pride ourselves on thinking smarter to make a real difference. Tune into the bulletin with UBS every week for the latest insights and opinions Romy Bs all around the world. You're listening to the globalist monocle twenty, four I'm Georgina Godwin and will continue. Now with today's papers joining me is in undecided former political adviser and chairman of the International Communications Agency CICERO group. Good morning to you in good morning. Now, we have been reporting on headlines that Biden has called trump A. climate arsonist the New York Times has a big piece on this. What does it say? So, trump has gone to California after weeks of these fires raging and these flown into. An, absolutely raging with the. Democratic. Governor Gavin Newsom and his cabinet sat dining with the president is the president flew into Sacramento's amazing pictures of the smook billowing around the airport and basically say to a president that he needs to acknowledge of the reality of off growing met change and trump's response to this new. York Times reporting is lit He doesn't think that science knows what's going to happen next and essentially saying that we'll kind of get over it. So it plays directly into the trump narrative of denying climate change and playing to his base in advance the election extraordinary, and meanwhile California buns. Yes it does twenty-seven dead so far many more injured. Clearly also too there's a major major a problem to in Oregon. I mean all the way down the the West Coast right now I mean many other states leaning in the California governor really acknowledging the support that the state's been getting from other governors. But when you look at the land mass of California over fifty percentage is actually under federal I e the US national government and for President Trump's control. Is A real question as to Whether or not the president was the leaning to help the situation. Well, let's turn to the C word. Now, I'm talking because of Covid and let's have a look at what's going on in France. What does Lemond say? Yeah. So at the moment, it looks like France If we own having a second wave, it appears that we are having a second wave Kobe. Is the current European epicenter of the kind of. Local authorities around Marseille and Bordeaux really gearing up now of banning. Significantly reducing the number of people that are gonNA pull appearance sports. Stadiums I've been wealth remained actually the proximity watching some of the spectators infringe sports stadiums. So far but they're increasing the distance, the reducing the numbers they're making a mosques compulsory from six in the morning through to to the next at am the next day, and it's all because of really a surging rate up in Mossy at the moment. The rate is three, hundred, twelve people per one hundred times and so an. then. Percent Positive test wait for loser being tested for those who've been tested, and that's a key story here in England isn't it? I mean people just can't get test but also there's been a change in the law. So it's now the rule of six. You can have six people together. No Birthday Party says the times, but you can go grouse-shooting. Yeah. If using Israel thing other than the rule of sex, does fact you? Toll and our Italian and actually some of the more a blaring headlines in the UK tabloid newspapers of this morning really questioning whether or not. That rule is the right thing to do or be politically helps Boris. Johnson with his agenda. Leveling up so maybe I should go don some. Tweeden. But it's only well of until the tenth of December because the grass seasons shorts maybe baby Christmas. Is Not going to be canceled off at all. Let's see. But yeah, it seems a very, very stringent interpretation and probably not the headline that the prime minister was looking for. And you know just talking about Christmas and shooting birds. All sorts of consequences that I think people haven't thought through what happens to Turkey farmers I mean all of those big birds that feed of twelve or more that especially bread they'll be absolutely no call for them. Well like so many things. Jordan have been reinvented through a twenty twenty people are living in a different way there the diets have changed people are exercising a lot more. Unfortunately, some people are drinking an awful lot more too but we may actually be having nut roast Christmas of this year because, yeah. Actually getting old of poultry traditional for Christmas may be off the table Finally, let's have a look at this whole route surrounding John, and Jo Malone. Sue John Boyega the Star Wars at Disney actor brought tone as the first male ambassador for this perfume brand Jo Malone very well known global perfume at Brandon and of course, that's a whole technique that brands use the bring on these ambassadors in order to drive a customers towards them not aspirational sense. Well, Boyega along a perfume with a Jo. Malone became the first male ambassador and yet he's suddenly finds that the Chinese version of the ADS. He's been airbrushed out of the entire concept I he's furious. He's resigned as a balloon ambassador because he said, the didn't talk to him or consulting in any way. So what once again using an ambassador to promote your brand may be agree idea but if you're not gonNA use them, you probably better tell them absolutely just to point out here that Jo Malone herself sold the company. She now runs Joe Loves and Jo Malone is owned by a corporation. In. Thank you very much indeed for coming on grades. We review that was in Anderson and this is globalist. It's time to business now with the financial analyst and regular voice here on the globalist Louise Cooper Good morning to you Louise Good Morning. Georgina. Now you sent me the stories and I just don't even understand the first one it's. Fits. Say You tell us you tell us what it is. It's an emanate. ooh Is that like s that Oh, no no, it's nothing to do with music either. So it's basically record numbers of companies buying each other mergers and acquisitions, and this is quite ought we have the largest economic shock global economic shock going on going on for generations we've never seen it and yet companies a buying each other at record amounts. So this weekend sixty, nine, billion dollars worth of deals announced just in one weekend global emanate margin acquisitions. Global deals are two trillion dollars year todate were only in September and the previous high was about one point something or billion for a full year you think this? Is going on, you would think companies. Slashing prophets slashing jobs would not have the confidence to go out and spend forty billion quid buying. Another company were first of all a lot of these deals are in tech, and as we know, tech has had a very good crisis as we've all spent loads times online and it's really enabled us to work from home. So first of all, a lot of these deals are in tech and the second thing is that money is very cheap. One of the reactions globally to this crisis is that central banks all over the world who said you know we're we're cutting interest rates if we can although. Often. They're pretty much zero Eddie and we will indulgent far more qe which rips down interest rates at quantitative easing, which ripped whips down interest rates even more. So so this is quite interesting. So one you've got a bit a catch up to it's very cheap to to buy another company using debt extremely cheap using debt to buy another company and three face something a little bit that may businesses aren't quite as bearish in his downbeat as as necessarily the headlines Indicate Now, there's been a really mammoth deal that soft bank's forty billion dollar sale of the chip maker arm tell us about that. So this is This is really interesting deal because I'm makes and designs particularly designs that she doesn't so much make them but he designs the chips pretty much used in every single one of the one billion mobile phones sold annually. It's got fantastic technology came out of the University of Cambridge Cambridge University years ago it's regarded as being like the UK's Doman, most successful tech company ever. It was so Softbank, which is a Japanese investment house at the time that happened years ago it was there was a lot of concerns about its UK technology if we sell it to the Japanese what happens then now it's been so to American company in the video core, they've bought it for about forty billion dollars. And there's a whole load of issues. First of all regulatory, it sold arm chips, design chips. So pretty much everywhere in the world it's a fantastic technology company. So everywhere in the world, is GonNa have to regulatory approval? So that's not going to be the second thing is customers. So the company has been. So tuna video isn't as independent Essays Investment House or completely independent standing by own owned by anybody else. So there's concerns about the independence will apple still WANNA, buy chips in arm if it's owned by sort of sort of a bit of a competitor to Better Nevada then the third issue which is provoking a lot of comment here in the UK is this idea that it's A UK. Technology Company in jobs are in the UK excellence in the UK technology is kind of owned in the UK. It's owned by an American company where does that leave us? So it's the age old issue of how protectionist governments should be about their own companies so Really, interesting one forty billion dollars. This one's going to wait to see how the story develops over the next eighteen months absolately. Should we talk about baseball because both you and? I. Had to look up. So this is this is again is another deal and the New York mets were bought by a billionaire for an astonishing number. Two point four, billion dollars who knew the baseball team was with T put four billion does it has to be central, Judean? I. Didn't need to look up the New York mets I was like, well, sport today I want. To Cup, they were baseball. The baseball and he's a billionaire is worth about ten billion dollars according to the Bloomberg. Billionaires index but he spent two point four billion dollars on New York. Mets. So it's even it's a chunk of money even for billionaire quite why is beyond me? Yeah. We too but. Finally let's have a quick look at j.p Morgan because they've done this very interesting productivity study on working from he's really interesting so so What they've concluded. Okay. So the pre the studies pre covert was that you could pretty much remote workers just as efficient as those in offices. This J. P. Morgan study is not quite as simple as that they reckon workout put particularly affected Mondays and Fridays. If you're working from home probably not a surprise. Then they also said the young workers are particularly less productive working from home and they think that's because young workers could be disadvantaged because they're not getting the learning opportunities in the office. So I thought that was really interesting. The other thing they talked about and you know management words. Honestly, it doesn't make me laugh is creative combustion. I think that that means that I'm going to set you alight and Georgina if I sit next to you in the office I, guess what it's referring to is the sort of bouncing apart bouncing around ideas. Doesn't happen necessarily if you working from home, Zine calls and I thought that was quite interesting as well. This idea that you do humans are social species and we do need to be together to come up with creative creativity and an interesting ideas. So so really interesting say from JP Morgan frankly there's GonNa be a whole lot more of these during. An analysis of how efficient working from home it is but it's one of the reasons that JP Morgan boss Jamie diamond says, we do want people back in the office of course, remember if you got a socially distant the capacity of an office according to J. P. Morgan is about fifty percent. So they can only because of social distancing half the amount of workers in the offices. So even it with this study if you've got social distancing. The work is still going to be working from home at least half the time because the buildings don't have the capacity to have everybody working in the office and I just wonder I. Wonder if you have this to as as a freelancer who works from home apart from when I'm in a studio, I think I probably work harder than people that go into an office because I'm still acid base o'clock at night. I mean, I I've I've worked for him for a long time and so I'm quite disciplined. And so I think actually not having all the distractions of being an office or chatting about last night's telly or the children have got up to actually think I'd get four far more done home because I only speak to my work colleagues about work wealth and How you teenage children they drive. So I would slightly agree with that but then I am not a younger adult worker Georgina I think I got into the. Adult. Work Category. Lewis I think you're a bit younger than me enough fast. Enough. Let me. Thank you very much. Indeed. This is the globalist on monocle twenty four. Hour. And finally hurt Monaco, we always rejoice when a new print publication hits the market and today was celebrating the launch of Damani, an Italian newspaper published by a man who spent decades with renown titles such as Espresso Unlock Republika for the latest episode of the chiefs, Monaco's editor in chief Tyler brule caught up with publishing giant Collar Benedetti to talk about the state of the media scene and how to fix it. He has an extract of their compensation. The Panorama of the media has changed. avantage substantially in the last few months, and now most of the media our own by company so people will have not the main interested media. The mostly in other business and they owned newspaper mostly to but that them side of thumb being candy sized and this distortion of the market. On top of the fact that today, the media market, the Israeli boarder in most of the Western world because of the collapse united dodging and relation as well. These are normally has to be collected in my mind and the only way to go it. They still solid eight you newspaper which is owned by me. After the first two years, we shouted a stout up. Of the new location, the ownership of the newspaper which is called. Domani. We'd be transferred to foundation, which is absolutely exception in the market. That is newspaper owned by foundation is quite the. Have gays in Europe as well because from the Guardian, and that's Minor I don't know any other newspaper being owned by a foundation foundation. Best sex is not a guarantee of independence of the newspaper, but it is a precondition in my mind that he's not attorney winters. There is no economic interests granola league to any body. We are totally independent. So, it's up to us to do a good newspaper but that article they should to be a success. I want to maybe start with you maybe pulling out your graphic design and editorial tools for us. It's difficult to do, of course on radio, but you're going to have to do it. What type of newspaper will greet people over the coming weeks. Of course, there must be a lot of work being done already on front pages, etc. What are we to think of? Are We? To think of something completely new are we to think of something which may be has the sober feeling of the Frankfurter Allgemeine is or maybe picking up the noise circuits I tongue does it feel a little bit ill folio? What's in your mind and what can you conjure up for our listeners when we think about seeing this front cover for the first time at the Equa-? You mentioned you which is a nice publication, but the directed will various selected the group of people. So we are not in that game, we want to be a newspaper which has to be. If you want to be objectively informed. On Russia politics economy having a struggle of investigative journalist. And a newspaper we take into gate. Account to gain economy. But we have filed away from the Fargo. Idea, which again is directed to an elite the and on the contract we are not looking finally. Second Reality Digital. Initiative. That means that our starting point and our success is going to depend. subsciber of our digital edition. We decided I decided that just the site without having. A paper edition would have been difficult to emerge as leading alleging off information because the mentality is still. That the paper is. Both the paper addition. So we are just starting. On an opposite way as additional newspaper has done, the newspaper provision without shouting to editors started all with printing edition and then added to that painting addition a digital version of a website we up of she didn't exactly the opposite way. Our success is going to depend on how many digital subscriber we are going to have not how many. Up We are going to I'll model on that point of view is completely new that he's no other publications that I know we should have started digitally we the guidance instead of the opposite. Many would ask the question and goes back to your starting point. That's you're launching as digital first product with a print component. Why bother with the Prince? Wouldn't it be lots of people sitting around traditional management meeting saying listen Mr Benedetti why are we bothering to cut down trees? Why are we bothering to have a press going? What does this do for us as a brand? Why do we need paper now? Personally I know the answer I think it's great but I'm wondering how do you defend this people when they say well, look just find be on an iphone beyond someone Samsung beyond. Someone's laptop. Why are we printing to begin with because he's probably Beige this I wish publication has to be a newspaper in the traditional sense of the word and the newspaper means news and paper. These is still a concept which is very strong among the public and these are the reason why I think that we won't be a as one like the word of newspaper is indicating thanks very much to Monaco editor-in-chief Tyler Rela- and the Italian publisher, Collared Benedetti and to hear the full compensation on the chiefs had to Monaco dot com forward slash radio or wherever you get your podcasts. That's all for today's program. Thanks to producers Daniel Beach page rentals and collateral Rabelo. Our research was Charlie Film Court and our studio was Louis Allen with editing assistance from miles clemson. Now do stay tuned because after the headlines There's more music on the way Fernando Augusto Pacheco is here guiding throughout playlists and we've got lots of interesting snippets and programs still to come including the briefing which is live at midday London time I'm Georgina Cauldron and return on the globalist at the same time tomorrow. Thank. Keith for listening.

US President Trump Iran Boris Johnson president prime minister UK European Union President Columbia Oracle Russia chiefs Joe Biden MP government Israel England China
Risky Business #601 -- Everyone's messing with TrickBot

Risky Business

51:53 min | Last month

Risky Business #601 -- Everyone's messing with TrickBot

"Hi, everyone, and welcome to risky business, your weekly information security news and current affairs showing my name's Patrick Gray. We'll be checking in without boy Laura in just a moment to talk through the weeks security news, and then of course, it will be time for this week sponsor interview, and this week Shar is brought to you by signal sciences but instead of having one of this. Stuff is on the show this week, we're going to hear from one of their customers Scott. Barron's is a senior security engineer at net flicks, and he works on the net flix product and application security team, and he'll be joining us to talk through the INS and outs of the upset program over there. That is a great chat that one I. Let it run long. But, yeah, that is lighter. But right now it is time for a check of the week security news with, Adam. and. Adam your last week when we were talking about how someone was interfering with the trick bought bought net and I said something along the lines of this kind of has the feeling of something that came off a whiteboard at Cyber Command. About that about that. Yes. Other news breaking that it wasn't fact Siva combined all up in trick thought. So yeah we well, you totally cold that one it it was the vibe. Yeah. It did feel coordinated that felt a little different than usual doesn't feel like the normal corporate tax downs we do know that the were some corporates involved as well as. Much. necessarily. The same operational whether it's incidence Mike stuff was also taking down some of the stuff in ways that we've kind of seen them do in the past But yeah, this one did feel a little different and yet it was. Yes. So it turns out Cyber Command were interfering with the trick bought botnets under the auspices of protecting the United States election, right the integrity of the election and confidence in the election because you know US security officials have been quite concerned that an adversary could use the deployment of ransomware on or around the election. Is a bit of a spoiler as a wide sue sort of arrived confidence in the US election I've seen some people pushing back on that on twitter. Some people insecurity saying, well, it's just a theoretical risk but look they have been thinking about this one table-topping this one for quite a long time I can tell you that with certainty I've been on this one for quite a long time. So I'm not surprised to see the move against trick much the same way that they moved against the IRA the Russian IRA that is before the midterms or during the midterms. A couple of years ago back in two thousand eighteen. So I'm not surprised to see them do this. Especially when you consider that trick bought has been linked to your all of shady state-sponsored stuff. Yeah. But I think it does make sense and when we talked last week, you know we speak that a bit about the healthcare impact was the trick bottle being involved in dropping the ransomware on the big hospital chain. We were talking about but I was focusing on the elections in a it's a thing that the Americans are particularly concerned about because it is a realistic thing that can happen but also it's A little bit more mandate to you know, go after and deal with things that are election-related and some of the tops with trick bought selling access rather actors on North Korea's one example incited. Does kind of tend to nations day territory. Both of those things are a little bit more in McMahon's wheelhouse than just like straight up criminal stuff and we've seen some people kind of suggesting that even if the technical risk to elections perhaps as pot credible who knows Hang on hang onto picked off. The trick on state and county systems right that could be involved in the election process some house I you know it does it does actually connect up pretty well I. Think and I had brief chat with Bobby Chesney about this he wrote a piece on it. For Law Fair and he says, yeah, if this is squarely aimed at ta protecting the election, then this type of activity would fall squarely within. The parameters of Cyber Command statutory authorities, right. So it which actually makes it less interesting because if they have done this because of the attacks against hospitals that would be crossing a big line but doing it because of the election actually less interesting. Yeah. It's funny. Funny because. It is a really interesting example of them acting against the network like this where election interfering is probably only one thing that trick part could be used where we've seen it being used for. But. Yeah. You're right. It would have been and we don't we taking action against the theoretical attack instead of the actual one which used down hundreds of hospitals. Just seems to be crazy. A place in the side effect right? If I do disrupt right but on that's it's also not particularly here to what extent this really has caused in payment. The operation of trick bought in the short term perhaps some in the long term doesn't really seem that way. You know we've made him a difference. We don't really know but anything that goes after those actors makes their lives more difficult is a good scientific even it wasn't the primary reason and we've also seen you know one kind of pot in public here and may well have been other actions going on and you know we may see ongoing. Activity against trick bottle you hang on hang on that's the part that's the part that comes next but let's just stay with the cyber command bit for now this could be signaling right? They are talking about this. The Washington Post comes out with four sources on this. They clearly talking about it to certain meteorite. Let's they're talking about it for a reason. Sorry. When people say this could be signaling I tend to think the fact that commanders even discussing it. Supports that theory. Yeah. I think that's a pretty straight line to draw. Obviously, Siva combines don a bunch of other things in the last year or two, and we haven't necessarily seen them discussed the same way as this during the previous mid Tim elections. You know he did see them saying you know we did the was some signaling. Russian ACA saying, Hey, we are up in your stuff we are watching you just. You know kind head things off. So the fact that we had some signaling then I think this has signaling now totally make sense it does. Now, where it gets interesting. Naira. As I said this isn't about the hospitals it's about a theoretical. That could could fall on election related systems right in a few weeks from now. But this begs the question couldn't you make the same argument for all botnets couldn't make the same argument for. In that case in that could be theoretically leveraged a state to undermine the election right and if that's the case why not attack them to? Know that there's any good reason not here I. Think it's very yeah absolutely you we've seen plenty of evidence of other Boston. It's being used to drop initial access as cover being used as unwittingly You know by other intelligence agencies to as vectors into places like there's absolutely a line to be drawn from all of the other big operation is such a natural good place to starve deniable they provide access the indeed they less well protected them. The networks are trying to break into our operation themselves. There's no reason not to go after the other ones under the same kind of logic to me. Well, that's the thing. Isn't it? Doesn't even though we're saying it hasn't crossed a line it kind of has. Saying, is that this? Is a national security risk that justifies the involvement of military organization. It's almost like this complicated. It's almost like this is complicated but of course, as you mentioned, there was another coordinator tight down a whole bunch of companies involved Microsoft Semantic Luhrman which used to be centurylink got involved and went after trick bought seats. It's funny too because while they were preparing tyke down. They were actually watching the cyber command thing going on and thinking what the Hell is. So, everybody's having a crack trick bought Microsoft used an interesting legal technique to. Get take down notices from US courts thought. This one was funny in that Microsoft appeared to have US copyright law to justify the take down of some of the infrastructure we takeover of some of the infrastructure on the basis that the attackers were using Microsoft's software development kits in ways that weren't permitted them in terms of the license which I mean Joe probably appropriately, they will correctly. Abiding by the terms and conditions of us. Hey, it's one way to skin a cat. Gets. The job. Done this is the legal equivalent of. Works right but. This is a new president and I can use this against UvA against and whatnot. Now, we should point out until four, seven, one that fund I track. Trick. Bought pretty closely. I haven't hasn't actually had much of an impact, and of course, trick bought does have fullback seats who methods. Among them tour seats and Emma Dns, which is like a blockchain based DNS that I'd never heard of until a few days ago and I've been reading up on MED and ask Yeah I mean it's it's all happening man but it doesn't look like it doesn't look like it's been a terminal blur to trick just yet. No, and some of the commentators are being suggesting that whilst this isn't going to be effective you know in the immediate term against sort of such a complicated operation multisided operation trek that anything that increases the overhead of operating an environment like that is still us when we do see kind of continued friction there were. Veterans. Using a lot. Yeah. Yeah. Trying just you know make the cost of running it and make fiddly and annoying and a pain and everybody's ass and they keep doing that then maybe it does provide some even if it isn't a long-term, completely kill the whole thing dead in the water. Well, we've seen a few people say that this falls under the Cyber Commands Hall Persist Engagement Model, and that's going to be a big pain in the ass trick boat operators if they just GonNa have a few operators dedicated towards like hassling them right and making their life Haad and I just I really do wonder if this was a shot across the bow. Bit of signaling or whether or not. It's the beginning of just a campaign of harassment against the trick bought operators because I would not want cyber command harassing me and just trying to make my life odd because it's that's sort of that's an isometric thing. You know you're GONNA. Lose. Exactly right and even just knowing that they they ever you're on May targeting lists that people tasked. Review and you right now it's know cyber level. But who knows what other stuff might be happening what else is going on and that's got away on your right amon anytime you're involved with a criminal syndicate you've got that kind of. Fear of what might happen to you hanging over your now you've got little fargos thin. Yeah I'm that's going to affect psychologically as well as you know the technical operational aspects well, I, am kind of surprised I gotta say I'm kind of surprised that if cyber command, we a do something here they didn't just are in the seats. And actually have the malware on itself. I am surprised there's got to be a reason why they didn't. Yeah I'm in the May Be and you know there's a bunch of tape lines that maybe they're trying to. Awesome. We've seen some of those arguments made in the past about you know, make an anti worm worms and stuff that maybe we're just not worth the hassle of trying to argue now and also know campaign like this is pretty new. They just going to try the you know the gentle option dunk too hard to see what happens get a feel for it, and then the next one we see is a bit more take-no-prisoners. Well, I saw in some reporting Krebs has been doing a good job on this one as well but in some of the reporting there was. Apparently they're all pissed off the trick board operators and they're going to boost their ransoms to try to loss just thinking guys when you've just been rumbled by cyber. Command you know sticking your head further up probably not. Not so much. But sort of Hubris that happens when you're twenty something year old cyber-crooks with millions of dollars in Bitcoin, you're going to think you you're invincible. They said any have been pretty untouchable. You know if you operate in roster within the constraints imposed upon you by being being in Russia, then don't go on holiday in Thailand then. Yeah the has been and maybe this is a sign that most times are changing a bit. All right. Let's move on what has actually Actually published a big place a big profile on the Cyber Command director poll, Nakasone. So that's just a rating list. Did you get through it? Yeah, and it's really interesting being a background of a guy that's pretty influential in. Command and you know is probably responsible for onto the things that are going on now. So he had a good good contextual reading. What's what's going on there doesn't sound like a super exciting guy, but that's paps what you want at the helm something. Yeah. Yeah that's the thing I mean. He's he likes pencils. That's something that by. Dustin volts from the wall, street? Journal was kind of saying that the space. But let me read the tweet. The director of the NSA is so boring. The most interesting thing about him is that he really likes number two pencils and has an either sized pencil gift sitting in his otherwise Spartan office. Which I think is a little bit cruel, right? Probably, want the director of Cyber Command and NSA being lie for the Party guy like. Exotic skateboarding around the office like I. Let the man like his pencils I think it's. Fair enough number two is a perfectly fine number of pencil. So yes, you have. Are you have our approval generally indeed now look staying with US government agencies the FBI chess have. said that ipt crews and now using that. That to mind controller bug that popped up a few weeks ago that real serious one where you could just get instant domain Adnan. No surprise there that people are using bugs I guess yeah that's pretty much the guts of the story came out hackers. Now use the bogged get shells, perhaps patch your stuff or look for the bug maybe both you know it makes sense that a bug like this is going to be picked up by a bunch of different operators, abt crews using this inside all sorts of interesting places. Unfortunately a lot of sense are reminded if the patches and when dad telling you to patch demand controls, probably you should patchy demand roles. Yeah. That sounds like reasonable advice on Norway has said that I recent intrusion into its parliament parliamentary systems was conducted by Russia I know. Cullum surprised. Exactly. Yeah. I mean obviously know Russia's very interested in what goes on in that region of the world and being open. The Norwegian parliament makes lot of sense or no surprises at all. But Russian organizations are having their own troubles at the moment Adam these I there's a group out there of Russian speakers pretending to be Chinese hacking brush organizations is that right? That seems to be the story. Yes. So whether it's Russians pretending to be Chinese or whether it's somebody else who speaks Russian Ukrainians. Pretending to be Russians, pretend to speak Chinese. Maybe it's the Chinese being Russian who even knows anymore about the point you think China's learned to speak Russian and then pretending to be themselves. Wheels within wheels man I'm not sure anymore by pointers. Russia. Organizations are being targeted by other russian-speakers according to reporting and. That doesn't sound that incredible given the things going on that part of the world lately. But yeah I mean. It's just so hard to tell what's going on. Any more than us is also using. We've got another Cyber Command Story here and I think that buried delayed because I, think the late here really is that Cyber Command actually does pretty good photoshop. This. Is a released from Alabama. They dropped some our enviros total that they attributed to. Chinese group. But yes. They dropped it with this like sweet further. Shopped me my guess for the group, which is called slothful media. They shot the pair of headphones on the sloth and they put a moon and then released it on the day of the Chinese Moon Festival I wonder if that could be related. But yeah. According to this story in Cyprus scoop this this one's by Shannon Beveren showing Lynn Gas this is Yeah, Chinese operators targeting Russia India yeah, and a bunch of other places I mean we've seen what Malaysia Kazakhstan as well. some criticism I think in terms of the quality of the work a slothful in the name apparently refers to the relatively lazy approach to cutting their tools. Being thrown. From here against twenty-first-century cyber weapon is shade via Photoshop. Hell of a wider win a war on. The minds of Adak Name Department that Sada Command continuing. Al Fame. If everybody can everybody else we've got one here from Raphael, center and Christopher being Reuters. It this is the right up of group that's been you know seeing operating the bunch of environments, but the diversity of environments being targeted is kind of interesting I've seen. Seek protests and Pakistani military and commercial organizations. What's and the conclusions basically suggested here this is another one of these of commercial. Misery Hacker outfits being tracked down here by from reporting from blackberry silence looking into into the Senate campaigns. Yeah. The idea that there are commercial operations out there you know isn't surprised. We talked about What was it the trucks Yatom Act coming out of? India. A little earlier on in the year But Yeah, interesting when you know trying to figure out who's behind something and it just doesn't make any sense maybe. It's just money behind it. Yeah. Meanwhile, I public broadcaster in Germany has done I really detailed report into ocean largest. This is of course, the Vietnamese I pay crew and it looks from the looks this story it looks like they are really an old purpose ipt crew. It's not like other countries with more developed capabilities where they tend to split off into different units for different purposes like these guys seem to do the law. Yeah, the report talks about some kind of Vietnamese people who fled persecution of political situations Ibn Nam. In this case, you know the guy that's residing in Germany that's you know kind of under constant attack by the Vietnamese ipt crew APP for political reasons. But we in the same cruise also been during a whole bunch of other stuff. As you said, the general purpose crew for anything, it's to get cyber out of Vietnam but yeah, it's just really interesting right up when it's been done by meteoric possession that's outside of the normal cyber and seeing their you know the way that they're trying to explain this to the. It's actually really interesting I quite liked the way that they wrote it up and tried to explain it without losing a whole bunch of technical detail but also explaining it relatively clearly. So I thought it was a good pace. Yeah they got some. animations and stuff in it. It's it's a good one to show normies I reckon exactly. Yes. Is is now seven is. Why the change is. So you know how like every single year at about this? The five is governments come out with a joint communique signed. The is of great concern and technology companies need to do more. They've basically dusted off last year's communique and put it out again but this time. India and Japan have signed up as well but I mean, it's the same old stuff. Yeah I. Mean That's pretty much exactly what we saw in the last years one year something knowledgeable. Into encrypt is important and useful in a commercial context. People do have some rights privacy and that governments in general in the way are willing to give up on mass surveillance in the way that the golden age of of cigarettes you know would have liked willing to give up a little bit but. They do expect facebook and social media companies and companies to come up with something. So that little for interceptor an options of law enforcement can do stuff. But yeah basically the same kind of statement that we saw last year. For governments like our here New Zealand haven't really started the process of trying to turn that into some actually. You know watching what other countries like a strenuous assistance and access bill, which is a little closer to what this five statement is. kind of Husky for seeing how that turns out is the smart move for people like us but who knows what's GonNa happen after the election in the US and Lindsey Graham and you know the movements against big take over this or maybe maybe more things will happen. Where we landed on that yesterday because I did work with Brett on this section of the newsletter do subscribe everyone I'm just GonNa say it again but yeah, I think we covered it off his allies paragraph on at the risk of repeating ourselves the use of a in of itself doesn't prevent a service provider from responding to a lawful access requests. Service providers could choose mechanisms into their platforms that allow. Africa for access to use a content the warrant, but he abi dragons any such proposals will be pretty fraud in the details. Sorry. The can gets kicked down the road. Once again, we can hardly wait for the two thousand, twenty, one statement. So that's that's pretty pretty much pretty much. You know it's still a hard problem with no easy solution. Ping of death the Ping of death is back and. Soft actually did a great right up on this. Microsoft has has said there's a CVS s like I. Think it's a CVS nine point eight. Gooden. Unlike the ICMP handler under the in their Ip six component. So it's like a straight up IP. Stack. Security Bug which suffer says they've got a park working for like Ping of death. To dos win ten with it. But we were chatting before we got recording an Iraq. You know someone might eventually figure out how to exploit this. I mean it's a pretty interesting bug. If this blog had landed in windows, xp you know something that didn't have modern exploit mitigation take then this would have been a planet melting body like an IP stack. Remote Code exact single packet off guard like that is. Six as well. So a whole bunch of are going to miss it. It is. It's the bug that ten fifteen years ago would have been a mazing, and now it's just kind of our the boxes a bit man. which is sad in a way explication works well ruins everything, but it's a a pretty much straight up in space stack overflow pausing the list of nine service in six router advertisement. Message and unfortunately, the route of relevant components are compiled with stack cookies. And yes I've watched the statement is that this is going to be difficult to shell remotely. There's no word on whether or not like a local attack might have more options, which is you know for local could be worth considering perhaps but yeah, this is GonNa get a lot of people looking at this back because if you can make it work, you know you're going to be happy. That's really like Scorpio, from the from the Simpsons, I mean gentlemen I have the doomsday device. That point. That's all. Right, if Ip Stack Remote and we haven't seen one of those for a very long time ago bucket modular ABC's mom lost year or whatever but it doesn't really count. But. Yeah, it's a that's a that's a hell of a bog. Am I part of me wishes it was genuinely like straight up Codex excusable because. We love to see things burn a little bit sometimes. Now Yeah an explanation take. This is why we have at Amazon justification for all the work that's gone into exploit mitigation stuff over the years because it just saved your ass, a bunch trouble MC soft. So I guess good job there. Was a bunch other juicy bogs. Microsoft's patches this month turn either shape map of a shape bog does some hyper V. Blogs you? Good collections. GDI. Plus Aussie is that GONNA. Be like a nightmare to patches well because it's Included in all sorts. You're. GonNa get ironed, from. Third Party. EMP Editor. I mean. That's a good question. That's why. That kind of system. It can be really hard to tell whether it has been embedded component and stuff that remember when there was that really bad jd I bought years ago and they actually had to Microsoft, actually had to ship a tool that scan your system to see if it was on your box. I yeah, and it may well end up like we've seen that kind of thing with compression bugs Ed Lebron. James and things like that get compiled into stuff. So yeah, like those sorts of bugs deepened the graphics system and windows. Heaven the power really delivered the goods medic I'm sure all of your application providers a using technology likes nick to fully understand card supply. No problem at all. Software AG having a bit of hard time over there in Germany. The biggest software vendor they've been hit by the KLOPP ransomware gang who have encrypted about staff stolen. A bunch of their falls are demanding apparently more than twenty million US dollars worth ransom suffering. Is a pretty big company, but twenty million dollars is a little box for anyone yet is I finally enough I had an interesting chat this week with Michael Montoya his the see-saw at. At equifax about their ransomware event, we're going to try to get him on the show at some point to talk about it but that was. That was a fun chat like it was just a case where you remember we were like how the hell did they attack is not get into the customer you know environment. And Michael. said. You know they had some segmentation and stuff and it was like it wasn't perfect but it was Josh, good enough to like they blew same and the defenses with just good enough to stop these this particular crew and it was a bit of a knife fight but they came out basically on top by the end of it. So there's more to it than that. But I'm hoping we can do that as a case study at some point when we got time but it was. Really interesting chat with Michael Sorry thanks guy if you're listening that was cruel. And now we've got a bit of a feature here from from Brian Krebs on at Krebs on security just really looking more at the business environment for people involved in ransomware. And in fact, it's a really good dovetail to that in anecdote about economics because the thing that Brian talking about is crews that advertise on Russian forums for operators to take things with initial compromises already happened, and then go into the all of the hard work to turn that into we understand the business we saw the data we've compromised everything we need to do on movement privilege escalation, get into point where you can actually deploy the ransomware to make the money and that's actual proper work and they're. Talking about a a guy called Dr Demille who's been advertising for people to do exactly that as a as a commercial service for other Russian of criminal operators are you kind of make sense of the economics is exactly why you'd want to go and outsource this through specialist rather than you know making a massive and not getting extracting the full value I actually think. Irregular businesses could learn a little bit from the way cybercrime operates piquet. Fully distributed engineering models like and just yeah. I just think they do it. They do it pretty well, do outsource to a center of excellence of privilege. Escalation on. That's the smart thing to do. Of course, crabs writes that up and then just at the end because he has to because it's crabs he goes ahead and just dachshunds the guy that he's talking about. Name and where lives in stuff you just a couple of the by the way it's his name Sergei and he lives and. He's probably using a hot while at Byu lead pot. Ace. Brian. I case we finally going to have to actually have a conversation about this. Little one one unfortunately, we're GONNA finally have to right into this conversation, which is about offensive security tooling. There's a subset of people in Infosec who feel like you know releasing tools like Mimi cats is really responsible because bad guys use him and we actually touched on this in a recent episode where you were saying like a lot of these offensive security tools were actually created to mimic the bad guys tools. But now the bad guys just use the ones that was designed to mimic. Imitating a little bit. But yeah, this Guy Paul Litvak he's a security researcher from INTISO. Labs has put together a presentation looking at the issue of offensive security tools being used. By militias attack is it's interesting. I'm glad someone finally done some real work on this instead of just feel pinions being thrown around on twitter, right? Yeah. That's exactly my I was going to say as well. I actually having some data to contribute to this debate because written and right now it's just been a lot of twitter kinda backward and forward from the different camps that really don't have a lot of middle ground to agree on and having some actual data understanding which tools being used in which kind of role in actual intrusions of actual sits of. Chains that real attack are using. That's useful data and it's an interesting kind of map of the guy has put together. All of you know where you know many cats for example is Widely, used for lateral movement but in some of the areas where the of less dominant. Offensive Security told and it's kind of interesting to see what you being used. I'm trying to draw some conclusions in one of the things he suggested that the more simple tools, the ones that do. Well are the ones that tend to get picked up and used whereas the more Kinda fiddly or clunky or require human input on the tools less well adopted which I guess it's an interesting insight about the overall discussion as. There's good points on on both sides and that what makes it Kinda difficult? Well, I mean sort of the thing where it falls down for me as a debate is, what do you expect to do about it? Right? Like site you lock up a lot of these offensive security tools say they're not open source anymore in this some vetting I mean it's not terribly hard to get yourself a pirated copy of either right? Yeah exactly. Right him in cobalt strike is licensed and yet it's widely used by attack when if that model was gone to work, it would. Strike, you just saw Brian the Brian Krebs story about the guy with a specialty i. mean you know next time Sir Guy will be offered offering tools, right? Like that's going to be the thing it might cost a little bit of money but I don't think it's going to make a meaningful impact. I think the Soga and the previous story was actually providing people with cobalt strike specifically well, go and the environment, right? It's part of the package deal. You get the access, the tooling, the entry point now if you go so yeah. That that angle I don't think it's working already. Yeah. So I, just don't i. mean this is way I haven't really discussed this and I'll get hype mile on this and people will be like, no. Tools a bad guy but it's like, okay sure. What are you? What are you expect to do about it like I just don't think there's really a solution here which kind of to me makes the debate feel a little bit. Moot. And I think if you look back in history and the ninety s hackles were underground right, you did have to know people to get them. They weren't freely available. The rise of security tools was a bit later on you know and it didn't make things better back. When you had to trade is say channels to get you know packet sniffers you know port scanners or whatever password crackers you know didn't make baiter back then sorry i. Look at the history suggests that you not really, GonNa, fix this Some young people are a whole bunch richer at the moment adam for doing cool stuff. You. Really Great. Right Up Front crew of bug bounty kids who sat down and spend three months working on apple's infrastructure and I ended up reporting something like fifty. What fifty five bugs to Apple's bug bounty program which apple's kind of working through an addressing, and some of these bugs are pretty significant managed to. China. Through I. Think Jive Portal Instance into you know code exist inside apples network and a bunch of other really interesting bog trains. That have made them at the moment I think two, hundred, Eighty, eight, thousand dollars worth of bounties I'm not sure if that's even the final number obviously apple has to triage all of the things that they've reported, but they did a really great blog post writing about you their bogs automated of the processes and things and just yeah, it was really really solid work and if you know you've gotta work the number's about how much time they spent on what they made out of it's pretty good money so. Yeah I mean this story here on Wide Osam Kerry who is one of the researchers who apparently twenty is old white ago Sam? He spiked to wired about this and apparently they could. Samuel Herb and Taina bonds well done to your and a final story. This week at Swiss post has gone from zero to hero when it comes to running a bug bounty program. Yeah. This is an interesting because the follow up to a story. We covered a while ago now where they had a bug bounty program for election software. Switzerland, and then a bunch of researches decided to drop stuff without going through the Bagbandy Burgers I disagree with the terms over the. Unknown disclosure staff that they felt was unreasonable. There was a bit of back and forth and disclosure drama and now this has kinda work over its language for running back Mandy programming, and the way that interacts with Swiss lower is kind of interesting. Buddy I. Mean it result is they've released it underground Commons license so that other Swiss organizations can use that as a starting point for their own bug bounty programs and I think this is a really good idea. You'd like to see this happening in other jurisdictions and it's the sort of thing where you can imagine the local circuits in individual countries, buildings and boilerplate wedding that other organizations can use inside that jurisdiction. Sorry I think this is a good a good story. That's actually it for this week's news. Our big. Thanks for joining us and we'll do it all again next week. Cheers Adam. Thanks so much pat talk to you then. That was Adam boiler they would look at the week's security news. Okay it is time for this week sponsored of you now, and this week's show is brought to you by signal sciences, which has apparently being acquired by fastly right. So might have to update that at some point maybe next time they come on but yeah instead of having one of their stuff on the shy single sciences asked one of its customers to join US instead Scott Barons is senior security engineer at net flicks and he joined me to talk through their approach to application security. As it turns out there. Challenge isn't really on the streaming platform side. That's actually pretty simple. But it's more to do with all of the other applications that they host and there's a lot of them. Scott. Barons explains. Let's actually talk feel like we think through the threat model of streaming product or even just the architectural complexity. It's not like a super complex authorization model. You're a member you're not you know. We think through a lot of the typical typical attacks. Like they're just there's not a whole lot in streaming product. Now, Truman product has all sorts of other security concerns so that we have to take into consideration fraud customer, trust abuse, all sorts of spaces, and that's actually where the George the focus on a streaming product is is is really around maintaining and establishing their customer trust. Now, where the complexity on the security side in the APP, space comes in is actually really around that that studio use cases supporting US cases, all the stuff that makes that streaming product rate, and actually that's Thousands of different applications that are sort of rolled in there. With way more complex operating models you know you're you might be a production manager shooting content over here, whole set of access control related to that and you or you might be an administrative assistant over here we have to do on behalf with permission modeling over here. So there'd becomes this really complex sorta supporting story to not flex, and that has been really cool for me. I started winning obviously on the streaming side and working to build security there as we started to. Do the studio stuff. Assist a lot different. It's a whole different threat. Is. Building you building like Administrative support systems for some of these productions, right so like. YOU SPINNING UP THE NEXT SEASON OF NOCCO HR system. So boom, that's a web APP guard. Yeah. Yeah and there's a lot of stuff that you can imagine in the studio. He's had a lot a lot of loss a lot of really cool technology Darren. So you know what we WanNa do is we need as security practitioners need to figure out like how do we sort of like increase earth like let teams stay with that philosophy without like getting their way right like to put another way like we don't want to be blockers because. I've worked at companies where like security's kind of the blocker and then what what people have doing either don't talk security. They find every way possible to like go around security, and so you have to find that balance like how do we keep fast but also keep them safe. And that's one of the interesting things. That's why I've been at Netflix for. So long as I find that that like that's like a tough tough area to straddle. Yeah so what what are the typical things look like? Why are you most in this scenario because I imagine there's a lot of Ip protection concerns on that right? Like you don't want leaks, scripts and videos and. Less on the security side but that would be top of mind right generally speaking. We focus on all sorts of different threats, and if you know if we were to sit down and think about like you know an application that manages content, a lot of different sort of things come to mind how would we steal your attacker how we feel that content odd we you know corrupt that content. How do we get access to that type of Information Selena, a lot of the threats that I'm thinking about it relates exposure frankly and I think that's common lot organizations. You know it's like how do we keep our data safe and I think unique to Netflix's as you know ethics. Has Lot of data just like a lot of companies do we have to be real sort of judicious on how we manage that data do it safely and a lot of my efforts in the last two years have actually been on the data side figuring out what is our data strategy in support of these big areas of Netflix's and amidst it's such an interesting place because you know data is. There's so much of it. Go. You know I don't know exactly how much logging but I know that it's a lot like there's just an it's wild amount of data. That's like sort of flowing through our ecosystem and be safeguarded. How do we make sure that developers business analysts are using it responsibly? It's tricky Talking about the applications that you're using internally to look at things like. US around Olympics. Things like that. What watching how long they want should for before they turn it off how many episodes before they lose interest all of that stuff, right? Yeah. Exactly. And then that's one part of it, and then you know how do we spend dollars better? How do we secure things better like where's our risk? There's a lot of us sort of motivating factors for sort of keeping that data and and I, think that Again. One of the things that that makes Netflix's interesting is like. I my my main focus is like keeping Netflix secure. It's also staying within our culture and making sure that I'm not introducing unnecessary friction like I guess put a different way. I want to be very cautious of doing any security work that that I really can't make good justification for because people that net flicks you know rightfully. So like they kind of want to know the context like, why why do I want to change my cross? Do I want to add this new security widget to my? and so you know we try to work a lot on our messaging and just being very clear with how we communicate with partners. And I think that's worth. Well, almost say that we've partnership focused to a certain degree. We'd rather I used to work as a consultant and I would just and test apps all the time when I started I started Netflix's Cape reports over the fence right side like and beat up an APP find every possible vulnerability. You couldn't just like he report over and I was like I'm successful at my job I'm like I find bugs and reports over, and then like you know six into my job I realized like. Defining sex like people weren't And kind of realized like Oh. Actually, I just was was sort of kicking stuff over the flip. Side, is it you know if you walk into a room and everyone in the room is an asshole except you maybe there's anyone else hall in the room. Yes. Yes. Exactly and I feel like that. That is like exactly what happened he and that's kind of what we kind of realized. Our approach really wasn't working like we needed to be a little bit more partner focused and find out like how do we straddle like actual security workers like other opportunities and all that. So how do you begin to tackle that? Right? Because that's I You know that's an issue that I'm sure many of the listeners grappling with. Yeah I'd imagine for a lot of people I know are who've found themselves in similar situations. A lot of it is about coming up with almost like a bit of a template or a God for the people that they tasked with sort of helping. Producing a bit of a guide or some God riles like do this way like and then corralling everyone just sort of uniform approaches is that is that the approach you took That's exactly right. Yeah. As you you hit it pretty much spot on, which is like we see ourselves as like experts, but ultimately, developer's they own this fear their product, and so when we engage with them, we we try to come in with tools approaches, preferred methodologies we call we use the terminology pay road paved path to think started the propagate a little bit across the industry. But that's definitely something that we're really focused on is like you're trying to solve this use case like here's the technology used here's. The approach to do it, and by the way, if you're using our attack, you get support and all these other things. So we try to release of wrangle in people with that approach which I think works well overall, and of course, the areas we have to improve as try to make our products better easier to use all those types of things I I've I've heard of a bunch of people in similar roles to you. One that I have. A lot of success is they build you know really security friendly. Repairs and whatnot right and have developers use their infrastructure. So they build it's like I don't know if you remember there was a Ted talk about a guy who ran a ethical. Where he basically built this garden for the guests who would just choose to fly and there was no France they would just fly in and feast on the on the plants. SORTA like that approach right you all the shiny tools. But they happen to be able to Code Scans and static analysis. It's all it's all. You're. Yeah. That's really what we're doing. We're trying to sort of we. We had this like minimum baseline. We really want people to use if you use the baseline sets of tools are preferred builds. This ship, your coat that production are preferred tools for secret management. A couple other things You know you get a lot of security benefit for that, and what we try to do is is we think about the types of operation our customers do they sometimes, they WANNA put an application on the Internet sometimes they WanNa talk to sensitive data. We try to curate a story for them to get there as fast as possible. So again, like showing them that if they use our tooling that not only. Is a reducing risk, but it's actually making them more productive and you've heard the analogy. Hey, security folks like brakes on a car. They actually let you drive faster not really slowing you down. You can drive faster because he breaks I really think that that's what we're trying to do like, Hey, we're gonNA give you all this stuff. You could actually go faster if you use our suffers rolling your own. Yeah. You don't worry about standing up all of this infrastructure you're going to need when you could just. A couple of extra controls, he about net win four. Yeah and one of the ways that we're really trying to sort of sell this and make this work better than even I think in the past over the last couple years like this idea of consolidating. And you know and I think. It's happening a little bit more serve external to security outside enough as well which is like it's one thing if we have these various tools that provide capabilities single sign on. Secret Management Certificate Management ETC CETERA have all these different products. Even. If I have all those things and I present them to you kind of have to be a little bit of an expert with all right like you have to kind of figure out like when do I go to one of these things? When do I set up by certificate? When do I set up my? My security component related to this part of the stack. And again, I think that we have an opportunity to start consolidating more of that stuff. So, big focus area for me lately has been even raising it up another level not just saying the paved road we're going to like consolidate these liked product or like a use case and think about that end to end so that when you adopt our piece of technology, not only do you get the single sign on but you get the firewall, you get the secret management, you get the certificate manage to get the logging in the telemetry, and when we start the bundle, all that stuff together our customers are getting quite excited because we're bundling with other things matches security like the mentioned telemetry like we're putting didn't logging in, they're putting in stuff. I mean this is the way to do it. Right you're basically a service provider offering them stuff that they need that's Thailand for your needs as well. Sorry I. Mean it is it is I mean have you had any specific areas of pushback on some of these things that you're offering? Yeah. Yeah you know I think in general the pushback Austin is like it works for me eighty percent. It gets eighty percent inish line and then it's who carries that last mile who carries that last bit of Technology and I don't think we've cracked that yet. I. Don't think we've cracked exactly. How do we straddle that last little bit of the integration worker the last little bit of on boarding the TAC. And I think we have a way to go there You know I think generally you can. You give me sort of real tangible example where a Dev just like this one little thing that pisses them off like what's an example? Sure well, let's talk access control because I think that's an interesting one and I've access control tends to be one of those security things that is kind of like. The security work do as defenders like falls and access control. It's like one of the best tools we have to mitigate risks. It's also one of the most complex it's like, do you think about it like fine grain access control? Some of these things are really hard. Our customers today even if we present them with like an aggregate project or an aggregated product, they still have to do access control configuration and it's hard You actually, they are required this way to actually go through and give function permissions instead of just. Everybody gets route. Yeah. Yeah. Yeah. Yeah Yeah Yeah Yeah. That that's a whole different can of worms there. But on the the the access control, it's complex for for our developers because something circumstances, they might have to manage policies in two different systems. So we kind of have them do double bookkeeping. They're like they go to one to configure the user off in another to configure the service off and so and this is part of the of organic growing of a security team in a in a in a company like Netflix we built some solutions and they got lied adopted, and now we have to really think about how we bring those things together. So that's Your problem to fix rather than their thing. Yeah that's exactly right and I think again, if I can if you know someone comes to me and says, hardest thing about working with securities is is access control and authorization. It's just is touch systems We'd developer come to us once and say this was really interesting. They said I don't know if I have the confidence and done the right thing like I don't know if my policy is right. which is interesting because. Access control requires like some business contacts, right if you think Abou. Right who knows if it's right problem isn't. Right and so and so I, started to think about that and was like, well, that's a real is that a problem that we could actually solve actually think yes, we can I think we can. We can address that and way we address that is similar to a travis mentioned when he talked to you a few years ago when you spoke to Travis mcpeek on his project, the REPO KID IF I. Remember. Him Yeah. And you know for listeners who might not be familiar with Repo Kid revoke was a mechanism to automatically tune. Aws US identity permissions overtime really by just kind of looking at how applications and infrastructure using those permission. Basically, if you weren't using a permission, it would go yeah go at we're thinking of the same thing with access access policies. So you know let's imagine that we have an application it's gotten so and you know today we have it locked down to everybody a netflix thousands of users. But over the period of like nine months, we really only see five users from one organization logging in. We might be able to then recommend policy to just lockdown that access politics policy that organization. So maybe we take that policy from eight thousand members to fifth. Now look. You're here obviously as as an employee of Netflix's, but this is a signal sciences sponsoring guessing the reason they nominated you to do. This is because you're all signal sciences as a matter of course, is that part of the standard tool kit? That's exactly right and again you know sigma scientists super easy for us us. We've been using them for years. It's our preferred mechanism for protecting all seven firewall in the cloud, but we again saw an opportunity to make that even easier. So what we've done is we have this. Effectively our product that works sort of shipping around is this like externalised proxy you know you're going to say like a sidecar that that we sorta ship alongside applications and what were you know aiming to what we've aimed to do with that is we've embedded Sixi- embedded other. Pieces attack into that developers get. Solution, they do a couple steps to get on boarded into this proxy and they're good to go. They don't have to manage the firewall. Bicycling running your own cloud Exactly right. Were serious step that solve your problem when it comes to aggregating looks doesn't it because it's all happening in the one place apps absolutely again. Not only do we get this sort of signal sciences is one of the interfaces we get the consolidated point where we do access control, which I can log to build policy improvements Setting us up to get to that end state where it's like not only do you get all these awesome benefits but every ninety days, I'll give you a recommendation on a new policy and Oh, maybe a new piece of technology comes out a new security control just roll it into the proxy and you as an owner doesn't don't have to worry about it and I really think that that's that's a nice shift before we a lot of focus in sort of run time and add this package you managed the. dependencies installed this client library. That's just a lot of work to shift onto developers. Again, if we can remove that whole part and say, don't worry about don't add our library will put it in the Sidecar that we've managed for you I think that that gives us a Lotta leverage. I think that that gives us a stronger conversation. All right well, Scott parents thank you very much for joining us on the shot to walk through your approach to the APP security challenge at Ta Netflix. It's a real pleasure to chat. Thank you. That was Scott Barron's of netflix's flicks. They're closing up the squeaks short he is, of course, was appearing in a signal science sponsor slot. Big Thanks to signal sciences for sponsoring this week's show an extra big thanks to them for lining up a customer interview odd because we always enjoy those. Congratulations to all of the the hard work and folk at passing single scientists on their acquisition by fastly anti that is it for this week show will be back next week with more risky, Biz. But until and I've been Patrick Greg. Thanks for listening.

US Microsoft Adam boiler Netflix Brian Krebs Russia ransomware twitter Siva Scott Barons Germany India China Patrick Gray North Korea Washington Post engineer Thailand
SN 723: Encrypting DNS

Security Now

2:11:41 hr | 1 year ago

SN 723: Encrypting DNS

"It's time for security now steve gibson is here he has an update on microsoft's patch tuesday update he also talks about laporte county it was struck by riach and our i._t. professionals prepared for ransomware plus plus we'll talk about in more detail d._n._s. over h._t._t._p._s. it's all coming up next on security now that casts you love from people you trust this is this is security now is steve gibson episode seven hundred twenty three recorded tuesday july sixteenth twenty nineteen encrypting d._n._s. d._n._s. security now is brought to you by net scout once in your network attackers spread quietly and systematically often going undetected with net scouts visibility without borders the attackers can't can't hide detect mitigate and prevent threats before it's too late see what you're missing at net scout dot com and by i._t. pro tv providing effective training with access to virtual apps and practice tests us visit go dot i._t. pro dot tv slash security now take advantage of their lowest prices ever for an additional thirty percent off the lifetime of your active subscription use s. n. thirty at checkout and by helm home take back your e mail files and photos and own your data withheld a secure personal server that enables you to own your own online identity go to the hell dot com slash security now to say fifty dollars off the helm personal server it's time for security now ladies and gentlemen here he is the star of our show steven gibson research corporation king of the hill when it comes to security now hi steve elliott great to be with view again episodes seven hundred and twenty three and in in my era i have a note from elaine because she heard me stumbling over what year this was and so she just said by the way you will be beginning year fifteen while august on august twentieth so we're closing in on the end of our fourteenth year and last week's mention i you know we talked about mozilla adoption of of encrypting d._n._s. for privacy and the u._k.'s pushback the i s i s p._s. whatever that was the association of internet service providers and the villain uh of the years the villain of the year yes one of three not nominated for as villain of the year and my conversation about that generated so as much interest as we've seen in a long longtime so i decided okay let's sort of take a look at where we are because we haven't talked about this since the early days of open d._n._s. and d._n._s. crypt which i mean we've we've touched on it up a little bit here and there but not given it any time so today's topic is encrypting d._n._s. which we will get to <hes> but first we're going to talk about a few bullet points from last tuesday's patch tuesday tuesday which interestingly adobe chose not to synchronize themselves with normally they're doing their patches on the same tuesday as microsoft but not this time i'm also there was a little bit of upset caused for some windows windows seven users i just wanted to mention it in passing because it was interesting that microsoft has has probably deliberately done something they said they would not do <hes> we'll track some interesting ongoing ransomware news and there's even a county with your name leo that has been attacked will get around i'll tell ya they do <hes> we're gonna look at the mixed blessing of finding companies his for self reporting breaches why i i'm not that sanguine about the idea of major fines being levied against one this case it's marriott and it's big and it's the g._d._p. are regulation being used against them which i dunno feels wrong but we'll see <hes> we need oh there was an interesting survey that so foes commissioned an independent survey of the of thirty one hundred i._t. ah about the problems they have which are producing some interesting statistics and graphs that will take a look at also some update on additional mozilla firefox fox news a paper paper being released in two days at the i i don't know eighty fourth could be eighty four maybe not <hes> anyway i i have it in the notes i tripoli conference on something or other about one yet another way of exfiltration data from a p._c. and it's annoyingly obvious but to these guys credit they really russell this thing to the ground i mean so there's like no stone unturned so in dealing with something obvious and i'm thinking that next week hot water have them research the optimal dixie cup size for connecting to paper cups together by string <hes> but we'll see <hes> and also what should the tensile strength be and may be less elastic medium than than cloth string and so forth because i'm sure they could really do that justice <hes> for setting up a simple telephone system anyway we also to have a bit of a radha some miscellany closing the loop feedback with our listeners and then we as i said we'll take a look at where the world stands with encrypting d._n._s. <hes> so i think in other great podcasts listener lots to talk about <hes> i are sponsored today is very apropos do you know about a security solution trusted by ninety percent of the fortune one hundred companies in a hundred and twenty countries a comp a company that protects you <hes> detects mitigates and prevents threats before they bite <hes> these days is really a case of whether you're going to get hacked it's when you'll be hacked and that's why yup i mean who could not agree with your under attack today right now this minute that's why you need net scout net scott's visibility without borders i love this name visibility without borders detects mitigates it's end prevents those threats before it's too late because once a hacker gets pasture defenses the first thing they do they cover their tracks they systematically infiltrate your network they they they snoop around steal information and maybe they shut your business down with ransomware maybe they collect all the passwords and try to do worse more often than not they're going to do it quietly they're going to do it methodically how about exposing the hacker there's one source of truth that can expose that hacker that's the packets on the network the packets outbound packets contain the information necessary to understand where the hacker could be what they're stealing where they're going next how much how much data was exfiltrated phil traded from sony over the six or seven months that the that they were in there was i as i remember terabytes terabytes and no one noticed net scout smart data approach gives you high resolution consistent assistant and continuous monitoring everywhere in the i._t. infrastructure at any workload that's why they call visibility without borders solutions detect the most comprehensive array of threats and provide visibility to any place a hacker might travel even if they're going up to the public cloud with net scott's visibility without borders you get the visibility you need to see across any network any data center in the cloud five g. and more time to rethink the way securities delivered clearly we all need to do this if you're if you're digitally transformed business is not using it scout get a clear view at net scout dot com n._e._t. s._e._o. u._t. net scout dot com it's visibility ability without mortars and i think our audience is exactly the right audience to be thinking about this and right now it's exactly the right time steve our picture of the week <hes> pretty much sums is up what you were just saying yeah we have securities of binary issue that's right yeah we have some giving a presentation to a group with he's got an over he's got a front view who are affront projecting <hes> screen and a little pointer and he's <hes> we have the caption we've narrowed our security risks down to these two groups and we have the first group group everyone who works here the second group everyone who doesn't that's that's it they've narrowed it that oh that much that's the covers the territory so <hes> last tuesday was patched tuesday day and there were you know your typical bunch of things that were two zero days which were in being exploited by russian hackers at the time in addition to fifteen critical flaws that were fixed <hes> a total of seventy seven vulnerabilities which affected windows a range of of ben well and <hes> i e direct x x and the graphical subsystem of those seventy seven vulnerabilities as i mentioned sixteen of those were critical sixty were were claim to be important and one was given moderate severity most of the critical vulnerabilities allow the attackers to execute remote code so those were our c._e.'s remote code execution vulnerabilities on the user system and nineteen of the <music> only important vulnerabilities could be used for local privilege elevation however as we've seen although sort of privilege elevation seems like a less of a big deal than remote code execution they are very valuable and in fact these these two zero days were privilege elevation exploits that were important enough to be inactive use the that one moderate problem which resolved was an authentication bypass for applications using windows communication foundation <hes> and the identity foundation a._p._i. but they're so the of the two that were zero days one was a an elevation of privileges i mentioned in the win thirty two k component <hes> <hes> a null pointer de reference and the other other was in the <hes> the the printer spoiler of all things so <hes> anyway the wha- what what was interesting was the attacker gets <hes> <hes> elevated or they get they were able to get in us for for the purpose of elevating their privilege with any of six browser memory corruption in vulnerabilities or five <hes> chakra engine vulnerabilities so so again the privilege the privilege of elevation was sort of allowed them to gain a foothold after these he's brow <hes> basically eleven different browser vulnerabilities which microsoft fixed <hes> <hes> allow them to get in in the first place so i'm sorry i sound a little bit fragmented i got distracted by something else going on in my environment i'm anyway if an attacker were to cause a victim to visit a malicious website they could execute remote code in the context of the user's browser then gain full control over the machine using either of these two zero days so anyway those patches have been applied and as i said adobe for whatever reason did not synchronize <hes> their updates we saw some significant updates a to to adobe that we talked about a couple of weeks ago so i guess they just weren't ready for another round and i mentioned that there was one thing that happened that upset some stalwart windows seven users who based based on the reporting <hes> got pretty worked up an annoyed <hes> to receive a non security update after specifically asking microsoft only to deliver security updates dates that is microsoft gave them a windows telemetry update on windows seven machines even though it was labeled as a security only monthly patch <hes> recall back in two thousand sixteen when microsoft simplified it's patching of windows versions by offering windows seven and eight point one users two types of updates you could either get the monthly roll up which is what i do because it's you know why not <hes> which is both security and non security patches <hes> so for i e you know like for for for for bugs and for reliability but the second option was to say i don't want any feature changes i don't want anything other than security patches for my system so you could you could ask for security only updates on and and receive a minimal package will turns out that last week on july ninth patch tuesday there was a security only update k b four five oh seven four five six fix which actually contained something called the compatibility appraiser tool which was slipped in and our friend woody leonard writing in his woody on windows column <hes> for computerworld posted under the title new windows seven's quote security only unquote update installs telemetry slash snooping feature and he and the the sub head of his p says three years ago microsoft promised to keep windows seven and eight point one updated with two tracks of patches monthly roll ups that include everything and security only patches that are supposed to be limited to security fixes then he says guess what happened <hes> anyway for anyone who's interested would he's article has a ton of good information for people who want to know more and he's he's sites a security expert <hes> who tweets as vests s. on security dr vesa bond chev- who's who said he tweeted i've officially stopped updating my wind seven machine this guy tweets i no longer trust microsoft's updating process they are protected from any existing and future vulnerabilities with my other defenses as well as i can and he signs off with f._u. and he didn't say f. <hes> microsoft and polite an woody politely left that ending out of his <hes> copying of this guys tweet my feeling is <hes> the all we can be as informed right i mean that's what we do on this podcast that's why we're here i choose to use windows seven which i do with my eyes wide open the job microsoft is doing frankly i think is impossible all i don't want that job no one wants it and given the messy legacy of windows code the fact that it is using a barely windows literate user base i mean i know we techies who listen to this podcast when we're we're trying to help our other windows friends were like okay do you understand what this button does no just that they don't want to know and as we talk about every week we have in there is an incredibly an increasingly hostile environment for which windows attempts to protect its users so i give microsoft a lot of credit for doing you know all things considered i think an amazing job and clearly this whatever this compatibility appraisal tool thing was is something that they felt they needed due to put into for whatever reason some telemetry in preparation for the fact that as we know windows seven will stop receiving any of these things in six months in february very of twenty twenty so <hes> i feel like i should take a moment to talk about windows seven and windows ten and me because security updates will stop flowing to windows seven six months from now in february <hes> that is unless microsoft changes their mind again and pushes that deadline further back which could still happen you know we've seen them do it before it was gonna gonna be cut off earlier but nobody but you know windows seven was still the majority operating system despite all their efforts to push people to windows ten so <hes> we know that at the beginning of this this year only just in january between the the the snapshot in december of two thousand eighteen and january twenty nineteen windows ten finally outpaced windows seven there were finally based on a snapshot of of an installs in the world seven and ten traded places but even today six months later seven months later they're they're still neck and neck windows ten sits at forty point six one percent with windows seven at thirty eight point zero six percent of of market share so so they're still near niller near parody <hes> over time we're going to see windows seven systems disappear but probably only because you can't buy any new hardware aware that runs windows seven that windows seven with you have to go jump through real hoops to install windows seven on a machine that supports u._s._b. three and all i mean in every machine for a long time has so it's it's very difficult to get window seven running on contemporary hardware and the newer chipsets don't support it at all so as as hardware dies dies or gets recycled or replace just because of its age even though windows seven is just fine you won't be you know it's going to have to be running windows ten it won't have any choice and as our long term security now listeners know i won't be moving my main workstations i have to at each of my main residential locations i won't be moving them to windows those ten even after window seven stops being supported <hes> i do have windows ten laptops for testing when i go out to present squirrel to a group that went that laptop is running running windows ten i leo are skyping over a windows ten machine <hes> but i know We'll continue to happily per away for many years. <hes> even without constant nursing constant nursing from Microsoft Windows defender has never found anything on any of my machines other than false positive annoyances from my own code that I've written that it doesn't know about that it protects me from <hes> or old well marked mark viruses in email archives. When I you know sometimes it fires off and I think Oh crap found something and I look I'll know it for some reason it went and sniff some old directory somewhere where I have some some virus repositories that I'm keeping and they're well marked and known besides they don't? I'm not even sure they infect anything like windows seven or ten any longer being there really old <hes> but it will stop being updated in six months and I'll miss it. It's nice to have defender sort of watching my back. Even though it's never found anything but I think I'll be okay <hes> and we just talked about all of the ways bad stuff was getting in which Microsoft just patched last week were browser vulnerabilities in I e an edge <hes> and I won't I will continue not using them in the future so I'll stick with fire Fox and I probably be okay and as I've said before my backups have backups and I I also so keep a rolling off machine incremental file change backup of all the projects I'm working on as well as monthly static off line deep-freeze Snapshot Images so I'm well protected affected on the other hand. I'm not your average user and for what it's worth neither are the listeners of this podcast <hes> also I love so many of the APPS that I have running on windows. I'm just like I'm extraordinarily happy. Happy with them. <hes> there there are APPs that I've been moving forward through the years from machine to machine the move away from X.. P. And the loss of native sixteen bit support was traumatic for me but it finally finally had to be done because even I even fire Fox and chrome finally were refusing to update themselves on X. P. so I thought okay fine. You know I'll do that but I'll continue using windows. Seven and Fire Fox and chrome will continue will continue to keep me being safe but the one thing I want to say because I get the sense that that maybe people are suggesting us that believe I'm suggesting this is okay for everyone and so I'm not saying that I know that there are listeners within our audience that feel the way I do that are going to that. I mean look at half. The world world is I mean literally. Just just half of the window systems. Even today are running windows seven as opposed to ten despite all the pressure that there is is there and there has been to move to ten and of course that's GonNa. That's GonNa Ratchet up through the rest of this year until I imagine the <hes> there will be people who don't feel as I do that it is for whatever ever were for whatever reason safe to continue using windows seven without this constant drip drip drip of of fixes to things that Microsoft finds that are wrong but so I am not suggesting that anyone else follow my example <hes> and one of the reasons is in this before is my use of windows is boring compared to most others <hes> I I don't use use my machine for entertainment or gaming. I don't watch youtube videos or like just follow random link trails to see what's out there on the Internet. I'm really not very interested in most of what is out there. So you know my main win. Seven workstations are while they're not technically air gapped from the Internet they are Steve gapped because I just don't do much with them. I mean oh I- i- i- assemble my own code and and design P._C.. Circuit boards and I use it as a workstation rather than as a toy and so so the my exposure her to danger is I think reduced from the typical windows machine but anyway I just wanted to say that you know here we are six months away from from the from the end of updates for windows seven. I think it is remarkable. Remarkable that windows seven versus ten is at thirty eight percent versus not quite forty one percent. I mean people just don't want windows ten so it'll be fun on detract this as we move forward and we certainly will and Leo Laporte County Michigan Relationship De la Porte in every state of the Union. Is that true yeah look for traders and we go around. I'm going to say about that anyway. <hes> the Porte County <hes> the Michigan City News dispatch reported D- Last Tuesday the ninth quote their headline was malware attack on county computers LaPorte county website government email servers out of operation the smirking the family name <hes> <hes> I got on well and be interesting to see how this goes <hes> the the paraphrasing and trimmed down from this article <hes> the the report was all the Porte County government email female and the county website remained out of commission late Tuesday that is last Tuesday following a malware virus attack that affected the system on Saturday morning <hes> the LaPorte Short County Board of Commissioners President someone by the name Irk me. Aren't you know Gibson Township goes down Dr Vidya Cora said Saturday evening <hes> the system will be inoperable as authorities respond to quote a malicious malware attack that has disabled our computer and email systems then a few days days later last Tuesday county attorney's Shaw Friedman confirmed that county government computers were quote impacted by a sophisticated ransomware virus early Saturday morning sophisticated or we wouldn't have fallen <unk> own pray at that's right. It was a batty he said fortunately our I._T.. Team reacted quickly unplugging quick although although after the fact of course and shut shut down much of the system. I know he's even if they did they unplugging even though it was a weekend so yes our I._T.. Team is on the job even on the on aww weekend he said less than seven percent of our laptops have been infected however it did hit our two domain controllers which means no server can access network services whoops G. at Actually Leo it also got their backups yeah and insurance policy taken out last year <hes> chorus said will help county recover. He said fortunately our county liability agent of record John Jones last year recommended a cybersecurity insurance policy. I bet there's a lot of those recommendations going around you. GotTa Get Insurance Policy which the county commissioners authorized from travelers insurance he said we informed travelers insurance late Saturday while while while we're still busily unplugging machines up north of the malware attack and they immediately referred us to the Wayne Pennsylvania Incident Response Law Firm of Mullen McLoughlin l._l._C. that specializes in response to such cyber attacks and coordinate system repairs and protection of our computers from such virus infections Friedman said quote the forensic investigation firm firm has been retained to determine the nature and scope of the incident including how the county could have been infected actually they'd never did find out but he's as we're developing a game plan to respond to the attacks route. I know you gotTa have a game plan and come up with an approach to repair our system's and protect them from further damage right after the plug them back in the county's I._T.. Department has been working long hours. We're pumping that up long hours to try and get things operation of US getting this in exactly please we. We don't want to follow what what was his name Brian Rice. He's gone but <hes> he's yeah he's looking. I don't hire and goes to pray and he goes to Gibson. Can it says they've been working long hours doors to try and get things operational including Leo spending Sunday oh to even on Sunday. They never get direct those I._T.. People to ensure that the courts and prosecutor's office remained functional because we got to prosecute somebody after we figure out who did this to us so this this particular ransomware variant known as Rieck no kidding. Oh Yeah I heard that name before R Y U K is is especially insidious as it seeks to delete or encrypt system backups whoops how how dare days but but Leo he said we are exhausting all possibilities. We're going to be exhausted as our holler drive in the closet. Somebody forgot to connect said we're even tapping tapping the F._B._i.. Is cybersecurity unit and reviewing all work arounds. We're going to review those work arounds in order to determine how to restore the county to a full operational status status so you know we're glad we voted for this guy because you know even on Sunday so staff from this firm that all the law firm McCullough coughlan arrived in LaPorte at LaPorte in LaPorte on Sunday night night even Leo notion dating no sleeping too they will help prepare documentation to report the attack back to the F._B._i.. And other appropriate law enforcement agencies Cora and Friedman both praised the efforts of the I._T.. Department Chorus said I commend our director Darlene Hail while she she still has her job and her team for shutting for shutting down our systems Saturday afternoon as she came right in as soon as the malware virus was detected unfortunately at least half our servers have been infected because you know that virus that Bauer is quick speed of light speed. Oh that's so that's so unfortunate and it will take some time to fully restore service. I ask for patients from the public as we seek to become fully operational again. They like that phrase Friedman echoed that sentiment saying Darlene Hale and her team have been working working fifteen hour days Leo fifteen hours since this virus hit to try to restore portions okay. We're getting a little more modest now. Portions of our system that can be restored because of course you cannot restore those portions that can't be restored because they can't be restored. We ask for patience from all concerned okay so that was the incident reporting then a week later bleeping computer reports reports a forensic investigation firm and the F._B._i.. Were involved but attempts to recover the data encrypted by the malware without paying the ransom. We're fruitless. The cybercriminals got about one hundred thirty thousand dollars in Bitcoin from this attack boy with one hundred thousand being covered by insurance so the impact may may not be immediate they they right but it does create some ripples in the long run. The decision to pay cybercriminals came after seeing that the decryption keys from the F._B._i.. I guess they must have had some from previous. React site. <hes> has is one of those malware that sometimes could be reversed. I don't think so I don't riot somehow. Somebody sent us an email saying yeah we do this and sometimes I think there were some versions <hes> I may be confusing using it with a different one but anyway according to a local report from W._S._b.. T A local station the county had backup servers but the malware encrypted them so oh you don't want you don't want to you know you don't want your backup servers to be on your network all the time <hes> so we now know that insurance companies are bearing the brunt of the payouts for these attacks so I'll bet that we're not far from the time when the conditions of continued insurance ric require regular training and reviews periodic security audits and more reliable backup cup solutions. I'll bet that we're in other words. We're going to be hearing from insurance. Companies quote something like will ensure your municipality but unless you want the insurance premiums to be really <unk> sky high you need to get much more proactive about protecting yourself from these threats and when you come calling for a payout the first thing we will do is audit to figure out why none of the multiple safeguards you You promised to put in place and maintain or effective in this instance and only if we find that you are not at fault given the terms of this insurance. Are we GONNA pay so. I think we're going to see something happened and then I got a kick out of this also in the news U._S.. Mayors adopted a resolution not to pay any more ransoms to hackers who they have adopted a resolution Leo <hes> it turns out that just just just happened the two that twenty nineteen adopted resolutions of the eighty seventh annual meeting. Oh that's the eighty seven hours probably thinking not the i Tripoli because that'd be a long time to have Tripoli meetings but the eighty seventh annual meeting of the United States Conference of mayors of the Committee for Criminal and Social Justice this included the resolution to quote oppose payment to ransomware attack perpetrators and actually the the the the conference the proposal adopted resolutions stuff is pretty humorous so I put a link in the show notes but what I've and I had to scroll down through AU- like endless adopted things finally got down to opposing payment to ransomware attack doc perpetrators and so they're seven points. They said one whereas targeted ransomware attacks on local U._S.. Government entities are on the rise and to whereas at least one hundred and seventy one seven zero county city or state government systems have experienced a ransomware attack since two thousand thirteen and three whereas twenty two of those attacks have occurred in twenty nineteen alone including the cities of Baltimore and Albany and the counties of Fisher Texas and genesee Michigan and four whereas ransomware attacks ax can cost localities millions of dollars and lead two months of work to repair disrupted technology systems and files and five whereas paying ransomware attackers encourages continued attacks on other government systems as perpetrators financially benefit and six whereas the United States Conference of mayors has a vested interest in D. incentivizing these attacks to prevent further harm yeah seven now therefore be it resolved that the United States conference of mayors stands against unified ride stand united yes united against paying ransoms in the event of an I._T.. Security breach in other words were saying don't do it anymore. We're yeah we we stand united against paying what we're going to be paying. We're not we're not happy so anyway ransomware. I'm again it. It's right electronically air. They're all definitely we're against it unhappy where we're really somebody's Kassim help yeah so we got an email from a guy and I can't vet it so maybe I don't know you can or something named Brett Callo. He works for a company New Zealand Company. <hes> called MC soft his his point was a K.. Reoccupies is hard coded keys that sometimes are reused and those are the keys probably referred to by the F._B._i.. Absolutely it was unclear. He wanted to get the word out that you know they offer a download her that will check it against the keys that are known own. You know this is this is the website. I don't know anything about it. They say it's free of charge but the point being that he said I just wanted to get the word out that sometimes there is there you can get a key to decrypt it used and it may work and certainly should do that before you pay anybody any money. Yeah especially you know lots of bitcoin man. That's a lot of money wow. How long is this sure insurance going to be offered? I mean it's GONNA e E. That's that's exactly right. I I mean it. The premiums are going to start going up and or and it's the fact that the insurance company paid the round number one hundred thousand makes it sound like that was the cap on their payout for in that for this this particular county so you know it in fact the county may have decided well boy you know to get full coverage. It's going to cost the premiums are going to be too high so will will accept a cap of one hundred thousand because does whatever anyway believe it or not. Leo This problem not surprisingly actually has has created well. We already saw that created a law firm that specializes now resting yeah yes and now we have code aware DOT COM ransomeware remediation. They say so it C. O. V. E. W. A. R. E. DOT COM. We are the first responders to your ransomware handsome wear recovery cove where aggregates global ransomware data to minimize your ransomware related costs and downtime let our I._T.. Security professionals manage your ransomware incident. Response they say how do we restore your encrypted data. Well one explore free remediation options identify ransomware type find free decrypt or tools like what you're just talking about free initial assessment risk identified the threat actor group then second Bain Point threat actor negotiations secure and safe negotiations complete a transparent communications determine risks and outcomes so so basically we we now have an industry which is establishing itself as professional ransomware remediation <hes> and like negotiation. They may have experienced with this so I'm sure I'm sure they've got the they have the the threat actors number and know how to contact them and say okay look <hes> Let let's. Let's see what we can do here. Ben Number Three ransomware settlement one hundred percent transparency reimbursed costs transparent documentation compliance checks. I presume dude that means that they get paid out of what they had like. You know I out of insurance or or or settlement and then four restore data and end downtime professional I._T.. Support Insurance Documentation seven so you know so they're able to to have <hes> their costs paid by <hes> by the <unk> municipalities insurance and you know role experts in who are able to to apply the decryption tools and bring the systems backup so so <hes> if your local I._T.. Staff or not up to it now. There's cove wear that you can contact than they've they sign off on their web page saying minimize your ransomware downtime. Let us manage your ransomware recovery unbelievable. It's really a business. It really is a business one more time. I feel like I've asked this many times. Is it not the case that you could probably probably prevent this with good I._T.. I know you might get infected right. I mean that's sometimes they'll sneak through but if you had good cold backups I mean it seems to me. This would be avoidable avoidable but maybe not I've had a lot of feedback from our listeners while we've been talking about this. I mean like from our from our listeners who are on the I._T.. Front line and who say you know you guys as need to stop saying that this is as easy as backing up all the systems there are tr- act. There are real logistical problems to doing that for example. You know there are servers that and so I don't have those jobs. I can't definitively say but what I'm hearing from from our listeners is that there are servers that can't be taken down. There are workstations that that they for whatever reason can't be logged off of the backups cannot be done on the fly. There are like open files that prevent themselves from being backed up and we know that that can happen where you just you can't take a snapshot of a system. That's in use you have to stop it in order to snapshot in some instances and there are systems that just that can't be taken down I for what it's worth. Leo I'm absolutely lutely sure that that it is not an impossible problem to solve but it is it is it's probably takes a lot more than his practical given the resources that these people have and in fact this takes us perfectly into the next topic which is this survey that so folks commissioned from a U._k.. Research based firm <unk> after our second break. We will talk about it yeah. I don't mean to diminish the efforts and the difficulty of this. It seems like it would be doing it man. I signed preventing it right. I really really do think that it is a bit. It's a trade off you know there is how much <hes> how much time and effort and money and staff do you commit to mitigating but you're looking at get some of the gun that's GonNa hit China I know but but I'm sure I'm sure the I._T.. People are saying it every meeting the C._I._O.. We need more money. We need more money and the and the boss says okay okay yeah but you know you gotta do what you can with what you've got because we don't have any more to give. You and I'm sure they're saying look <hes> everything was good yesterday. Everything is good today. Let's we're going to hope that that everything's good tomorrow and of course I so we've not been hit by ransomware. Knock on wood knock on wood and hit by ransomware knock on wood. We're we're in a worst. You have one person opening your email. We have twenty employees opening emails for probably been targeted. I would imagine we have will Lille. I live in fear. I I would love to have servers statically mapped and I'm disconnecting from them all the time because I because I mean this is the problem that we face today and so I mean it is is it is really I mean it's it is the problem is that that something gets in and encrypt the data and also ransomware is more sophisticated than it used to people in the chat room who were saying <hes> web. One await says we had to ransomware more attacks in two thousand seventeen we contain them restored. No loss of timer data Beta Faure says my company's been affected by Crypto where twice we've been wiped we have wiped rebuilt and restored with the loss of a maximum of one day's work so but but it may be the case also ransomware thanks to blue. What is it Blue Heaven Blue <hes> as you know in various tools that are now out there that make it easier to keep Luke Luke warm? Its Way through your network. Maybe it's more virulent than it used to be. It feels like there's things you should do. Maybe you can't prevent it one hundred percent but it feels like it's well understood what you need to do well for example. I as I've said being you know my computer could explode and I'd be up. I have an entirely separate physical redundant machine just sitting here waiting to be commissioned so you don't you're not you're not running a active server. That's doing oh transactions a second or anything like that and I and I said a long time ago. I don't want the job of keeping Sony Safe. I nobody wants that job. I told you we had the guy who who protects does cybersecurity for West Point the Military Terry Academy at West Point and he said it's tough because we only have to make one mistake right. They're attacking all the time. It only takes one mistake now. He's lucky because you are B armies cyber. Defense Command is also there so they help out a little bit but still you're right. I wouldn't want that job. We're not saying you guys are dopes. No <hes> no no no. I mean I mean and I know I._T.. People who in all their lives are you know is like that Mailman Mailman <hes> we talked about last week. He's happy he's delivering the mail life is he's occasional dogs. Yeah well and I won't talk about what we do but we have a fairly I mean we have <hes> a number of barriers to the the outside world. <hes> you know we use g mail which says they google says we filter against known malware attacks <hes>. I don't know I feel like I dunno watch because tomorrow I'll be saying Steve. We can't do the show. All our servers are <hes> encrypted. Do you know any good malware authors it one of those Dixie Cups with strange so we can talk to each other. Yeah our show today brought to you by the guys who protect detect your borders those great I._T.. Professionals out there yeah. It's a tough job but you know what it's a challenge and you do it right. You got a job for Life I._T.. Pro TV is creating being I._T.. Professionals with the best training out there and keeping I._T.. Professionals working with comprehensive training at the click of a mouse. I we are such fans I._T.. Pro TV timid don started about five years ago <hes> and <hes> you know we kind of started doing their ads at the very beginning now they have hundreds of thousands of subscribers. It is a great way to learn the Best I._T.. I._T.. Pro TV is now. Competency is official video training training partner. That's great. They've twelve COMP T. on demand courses come to you of course as eight plus network plus security plus very valuable search when you're getting that first job he got that cert- that employers looking for that it's a way of them knowing even if you have no experience at least have the knowledge they're going to be at the Channel Con in Vegas. The twenty nine hundred channel cons coming up if you've registered for it I._T.. Pro TV and COMP Tia are taking a whole this is cool taking a road trip on the way to channel Con. They could be making a pit stop and your city. They're stopping by offices and saying thank you to those hardworking I._T.. Pros around the country the UNSUNG heroes of every company man I I we get down on our knees to Russell and say thank every single day. You could follow their journey on the I._T.. Pro TV Youtube Channel <hes> or go to the channel Con Online site to get behind the scenes interviews daily wraps and more and of course learn new skills earn C. E.. U.'s you don't WanNa miss out on this I._T.. Pro TV. This is a family these I mean not literally but it's it's a group of people like us who share a common interest in I._T.. Of getting the job done right of of doing doing it with full integrity keeping their knowledge ups is why like this why you should hire people who trained in I._T.. Pro TV because they care and they're learning it constantly with I._T.. Pro TV you can watch on your big screen T._v.. You Can Watch watch on your computer. You're watching your iphone. Your android phone your Roku Fire TV. You can listen in the car. You could be getting ninety training your whole day long and many I._T.. Pro TV subscribers do that become a member of the I._T.. Pro TV family purchased a standard membership membership. That's just all the videos. They're making new videos every day. They've got a bunch of studios any five studios working Monday through Friday nine to five cranking out the best training from Real I._T.. Professionals working in the industry who also happen to be great trainers Rayner's. That's just twenty eight fifty a month that is a great deal upgrade to the premium membership video plus labs so you can actually set up without any risks servers and clients and try stuff out. They also have the practice exams. You could take the exam before you take the exam. That's a great way to prepare. That's just forty two dollars a month and I think goes prices are very fair but I._T.. Pro TV is still honoring the twit offer thirty percent off off for the lifetime of your active membership that means a standard membership is nineteen ninety five a month less than two hundred bucks a year. That's there's no look would you are you willing to spend two hundred bucks a year to get the best I._T.. Training to keep up on your pro in your profession or to get a job in that profession of course you are the premiums less than three hundred bucks a year I go dot I._T.. Pro Dot TV slash security now so remember that offer code S. N.. Thirty that's thirty percent off either standard or premium membership go dot I._T.. Pro Dot TV slash security now use the code S. N. thirty an initial thirty percent off the lifetime of your active subscription I._T.. Pro T. V. build or expand your I._T.. Career and enjoy the journey while you're doing it and don't forget to catch I._T.. Pro on their way to channel Konin Vegas. That sounds like a lot of fun to back to Steve Gibson so so foes <hes> commissioned a an independent survey of thirty one hundred I._T.. Managers <hes> they they use the U._K.. Based Research House Vanson Bourne <hes> and this <music> survey was conducted at the end of last year to the beginning of this year so December twenty eighteen to January twenty nineteen <hes> to provide a representative size split <hes> they chose the same number her of organizations between one hundred thousand people and one thousand and five thousand people so sort of an even mix of smaller and larger organizations and what they found whereas <hes> none of is really very surprising but we have some nice numbers <hes> respondents who had been victims of a cyber attack in the last year were were asked how the most significant cyber attack got into their environment. The results revealed that where respondents knew how the attack got in and they didn't always know not surprisingly email was the number one most common attack vector which was used in one third thirty three percent of the attacks and of course we know that that's conducted with fishing where email is sent that is designed for someone to think that it's authentic in typically and targeted attacks somebody clicks the link and in some cases like somebody else's somebody else's email account could compromise so the email is actually coming from someone you trust but it's malicious malicious and the rest is what we talk about all the time. The web is also a major vector which was used in three out of ten attacks so thirty percent just slightly less than email so again as we've often said the browser is the is today's attack surface. It's why I made the comment when I talked about Serv Kennel continuing to use windows seven in the future I'll be using fire Fox or chrome firefox probably <hes> which is being kept constantly updated even after windows seven stops being updated because well and for that matter of you know <hes> <hes> Thunderbird for e e mail <hes> both that that are being constantly early <hes> maintained even if the underlying O._S. isn't I._T.. Managers however cannot just folk focus on email and the web twenty three percent of attacks got in via a software. We're vulnerable of some kind and fourteen percent through a U._S._B.. Stick or external attached device so those things we don't really talk about those very much but those are still happening. You know back at the beginning of the PODCAST. <hes> windows was infamous for running a program when you stuck a U._S._B.. Device on the machine so it was very easy back into drive-by attacks anyway so thirty three percent email thirty percent through the web twenty three percent through some software vulnerability and fourteen percent through U._S._B.. Or some other device and in one out of five instances no one knew they did not know how something got in they were unable to identify the way something happened and you know in a sufficiently large organization <hes> I can understand where something happens and you just say well. You know we looked everywhere and we were never able to determine how something happened to me. Even I don't know is you know you'd like to know but it's it's hard to know in every case also what was interesting is that these cyber attacks that we're seeing as you said Leo they are becoming increasingly sophisticated which says they may not just us one thing they may be multi-stage the stage at coordinated and blended respondents whose organizations had been victim of a cyberattack revealed that they had suffered a range of attack so for example the second graphic that I have shows fifty three percent fishing forty one percent data breach thirty five percent militias code thirty five percent software are exploit thirty percent ransomware and twenty one percent credential theft well fifty three forty one thirty five thirty five thirty twenty one that adds up to way more than one hundred percent meaning that what what they were seeing was that many of these attacks used multiple means of obtaining their goals not just you know not just one type of vulnerability on it could be phishing email that then leverage the software exploit and of course we see that for example where fishing email leverages scripting and word where there's vulnerability in word where if the if you coax the user to taking it out of protected mode owed it will run the word macro and then leverage a one or two other vulnerabilities that exist somewhere so it's a it's a complex <hes> <hes> you know sort of multipronged attack because you know one thing anymore is sufficient because our systems overall in you know the the the various ways that things can happen are are increasing in their security but by by combining multiple vulnerabilities owner abilities people are still able to get in <hes> <hes> of the twenty one hundred and nine okay so so thirty one hundred organizations were surveyed twenty one hundred and nine of those they were hit by a cyber attack in two thousand eighteen over half fifty three percent were victims of fishing so that is still you know the most lucrative love the most high return attack across across all of this survey and there was some variation <hes> based on country on the the nature of <hes> <hes> software exploits <hes> over a third thirty five percent suffer from an exploit taking advantage of a vulnerability in software they were using thing <hes> in in interestingly in Mexico over half the organizations that fell victim to a cyber attack experience a software exploit which was double the number of those in Brazil Zil at twenty two and South Africa and Japan both at twenty three so there is for whatever reason there was like a statistically significant difference <hes> by country <hes> and end the survey asked the question as I as I mentioned about <hes> technology talent technology talent and time <hes> and concluded that they were in short supply in this report they said as we've seen organizations face a wide range of attacks and need to secure multiple threat vectors. They revealed that on average I._T.. Team spend twenty six percent so one just just a one percent over a quarter twenty six percent of their time managing cybersecurity so think about that twenty six percent of the I._T.. Team time is cybersecurity related and they concluded that for the majority of respondents. This is not the correct ratio meaning that it should be higher <hes> and then again there was some variation by country organizations in India spent the most time at thirty. Two percent and Japanese teams the least at nineteen percent organizations that had been hit by. By a cyber attack I guess not surprisingly spent a little more time now on I._T.. Security twenty-eight percent over those who had never experienced an attack but the yet we're still spending a substantial time twenty three percent so maybe that's accounts for the fact that they had not yet been hit they and the reports that given the variety and complexity of threats. It's not surprising that eighty six six percent eighty six percent of respondents said they need greater cybersecurity skills within their organization those organizations that had experienced an attack have even greater greater need for cybersecurity experience than those that hadn't eighty nine percent versus seventy nine percent but but so still even those who had not been hit seventy nine percent those organizations said we need to be doing more than we are able to <hes> anyway so they said that bringing the expertise to fill these GRA- these gaps is a major challenge challenge eight and ten organizations say they struggle to recruit the right skills so they're they're struggling to find people who have the skill set is that when it comes to recruitment India faces the greatest challenge challenge at eighty nine percent of the organization saying they cannot find people who have the skills they need and Germany the least but still to in three two out of three German I._T.. Managers <music> sixty six percent say they struggle to bring in the right skills <hes> so anyway I just thought that was interesting to to get some sense for the fact that that <hes> I mean this is this given the all the stuff that we cover and the way we cover it. <hes> this fits everything that we believe in terms of the weight of the the major threats that we're seeing the way these threats get in <hes> and how difficult it is in practice <hes> and to to counter act and the fact that I._T.. Organizations <hes> it may just be that there's a little bit of a brain drain to I know that a lot of our listeners sometimes I ask you know is are there jobs in an the insecurity. I think it's very clear that somebody who focuses on security can increasingly find work there in the future and we're seeing that fines are beginning to happen. <hes> where mistakes are starting to cost organizations more than just reputation damage and I'm of two minds about fines we really do want major organizations to act responsibly with the personal and Ab- usable data that they collect about us through their normal course of justifiable business operations but but we also want a need them to self report when despite their best efforts they fail to live up to their and our hopes for their ability to keep our data safe and given that responsible self reporting is inherently voluntary unless a breach is discovered externally which is much less common than internal discovery levying burdensome and abusive abusive fines on those organizations may not actually improve end user security and privacy <hes> which you know the reason I'm I I'm talking about. This is that as I mentioned at the top of the show the U._K.'s <hes> Information Commissioner's office the I._C._A._O.. Has announced that it intends to impose a hefty fine it. It's a ninety nine million two hundred thousand three hundred ninety six euros <hes> or on Oh man I'm sorry pounds <hes> which is in this case <hes> a hundred and twenty three a million seven hundred five thousand eight hundred seventy dollars a one hundred twenty more nearly one hundred twenty four million dollar fine on Marriott the hotel chain over last year's. Here's data breach as we know in reported at the time last November twenty eighteen Marriott self reported that hackers had had access to the starwood guest asked reservation database over a period of four years since twenty fourteen <hes> Starwood was at a different chain of hotels which Marriott it had acquired in two thousand sixteen so the breach occurred two years before Marriott acquired it <hes> Marriott initially reported that hackers had stolen the details of and the and it was a rough estimate Emmett half a ab- sorry half a billion so a big breach five hundred million hotel guests which they subsequently reduced to three hundred and eighty three million after a more thorough investigation and remember that there were also passports involved <hes> there were three hundred eighty three million guest records eighteen point five million encrypted passport numbers five point two five live million unencrypted passport numbers <hes> nine point one million encrypted payment card numbers and three hundred eighty five card numbers that were still valid at the time of the breach each and had not been encrypted so unfortunately in this day and age class action lawsuits began piling up with an hours of Marriott's announced security breach and I suppose not surprisingly now with the G._D._p.. Are The U._K.'s Information Commissioner's office which is in charge of such things has stated that Marriott's security practices are in violation of the E.. U.'S G._D._p.. Are <hes> and it'll be interesting to follow this to see whether that's actually the case <hes> <hes> you know I. I have no opinion one way or the other. We don't <hes> without much more <hes> information. The good news is that Marriott has stated that they are going to oppose this fine. They filed a a note with the U._S.. U._S. Securities Exchange Commission that they're going to <hes> <hes> formerly oppose it the the Marriott international's president and CEO Arne Sorenson said we are disappointed with this. I notice of intent from the I._C._O.. Which we will contest we deeply regret this incident happened? We take the privacy and security of guest information very seriously and continue to work hard to to meet the standard of excellence that our guests expect from Marriott and he did say that the Marriott had retired and we mentioned at the time the starwood guest reservation system earlier this year so it's is no longer in use so I don't know how I I guess. I don't know how to feel about the E._U.. Stomping on Marriott for a violation of G._D._p.. Are which which occurred for over a period of time involved an organization that that they didn't own at the time <hes> that they're now you know slapping them with a big fine over and again. It's you know we want organizations to responsibly disclose breaches rather than to fix them quietly eh and not acknowledged that there was a leak that could affect their customers yet having the G._D._p.. Are abused in this way really seems to put cold water on that so so <hes> it'll be interesting to see. They owe the day before that also by the way <hes> the I._C._A._O.. In the U._K.. Also announced plans to hit British Airways with a two hundred and thirty million dollar fine after they failed British Airways failed to protect their website which was infected with a web based card skimmer <hes> which was collecting payment card details from British Airways customers <hes> for let's see April May and June for three months <hes> back in twenty eighteen. I didn't know there was such a thing as a web based card skimmer. That's awesome yeah so it was it was infected Java script right which got in there and was capturing there you know all of their credit card information while they were putting it in so I don't know <hes> seems you feel like they're being scapegoated because they're big names and yeah and they've got deep pockets and like to add a sinks idea instead of finding him in collecting him in you know blinding your coffers. Make them spend that money on security saying like good now. You'RE GONNA spend ninety nine million dollars to make your system more secure and we want to seats. I think that makes a lot go better yeah. You know I guess if they're not sitting up paying attention to the hacks. Maybe the fine would get companies pay attention but doesn't feel like that no and <hes> did this information commissioner Elizabeth Denim in the U._k.. She she said the G._D._p.. Are makes it clear that organizations must be accountable for the personal data they hold biscuit include carrying out proper due diligence when making a corporate acquisition and an putting in place proper accountability measures to assess that only what personal data has been acquired but also how it is protected personal data she says has a real value so organizations have illegal duty to ensure. I'm sure it security just like they do with any other asset. If that doesn't happen we will not hesitate to take strong action when necessary to protect the rights of the public so you know I guess S. I guess I hope that they can't simply levy a fine. They I hope that that if for example in this case Marriott says no prove that we were negligent then there will be an investigation that the that that I see oh has to like you know <hes> <hes> undertake in order to demonstrate eight Marriott's negligence post acquisition 'cause she saying that they have an obligation even for organizations that they acquire so you know you imagine Marietta did something I mean we talked about at the time there was some you know looking at what it is that they're getting. They missed it clearly but you know everyone makes mistakes anyway. It'll be interesting to see how this how this plays out but I agree with you. Just telling them you you. We're we're going to we're going to force you to spend this money to make yourself stronger like well okay. We didn't want to spend it that way but it's better than you guys having it as you said the alighting the coffers didn't seem right speaking of fines although in this case of it's it's a different different nature because it was a policy decision that they are being hit with remember a few months ago. When we talked about Mark Mark Mark Mark Mark Zuckerberg addressing his shareholders and stating that they had set aside? I think those were his words some billions with a B. of dollars for an expected Federal Trade Commission fine in a settlement of the in the infamous Cambridge at Politica tied Privacy Violations Well The Wall Street Journal just reported that F._t._C. Commissioners have voted and approved a five five billion dollar settlement with facebook so there's a slap and <hes> you know certainly I in this case. No one would argue that <hes> you know these guys. This wasn't mistake. This was facebook. You know selling their information so bill. They're paying the price <hes> Mozilla as we as we actually was you mentioned it while I was talking about the I._S._P._A.. Because it was just happening as this as as we were recording a podcast you mentioned last week that the I._S._p.. Had reversed their position on Mozilla Yeah <hes> Paul Duckling who is a writer for so fo's naked security <hes>. He followed his earlier column about that Nutty I._S._P._A.. Nominate should of Mozilla as Internet villain of the year with a column titled Mozilla Aren't Villains after all at in his piece he nicely summarized is why I'm quoting it. Why Unprotected D._N._S. over U._D._p.? Is a problem in the first place he wrote if I- unlawfully Sniff Your D._N._S. traffic so I know where you went can't I'm violating your privacy merely by knowing where you served without getting any details of what you actually surfed. I can infer an awful lot about you. I can probably piece together your daily routine both at work and at home figure out your likes and fears learn which companies you do business with which bank you use the shops you frequent the clubs you belong to the hobbies you enjoy the the medical surgery you're registered with the sports teams you support and much more so anyway I I like that that brief summary <hes> as we all know there are many other means for blocking <unk> access to unwanted sites. Just SORTA wanted to follow up on this before we'll be talking about encrypting D._N._S. in a minute but you know as I as what we know is that they U._k.. Is Unhappy with Mozilla Mozilla for for making it so easy as the only way I can read this making it so easy to blind eye there I._S._p.'s to the D._N._S. queries that that Mozilla customers are making <hes> since and so. I thought I'd just say for a minute since D._N._S. to I._p.. Mapping some TA sometimes changes an I._S._P.'s content blocking device rather than doing a match on D._N._S.. Queries could periodically make the same D._N._S. queries their customers make retrieve the D._N._S. Look I._P.. A._p. and dynamically manage in I._p.. Filter blocking list in order to keep those connections from being completed after the user's browser tries to make them or redirect them to prohibited content page or whatever or some concerned organization could perform the look ups and communicate I._P.. Address additions and removals too concerned concerned I._S._P.'s or I._S._P.'s could subscribe to a published blocked list in the same way as spam has been thwarted since way back in nineteen ninety seven with rb els real-time blacklists of of the I._p.'s of known spammers so my point is there are a great many ways to solve this problem that are just as robust as filtering turing on D._N._S. and <hes> certainly those organizations being filtered that as the ones that are being blocked no already know that by changing their domain names they they can sidestep the filtering until it again catches up with them so you know yeah enhancing the privacy of all web browsing users at the by by encrypting encrypting D._N._S. at the expense of asking I._S._P.'s to change the details of the way they selectively block access so so that some domains which haven't yet change their names to avoid the blocking <hes> get blocked to me makes a great deal of sense and I'm glad the I._S._P._A.. I Yeah I._S._P._A.. Came to their senses on this and speaking of Mozilla recall that we previously covered that shady organization who chose to name themselves dark matter which was petitioning Mozilla to include glued there route C._a.. Certificate in fire foxes trusted Cert- S- store possibly go wrong. What could possibly go wrong at the time cybersecurity security experts and privacy advocates were strongly cautioning and urging Microsoft Mozilla against doing so stating the dark matter could abuse its position Shen yeah to help its surveillance operations? Remember it is a manufacturer of those middle boxes which are used to intercept <hes> H._T._T._p._S. connections and right now. If it's if it's middle box certificate is not trusted than users would get a warning and or have to trust its certificate but if they are able to get into the into the root store than their middle boxes could be issued certificates which would raise no alarm which we don't want <hes> some of these operations that is of dark matter. These surveillance operations have been previously reported so this not just it could happen. This is what dark matter has done in the past <hes> in reports from Reuters the New York Times and the intercept and other sources have detailed alleged dark doc matter orchestrated hacking operations against human rights activists journalists and foreign governments which dark matter carried out at the behest of the U._A._e.. United arid Arab Emirate government so <hes> these guys don't sound like anybody you want to have in your route store. I mean Hong Kong Post Office. That's benign compared to these guys so in a Latte. Get at this Leo in a just recently in a last ditch effort to have it's to find a way to get it. Sir Certificates Trusted Inside Fire Fox dark matter attempt to create a spinoff off certificate authority business called Digital Trust but much better. I like better my Yuka their digital at trustworthy that's right unfortunately both both dark matter and digital trust were run by the same C._E._o.. These guys seem kind of clueless. You know if you're going to set up. Try to have a different organization. It's it's really really not your name. We don't like your name dark matter but that's not why we said no so creating a spinoff run by the same guy called digital trust okay I trust us know so taking everything into consideration having given plenty of time for contemplation and you know because they really don't want to deny anybody who should have this privilege out of hand. Hand Mozilla has finally announced its decision last week in Google Groups Discussion Wayne Fair Certificate Authority Program Manager at Mozilla said quote are far most responsibility it is to protect individuals who rely on Mozilla products he said I believe this framing strongly supports a decision to revoke trust in dark matters inter existing existing intermediate certificates. He says while there are solid arguments on both sides of this decision it is I guess the argument on the on the pro side as well. Maybe they aren't bad <hes> he's as it. It is reasonable to conclude that continuing to place trust in dark. Matter is a significant risk to our users. He says I will be opening a bug. Requesting the distrust of dark matters. There's subordinate C._A.'s that is the intermediate certificates and will also recommend denial of the pending inclusion request and any new requests from digital trust so anyway that distrust of the supported see as that Wayne was referring to <hes> was something we also talked about before dark matter had been issuing certificates which would be trusted by Fire Fox using an intermediate an intermediate see a certificate which had been signed by quo Vadasz which is trusted so those certificates that intermediate C._A. is going to be killed as well world wants. Mozilla removes the quo vadasz intermediate certificates from Fire Fox in a future update all websites that use T._i.. Certificates acquired from dark matter will show you know up to standard illegal certificate warnings in fire Fox <hes> warning and blocking users from accessing their content so what I'm wondering now because we don't know I haven't seen and is what windows and other route stores are GonNa do recall that in order to prevent problems with third party Av Mozilla stated that they unin some conditions they will be importing the windows. See a route and trusting <hes> asserts signed by those route so if you're in the specific conditions are if you're on windows eight or windows ten with a recent fire Fox and who isn't recent <hes> anything since sixty six and I think we're at sixty eight now <hes> and you have a non windows defender Av registered with the system in that in those cases windows windows eight or not want to nine. There's no nine windows eight or ten and you're using a non windows defender Av then Fire Fox may be and I think is what I can't test it here because I don't have <hes> a non windows defender Av Fire Fox may be turning on the option to trust the windows route store <hes> if twitter if windows is trusting dark matter cert- s- and I don't know whether it is either way and or their previously issued quo vadasz intermediate cert- then your fire your than your fire Fox would to <hes> there is the the the the switch the <hes> the option switch that we talked about before maybe you can inspect it and see if it is set if you if your situation matches that that is you're probably using windows ten and you if you're using a non windows defender Av go to about colon can fig in your address bar and put in security dot enterprise that will bring up one entry security dot enterprise underscore roots dot enabled doubled. I checked it and for me. It was set it was set a default of false but as I understand it fire Fox in in those circumstances because they don't WanNa be causing problems alums with not recognizing search that are installed by these a vis which are wanting to filter H._T._T._p._S. T. L. S. connections they will be bringing the roots which are registered with windows into the Fire Air Fox store and that that's switch will be set to true so it'll be interesting to find out whether other routes file follow Mozilla 's lead and do not trust dark dark matter asserts <hes> Oh and one other lot nice <hes> forthcoming Mozilla feature the next release of Fire Fox sixty nine will add a tracker blocking report <hes> it when when we get sixty nine and I'm not sure when that scheduled <hes> pudding about colon protections into the U._R._l.. Will bring up a graphical display showing how many and of what type of trackers fire Fox has auto blocked during the previous seven days <hes>. We didn't talk about this one at happened since so much was happening that particular week but it it was last month. Mozilla has decided I guess pretty clearly to differentiate itself from the chromium based browsers by focusing upon privacy through proactive anti tracking hacking they released the the full version of their enhanced tracking protection. They Call E. T. P. in fire Fox sixty seven last month it added default blocking for cross site. I tracking which are as we know small bits of Java script embedded in websites by advertisers <hes> those bits of code send back our location to monitor what we're doing across the web for the purposes of generating profiles profiles at the same time <hes> Fire Fox released an updated version of its facebook container which stops facebook from tracking people in the same way so all of those share and like buttons which appear ubiquitously across the web which report back to facebook even if they are never clicked are now also completely blocked by the updated fire Fox container along with all the other connections to facebook's servers the might happen so in May Oh and also in May Fire Fox began blocking crypto mining for us and also is now blocking fingerprinting so so all of those things are now being handled by by default by fire Fox and in Fire Fox sixty nine will get a very nice graphic. I have a picture of the a snapshot from the from the proposed just graphic in the show notes for anyone who's interested and it it breaks out all of the different classify types of blocking and how many of these trackers have been blocked over the course of the last seven days so you know chrome is a great browser and it now as we know has the majority of the Internet <hes> but we also know how Google makes its money <hes> I love their search engine and this show notes document was created using they're very slick online tools but I am more closely aligned with fire foxes philosophy. I love having it's tiny tabs down all along the side Bar. <hes> Hi and Fire Fox works perfectly for me so I expect to be sticking with Fire Fox for the <hes> foreseeable future and now leo in this week's installment of wrestling a simple bill idea to the ground. We have the paper which will be delivered this Thursday. During I was the forty third I couldn't be eighty seventh. It was the i Tripoli forty third annual computer software and IT APPLICATIONS CONFERENCE WHICH IS COMP Sack C._o._M.. P._S._A. See titled Control Alt- L._E._d.. Leaking data from air gapped computers this via keyboard L._e._D.'s at my first thought about hearing this was it should have been named <hes> rather than control all l._e._d.. Control alt- Duh because okay it's obvious to all of us that if software can be if software can blink a keyboards l._e._D.'s you know how keyboards have what caps lock scroll lock and Numb Lock L._e._D.'s so if you can put those under software control and you can and you can install malicious software in a computer and we know that happens and you can arrange to have something watching the L._e._D.'s over time obviously at a time when there's no one sitting there because otherwise they'll let think what the heck's what the hell Mike Computers just gone beserk. My lights are blinking on my keyboard like crazy <hes>. If all of those preconditions can be set up then yeah you could send data you could exfiltration feel trade data from the computer now to their credit and Leo you're scrolling this on the screen right now. I haven't in the show notes. They really did solve the problem as I said I WANNA put them. I'm on the task of figuring out what the best communications medium to us is between the bottoms of to Dixie cups which are stretched so that when so that when we talk we get the most clear your communication and for that matter since since it's really not a really clear communication maybe which language would be best used for <hes> increasing intelligibility of of a Dixie Cup telephone and because of you know these are the guys you WanNa put on that project. They really wrestled this thing to the ground <hes> that they have looked at the the nature of the of the Radiation Radiation Pattern as a function of angle from dead on <hes> the Lampien Earl Lamberton lamberty and radiation pattern <hes> the transmitted power as a function of how far off of the axis you are from the l._e._d.. <hes> if you have a camera lens which is imaging multiple L._e._D.'s <hes> are to what degree are you able to to differentiate between the L._e._D.'s spatially when the L._e._d.. Illumination falls onto the camera sensor they have a wide range of camera types that they have experimented with and what about if you have a non imaging receiver if you have something that could only deter detect the illumination but doesn't have a focusing lens so all you can see all you can detect as a subtle change in brightness in the room for example and they wrestled it all the way down to which keyboards produced the highest bit rate believe it or not <hes> looking get del <hes> with a single l._e._d.. Versus Multiple L._E._d.. <hes> Lenovo the same conditions logitech keyboards or silverline and for anyone who is worried about this the silver line keyboards allowed them the at a at a relatively low bit error rate of three point one zero percent they were able to very cleverly managed an exfiltration of a little more than five k bits per second so that's you know that's not bad. That's way over Morris Code <hes> anyway for anyone who's interested or worried. I guess you could I mean I never really used those lights on my keyboard. You you cannot only stick a post it note over your one more thing to tape up Webcam exactly and these guys are the blinking light experts they. They're the people we've talked about before who worried that hard drive Dr activity lights could be used for for exfiltrated data and remember. We talked about them saying that the lights on routers could be used and I said what you know maybe if the data bits were were exposed on the L._e._d.. But routers don't put the data bits they like sort of aggregate them together and just blink the light slowly. If anything is happening at all so I don't know <hes> they they do ten on the limits Yulia says what about the flash on your camera that could probably be used to yeah on your camera phone right. You know yeah wow anyway so they they really wrestled the problem to the grounds gangs they are and we're going to talk about erratic miscellany and closing the loop after our final break and then we will wrap up with D._N._S.. Encryption indeed we will my friend our show today brought to you by hi and I've talked about it before I hope you maybe you know it's funny because I think everybody listens to this show listens to every episode of the show so they probably already know about the helm personal server but if for some reason you missed it. Let me tell you about this. This is such a great product. I use the helm for email. I haven't put next cloud on it yet. How the whole idea the helm and it's cool looking triangular <hes> file server that goes in your house thus connects up via Wi fi or Ethernet has one hundred twenty eight gigs of storage although helmets working on making it expandable to up to five terabytes of storage? There are two U._S._B.. Ports on the back. There's a U._S._B.. Port Word on the top and I I love the point on the top because it's for one reason only I guess you could use it for other things but it's there so that you can back up your helm recovery keys. Let me tell you what the helmet it's a server that will send and receive receiving mail so you no longer have to store your e Mail on Google or Yahoo or some third party server. You can have it in your house. Yes it will send email does it. It's very very clever because the helm and you can read more about this at the helm dot com. The Helms solves the most important issue of having a home server which is that most is people block port twenty five. That's outbound mail plus even if you could get it through the I._S._p.. Most inbound mail servers will look at a home mm I._S._p.. Address in fact any I._P.. Address within an I._S._P.'s range and say well that's Spam no-one runs a mail server through comcast or or spectrum and they'll block it so what Helms done is very clever so you've got this great server on there but you also have an I._p.. Connection back to the helm servers. Your data is encrypted highly encrypted so it is not visible to helm but it pass your emails pass through helm so that they can make make sure that they have an I._p.. Address for your outbound mail that is working that in fact they carefully groomed the I._p.. Address before they put it on your server so that it actually will get through to all the big email companies and all the smalley mill companies so they've solved that that's the number one problem in running your own email server. They've also made it very simple. They are also security guys so they made it very secure for instance. It uses hardware authentication. You use your smartphone in proximity to your server to set it up to provision it to create accounts in fact if you can have as many accounts as you want. I really love that as many domains one as many accounts as you want and if you setting up a family email server or server for a small small business for instance you bring each person in and you say okay. You're going to put the helm APP on your phone. You're going to authenticate through your phone. Now you have an account on there. It's great you still get an admin account. You still have complete admin access of course helm is awesome awesome because it has uncompromising data privacy and data security and now they've made it even better by adding next cloud cloud file servers a great open source file service. You get file sharing photo backup they can easily upload view and share your files and photos securely not giving them to Google or dropbox or anybody else. This is a great alternative. It's completely private to Google drive to dropbox. They do email right to they use D Mark S._p._F.. Email authentication Haitian. I it's so easy to set up just taking five minutes. It's accessible anywhere in the world. There's a great if you want to read more. There's also a great review of the Helm Server Michael Lee who is an expert privacy security and bought a helm wrote his article April thirtieth of April on the intercept at the hip dot com you can search for the intercept and help talking about how the helm works he can go into he goes into more detail about the technology and stuff. It's just great <hes> it uses T. L. S. encryption <hes> with let's encrypt which is awesome full disk encryption keys are managed by secure enclave. You get recovery keys and you put them on this U._S._B.. which you then bring somewhere put in a safe deposit box of bring the work case you know you have to get a new server for instance and you want to swap <hes> it's secure boot so it is highly secure? I love the two factor authentication. I love the encrypted. Oh yeah your emails and your files are always encrypted and always backed up on the health servers off site so even if your home where to get burned in the flames of of a massive fire you've lost nothing no email no files and this private security key means that you'll be able to get back to it anytime you want. Privacy is a right not a setting protect what matters with helm for limited time you can say fifty dollars on the helm personal server by visiting the helm dot com slash security now. They're catching up. They've been huge demand for this. This is a very successful idea. <hes> Giri do the issue sure. Nevada did a great job of putting this together with his team and they were sold out. They are making them as fast as they can. If you order to in months past you're going to be getting yours any minute now and if you order today you can expect it to get it by at the end of August. I just wanted to give you a heads up about six weeks to get it out to the helm dot com slash security. Now I use it. It is awesome. We actually keep it here. In the studio. <hes> it is just an incredible device at the helm dot COM com slash security now. Take control of your data if your privacy focused it's part. It's been part about you know I moved off g mail moved everything onto the hell <hes> I it's part of my whole data hygiene thing sure I know I still use Google and a lot of different ways but why give the Google anymore than you have to and you don't have to anymore with with actually a fantastic file server and email server from the helm the helm dot com slash security now. What are you smiling? Goo Goo Goo the good the good because your friend why give them more than you need. You know <hes> shoot so I I had the note in a rat of that that I already mentioned. was that a lane hearing US talk about how long we've been doing the show <hes> corrected me and saying no see I think I've maybe I said we were in year thirteen or something. She said no year fifteen will begin hidden next month in August twentieth so we'll be right here. You can listen to number one right at twitter dot TV slash as everyone from then on the veil. They're all there and I try to numeric numeric numbering so n one s and to us in three S S N. What is it seven twenty-three seven twenty-three? Yes my friend and I just I did want to just make mention that I- Laurie and I managed to slug. elgar way through stranger things three <hes> <hes> that's bad yeah it was a disappointment i'm so glad i two it'd be hard you know it's hard to keep yes that quality and and it was really a op annoying was it seemed like such a commercial play you know there were clear product placements throughout the entire thing i mean the fact that it was held in a mall where you were seeing the various stores advertised and a lot of those stores were were eighties vintage stores and no longer exist than they asked somebody rebuild that home all they created it yeah yeah yeah so anyway a couple of beat pieces of closing the loop uh-huh and this is relevant to our topic today chuck posted a g._r._c. security now newsgroup <hes> he said i enjoyed show seven twenty two yesterday last night i checked the fire fox setting to enable d._n._s. over h._t._t._p._s. d._o. h dole though <hes> adult he so he said i chose a location in europe and he says i chose a v._p._n. location in europe and started browsing he he says there was a dramatic improvement in speed with which website started loading on the screen he says i mean really fast he's tonight i'm going to do some une checking and rechecking to confirm the d._o. h is responsible danceable is improving the efficiency of a v._p._n. connection and then he said he followed up exactly twenty four hours later with i disabled d._n._s. over h._t._t._p._s. in fire fox last night web page loading mm performance slowed considerably he's as naturally i turned it back on and the joy of quickly loading webpages returned so that company has a slow d._n._s. server i guess right yes exactly and so so it will it may well be that by by turning the tunneling on your avoiding the slow d._n._s. serve as you were using by default and got a big acceleration so a lot of i._s._p.'s have crapped in a servers yes it's it's sort of of an afterthought you know it's not like the l. way we got the best d._n._s. is like yeah we had to plug one in so as over there in the corner amana just you know it's it's not very glamorous so it is often the case that even though the i._s._p.'s d._n._s. 'services almost by definition the closest server to you in terms of the connection <hes> it may not be the fastest one to deliver a response well that's why you wrote your dentist benchmark yep you can easily tested our topic encrypting d._n._s. there's there's four things we have we have d._n._s. sek d._n._s. crypt technically we have d._n._s. curve but that never ever that's sort of been replaced by crypt d._n._s. over h._t._t._p._s. and d._n._s. over t. l. s. so let's talk about each of those to sort of clarify where they stand what's going on what they do <hes> <hes> d._n._s. sec i because it's not encryption it provides cryptographic lee signed d._n._s. records which allows d._n._s. sek aware oh s.'s to verify that the d._n._s. response which was received <hes> which may have been cashed and forwarded from the it's it's originating authoritative d._n._s. server has not been tampered with or altered in any way so it's just a signature that's all it is since it signed with a private key which no forger can have this essentially essentially means that we're assured that they received d._n._s. reply is authentic it hasn't been tampered with so that's all good but what d._n._s. sec does not do is encrypt it was never intended to provide privacy only authenticity so the records are signed and as i said they cannot be tampered with but anyone watching the traffic will still see the d._n._s. clients queries he's and their replies just as if d._n._s. sec was not in use because all it does is it adds a signature record to the existing d._n._s. reply which allows a d._n._s. sek aware client to check the signature oh but before i go on i'll note that all three of the full encryption options that is the other three things d._n._s. crip d._n._s. over date she'd e._p._s. indiana's over t. l. s. all three of those are now compatible with d._n._a. sec the earliest versions of d._n._s. crypt were not compatible with d._n._s. equitas what you remembered from the from our original coverage of this leo back in the old days but an update to d._n._s. crypt <hes> allowed essentially a full encapsulation d._n._s. so it became d._n._s. set compatible <hes> so that wa that's not been true all the time it is true now so d._n._s. can be used with all of the of the three encryption solutions <hes> so so we i described discussed d._n._s. crypt back in the context of open d._n._s. which was subsequently purchased by cisco <hes> d._n._s. crypt uses the same fast lean and secure crypto that i chose to use with squirrel that's dan bernstein's elliptic curve to five five one nine <hes> it successfully provides encryption for privacy privacy but it is not nearly as attack an att anne hack resistant as we would wish a contemporary protocol to be since it does not use any of the existing public <unk> certificate infrastructure the server's public key is published over d._n._s. and it's implicitly trusted though it can be verified with d._n._a. sec so when so when d._n._s. script added d._n._a. sec than it does it does allow for privacy and protection and you can verify the servers public key in order to to to provide protection but <hes> what it really means is the d._n._s. crypt was simple and lightweight it was you know it was like it was the the progenitor of the these later full tunneling pulling protocols <hes> it could ride atop either to you dp or t._c._p. which was a benefit <hes> unlike the connection oriented protocols <hes> it required much lighter server resources so it was very easy to implement did not require a full t. l. s. stack <hes> and the security troubles that we have as we know that implementing full t. l. s. can bring with it <hes> but it never made it to the i._e._t._f. standards does not have an r f c and and was never taken up by the i._e._t._f.'s river standardization so <hes> it's it's there there are providers for it <hes> it was a pioneer in in encrypting d._n._s. but my sense is that it just it sort of wasn't the right solution <hes> <hes> there is a d._n._s. crypt there is a tool known as d._n._s. crypt proxy which is written by frank dennis <hes> he wrote it in go lang it supports both oth d._n._s. crypt and d._n._s. over h._t._t._p._s. <hes> and and we'll we're going to be referring to that in a minute because it ends up being probably the right solution it provides client services for lennox b._s._d. windows mac o._s. android and others and there are whole bunch of binary distributions ready to run i've got the link to it <hes> the the the get hub link in the show notes again it's d._n._s. crypt hyphen proxy so i'm sure if you just google d._n._s. c. r. y. p. t. hyphen p._r. o x y you'll be able to find it and there is if you're a windows user there is a simple configuration tool for for it called simple d._n._s. crypt which provides a very nice looking front end okay so <hes> so the second to the last is deal d._n._s. over t. l. us <hes> and as we know h. t. t. p. s. runs over t. l. s. which runs on top of t._c._p. so d._n._s. over tia less is as it sounds a protocol for encrypting and wrapping d._n._s. queries and their replies in a tunnel so that means that we get both privacy via tijuana's encryption and authentication via t alexis support for the entire public infrastructure all the routes shirts and and certificates on all so this prevents eavesdropping thanks to encryption at any manipulation of d._n._s. via man in the middle attacks which as we know simple d._n._s. over are you dp is extremely prone to cloudflare i._b._m.'s quad nine google there's an accompany quadrant information security and clean browsing are providing public blick d._n._s. revolver services via d._n._s. over t. l. s. so it's broadly available from from some big well connected services cloudflare quad nine and google back in april twenty eighteen google announced that android pie would include support for d._n._s. over t ls and it does i'll get to that in a second there's d._n._s. dissed dissed from power d._n._s. also announced support for d._n._s. over t ls in its latest version users of the older bind d._n._s. server can forget d._n._s. over tia less by proxy being through s tunnel so that is to say it's just d._n._s. running through a t. n. s. a. t. l. s. tunnel that's all it is and the newer unbound d._n._s. server <hes> which which is in the the various b._s._d.'s now it has supported d._n._s. over t. l._s. natively since early last year so that's definitely something to consider d._n._s. over t. l. s. us is a nice option especially if your client platform like android pie supports it natively there there's a link in the show notes here to a cloudflare <hes> post about doing exactly that they say i go to setting an android pie <hes> and probably subsequent go to settings under network insecurity advanced and you'll find the under advanced private d._n._s. select the private d._n._s. provider host name option enter o. n. e. dot o. n. e. dot o. n. e. dot o. n. e. or one d._o._t. one d._o._t. one d._o._t. d._o._t. one dot cleared flyer cloudflare hyphen d._n._s. dot com and hit save then visit one dot one dot one dot one slash help to verify d._n._s. over t. l. s. is enabled bold and has just that simple so my goodness if you're an android user why would you not turn this on and immediately have your all of your <hes> android smartphone or other android device <hes> d._n._s. <hes> tunneled through d._n._s. over t. alaska cloudflare oh and last week i misspoke about the p._f. sense firewall support i said it was d._n._s. over h._t._t._p._s. e._p._s. that's what we were talking about last week it wasn't it's d._n._s. over t. l. s. but again there's plenty of support for it and so <hes> and essentially provides all of the same services as as d._n._s. s. over h._t._t._p._s. as long as you have a provider on the other end and there are plenty of providers and so finally this brings us to d._n._s. over h._t._t._p._s. <hes> it is a proposed i._e._t._f. standard as i mentioned last week specified under r f c eighty four eighty four it uses h._t._t._p. slash two or h._t._t._p._s. and supports the the on the wire format of d._n._s. responses so <hes> exactly as are returned by existing you dp responses meaning that you just take exactly cle- what a d._n._s. standard d._n._s. server would send back in a u._d. packet you stick that you reply over h._t._t._p._s. the same thing that means that it is extremely simple to bring up on a on a web server two to four to allow a web server to host d._n._s. over its existing protocols <hes> it defines a new h._t._t._p._s. g._p._s. payload type with a mime type of application slash d._n._s. hyphen message so you know how mime types typically are like you know <hes> plane slash taxed or applications vacations slash something excel or word or something this is application slash d._n._s. hyphen message to identify it as d._n._s. content when h._d._d. p. slash two is used just because of the features of h._d._p. slash to the the server can even push d._n._s. answers that haven't been queried yet because remember the h._t._t._p. a._d._p. allows you to do to send ahead <hes> so it's able to push <hes> values that it anticipates the client may find useful in advance so it feels to me like either d._n._s. <unk> over t. l. s. or d._n._s. over h._t._t._p._s. depending upon your platform <hes> is the one you want to use and that the client i mentioned before you even though it still has the name d._n._s. the n._s. crypt d._n._s. crypt supports d._o. h d._n._s. over h._t._t._p._s. so for users who like for window well actually for it's widely supported lennox b._s._d. windows mac android and more you can install d._n._s. crypt hyphen proxy which you can get a binary from making it easy you don't have to go to to build it yourself from get hub you install that and configure it on your o._s. and you will get because it also not only supports d._n._s. descript but full d._n._s. over h._t._t._p._s. and there are plenty of all of those other providers all of the big <hes> d._n._s. providers also support like cloudflare and quad nine and and google support d._n._s. over h._t._t._p._s. and if you're a windows user you can use simple d._n._s. crypt dot org h._t._t._p._s. colon slash slash simple d._n._s. crypt crypt dot org is a front end a very nice configuration front end for the d._n._s. crypt proxy <hes> on windows and so what that essentially means and the reason i wanted to discuss this is that not not only with a fire fox browser can you now flip a switch and have your fire fox d._n._s. protected from snooping but it is entirely practical to to install d._n._s. crypt on any o._s. platform <hes> configure it to use the d._n._s. the big d._n._s. provider of your choice and you go dark to anyone your i._s._p. or anybody else who may be sniffing your traffic and it sure looks like you suffer nothing in terms of performance loss so we'll not not anybody else but anybody else in between you and the d._n._s. server at that point correct you exactly you are are all your queries are emerging and are known to for example google or gook the who knows who knows all especially if you choose them as your d._n._s. over h._t._t._p._s. endpoint right right well he then there's horizon you could choose them they're they're known for their privacy policies <hes> i would use ida quad nine we still don't know who who's running quad nine ibm oh it's i._b._m. they offered offered at they offered it as the service yeah i do too they have as good quad one yep yep for sure yeah and you know i was just <hes> again talking the ilya who's been very font of information in here google pixel phones come with <hes> similar to two one dot one dot one built into the phone so you can turn that on to nice d._n._s. queries but it goes back to quite eight because back to google it's it's basically eight right right you can change it oh i'll have to look in the settings you could change something else if you want quite one instead away from the google google the google knows way too much why give them more that's my philosophy steve great episode i'm gonna run at home and watch the mall episode of stranger things plays you said he said when i'll you can see one brand of cereal you could see clearly in the across the aisle everything's blurred out yes yes i mean it was it was yeah it was all cereal all by one by one manufacturer is running low on money you got to help them out a little bit here yeah yeah <hes> we do this show every tuesday would try to get in here about one thirty pacific usually pretty good but if we're a little late will you'll understand that's four thirty eastern time twenty thirty u._t. see tuesday's you can watch it live at twit dot tv slash live or listen we've got live audio and video streams there you if you're doing that to chat with us at i._r._c. dot twit tv always a good bunch of people in the chatroom during security now smart people also often really great people in the studio audience it was nice to have you here <hes> if you want to be in our studio audience he's waving at u._c. all you have to do is <hes> email tickets at twitter dot tv steve's waving back and we'll be glad to put a chair out for you this is a pretty small studio <hes> so any of the shows like windows weekly security now the tech guy show that i do in here <hes> it's a very good idea they mail ahead because sometimes it can fill up and we don't really have an overflow studio for you the big studio you can always get one more person in there <hes> if you wanna get versions of the show after the fact there's several places you can go start with jesus steve site g._r._c. he dot com effect while you're there pick up <hes> you got transcripts you got audio and you can also pick up a copy spin right the world's best hard-drive recovery and maintenance utility and steve's bread and butter that's the best way to support steve and by the way you get some value out of that some real value out of that squirrels there too a lot of other great stuff g._r._c. dot com steve is at s g g._r._c. on twitter <hes> you can d._m. him there he's open to e._m.'s if you have

Leo Steve Gibson microsoft US Shaw Friedman laporte county LaPorte youtube Dr Vidya Cora scott Leo Laporte County Michigan Re Brian Rice Fox Porte County
SN 778: BootHole - Twitter Hackers Arrested, Garmin Hackers Get Ransom

Security Now

2:04:11 hr | 4 months ago

SN 778: BootHole - Twitter Hackers Arrested, Garmin Hackers Get Ransom

"It's time for security now, Steve Gibson is here, Fire Fox seventy-nine is also here. Steve has some new features we'll talk about the twitter hack. They got him three kids, one seventeen years old. We'll also talk about a real problem with security with tore that they don't really even seem to care much about an a flaw with grub to it's all coming up next unsecurity now. Security now comes to you from twits last past -Tudios. Securing every access point in your company does not have to be a challenge. Past unifies access authentication to make securing your employees simple and secure. Even when they're working remotely check out last past dot com slash twit to learn more. Lou. PODCASTS, you love from people you trust. This is. This is security now with Steve Gibson, episode seven, hundred, Seventy, eight, recorded Tuesday August, fourth, twenty, twenty booth hold. This episode of security now is brought to you by last pass. Allow your remote workforce the ability to do their best work without jumping through hoops to ensure your businesses security with last past visit. Last past dot com slash twit to find out how they can help you. And by worldwide technology, worldwide technologies advanced technology center is like no other testing and research lab. A proving grounds that could quickly turn a data sheet into a fact sheet where you could try before you buy better, yet you can access it virtually. So you and your team can have twenty, four, seven access visit www dot com slash twit to learn more and get insights into all offers. By Melissa like expired milk. Thirty percent of your customers data goes bad every year that's money down the drain visit. Melissa's develop reporter for free access to data quality API's demos and Code Samples Freshen up your soured data today with one thousand records clean free at Melissa. Dot. com slash twit. It's time for security. Now, showing cover the latest in the security world with Mr Steve Gibson. Hi Steve. Elio great to be with you again. For, our closing in on the end of year fifteen. Episode Seven, seven, eight and I think it'll be seven eighty. It's about two weeks from now is when we lap ourselves. Closing out your fifteen and beginning. On sixteen out. so forgive me, but I told my team Steve doesn't WanNa cake or balloons. Confetti or anything like that. Correct. Seems like we don't celebrate my anniversary sixty fifth birthday occurred toward the end of March in the middle of. Cova. Land? This is the weirdest birthday. So Yeah, Mine's in a couple in a year from. Your from November. Wow, you are. You are correct? No cakes. Thank you very well, know cakes. No more Tend nothing's GonNa. Talk, we're going to talk about boot whole. which is. It's a little reminiscent of Specter in meltdown inasmuch as the cure is in some cases worse than the problem, as we'll see but we're going to start by talking about the recent update to fire Fox seventy, nine one. Sort of. Okay. New Feature. Not much else changed. We're going to check back on the twitter hack with news of and and I was like well with news of the identity of the accused purpose, and that's alleged identity. So we don't know for sure The so-called mastermind is a juvenile. So we're we're respecting that We also have more information about the garment ransomware hack. Some additional information has come to light from primarily, thanks to bleeping computer's. Digging and their access to some insiders who've been feeding them some interesting tidbits. We. Also, GonNa take a look at the behavior of another Gris disgruntled vulnerability researcher. And consider some aspects of the ethics of vulnerability disclosure that we have really talked about. Before. We're going to examine what has now become zooms bug of the week. And the consequences of Microsoft's removal of all S. H., A. One signed downloads from their site. Unless you're a bit of a pack rat that could that could pose some problems also Q. Nap. Nass. Network attached storage devices are still suffering from escalating real trouble and neglect by their owners. Will touch on that I'll check back in with a little bit of update on ongoing work with spin right and sort of deal with some of our listeners, questions quickly and then we're gonNA. Take a look at what is arguably or I guess in arguably, no. One's arguing about it. We biggest security event, which is the discovery of this boot security bypass for Lennox, which was named boot whole by its discovers. Oh, and just a an interesting picture of the week that I. Just I. Don't want to Belabor the point but boy, it's a rather. that. I want to just to make sure our listeners were aware of. So I think another great podcast for our listeners as always mistress eve Gibson. we will get to your picture of the week and more in just a second, but first word from this segments sponsor, and of course, as you know, we're here in the. Studio. Thanks to last pass. We are they. They're keeping the lights on pretty much for our twit network networking for security now, but it's also I think keeping US secure and I really appreciate that. Thank you. Last pass when last past surveyed global it decision makers not so long ago. Ninety, six percent of organizations said the fact that their workforce is now remote. Has, seriously impacted their identity and access management strategy. Of course, it has, of course, it has you know you are tr zero trust now everywhere because who knows who that is logging in to your most precious resources, your bank accounts, your websites, your customer databases. Well, if using last past, you know because that's one of the things last pass really does it help you manage identities and promote good security behaviors while your employees are working from home? With last pass, you get, of course secure password storage es to fifty six bit encryption. Your employees have their own fault for storing every APP and web logging they use. Actually it's so safe, and so secure I treated as my secure enclave I. Use my last pass to keep my driver's license, my passport, I always have it because last passes on every device I carry. So whether you know when I was traveling, I always have a copy of. Of the passport on here, my driver's license socials, medical information, everything I wanNA keep. That's very private, but I wanNA keep at hand last past, never decrypt anywhere. But on device and they never transmit your master password anywhere. It's never sent back to last pass. Last pass has a lot of features to make a remote work a lot easier for instance, password sharing. When your employees we're in the office, they could wander over and whisper a password or write it on posted. You know come to think of it. That wasn't such a good idea. You definitely don't want him sitting it through texts. Putting it in they were slack channel. You'd like them to use secure password sharing, and that's what last past does it easy for employees to share loggins, but keep access to the corporate data safe. Maybe some somebody over twitter to think about that for a change, they were putting the credentials for the twitter God mode in their slack channel. It's exactly what last pass eliminates. Your log loggins are better effect. The Poise love it. Because it's everything's easier. You capture and fill every credential. You don't disrupt the workflow, you add a new password, it captures. It says you want me to say this, you say, yes, the next time you're there, it says fill it in. Yes. Centralized control for your it department. That's very important. You can enforce policies we do for instance requiring. I would suggest you do that to last pass. Makes it easy get actionable insights into employee passer behavior from an Admin Dashboard. Exactly who's using what, when, and where, Oh, and by the way when new employees come or old employees go? It's very easy. To manage your users, the I've done it. Myself Add and remove users automate user management with direct TV integration. You can add in one place in automatically propagates the last pass. No matter where your employees work, they'll always have their passwords with them, but they'll always be secure. I can go on and on I. Often do I'm such a fan I'm such a believer I'm such a supporter been using it for twelve years. We've been using it it for five. You gotta get it last past dot com slash twit, let your remote workforce focus on their work without compromising your businesses security secure remote workforce with less go to last pass dot com slash twit. Thank you. For keeping our lights on. Thank you for helping us by using that address in getting your last past setup. Last pass dot com slash twit. And now back to Steve Gibson and I like this picture of the week. This is really goods. So. Our list are longtime listener. Certainly know that I, sort of glommed on to the the potential. Of. Vitamin, D years ago, I surprised you one Tuesday or maybe we are back recording on Wednesdays and I know I'm no probably. By like say well, we're not gonNA talk about security. We're GonNa talk about something different and anyway Of course, that was the now famous vitamin D podcast where I went through all the biology and what appears to be the the nature of of the importance of it. I, also talked about it early. This year at the beginning of cove it because. It's known to have an important. Intersection with immunity and? This is a year where we need all the immunity week and get. The problem of course, is it. It is. It almost cost nothing at a a strong proper dose for a year for a person is like fifteen dollars for three hundred and sixty little drops of sunshine. I called them. Anyway, the point is that. Because it costs nothing there, it's difficult to get money for research. So. A big drug companies making rich. Exactly. Yeah. Yeah. You you're not. You know having the the the the White House funding the production of vitamin. D. We already have. You know you could argue you get all you need from the Sun, but there actually is some correlation between the amount you have in your bloodstream and your proximity to the equator So that's one factor I'm accents twenty different groups of patients who? As course of at ESA consequence of this past year of covert nineteen health crisis happened to have their serum vitamin D levels tested were pulled together in sort of an ad hoc steady I have the the link in the show notes to the source PDF. That's got a which this is just one of many charge, but this is the most dramatic of them This shows their correlation, and as we know correlation is not causation. But this is if nothing else, I opening that correlates from these twenty studies whose results were aggregated. It shows first of all in this sort of bluish line that there was. No. Age Difference over the span of Vitamin D concentration. It's pretty much sixty, sixty, five years of age regardless so that so age wasn't a factory here, but the red line shows a breathtaking. Correlation In you know given all the caveats steadies. Varying levels of control. Obviously, this is not a random sample. These are people that were already in trouble such that they had their blood drawn and so forth. So without without understanding showing a very clear. Connection between the measured vitamin D concentration and their ultimate consequences. That is in this, the covid nineteen death rate as a function of Vitamin D. So. Enough said Vitamin D is good do your own independent research. If you're interested Click the link to the PDF, there's lots of all the information about how this data was gathered is there at the end is a whole bunch of additional backup material from the NIH and other health organizations to to substantiate it. So just wanted again not to spend more time on this, but this was Very powerful information for what it's worth. I, just didn't want to go unobserved. What do you do? How much vitamin D you take five thousand I you a day. That's what I'm doing too. Yeah. Yep. I think that it. If you're uncomfortable with that maybe four thousand, but you know the the RDA is four hundred and that is just get you off the ground. That's that's not gonNA. Do it. I mean it will prevent you from dying of scurvy and some sort of you know acute vitamin D shortage, but it isn't. It's very different. I, mean, and that's one of the problems with the RDA is it was we we call it the recommended dietary allowance. It was meant to be the minimum. You need of different things to keep you from having disease as a consequence of a shortage. That's there's a big margin between what's enough to keep you from dying and and what you should have for brimming health. There's always always known vitamin D was that rickets if you don't have vitamin, D. that's why they put it in milk as a sub. So we always known that, but but there seems you've you'd go listen to Steve's whole show on vitamin D because it really is an eye opener and this isn't the only place. I've seen this kind of indication that help having a good vitamin D. level, not a deficiency anyway is Is Important for Cova survival. Right, and in fact I'm glad you said that because I am you know I'm not wanting to talk about it all the time but I to constantly seeing in the main. Mainstream press is this or that study saying the about you know connecting vitamin. D. Levels to Cuvette outcomes. So I I. When I finally saw this this report that pull it all together and his brother breathtaking chart I thought. Okay. I. Just I need to take a moment to to an, you know the competition for today's picture. The week was the boot whole logo, which is just wonderful, but we got a whole. Okay, well. That's A. Big Hall. Yes. Indeed you take vitamin D three. Yes you want d three You know doctors best now now? You know anybody who Yeah. In fact now is actually what I'd take. So it's a little bottle because. Of his people. Yes. Even for people who are not pill-takers, this will not be a province little tiny bit of a hormone because it's not actually a of vitamin that is very diluted in olive oil You know because because it is a fat soluble. You do not want to take more than five thousand I you a day unless you're having your blood watched by Dr. Back. When we talked about it, vitamin D wasn't even being tested and now because the. Medical. Community is beginning to catch on. They're actually taking a look at. And it's four cents a pill, the one. Exactly. Yeah. Okay. So yes. Yeah. I. Mean. If if if you wanted to do one thing for the health of yourself and your family I would say you know vitamin D as at a useful level. O N and really young kids audit probably take less maybe two thousand. Folks who don't get any sun and yes, don't converted very well with their skin. Kids can go out and get some sun and they'll make. Yeah. Yes. Okay. So no big news on the Fire Fox front, the biggest new feature. Is. A credential export which was added to fire foxes built in lock wise passenger manager. This exports the Fire Fox database into a CSV formatted text file, which you could drop into a spreadsheet or import it into some other password. Why they say they did this. And of course, it goes without saying that while. In text form, it's readily discoverable by anyone or anything scanning your machine. So if you were to do that storing it in a password protected seven Zip Archive, which I think is probably the best of the of the Free Zip things seven ZIP is very popular A. Good protection because Yes for Awhile, the password protected zip files were. Not. So strong, but this newer a joke. Yeah. Seven Zip. Did it right? They derive a two hundred and fifty, six bit eighty es key from a password based key derivation function, which uses a high interational count. After brute forcing delay and we're GONNA be talking about brute forcing here. Before long because it's another mistake that zoom made. To run an essay to fifty six hash, so you do need to pick a good password But if you do that with seven Zip and its encryption you should be safe to get to keep your passwords exported in that encrypted form, and I'll just note that you know I'm still using last pass under fire Fox because I also use it under chrome and under edge and under safari and across all platforms. So you know. It's worth noting that fire Fox has a built in password manager, but you know maybe as A. Backup you know. It would be useful. So. Anyway. That's the news on on Firefox seventy-nine, not not much there. So I, heard you talking about it on Mac break, and so I just wired a touch on this. We have learned more about who's behind who is believed to be behind the twitter hack. And you know not some four. Powerful state-sponsored cybercrime gang, just A. we believe a seventeen year. Old Kid His name is all over the tech press. I heard you not wanting to say it on on, Mac. Breglio. So but I do have it in the show notes. To find it I mean. Yeah. You know I come from the School of journalism where you don't say the names of miners were accused of crimes, but apparently nobody else does that. So the AD the local Florida news channel. WFL talks Tim right away. They outed him as Graham Clark from Tampa Bay Florida. We. So they also. Suitably creepy, picture. Of Him. I know in fact in fact before. I reduced in size I. Actually had in the show notes. He looks a little bit like spock at so. got kind of a pointed ear. Is Little bit creepy. And, it's interesting too that his nick is Kirk. So Oh, maybe. Two Years Yeah. So Anyway the the the sad thing is this guy's life is now seriously sparked up. Yeah. He's been charged with felonies relating to computer communications and organized fraud for scamming hundreds of people using compromised account according to a press release from Hillsborough State Attorney. Andrew Warren's office. This guy Grab Clark. Now. Faces Thirty Felony Charges? So we have one count of organized fraud involving more than fifty thousand dollars, seventeen counts of communications, fraud of over three hundred dollars. One count of fraudulent use personal information. For an amount over one, hundred, thousand dollars or thirty or more victims. Ten counts of fraudulent use personal information and one count access to computer or electronic devices without authority and scheming to defraud. So in total thirty counts of felony charges, all of those felonies. So I mean I do feel like unfortunately, there's there's sort of a bit of. overreaction I, I, mean I get it that. This was not good and certainly that the law enforcement wants to send a message like don't do this even if you can Initially, the the initial announcement didn't indicate whether Clark had any partners in crime, but a few hours after the press conference announcement, the world learned that the US. DOJ had also filed charges against two other suspects believed to have helped Clark in this hack. The first of those was identified as Mason Shepherd who who's known as chair Juan nineteen years old living in Bognar Regis in the UK and the other is identified as Nima Fazackerley. Also known as Rolex twenty, two year, old residing in Orlando Florida. The US Attorney Anderson said there is a false belief within the criminal hacker community that attacks like the twitter hack can be perpetrated anonymously and without consequence today's charging announcement demonstrates thus I think an example has been meeting is being made. That, the elation of nefarious hacking into a secure environment for fun or profit will be short lived. Criminal conduct over the Internet may feel stealthy to the people who perpetrated, but there's nothing stealthy about it. In particular. He said, I want to say to would be offenders break the law Ed. We will find you please. So exactly the kind of thing hackers go. knows. That's GonNa, really scare me, I remember when I was a teenager. And in Fact Leo, did this did I? You know I was always a good kid. But oh, to be seventeen and have done Brazi network in front of me. Yeah. Yeah. Twitter early, fairly clever. Because, well, go ahead because it the way did it was kind of kind of interesting. Yeah. So for their part twitter disclosed a bit more about the nature of the attacks. They said that the that the phone based social engineering attack allowed the attackers to obtain the credentials of a limited set of employees, which then made it possible to gain access to twitter's internal. Internal Network and support tools although not all of those employees were who are initially targeted had permissions to use account management tools. The attackers you know apparently, just actually just Graham was able to use their credentials to then access twitter's internal systems and gain information about twitter's processes that expanded knowledge then enabled the attackers to target additional employees who did have access to twitter's privileged account support tools. Reuters also had reported something that I had not seen elsewhere, which was that as of Earlier. This year. More than a thousand twitter employees and contractors had access to twitter's in tools and could change user account settings in hand control over to others a thousand. And this was a key. To former twitter employees. Well as we know such widespread access makes it difficult if not impossible to defend against the sort of hacking that occurred. So I did see some. discus. Conversations. I'm sorry. Sorry, discord conversations I, read everything. I could find and Zd net provided the most detail about the hack including those. As I said, some discord chat logs where Graham is seen soliciting the participation of the other two. He claims to work for twitter and then offers to prove it by modifying their twitter accounts. You also provided his bitcoin address. At Le-. I, heard you mentioned on Mac break weekly the rather. Head slapping fact that he provided his driver's license. You have to a corner coin base to set up an account. Yes. Yeah. And so he sold them access to some high value twitter accounts such as at execs at dark at vampire at drug. Anyway. The link with all the details in the show notes for anyone who's interested. So my take on this. Is. That it's another example of what you might call managerial inertia. And it was kind of natural, let let's remember that. When twitter was born. It wasn't initially taken very seriously. You know. It had that ridiculously limited text only. Patently, insecure messaging of hundred forty characters, Max. I, remember thinking, wait a one, hundred, forty characters that that. You know that's it. Those are the days. But obviously, over time, twitter's importance has grown dramatically as we know, heads of industry and state use twitter to reach their followers including, of course, are US president who uses it to directly reach each one of his eighty four and a half million followers, multiple times per day. And more than likely. Twitter also didn't take itself very seriously at the start you know, and as we've noted, there never really was any clear plan for how this free service was supposed to make any money. But over time. And very gradually that changed, and and so my point is twitter's importance doubt doubtless crept up on it over the course of many years. Twitter slowly grew into a truly important global communications facility. As. We know it didn't start out as as one, and it clearly is one today that didn't happen all at once. So I? Think the security breach is mostly a consequence of twitter. Doing things the way it always had and. Of, any change to the status quo? You know that occurred, it does the the the management just lagged behind. So. I might take on this is that this ultra high profile security breach was probably the best thing that could have happened to twitter did not actually result in a huge amount of damage. It has ruined a couple kids lives unfortunately It'll be interesting to see what the sentencing is Once this works its way through the courts. But it was obviously you know if if as Reuters reported at the beginning of the year. There were a thousand people who could do this both inside and outside of Twitter Ben. This is a very much needed wake-up call, which was delivered a probably in the nick of time. We've got a very high profile election coming up here in three months Don't we we need the Internet to You know not betray that the interests of the US. Electorate. So I'm glad this happened frankly because it's clear that twitter needs to get their act together that they don't. They haven't been taken themselves as seriously as they need to so. And against you know too bad for these, these these these young. Young. People. Garment Hack. Lawrence Abrams bleeping computer as we know, as always had a strong interest in ransomware. So I'm not surprised that his coverage of the Garmin ransomware attack was the most detailed of any I've seen nor that he's had access to some. Insiders who have reached out to provide him some extra tasty bits. Among. Other things an employee inside Garmon informed him that the initial ransom demand was for ten million dollars. Oh. Yeah. Holy Moly. Dead. Dead million dollars. Okay. We don't know what ransom was finally paid. But it seems more certain than ever. That Garmon did pay up Lawrence wrote. After a four day outage, Garmon suddenly announced that they were starting to restore services and it made us suspect that they paid the ransom to receive a decrypt her. then. Last Saturday. Lawrence posted today bleeping computer gained access to an execute, -able created by the garment it department to Decrypt a workstation and then install a variety of security software on the machine. Since wasted locker. That's the ransomware is an enterprise targeting ransomware with no known weaknesses in their encryption algorithm. Decrypt, her cannot be made for free. And remember that bleeping computer has has been sort of a focal point four. The less than well designed ransom. Where mistakes were found in the encryption which allowed for the creation of a no charge, dijk crypt door and those have been organized and are are and can be found through bleeping computer. So he said to obtain a working decryption key Garmon must have paid the ransom to the attackers and he said this is where he said is not known how much was paid, but as previously stated, an employee told bleeping computer that the original ransom demand was for ten million dollars. When extracted this restoration package? This is the one that they that they received. A copy of that had been prepared by garments it department. This. Restoration package includes various security software installers, a decryption key, a wasted locker decrypt door, and a script to run them all. When executed the restoration package, decrypt the computer and then preps the machine with security software. Garments stripped contains a time stamp of July Twenty Fifth Twenty Twenty, which indicates that the ransom was paid either on the twenty fourth or twenty fifth. Using the sample of wasted locker from the garment attack, that is the actual. The actual ransomware from the garment attack bleeping computer encrypted did a virtual machine. And tested the decrypt her to see if it would decrypt their files. He said in our test, the decrypt. Decrypt files. So Interesting was that the package received by bleeping computer included references to both the cyber security firm Ms Soft E.. M.. S., I S O. F T. R. M, m cysts, soft sorry. Emphasis soft, and the ransomware negotiations service cove wear. When bleeping computer subsequently reached out to cove where they were told that they do not comment on any ransomware incidents reported in the media. And similarly emphasise soft toll bleeping computer that they could not comment on any cases that they create decryption tools and are not involved in ransom payments. Brett callow a threat analyst at. Mc Soft said, I cannot comment on specific cases, but generally speaking emphasis soft has no involvement whatsoever in negotiating or transacting ransom payments. We simply create decryption tools. Okay. Now, that's interesting news. So it might seem odd for a reputable security firms such as m soft to to have anything to do with ransomware, but they have an interesting angle. As we know, the decryption side of the ransomware mess sometimes receives much less attention from the bad guys who need to create the decrypt her Dan, the encryption side. Consequently. The decrypt have tended historically to be buggy to crash or to for some reason, fail to fully undo the damage that they had originally done despite. Having, received a valid key. So that's where M soft comes in. They reverse engineer questionable ransomware decrypt. There's for which the decryption key is known. To create a more robust and reliable decrypt her for a victims systems. Emphasis soft ransomware recovery services, page states if the ransomware. If the ransom has been paid, but the attacker provided decrypt is slow or faulty. We can extract the decryption code and create a custom built solution that decrypt up to fifty percent faster with less risk of data damage or loss. So. This also explains why the decryption package garment finally used also contained legitimate security software. That extra security software along with improved decrypt, her may have been provided by emphasis soft or may have been. Put together by garments it. And of course, as we mentioned last week, now that evil corporate has been attributed as the creator of wasted locker and has been placed on the US sanctions list for using dry decks to cause more than one hundred, million dollars in financial damages. Paying this ransom could lead to hefty fines from the government. So do these sanctions sources familiar with cove where have told bleeping computer that the negotiation company has placed wasted locker on their own restricted list starting in early July and will not be handed handling negotiations for related attacks. So it does look like. Garment paid a ransom. On. Sarah ten, million dollars. Yeah. She'll demand would. Crack me. If I'm wrong I understand how hard it is to remediate after ransomware attack. But if you have a backup in your data, there'd be no reason to pay the ransom, right? Right. So this is an implication that garment didn't have a copy of its data. Well. I've seen reports. There was another firm I can't remember. It was also in the news last week they were at, they had thirty thousand workstations encrypted. They were. There that demand started also at ten million, they ended up settling if you can call that at two to four point five. So the negotiation through an intermediary came out of four point five. I don't remember now the name of the company even if you did this. Maybe. Three thousand workstations it'd be. Cheaper to pay a and have them decrypted and then just working again. But would you ever trust that station? That's? Exactly, the problem is still going to have to wipe it and reinstall everything. No matter what you pay. Yep I don't get it. I'm missing something. Well. My feeling is. A whole I mean certainly anybody now would have protection against you know like their main corporate databases would would be secure, but it might just be that you know restore that they're not doing nightly backups like nightly images or incremental 's of every single workstation in the organization. So militia. And you should have cold backups. Right? You don't want hot backups because those the encryption. But this is well-known technology. This is not. Difficult to do. True. No, I just think it's a matter of logistics. It's like a a large company sort of. The it department is busy running around remediating all manner of individual things and it's like, okay, that's on our to do list. Well, I i. hope the industry is you know changing the priorities of these things because it they really do need to get done. Especially now I mean, it's so obvious. This is going to be a big business issue. Who It is becoming at. You know big business. Let's take our second break that I about tore the the collision between tour and a doctor wants. we also might mention that funding for tour is being blocked by the trump administration right now. along with. Funding for signal and tour comes from the same people that do Voice, of America and there's twenty million dollars of. Congressional funding that's been approved, but is not being paid out and that may well impact towards dramatically. as a side effect. I, think, I don't think it's the intention, but and they were already a little short of cad like most open source projects. Yeah. our show brought to you by Oh I love these guys ww. Worldwide Technology WW T. Leeson. I went out there and march was the last trip. It was the last trip we have heard. We'll take now probably traveling again I. Hope we go back to the W.. W.. T.. Again and Saint Louis was a lot of fun. But what I really loved seeing the Advanced Technology Center the ATC. The just the whole ww t story is fantastic. It's founding its growth, the attention they've paid to. Management to to running a company, well, run the how what a great community member. They are their beloved in Saint Louis, they brought in a major league soccer team their founder, one of which one of whom is black. They're just a really great people. And then they years ago more than ten years ago. They had this idea to build this ATC. Their integrator for enterprise technologies a big big business. Customers and Of course, what you do if you do that is you recommend configure install. Big Stuff. You know big hardware, big hard drives What is it big? Ip, right and. So you need to try that stuff, you need to set it up. You need to do pilot programs and they realized the best thing we could do is just get everything. Everything, we can in this advanced technology center. So we could do the testing. Do the pilots spin up? Be Ready? Go Re knowledgeable. So they've started accumulating starting in one small building. It's in four five. Now rack after rack of half a billion dollars state of the art oem equipment. And customers that have adopted. The ATC is a tool in their product life cycle. Really. See the benefit they can. WW can educate evaluate innovate at such a rapid pace. There is nothing like it in the world. Half a billion dollars of equipment from. Hundreds of a Williams and key partners ranging from the big guys, the high tech heavyweights like f five red hat and Cisco and then, but the little ones too I mean everybody's there. TATUM Equinox, they're all in there. And that means for you as an enterprise technology user WW, T can be your trusted partner. They focus on business outcomes and they stand beside their customers. Every step of the way they've got the knowledge. They've got the skills. They've got the ability, and there's such a well run company with a commitment to back you up. This is what you want. That's why. Customers wwe never leave. They've been many of them have been there the whole for more than a decade. They know that they can go to www, get the answers. They need to make a better decision backed by testing experience, not just by well, what do we got in the shelf? The extra mile, and so many respects. We one of the things when we toured the facility, they have cameras the big big screens and I'm saying what does it will those are fulfillment centers are all over the world? Where we integrate the hardware and we ship it off and said, what's that guy doing this? Every one of them has a fulltime carpenter. on-duty because unlike other companies when we sell a system, we wire, we set it up. It's ready to go, which means we have to build custom crates to cushion it to get it all the way there to fit it. Every crate is unique and difference. The carpenter builds this crate. So we can ship it to us. So as a wwe customer and you get it, it's not, it's ready to go. You Open the crate, you roll it out. It's working. It's ready to go. And then the ATC, I can go on about this too their on demand F five plus red hat open shift lab for instance is so cool. Where else can get hands on access with step by step instruction on emerging it. Technologies and architectures things like Kuban Eddie's infrastructure automation with answerable I. Know a lot of you already do this. No it. But if you don't, this is where you go to to to learn about it. So you're up to speed with the latest technologies, application. Security. With, the five advanced web application firewall? When we talk about these breaches and the the garments. You need to laugh you need all this stuff if you're just in devops. The other thing I love about ww t. they are all over the latest technologies in making you more efficient more productive devops is a great example or what they call CIC de continuous integration continuous deployment. They're all over that. They have on-demand labs and the expertise to help you there. It's a great investment. WWE's made their customers to ensure your success and you could participate in that. In fact, directly because this, this ABC's also. Also available to you as a service, they have what they call a lab as a service. It's a dedicated lab space within the ATC where you can perform your own programmatic testing using that half billion dollar ecosystem that they've built, and because it's virtual, you don't have to go to Saint Louis although I highly recommend that those Ravi. Only it's great, but and the and the beer is very good in Saint Louis. But. You don't have to go to Saint Louis Nowadays, this is actually a great benefit you could you can. T, use the labs of service anywhere in the world anytime? Twenty, four seven. This is the same lab that WWe's on engineers working everyday beatty testing, new solutions based on the latest and greatest five and red hat technologies. Building reference architectures, custom integrations to help their customers make decisions to see results faster. and. By the way that saves you money because the work is done ahead of time not when the equipment arrives. WW T just launched this lab as a service last summer. It's been a year. Now, the whole ATC ecosystem is participating. This really creates a multiplier effect of knowledge speed and agility anytime anywhere in the world for you. The wwe customer tips, not just the labs at their studies case studies, articles. There's all sorts of information back go. Now, you can do it right now, you could sign up. Takes no time WWe dot com slash twitter. You could see all the stuff, the offers ww dot com slash twit, and the minute quarantines over I'm going back to Saint Louis and I hope you'll meet me out there. We'll have another fun event ww t dot Com. Slash twit worldwide technology is these are the good guys when it comes enterprise ww delivering digital outcomes and modernizing it infrastructure all over the world. They call it. Silicon Valley in Saint. Louis is pretty amazing W, W. T. back we go to Steven. Oh. Sir. So. The tour project. has recently been in a back a bit of back and forth with a security researcher by the name of Dr Neal Croats. He obtained he neil obtained his. In computer science from Texas and. and His. Bachelors from. UC. Santa Cruz. He has a long history of finding and reporting problems with the tour network. Any operates multiple tore nodes himself. From you know like looking over the history of this, he appears to have long been a bit of a thorn in the side of the tour engineers. And frankly not all of his concerns over tours. Privacy guarantees a peer to a warrant do concerned for example. He wrote at one point over in fact in like in ramping up to his decision finally to disclose something without. Permission, he said over three years ago. I tried to report a vulnerability in the tour browser to the tour project. The Bug is simple enough using Java script, you can identify the scroll Bar Width. Each operating system has a different default scroll bar size. So an attacker can identify the underlying operating system. This is a distinct. That can be used to help uniquely track tour users. Ahead. He says, imprint many users think the tour make some anonymous, but tour users can be tracked online. They're not anonymous. So. Anyway. Okay. He. In three years despite trying, he had not managed to get this fixed. During that time, the tour project joined hacker one who you know, the firm that we've talked about often for Creating Bud Bat bug bounties, and officially credited him for the discovery of this problem. The fact that. Java script running in a browser could determine the width of the scroll bar. Okay. they credited him with the discovery of that and. I don't know whether he received any monetary payment, but the the resolution of this was deferred from tour two Mozilla. Since after all you know the tour browsers based on Fire Fox, and that's MISSOULA's baby after some length of time doing nothing with this, it was dropped just the the guy who to whom it was assigned dea signed himself from it, and that upset the upset, the good doctor. And of course, we've seen instances of this before where security researcher finds a problem that he or she believes to be highly critical, and that needs everyone's attention right away. If not yesterday a, but for whatever reason, they don't obtain the satisfaction that they're looking for from the. Parties, they feel unappreciated for their efforts you know stiffed and ignored. So then what comes next in the case of this Dr? Neil. Croats. Under, the subheading dropping zero days, he now explains on his most recent blog posting. In fact, he uses the definition that I don't agree with. He says, he starts off a zero day. In quotes is any exploit, that has no known patch or widespread solution, and of course, as we know I disagree with that, I think that it's just an unknown vulnerability unless until it has found to be exploited anyway, he continues a zero day doesn't need to be unique or novel. It just needs to have no solution. He says, I'm currently sitting. On dozens. Of Zero days for the tour browser and TOR network. He says since the tour project does not respond to security vulnerabilities and you know in fact, they do. He says, but anyway. Does not responded security vulnerabilities. I'm just going to start making them public. While I found each of these on my own. I know that I'm not the first person defined many of them. Well, okay. He infers that I suppose. It's you know. So here we have the unfortunate phenomenon of the security researcher whose original white hat begins to dim. As his or her work doesn't receive the attention, they believe it deserves. So he continues the scroll. Bar. Profiling vulnerability is an example of as zero day in the tour browser and I'll just say as an aside, we could hope that all of these other dozens of zero days are of similar impact He says, but there are also zero days for the Tour Network One, zero day for the tour network was reported by me to the tour project on the December twenty seventh twenty seventeen. He says in Peron's about two and a half years ago. The tour project closed it out as a known issue won't fix and informative. He says, let's start with a basic premise. Let's say you're like some of my clients, you're a big corporation with an explicit. No tore on the corporate network rule. This is usually done to mitigate the risks from malware. For example, most corporations have a scanning proxy for Internet traffic that fly the tries to flag and stop malware before it gets downloaded to a computer in the company. Since tour prevents the proxy from decoding network traffic and detecting malware tour is not permitted. Similarly, tour is often used for illegal activities and he sites child porn drugs, etc.. Blocking tour reduces risk from employees using tour for illegal purposes although denying tour can also mitigate the risk from corporate espionage. That's usually a lesser risk than malware infections and legal concerns. He says, keep in mind these same blocking and filtering requirements apply to nation states like, China, in Syria, their water control and sensor, all network traffic, he says, but I'm going to focus on the corporate environment. It's one thing to have a written policy that says don't use tour. However, it's much better to have a technical solution that enforces the policy. So how do you stop tore users from connecting to the tour network? The easy way he says is to download the list of TOR relays. A network admin can add a fire rule blocking access to each tore note. Then he says zero day number one, this apparently the beginning of dozens. Blocking tour connections. The smart way is as there are two problems with the block them, all approach I, there are thousands of tornadoes checking each network connection against every possible tornado takes time. This is fine if you have a slow network or low traffic volume, but a dozen scale, well for high volume networks, second, the list of nodes changes often, this creates a race condition where there may be many new tor nodes. That is seen by tort that are seen by tour users but aren't blocked by your network block lit list yet. He says however. What, if there was a distinct packet signature provided by every tore node that can be used to detect a tour network connection. Then you could set the filter to look for the signature and block all torque connections. As it turns out. This packet signature is not theoretical. and that in his blog posting, he goes on to describe in great detail tours, T., L. S. handshake, and the unique properties which he found and told her about two and a half years ago of the T. L. S. certificates, which toward node servers generate on the fly. then. He says. Finally, he's validating the vulnerability back in two, thousand, seventeen, I used a scanner and showdown to search for T. l.. S. certificates. In theory, it's possible for there to be some server with a server side t LS certificate that matches the signature, but that is not a Tornado D- in practice, every match found was torn owed. Is that I even found servers running the tour demon and with open onion routing parts that were not in the list of known notes. He says, somewhere, non-public bridges are were private tournedos. Similarly, I scan to every known tore node, each matched this tour specific signature profile that makes the detection one, hundred percent accurate. No false positive. No false negatives is although now that I've made this public someone could potentially generate false positives or false negatives certificates. The false positives are relatively easy to construct the false negatives will require editing. The tour demon, source, Code Wallace scanner could be used to identify document every tour server. He says, corporations don't need to do that corporations already used stateful packet inspection on their network perimeters to scan for potential malware with a single rule, they could also check every new connection for this tour signature without using large lists of network addresses. You can spot every connection to a tornado node and shut it down. That is shut the connection down before the session layer. T. L. S. finishes initialising, and before any data is transferred out of the network. So. We then explains that he reported this discovery of a simple way of detecting and thus blocking all tour traffic. He said I reported the simple way to detect tort traffic to the tour project on. As we said, before twenty seven, th of December Twenty Nineteen Hacker, one bug number three, zero, zero, eight, two, six, meaning that hacker one has acknowledged it at presumably he's been paid a bounty for it says the response I got back was disappointing or in fact, maybe the response means he didn't get paid. The. Tore replied hello and thanks for reporting this issue exclamation point. This is a known issue affecting public bridges. The ones distributed via bridge DB. See ticket number seven, three, four, nine for more details. This issue does not affect private bridges. The ones that are distributed a peer to peer. AD. Hoc Way. As indicated in the ticket to fix this problem, we're aiming to make it possible to shut down the or port the onion routing port of tour relays. In our opinion, we should not try to imitate normal SSL shirts because that's a fight, we can't win. They will always look different or have distinguishes as has been the case in the plug transport race. Unfortunately, ticket number seven, three, four nine is not straightforward to implement and has various engineering complexities. Please see the ticket for more information due to the issue being known and plan to be fixed I. Making this issue, I'm marking this issue as informative. So. Needless. To say the doctor was displeased at his blog posting itemized disagreements with. This decision? You Take my word for it won't go over them. Then he concludes with some commentary on Bug, bounties and a promise for more zero days, which I think are simply presently known vulnerabilities. He wrote more soon. If you have ever worked with bug bounties. Then, you are certain to recognize the name Katie. Mo-. Soroush of course, we've talked about her in the past she created. He says the first bug bounty programs at Microsoft and the department. Of Defense, she was the chief policy. Officer at Hacker won the bug. Bounty Service, and she spearheaded NTIA's awareness adoption groups effort to standardize vulnerability disclosure reporting, and he says parents full disclosure I was part of the same the same ntia working group for a year. He said I, found Katie to be positive and upbeat person she is very sharp, I minded and realistic. So, then he said earlier, this month Katie was interviewed by the verge cast podcast. He's at I. Expected Her to praise the benefits of vulnerability disclosure and bug bounty programs. However, she surprised me, she has become disenchanted by how corporations are using bug bounties. She noted that corporate bug bounties have mostly been failures. Companies often prefer to outsource liability rather than solve problems, and they viewed the bug bounties as a way to pay for the bug and keep it quiet rather than fix the issue. Every problem that Katie brought up about the vulnerability disclosure process echoed my experience with the tore project. The tour project made it hard to report vulnerabilities. They fail to fix vulnerabilities. They marked issues as resolved when they were never fixed. They outsourced simple issues like passing a simple scroll bar issue upstream to fire Fox where it has never fixed, and they make excuses for not addressing serious security issues, and we'll just note what he considers to be serious security issues. During the interview she mentioned that researchers and people reporting vulnerabilities only have a few options, try to report it. Sell it or go public. He said I've tried reporting and repeatedly failed. I've sold working exploits but I also know that they can be used against me and my systems if the core issues are not fixed. And even the people who buy exploits from, me would rather have these issues fixed. That leaves public disclosure. He says in future blog posts, I will be disclosing more tour zero day vulnerabilities most, but probably not all all are already known to the tour project. I have a list of vulnerabilities ready to drop. And for the tour fan boys who think US bridges, we'll get around this certificate profiling exploit. Don't worry I'll burn bridges next. So. Anyway. I thought. This story was interesting and worth covering and sharing with our listeners because it illuminates another facet of this weird security industry that we spend time looking at every week. It's certainly the case. that. A vulnerability hunter lacks the ability to force their discoveries to be fixed. But. I think that forcing discoveries to be fixed is probably the wrong goal If after having been informed of it, an organization should choose not to repair a defect in their system for whatever reason. Isn't that entirely their business I mean I I, understand the EGO involvement and the temptation to force the issue. the security researcher is in possession of knowledge, the public is not but. Attempting to publicly shame an organization into bending to the attackers will. Feels wrong especially when that public shaming must in order to be effective, inherently put other users of the organization systems at some form of increased risk I mean. That's that's the nature of the shame. So it's clear how a formal bug bounty program such as hacker one could be abused by an organization to purchase and then sit on their bugs. But again, isn't that exactly the right that they have purchased? That's part of the bargain. The bug hunter agrees not to disclose and in return receives payment both for the documentation of the discovered problem and for their continued silence about it. What happens after that is no longer the hackers business that information has been sold. So, anyway. I thought it was interesting I I have not made a time to listen to Katie's conversation with the verge but IF I if I. Find Time and can find it I think I will 'cause I'm kind of curious to hear. You know what someone? Who is a big? Proponent of this economic model for monetize ing the work of investigators and I mean arguably resulting as we've talked often about you know much heightened security overall for the industry and I guess no system works perfectly all the time. And I heard you sort of. In some agreement in the background Leo. So. I think that the core lesson of this next story is in this day and age and in twenty twenty and beyond it's truly necessary to do everything. Right? which brings us to the latest mistake. This was not a bug. It's a design mistake. Back, in April, in response to the flurry of interest in zoom both the over world who wanted to use it and the underworld who wanted to abuse it zoom bobbing as we know, became thing which caused us to title an episode. Zoom goes boom. The trouble was that zoom meetings were not required originally to have any kind of password protection. Just the meeting code were sufficient to allow otherwise uninvited visitors to break into and and disturbed zoom conferences of all kinds. Zoom quickly responded by adding a six digit pin to protect entry into all recurring zoom meetings. And as we know a six digit pin can provide some useful security after all. That's what are authentic caters all use. But it must be deployed with some care because it does not by itself. Provide much entropy and sure enough Tom Anthony the VP charge of product at search point in the UK. Discovered that zooms implementation of six digit. Pins had made a classic rookie mistake and frankly in this day and age is kind of unforgivable. but I'm sure they were in a hurry to close down the zoom bombing problem. Okay. What Tom discovered somewhat to his amazement. was that zoom it failed to implement any sort of rate limiting to prevent high-speed brute force guessing of these comparatively short six digit. Numeric pins like I said. A rookie mistake. As time as Tom wrote in his right up this enabled, he said quote an attacker to attempt all one million possible pins in a matter of minutes and gain access to other people's private zoom meetings. So, as we know in the absence of any checks for repeated incorrect password attemps, which would lock out like like lockout an IP. Nor any rate limiting. For mistakes. And really when you think about it, correctly entering a SEC, a six digit pin, that's just not difficult to get right if you know what it is. So it would make sense for the entry system divert to be highly intolerant of what is clearly you know guessing. So. None of that was present. So an attacker could leverage zooms web client and remember it's a simple. You are L. https, colon slash slash zoom, dot us, slash j slash than the meeting ID. To continuously send these HDD requests until one million combinations have been tried. It, he noted with improved, threatening and distributing. That the client that guessing clients across maybe four or five cloud servers. The entire six digit, one, million possible pin space could be checked within a few minutes. He responsibly reported glaring oversight to zoom on April. First. Along with a python based proof of concept script, the next day zoom took their web client off line. Since that was the largest and most glaring exploit vector, and then a week later, they fixed the flaw. Permanently, and correctly. So. It's obviously good that this was caught early and fixed quickly. But the lesson here is that this should never have happened in the first place. The problem we have today is that truly important security pieces are still being. In an ad hoc fashion. You know like everyone is rolling their own every time. They need a solution. They're still needing to reinvent the same wheel over and over again, and this approach invites mistakes even if people like new to do it, right, man, it's it's. It's unbelievable that. Could. You know in this day and age implement a six digit pin where no measure was taken to prevent brute forcing. But that's what zoom put online. you know today every developer rolls, their own web Ui to suit their particular needs. So every one of them is different. Them handles log in a little differently. There's no uniformity about passwords. Can I use a special character? How long can it be? What if I forget it? Everyone handles recovery slightly differently to what we have today is a mess. And no one does Oh, and and not only does use a convenience suffer but sodas security. So it's going to be interesting to see how this gets resolved. You know downstream, we all know that I designed something that attempted to unify this process But at some that needs to get adopted a solution needs to get a adopted. Wide, and it's going to have to have have to be a solution that that. that. Broadly solves the problems and that doesn't require everybody to re roll their own solution or we're not gonna get ahead of this. But again, I just a the good news is this was this was April. First, this was probably before the you know the heavyweights. Got Involved, and so this was still the. Hopefully the original team at zoom who said, well, you know, let's just create a quick solution We'll see. another Sha one deprecation in their posting titled Sha One, Windows Content to be retired August third twenty, twenty in other words says as the fourth, that was yesterday. Last week, Microsoft the following announcement they said to support evolving industry security standards and continued to clete to keep you protected and productive. Pardon me that's assuming the windows ten, we'll boot. Microsoft at or that you can print. It does Microsoft will retire content that is windows signed for Secure Hash Algorithm One Sha one from the Microsoft Download Center. On August third twenty twenty, they said, this is the next step in our continued efforts to adopt secure Hash Algorithm to as H. A. to which better beats modern security requirements and offers added protections from Common Attack Vectors Sha one they wrote is a legacy cryptographic, Hash? That many in the security community believe is no longer secure. Using. The SA one hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks or perform man in the middle. Attacks. Microsoft no longer uses Sha one to authenticate windows operating system updates due to security concerns associated with the algorithm at has provided the appropriate updates to move customers to Sha to as previously announced accordingly, beginning in August twenty nineteen. So a year ago devices without Sha to support have not received windows updates. If you are still reliant on Sha one, we recommend that you move to a currently supported version of windows and to stronger alternatives such as sap two. So. The only consequence, I could see this having. would be those among us who have some reason to setup and update older versions of windows. For example, I was just recently testing spin rights forthcoming. USB PREPA technology, which I as we know packaged as Init- disc under windows xp because it still needs to run their and windows seven, which continues to valiantly hold onto a bit more than a quarter of the desktop market share. Last time I looked, it's at twenty, six, point, seven, two percent. It originally shipped without support for Sha to fifty-six as did Windows XP. So I wonder whether there will be a bit of a catch twenty two because there are windows updates that are required to add Sha to fifty six support to Windows XP and Windows Seven. So they must still be signed with. Sha. One in order. To Allow Sha, to fix Sha to fifty six support to be bootstrapped onto those earlier. Operating Systems. Fortunately I long ago created kits of all the required files so I'm okay and and I imagine that that's also true for most others who have a similar interest in archaeology. But I did what? I thought. Whoa Sha one's going away Oh you know good thing I've got you know. Raid based archives. In multiple places of those particular files that allow the older oh S.'s to. Understand signing, with Sha to fifty six. And Yeah, archaeology. Speaking of with Q. NAP in Q. Snatch. Q. Nap Network attached storage devices. Well. They've been giving their owners and the security industry, some serious problems for nearly a year. Though the troubles appear to date as far back as two thousand, fourteen. So six years we've touched on this before, but it's worthy of a brief refresher because there's been a recent escalation in the breadth and depth of the attacks against still unpacked. COONASS, devices. Last week of the cybersecurity agencies in both the US and the UK issued a joint advisory about a massive on going malware threat, which is infecting the NAS appliances of q nap. Taiwanese. Based Company. The malware goes by the name Q stanch. For some reason Derek It. I don't know. I'm reminded of that. Have you seen that the the the? Auto insurance commercial where the gals talking to bigfoot and he's lamenting the fact that no one cares about Derek. Yes. Anyway. So. Q. Snatch also known as Derek is a credential and data stealing malware, which has compromised more than sixty two thousand devices. Since reports began last October I. There's a high degree of affection in North America and Western Europe. We Love Them. They're great. I mean not so great as they used to be. But yeah. Yeah. So. It's probably for the best that the even today, the exact infection factor is not publicly known. It has not been disclosed, but the US cybersecurity and infrastructure security agencies, C. I. A. and the UK's. Aber Security Center MCSE wrote in their joint. That quote, all Q nap. Nass devices are potentially vulnerable to Q. Snatch malware if not updated with the latest security fixes unquote. And also that quote once a device has been infected attackers can prevent admins from successfully running firmware updates. So talk about a catch twenty two. Ju Snatch has an assortment of features. which are implemented as modules. Therefore. The problems include, but are not necessarily limited to a password logger, which installs a fake device admin log in page to spoof people into obtaining into entering their credentials which then grabs. A. Mork generic credential scraper. An sat an SSh back door enabling the attackers to run arbitrary code on the infected devices, a web shell to provide malware operators with remote access to compromised Nasr's. And a data theft module which steals a predefined list of files, including logs and system configuration and sends them in encrypted form to attacker controlled servers. So in other words, you don't want this to be in to be running in your network attached storage. But getting rid of it is tricky. It requires multiple reboots soul for firmware downloads, some sort of a mel wear scraping utility and more I've got linked to the Q. NAP advisory At Q. Nap, they say Q. Snatch. Collects confidential information from infected devices such as log in credentials and system configuration. Due to these data breach concerns. Q. Nap devices that have been infected may still be vulnerable to reinfection after removing the malware and other words don't just flush the malware. but then retained the use of your favorite passwords in the device for the sake, for example of connectivity with other applications or users. Who may have and be using the previous credentials? You should assume that a complete compromise of all the secrets in the device has already taken place including all accounts on it. And be also wary of. Of Any add on software, you know how lots of these network attached storage devices. Now, you're able to stall or all sorts of other goodies. Be Don't have any there that you're not using and get rid of any that your question that you're. You know unsure about anyway, it's a mess if you own a Q. Nap Nass. It's worth some time to make sure that it's clean. My discussion last week. Of the forthcoming mass storage benchmark, which will be another development spinoff of the aw on the ongoing work towards spin right six one. Generated, a lot of interest and feedback from our listeners. A many people wanted to know where it was and how they could run it. So I need to quickly note that it that it even it the benchmark is still in development and not yet ready for general use and believe me. When I say that at this point, it would cause far more confusion frustration and questions that it would answer because it's it's it is just a development tool, but as soon as it's ready for general purpose, use it, I will make it easy to find and I will formally invite all of our list listeners to experiment with it. I mentioned last week that I was GonNa, that I was going to add further granularity to the benchmark. To. Look at the timing of the individual thirty to. Thirty two megabyte transfers which make makeup the larger one GIGABYTE benchmark. We did that and the results were very interesting. We definitely found spots. Where drives? Excuse me. We're drives both spinning and solid state. But interestingly, primarily, solid state. were a great deal slower to respond, and in general, we're seeing much more evidence that highly used regions of SSD. Typically at the front of the drive underneath the operating system are consistently performing much more slowly sometimes as little as half the speed as compared to the unused areas. We know that SSD's broadly employ to management schemes to compensate for the technologies. Inherent lack of right endurance. They perform wear leveling, which dynamically relocates data from the more highly used silicon to the lesser-used regions. And just as with hard drives, SSD's are also generous generously overprovisioned to allow regions that finally have been worn out to be replaced with fresh storage that had been set aside for that purpose. So, what we think we're seeing and that is being revealed by the benchmark could be the extra time being required for error correction, which would tend to be required to fix low bit count errors as memory is becoming fatigued, and we might also be seeing evidence of some overhead associated with the management of what eventually becomes physically fragmented solid state storage in any event is doesn't appear to be something that there's much awareness of today, but this benchmark reveals it conclusively and I imagine that our listeners at we're gonNA find this fascinating so. Stay tuned and we're, we're I have a few more things to deal with and then I'll be integrating this final a HCI driver part into the earlier I d e and compatibility and legacy mode drivers to produce a single result which should run on everybody's hardware, and then the fun will begin. And Leo the the Booth Whole Fund is going to begin after we. Break for our final spots if you can call it fun and look at that look at that picture, Oh my good. A good logo is really all you need. I. Think -At's be as successful malware. Remember heart bleed red. Yeah. This one looks a little clip art, but we'll you know we'll. We'll show you in a second our show today I to brought to you by Melissa. Melissa keeps your data. Fresh data has a best by date just like the food you eat and you wouldn't want to eat them. You know. I find him in the Pantry, all the time can with an expression, a year or two old. Your customer data goes bad to thirty percent. Of, customer data goes bad each year. Melissa. Make sure that data is accurate and they do it in just the best way I love it So you know you. WanNa make sure you're not annoying customers with duplicate mailings. You're not mailing those important mailings to the wrong address. I'm. Not GonNa name names, but we did have a Fulfillment company that was doing our merchandising send one hundred and eighty masks to St-. One poor guy in Gainesville Florida. We should have known something was up because we started to get. Emails from people saying Yeah I ordered a tweet mask. had my address rate except for the it said was in Gainesville Florida, but I'm in Iowa. and. We got a few of those. Then we got the note from my sister Joe I think in Gainesville say, Hey I just got hundred eighty masks. That's called bad customer data and. It's embarrassing. It's cost you money. It cost that company that was doing that our business because you bet we moved on to another company that can get that stuff delivered. That's why I love. Melissa. They've been keeping business data fresh for over thirty years. They do a lot of stuff they have. secure, FTP, you can upload your customer list. They have an API, they do accustomed. Gracious. There are a lot of people use Melissa in their point of sale software. Are there online software? Oh, you got the wrong simplest for. That's Melissa. That's almost got started with zip code completion now, they they do much more. They. Can Add customer demographic information to records property and mortgage data marital status social media handles. So Melissa filling the gaps by adding the emails and the phone numbers that are missing from that customer record. They also will de Dupe eliminate old data even update data for customer that's moved. A identifying current customers easily allows you to find new perspective customers. Melissa has a prospect database to it's really it's everything about addresses and more verify addresses. I. Shouldn't even say that because it includes emails, phone numbers, names, they you know everybody misspelled LaPorte. They always put capital P. in there, Melissa fixes it. Is it now if that's Leo, LaPorte is this, it's really great. Melissa can actually help you verify your data. The best place possible when it's being entered, it doesn't even get into your system. Wrong. You can match and consolidate records with their matching and deduplication tools which let you uncover, merge and purge hard to find duplicate records who doesn't have duplicate records right and I used to get five. Catalogs, restoration hardware, same name, and address. It's like dudes. Only one of those. They look expensive Actually, it was also a negative experience for me, and that's I'm sure not what restoration hardware wants. Save money eliminate, customer and annoyance get the things you need to the right customer at the right time. So flexible on Prem Web Service Secure FTP software as a service choose whatever works best for your business needs, and by the way I know this is a big issue for everybody. Melissa continually undergoes independent security audits to reinforce their commitment to data security privacy and compliance requirements. They have the utmost dedication keeping your data secure by implementing strong controls and safeguards. So when you upload to their execution FTP, no, that date is is trustworthy. They're not. Not Cross pollinating it, they're not doing anything with it over ten thousand businesses, trust the address, experts, Trust Melissa, they get it done. Be Your data driven experts they're supporting by the way. Another nice features Melissa Right. Now, during the Cova crisis, they're supporting communities and qualifying essential workers. So if you qualify organization get six months of free service, there's an online application at Melissa Dot com slash twit, don't put up with added date customer data. You drink sour milk. Why would put up with customer data that's out of date, try Melissa's API's in the developer portal. It's easy to log on sign up and start playing in the sandbox anytime. You want twenty, four seven and you can get started right now with one thousand records claimed absolutely free. Get your Christmas card list cleaned up or something. Melissa M. E. L. I. S. S.. A., DOT, com, slash twit, nice people, they do a great job Melissa, dot com slash twit. We thank him so much supporting security. Now, thank you for supporting security by using that address Melissa Dot Com. Slash twit. Okay Steve I. Shall I show the logo? That all. You. Pre. Existing. Yeah. Yeah. Of does I don't know what do you think? Maybe not the worm, but the boot. Definitely. Worm looks like somebody dread themselves, Kinda. It's cute. It's very cute so. Early in the history of this podcast. Well before modern secure booting was actually invented. We talked about how truly insidious route kits could be remember those episodes. Leo. We had a lot of fun with that. Oh. Yeah. It was it. Sony that was hiring itself. Yeah. Crazy, they put drm a root kit. That's a good ride by hooking and basically just hide its own files. In this case by hooking in subverting the operating systems own file system, a user could be looking right at a directory containing malicious malware. And not see it. You do a directory listing and the route kits. API Hooks would filter out any and all appearance of any files. It didn't want you. Or your av or anything else to see you know scanners wouldn't see it. You wouldn't nobody would see it. But the files was still be right there like you know in front of you unseen. So route kits are a big problem when the goal is to have a truly trustworthy system. And we previously covered the concept of secure booting. Thoroughly. Many previous podcasts both in the context of securely booting a PC and also, IOS, that has a similar secure boot technology. The idea took is the establishment of chain of trust which is anchored by some route component that can be absolutely trusted, and which is then able to examine and verify the trustworthiness of each and every subsequent stage of the booting process. With secure booting enabled, the integrity of the resulting system is supposed to be. Assured and some that you can assume. So. When to researchers? Mickey. Looks like Scott of. Jesse Michael, both at eclipse him announced their discovery of a vulnerability which they called boot hole in the grub to boot loader used by most lennox systems. which can be used to gain arbitrary code execution during the BOOT process even with secure boot enabled. This understandably generated quite a stir within the security industry. This meant that attackers could exploit this vulnerability to break boot security and install persistent and stealthy boot kits. No and boot kits are another name for route kits essentially to provide near total control over the victim device GRUB Gr. UB. STANDS FOR GRAND UNIFIED BOOT loader. I've got a link to their full description. At a PDF, link in the show notes. But in their disclosure of this. Got a nice summary. They wrote the vulnerability affects systems. Secure boot. Even if they are not using GRUB to. Almost. All signed versions of Grub too are vulnerable me, and there's one that isn't. But otherwise, they're all known to be vulnerable meaning for this is them. Virtually, every Lennox distribution is affected in addition grub to supports. Writing Systems, colonels and hyper visors such as Zan. The problem also extends to any windows device that uses secure boot with the standard Microsoft third party, you EFI certificate authority. Thus, the majority of laptops, desktops, servers and workstations are affected as well as network appliances and other special purpose equipment used in industrial healthcare, financial, and other industries. This vulnerability makes these devices susceptible to attackers such as the threat actors recently discovered using malicious you. Efi. BOOT lowers in other words speaking the idea of corrupting a systems boot is not just theoretical. It is actively happening in the wild today. So they continue eclipse, him has coordinated the responsible disclosure of this vulnerability with a variety of industry entities including. Vendors computer manufacturers and cyber security emergency response teams mitigation will require new boot loaders to be signed and deployed and vulnerable boot loaders should be revoked to prevent adversaries from using older vulnerable versions in an attack. In other words that the boot loaders. The vulnerable boot loaders are currently signed and trusted by the root. The brute of trust in the U, EFI on the motherboard. So this is an instance where revocation of some form is required. They finish. This will be a long process and considerable time for organizations to complete patching. And other words. This is a big whoopsie however. Nobody. Should go out and fixes right now, I'll. Get to why? In a second because it is actually causing way more problems than it is worth. I'M GONNA. Cut to the chase here because part two of this. Is what has happened since in their disclosure document? explained. The problem they said in the course of eclipse seems analysis. We have identified. Guess what? A buffer overflow vulnerability. In the way, Grub. Two parcels content from the GRUB to configure file named GRUB, dot. C F, G. They said, of note, the GRUB to configure file is a text file and typically is not signed like other files and execute ables. And I'll note that that that one Grub two that I mentioned that is not vulnerable to this is not vulnerable because it requires the GRUB DOT C F G to be signed so. they said this vulnerability, this buffer overflow in the parsing of GRUB. Dot C F G enables arbitrary code, execution within GRUB, to, and thus control over the booting of the operating system. As a result, an attacker could modify the contents of the GRUB. Two configuration file to ensure that attack code is run before the operating system is loaded in this way, attackers gained persistence on the device. Such an attack would require an attacker to have elevated privileges. However, it would provide the attacker with a powerful additional escalation of privilege and persistence on the device even with secure boot in. and. Properly, performing signature verification on all loaded execute ables. One of the explicit design goals of secure boot. is to prevent unauthorized code. Yeah. Even running with Admin privileges from gaining additional privileges and pre os persistence by disabling secure boot or otherwise modifying the boot chain. With the sole exception of one booth tool vendor who added custom code to perform a signature verification of the GRUB. Dot C. F, G configured file in addition to the signature signature verification performed on the Grub to execute -able. All versions of grub to that load commands from an External Grub Dot C.. G.. Configured file are vulnerable as such. This will require the release. Of, new installers and BOOT loaders for all versions of Lennox. In other words, this is not a quick easy small fix. Vendors will need to release new versions of their BOOT loader shit hymns to be signed by the Microsoft Third Party you. Efi Certificate Authority. It is important to note that until all affected versions are added to the DB X. Revocation lists and explain that in a second, an attacker would be able to use a vulnerable version of Shiism and Grub to to attack the system. This means that every device that trusts, the Microsoft party, you EFI certificate authority will be vulnerable for that period of time. Okay. So I. As regards the buffer overflow. You. EFI does not. Employ. Address space layout random ization. Execution Prevention or any of the other common. Mitigation protections that have fortunately become standard in our operating systems. This means that weaponising this buffer overflow will be trivial for attackers who already have a foothold on the targeted computer to exploit the flaw worst, add to sense the underlying that part who already have access to the attacked computer. Yes. Exactly. That's why nobody needs to actually often pop and run around circles and worry about this. Incidentally, I've never installed Lennox without turning off secure boot because. Most Lennox's aren't signed. So right, it gets in the way. So. This would be for enterprise users who are using sign Lennox is and so forth. So. For example it is Red Hat enterprise Lennox that has a has been found to have a problem. We'll get there in a second, but I was GONNA say that Grub to is all as often open is also open source, and then we already have full open documentation of the problem so. Bad guys you know. Maybe there will be a bit of a race again. Leo. As you highlighted. This requires modifying a configured file that is stored in the U.. Efi, that no one can get to unless they have physical access to the system or already have elevated privileges. So. It. Makes a serious problem worse and persistent, and if you didn't know it, if you had this something got into your system and you had, it could arrange persistence that a. you know a reformat of your hard drive with resolve. Yeah. That's good. Yeah Yeah. So we talked about this before, but it's worth noting that thankfully the secure BOOT system was understood. To require from the beginning some form of truly effective revocation mechanism, not the mess that we have with our browser certificates. So every UEFA system which support secure boot contains a pair of protected databases. The allow DB which is just called DB lists the approved components and the disallow DB, which is what's called DB x contains a list of known vulnerable or militias components including firmware drivers and boot loaders. So, what this means is that all previously vulnerable boot loading components, all of these grub, the various Grub twos that are out there and are signed and are trusted. And are now known to be exploitable. They all have to be added to the disallow DB so that a bad guy who does get this kind of access can't swap out your good grub two for a one of these previous bad GRUB twos. So it's a big problem to remediate. And this has to happen to every single motherboard where trusted secure boot wants to be used. But Leo wait. There's more. And it's like Oh. My God, more in response to eclipse. Sins. Vulnerability report. The GRUB to code came under additional and as it turns out very much needed scrutiny. A distressing number of additional vulnerabilities. were. Then discovered by the canonical security team. CV. Twenty and I'll skip that preamble from now on fourteen, three, hundred, eight Grub to Grub Malik does not validate. Highs allowing for Arithmetic, overflow and subsequent heat. Overflow. Fourteen three Oh nine grabbed to injure overflow in Grub squash read simulink may lead to heat based overflow. Fourteen, three Ted. Overflow read section from string may lead to heap based overflow. Fourteen three eleven energy overflow in Grub E. X. to read link leads to heap based buffer overflow. Fifteen 705 avoid loading inside colonels when Grub is booted directly under secure boot without him. Fifteen seven, oh. Six script. Avoid. A use after free when read redefining a function during execution and finally fifteen, seven, seven, the what is it the seventh? Yes, they seven. Additional CV energy overflow in init- read size handling. So yes. GRUB to turns out to have had a lot of problems. And finally came to the security industry's attention. And given the difficulty of this scale. This kind of ecosystem wide update, and revocation There is a strong desire to avoid having to do this again in six months. So a large effort spanning multiple security teams at Oracle red, hat. Canonical vm ware and Debbie Allen using static analysis tools and manual code review. have. Identified and fixed dozens of additional. Broil boomer abilities and dangerous operations throughout this Grub to code base that do not yet have additional or have individual CV's assigned. So Yeah Leo. You might as well have just turned off secure boot because I don't think it was really. Anyway, anyway. So. What needs to be done now to fully respond to the the revelation after this flaw, broadly five things and don't do them. UPDATES to Grub to to address the vulnerability. Don't do that. Lennox distributions at other vendors using grub to will need to update their installers, boot loaders, shins, and actually the they will need to re update them. New shems will need to be signed by the Microsoft Third, party you EFI certificate. Authority. Administrators of affected devices will need to update installed versions of operating systems in the field, as well as installer images, including disaster recovery media, and do that yet. Eventually, the UEFA revocation list DB X. needs to be updated in the firmware. Of each affected system to prevent running any of the previously trusted now known to be insanely vulnerable code during boot. we never talked about the need for Shins, and I've used that term a couple of times, open source projects, and other third parties create a small APP called a sham. It works it will. It contains the vendors certificate and code that verifies and runs the BOOT loader the vendors. Shim is verified using the Microsoft third party. You Efi Certificate Authority and then the Shim loads and verifies the grub to boot loader using the vendor certificate embedded inside the ship. In other words, it's a means of installing essentially a third party certificate, which is then used by other projects like open source projects to which are signed by that so that they're able to. To you know participate in this whole secure project as well. While it. Certainly. True. that. Secure boot should be made as secure as we could make it. Some knowledgeable security industry insiders feel that way too much. Ado is being made of this whole thing set aside the fact that it was also badly broken. Initially, we'll get there in a second, but we know of HD Moore. He's the, widely acknowledged expert invulnerability exploitation who was the original developer of the Meta split framework. He told ARS Technica Ze Dan Gouden in an interview. He said quote. I argue that secure boot is not the foundation of PC security today. Because, it is rarely effective. And by Eclipse Sean's own claim, it has been easy to bypass for over a year now with no long term fixes incite. I'm not sure what the buck. I'm not sure what the buffer overflow in Grub to is useful for since, there are other problems if the GRUB dot C. N., G. is unsigned. It may be useful as a malware vector, but even then there is no reason to exploit a buffer overflow. When a custom GRUB DOT C F G file can be simply used to chain load the real operating system. He saying in other words if you're going to change grab to why bother with a buffer overflow, just have it load something else of your choice i. So. Still We want Grub to to be as secure as it can be, as you said, Leo. For Enterprise Environments. And there's an aspect of this is reminiscent of spectrum meltdown as I mentioned where the cure is arguably worse than the problem because. Red. Hat's patch to Grub two, and the colonel once applied is now rendering those systems completely. Unbelievable. The issue has been confirmed to a fact to affect red hat. Enterprise Lennox. Seven, point eight and eight, point two. It may also affect eight point one and seven point nine. The derivative distribution cent os is also affected. Consequently. Red Hat is now advising users not to apply the GRUB to security patches. Until these initial issues have been resolved, they say if someone has installed the fix do not reboot. Your system downgrade, the affected patches, and if the patches were applied and the system reboot was attempted and failed user should boot from an an an Ra. Or sent. You, know said Oh s DVD. It's troubleshooting mode set up the network. Then back out to restore the system's original boot. Additionally. First reported in Red Hat Enterprise Lennox apparently related bug reports are now rolling in from other distributions from families as well. Boon to and Debbie and users are reporting systems, which cannot boot after installing the grub to updates and canonical has issued an advisory including instructions for recovery. On affected and no longer bootle systems so It's certainly good that the Grub to code got a clearly a very clearly much-needed close examination with many fixes. I mean dozens. But this particular problem requires, as I said, the GRUB DOT configure file to I be somehow maliciously. Doing that would require physical access to the system or elevated privileges, and at the moment updating to fix, this might render one system completely unusable. The obvious advice since the sky is not actually falling would be to wait a while until all the dust from this build and various kinks have been worked out of the process. Then have a leisurely update and know that a bunch of potentially exploitable flaws have been fixed and that's a good thing. But again, I, it's nice to. To Hear Leo that you're not running with it? No. With secure turned on because, of course, that's also a problem for spin right that I will have to be dealing with at some point. If Secure boot ever actually becomes an issue, you know I will need to be able to get spin right to boot e either to have a user briefly disabled, it was enabled. But you know I'm also seeing the same thing. It's nobody's running with it on it just in the. And if you buy a windows machine and you don't do anything, it's going to have secure boot, but I know Lynn user would because not no I. Mean I, guess in enterprise, there are signed versions of. But why should I take my version of links to Microsoft to get it signed? So I can. Doesn't make any sense for a long time. We thought secure boot was a conspiracy by Microsoft to damage Lennox now. No, that's that's not true but. Yeah. I. Just turn off usually. Most of the time it's easier, install stolen that way, and I'm glad to hear. That secure. That's pretty funny. Wow. That's interesting that you can't because you need to boot up clean to run spin, right? So, you would need a signed version of free. Well, you're not using freed US anymore. Right. You're going to boot directly. Yeah, the the you Efi version will boot natively. Right. So I would you'd have to sign. I'll either get it. Signed I mean it's. It's probably very much like the driver signing process we have. Now as we know windows ten requires signed drivers right and I have driver that I created a as a little side project for some Laurie. Needed that needed to run under windows ten. So I you know I got myself certified and got a driver's signed so that it would run under an UNMODIFIED windows ten system so I imagine it's sort of. Of like that I'm sure I'm sure I will be able to do that. It's like getting an extended certificate or something. It's really just a and I may be able to do the same sort of the same sort of Shim thing where I get them to sign my see a which then securely foods insecure boot boots I spin right on the system Brian. So right, and there are a lot of Lennox users that don't use. GRUB, to, boot. There's other boot manager system. These very popular one, right? I, think GRUB is kind of probably fading away. Boy It. got. It. Got I. Guess a deer. I dearly needed security update. Wow. ooh. Refit also popular All right. My friend that's IT for today. Good job. Your little boot with a hole in it. Steve Gibson does show every Tuesday I. Usually show up about one one, Thirty Pacific for Thirty Eastern Twenty thirty. Now that you're grounded Li I ain't going nowhere. That's right. I'm here man You can join us live. If you want watch us make the show. That's easy enough. All you have to do is go to twitter dot TV slash live live audio, and video streams for variety sources. They're pick the one you like no more mixer, but we still have others you can also get the show after the fact you've got sixteen kilobits audio, you're going to stop doing that you said. No I think it's it's not popular. Yeah. I. he also does the transcripts drew great, and of course, sixty four kilobytes audio. So those versions are all G. R., C., dot. com. While you're there, pick up a copy spin, right? Hey, it couldn't hurt great system, recovery tool, hard-drive recovery and maintenance utility. Everybody ought to have it, and if you get it now you'll be ready to six one, the minute it comes out plus all the interim releases. Steve's working on somebody says, your your next release will be What they would they would they call it something to bypass. BOOT right. Steve's next program fixed secure. BOOT issues, I like it boot, right? G.. R., C., DOT, com. We have the show also audio and video at. TWIT DOT TV, slash S, and it's also on Youtube. You can subscribe in your favorite podcast application. That'd be the best way that we will get the minute. It's available each and every Tuesday afternoon. Thank you so much, Steve. Have a great week. Stay safe. See you next time on security now. Do. Hey. What's going on everybody? I. Am host at Twit, TV? Got a question for you. Have you gotten tired of how Badger photos are looking every time. You posted an instagram betty yet. Have you gotten yourself a new camera and you can't quite figure out why images just don't look that good well. The solution for you is my show hands on photography each and every Thursday I sit down and share different tips and tricks that are going to help make you a better photographer and a better post processor. So subscribe today at Twitter Dot TV, slash hop to learn more.

twitter Mr Steve Gibson US Microsoft wwe Graham Clark Elio Fire Fox researcher Saint Louis Saint Louis Melissa School of journalism Cova Lou Dot. Specter
SN 781: SpiKey - Ransomware Hits Jack Daniel's, Iranian Script-Kiddies, How Ransomware Happens

Security Now

2:03:22 hr | 3 months ago

SN 781: SpiKey - Ransomware Hits Jack Daniel's, Iranian Script-Kiddies, How Ransomware Happens

"It's time for security now, Steve Gibson here coming up what are the University of Utah Jack Daniels, and Carnival cruise lines have in common Steve has the answer. We'll also talk about the number one way ransomware gets on your system. It's not what you think. Steve. Has An explanation, and then we'll take a look at an amazing bit of research showing how you can. Pick a lock. Just by listening. It's all coming up next on security now. Security now comes to you from twits. Last pass studios securing every access point in your company doesn't have to be a challenge. Last pass unifies access and authentication to make securing your employees simple and secure. Even when they're working remotely checkout last past dot com slash twit to learn more. Long. PODCASTS you love from people you trust. This is. This is security now with Steve Gibson episode seven, hundred, Eighty, one recorded Tuesday August twenty fifth twenty twenty spiky. This episode of security now is brought to you by what Sabi hot cloud storage thinking about moving your data storage to the cloud was Saab is enterprise class cloud storage at one fits. The price of Amazon S. three and faster than the competition with no fees for Egress or API requests and no complex storage tiers started free trial was Sabi Dot Com and the code security now. And by security scorecard, security scorecard helps enterprises managed digital threats with a three hundred sixty degree view of cybersecurity health through a single pane of glass to learn more and sign up for your free account visit security scorecard, dot, com slash twit. And by extra hop, extra hop, keep your business secure available with SAS based cloud native network detection and response. Learn more about how extra hops stops reaches seventy percent faster and experience the free trial for yourself at extra hop dot com slash security now. It's time for security. Now show recover your safety, your privacy or security online with our major Domo the man in charge Mr Steve Gibson Steve. Does lay. Oh, good to see you. I, did confirm. Yes. This is the launch of year sixteen wow. It was August nineteenth which was last Wednesday. Of Two thousand five, that was our our. Maiden voyage on this journey that. You proposed fifteen years ago. Thank God, you didn't have a crystal ball. Because this has been should be at Leeann you're one of my longest long latte longest lasting relationships. Same here. Same here that I've never cheated on you Steve Not. Once. They're. Okay there have been others yes I. Know there have been others. I've been able to share those experiences wells. That's true. Relationship coming. We're going to be doing a an event. In jeopardy celebrates diversity months. Tober for Bob, we'll have details and kill then. We have a little bit of a play on words. That's not my play on words. It's there's. Spiky S. P. I capital K. E. Y. we're going to talk about a an incredibly cool bit of technology An opportunity to sort of. Step back a little bit and look at the landscape of. Of the best this whole like. The low tech meets high-tech essentially, but we'll get to that I. WE'RE GONNA talk about. A new chrome, remote, code, Execution Flaw, which happily People will be patching when they moved to chrome eighty five I forgot the look and see whether I want eighty-five today supposed to be happening today. We also have some interesting news of three new ransomware victims. Some two of the three very well known an emergency patch from Microsoft and a little bit of the backstory around that. The emergence of amateur remote desktop protocol exploiters. And weirdly coincident with this podcasts fifteenth birthday which occurred. Was it last week or this week anyway. I get. These BS zero based or one based issues or a constant source of programming bugs and also brain bugs for me. Anyway the fifty, th birthday of the Zero Day initiative? Actually, I guess it would have been last week because there's happened one day after hours. The has the world's first null terminated podcasts so I understand confusion. Yeah. Yes. Very good. We also have I found a finally a good windows ten garbage wear remover that I'm going to talk about I'm going to offer some recommendations of several of my most. Successful Remote Networking Utilities we've got a bit submit a bit of miscellany some spin right news, and then we're finally going to examine a really terrific new high-tech hack against low tech locks and keys, and of course, we've got a really good. Funny very funny picture of the week after week. Yeah. Yeah, and also apropos. Great. I'm excited than other great show in the offing. Before, we delve into those mighty matters. Let me talk a little bit about something. Very hot. was. Not. The Sabi horseradish that you have with your Sushi though was Sabi hot cloud storage that I am such a big fan of you know and I admit. I'm a little prejudiced it was founded. By two of my great friends specifically David. Friend who was the CEO of Carbonite but he's a serial entrepreneur going way back two days designing the ARP synthesizer working with stevie wonder he's really an amazing fellow. One of the things that he and Jeff came up with in the early days of their research was a way to write too hard drives sequentially instead of sector-by-sector patented then and it it's actually was how Carmen I started and now with Sabi it, it turns out. That's a much faster and a much more efficient way of rain into the disk, it saves them money. So that saves you money they pass the savings onto you was Sabi. Cloud storage is a perfect alternative for anybody who says you know we're going to buy more on Prem storage effect we're going to get a certain amount every week every month every year from now on. That's very common because you look at Your Business you're cranking out data at a fairly consistent pace, and in many cases, you need to save that data for a long time that means either buying on prem storage or finding something better. That's was Sabi. Saudis eighty percent cheaper than Amazon s three. It's significantly cheaper that on prem storage even in fact, typically you can store data and with Saba cloud. For less than just the maintenance fees. On that storage if you bought the drives if you had it on premises less than the maintenance fees alone was Sabi is a really great proposition. It's also a lot faster than Amazon s three and it's compatible with s three because it it, it supports the S. three API although unlike Amazon was sobbing never charges for API access, they also don't charge for Egress and that's another big savings. A lot of times you store data in the cloud and you say that was a good deal and then you forget that it's GonNa cost you to get that data back never with Sabi. Sabi really kind of amazing but I know what you're thinking. You're saying, okay finally. Oh but with on prem storage at least I, you know that storage is sitting right there. It's safe and secure I. Would I think you're thinking very strong argument the data stored in the cloud is actually safer. And more secure eleven, nines of durability. That's that's as good as you can get that means you know if you do the math on average, you lose one file, every six, hundred, forty, nine, thousand years but you know what? You're not even going to lose that because it's hosted Premier Tier, four data center facilities that are redundant. Of course, highly secure as well, which means Oh and I should throw in one extra thing was Sabi does regular integrity checking where all objects stored at checked every ninety days? So if one bit goes missing. Don't worry it's redundant. You've got another copy of the data on another tier four data center or maybe two or three so you can always get it back. So you just never gonNA lose data. It's also more secure because it's securities turned on by default even if you don't specify encryption. All data stored in the SABA cloud is encrypted while at rest fully encrypted they follow industry best security models and design practices things like access control mechanisms bucket. Policies, access control lists. And I love the feature I think this is such a great feature. All data can be designated. Any data can be designated as immutable. You can say this is immutable I can't erase it. I can't change it without jumping through hoops. Obviously you can. You can turn it off, but it's not easily accessed, and that means it's it's protected from hackers from ransomware from you know the human error. That it's better than on Prem, less expensive, but better than on Prem, and now if you know, you're going to be getting a certain amount every every month for instance, you can take advantage of a new. Way To pay. You can pay as you go. They have a simple flat fee. Or you can pay with reserved capacity storage. which. Means you know I'm GONNA use this much every year you can reserve that much in one three or five year increments. You will get bigger discounts for longer terms and more capacity. So it is getting a discount because you know you say, yeah going to be using this much for this long. That's fantastic. It's another way we Sabi says if you're an MSP and you resell storage, this is a great choice for you. You'll actually sell more because and make more you'll be charging and you'll be making more. That's how big the price differential is. It's completely compliant with every industry FENRA CJ I, S it's hippo compliant. This was Sabi is highly secure disrupted technology. This really turning the storage industry on its ear, calculate the savings for yourself start a free. Trial Right now, you can try it for a month. GO TO WITH SABI DOT COM click on the free trial link, enter the code security. Now, Bang on it for a month absolutely free thing go the bosses say look boss we're going to save eighty percent we're going to be up to six times faster and maybe you've never heard of it maybe you know you say well, what about Amazon as your Google Cloud? No, you gotta you gotTa try this was Sabi. It's on a mission to tell the world W. A. S. A. B. I. Yes, spelled like the green stuff when you're Sushi but it's not join the Movement Migrate Your data to the cloud and do it with Confidence Sabi Dot Com free trial waiting for you offer code security. Now, take advantage of this is a great way to save was Sabi Dot Com. Thanks so much for supporting. Security. Now, in the whole twit network, we're big fans. Picture of the week. So. Yeah. It's a four frame cartoon. The first one shows the very familiar internet explorer ee. with some weird black shrouded hand skeleton hand. Trying to pull it off. Screen. and. That hand gives up and sort of breaks free. And then we see in the third frame that we have the grim reaper. And Grim reaper is saying Let's see Oh in the first frame. It says it's time to go and. The Internet explorer resists apparently and so then he then. The grim reaper. Has Go. And the fourth frame is Internet explorer is not responding. Very. Familiar. Chest with familiar to us all the grim reaper is puzzled that. Unable to. Remove. It. And this was apropos something that I I meant to talk about last week but didn't. Because it just under a year from now on August seventeenth of twenty twenty. One. The use of e eleven our last I e will no longer be supported for Microsoft's online services like office three, sixty, five, one, drive outlook and more, and of course, this is significant. We often hear Paul and Mary Jo talking about how corporations have built I E in by as A. As a component of their infrastructure with like custom APPs and things that's all glued in and they've got a year until you know it really stops being supported and also Microsoft will be ending support for I e eleven with Microsoft teams web APP later this year and all support ending. On November. Thirtieth. So you know the clock is ticking and corporations really need to be looking at at. edge. Now I don't know whether the I e. eleven compatibility mode built into edge will continue or not. But for what it's worth standalone I e in Oh sooner or later the grim reaper is GonNa is going to succeed, and then back that grim reaper may actually be named. Microsoft. Google chrome users should today. Be Moving to chrome eighty five most users don't need to do anything, which is good. It just updates itself. But this will fix a potentially serious remote Code Execution Vulnerability in Crumbs Web gl rendering engine. It's a use after free read flaw which was discovered by Cisco's Talos Security Group and it was responsibly reported to Google more than three months ago back on May Nineteenth Google quickly put the fix into their early release cycle in the in the Dev and the Beta. Channels of just a couple of weeks later in early June. And the stable channel, which I and most of US use is. Expected to be receiving that fixed today when chrome mouth from eighty four to eighty five I looked last night I was on eighty four I actually could look right now come to think of it because I got chrome right here. Let's see. About And Jackie O updating. Google. Chrome. Yes. I still on eighty four in a few moments I will be on eighty five. So you may need to go to help about to give a little kick that sometimes is necessary and then. It right it will. It will. And if you close, it will ris up but most of us never closer browsers that's right I. You know for me Fire Fox has just opened statically and you need to go to help about and then it goes ooh Yeah. Thanks for asking and then updates itself and and sometimes needs to do a a typically need needs to close and then reopen with all cabs surviving fortunately because as we saw last week I need all of those thousand tabs that I have open, not a thousand but. It has a scroll bar. So yeah. Wouldn't fit on one screen. So what do the University of UTAH? Jack. Daniels. Whiskey. And Carnival cruise lines all have in common. Well Friday last last Friday. The University of Utah revealed that it had paid a ransomware gang four, hundred and fifty seven dollars. And fifty nine cents. Four, hundred, Fifty, seven, thousand. Yes I got that would have been. Four hundred and fifty, seven, thousand dollars and fifty, nine, hundred, and fifty thousand. Fifty nine dollars. which sort of begs the question or they get that number? Now that I finally got it out correctly, it's probably bitcoin. Nine dollars like half a million bucks. It's like the Bitcoin version thing they probably would. Yes somewhere. BITCOIN that turned out to be that. And what's interesting is that was not to obtain the decryption key for their files. They didn't need it because it turns out that very few of their files were encrypted but rather her and Leo I know this goes to you know the thing that were you just kind of like. Grit your teeth to purchase the promise. From the extortionists. That the student information that had been exfiltrated beforehand while. Yeah that's not be publicly released your Seymour. One this is big. Yeah. Yeah. They're they're they're just they're hoping that the there is honor among thieves and that these guys will keep their word in senators. Word is that if if you want others to pay you yes. That's it. Exactly. If, of course, ransomware gangs or not all the same but and didn't we hear no, it wasn't It was cannon that had some information leaked last week that we reported on and so so Lawrence over at bleeping computer has said that you know they assumed since the jetsons cannon got themselves back up relatively quickly that they had paid the ransom. But now since the extortionists in that instance were leaking the information, maybe cannon had restored from backups and said, Nah, we're not paying your stinking ransom and the bad guy said. Here comes your You know your your private corporate next decade plans for the future. How do you? How do you want that? How how do you feel about that being leaked? Anyway. So the in this case University of Utah explained. That it had dodged a major ransomware incident and that the attackers managed to encrypt only zero point zero, two percent. Of the data stored on their servers. And the university staff was easily able to restore that from backups. However, the ransomware group then threatened to release student related data see they had obtained and exfiltrated. So, the university said after careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker. This was done as a proactive and preventative steps to ensure information was not released on the Internet and again to the extent that such. Can Be ensured. The Cyber Insurance policy pay part of the ransom, and the university covered the remainder no tuition grant donation state or tax payer funds were used to pay the ransom thought that was an interesting explicit statement that they made. They said, the university disclosed that the attack took place a little over a month ago on July nineteenth twenty twenty and the network belonging to the Collar College of social and behavioral science was the victim. So Apparently A. A you know as a sub set of the. Entire Larger University. was where the break in occurred and there must have been some isolation there. So anyway, that is one of the three and presumably they were able to negotiate a cheaper payment in order to you know because they hit the bad guys hadn't managed to get. The bulk of the of the university stuff. But you know they did pay for they promised to not share student data, and as you said Leo, the reason that would be honored as well as you know, nearly half a million dollars. And they want to do. Yeah exactly. You got to build your credibility. Exactly And two other large and notable recent ransomware victims were Brown forman famous for their distillation of Jack Daniel's Tennessee whiskey. And Carnival cruises. The Jack Daniels folks said are quick actions upon discovering the attack prevented our systems from being encrypted. Unfortunately again, we believe some information including employee data was impacted. We are working closely with law enforcement as well as world class third party data security experts to mitigate and resolve this situation. As soon as possible, there are no active negotiations so. In that. So that says it sorta sounds like. Oh, in fact, a that statement from Brown forman came after Bloomberg News reported that it had received an anonymous tip of the ransomware attack a site on the dark web claiming to be run by members of the reveal strain. A ransomware says that it had obtained a terabyte of data from the Louisville Kentucky based. Brown. Foreman the site said that stolen data included contracts financial. Statements Credit Histories and internal correspondence of employees also included were screen shots of file structures documents purportedly taken during the heist. So does look like the pattern we're seeing now is because you know major companies that have the deep pockets who also have the pocket depth to now proactively backup their servers well. So it's possible for the for if if the only thing done was encryption. A golden opportunity to extract a ransom could be thwarted if the if the good guys have backups at. So now what's being done is That data pre encryption is being exfiltrated and stored somewhere. Then the data is encrypted and so we have you know we're we're we're increasingly seeing this two part attack exfiltration that the company desperately does not want to be made public. In case they have backups in which case, they would not otherwise need to pay the extortion. So you know it's not really ransomware as much as it is. Okay. We got copies of all your stuff. Shall we share it with the world? PLANO blackmail. Yup. And as Carnival Corporation, the operator of the world's biggest cruise lines, they disclosed that they were hit by ransomware attack provided that provided unauthorized access to personal data of passengers and employees that could be back exactly passport information as well as s address name birthdate I don't know if they collect socials but boy that's. A lot information they have and credit card numbers. Of course I'm do they have passport information because they're dare cross they're taking the cross. country. Unless it it's very rare that a cruises just within one nation If you're going to another country they they collect your passport so they have they have. Screen shots of it. I mean they physically. Ill, they hold it while you're. Yeah Wow. Yeah. So Identify I've been many of their. Cruise lines. The talent America or was one of them out and that was a Holland America. seaborn was a recent cruise of mine and of course, carnivals a big one in an offer. That's right. They own a lot of the cruise lines will, in fact, you said like the whole Cruise Modell, we love cruises we won't be going on ninety times. More the day. Yeah. I look back on that with nostalgia and affection. The good old. Yeah. I was actually talking to my buddy Mark Thompson whom you know he's launched at a little project to provide air quality monitoring in real time to health clubs or he he must. That's great. Yeah ran and in fact I don't know how much of this I I can talk about. So I'll say. I just realized but we were talking about the air quality in cruise lines as opposed to. Airliners and it turns out that it's like the air is fully completely exchanged on an airplane very often right but not. So on a cruise line, which which deliberately maintains a closed cycle system because they because the external air is often not what passengers wannabe be breeze mug no control over humidity it's subtropical or whatever. Although. The lines on the small ships I go one we always have a balcony windows we can open and we always eat outside. So I'm not worried about that. But yeah, I would imagine some of those big ships you're not breathing outside air ever no yeah. No. Yeah, and so it is internally recycled and not of the highest quality. So Anyway Carnival said they had not yet identified, which of their many subsidiary lines was breached but because are publicly traded. They did need to disclose to the US Securities and Exchange Commission. The nature of the attack in their regulatory filing, they said based on its preliminary assessment and on the information currently known in particular that the incident occurred in a portion of a brands information technology systems. The company capital C. does not believe the incident will have a material impact on its business operations or financial results. Nonetheless we expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies although we believe that no other information technology systems of the other companies brands have been impacted by this incident based upon our investigation to date there can be no assurance that other information technology systems of the companies brands will not be adversely affected. So a you know a CYA statement floor the for the regulatory requirements. which brings me to an interesting set of reports that were just released. Certainly, we all likely agree that a ransomware attack is the last thing any company wants given what we keep seeing. So. The question is how exactly are these occurring? The traditional answer has been phishing email. which hooks some well meaning but unsuspecting insider. Well while fishing email is indeed a popular entry-point veteran. These three recent reports from cove wear emphasis soft. Yeah M. I keep tripping over that emphasis M sis. Yeah M emphasis soft and recorded future. Clearly show that fishing actually takes a backseat to our old friend RDP, and I have a chart on page two of the notes. which is really interesting. This is a it's a ransomware attack vectors. Over time and. It would be a pie chart except a pie chart can't show. Percentage change over time. So this is a line chart from fourth quarter of twenty eighteen through the second quarter of twenty twenty. So Up to current. which where it's showing that percent of. Of cases. Of RTP, compromise email, phishing, software, vulnerability, or other. So it's it's like a pie chart varying over time. So consequently, for example, at in in the fourth quarter of two thousand eighteen by far and away the majority of the attacks. Looks like maybe just eyeballing it maybe eighty five percent were RDP. That down as a percentage can as eight. This makes is That big a problem. Yes, it is yes holy. and. These guys provide the raw data to back that up and it's windows RDP right? It's Microsoft Windows is a yes. Windows is one hundred percent RDP. and. So so email phishing did come up as a percentage which pushed the percentage of our DP down but it's holding it's own, and then of course, what happened in the Dow in Twenty Twenty and twenty? Well in the first and second quarters of two thousand twenty is due to that that Cova D- And the the the dramatic increase of hastily brought up RDP services in order to allow remote access s that began you know that essentially began fighting with with email phishing as an entry point. So those are the two but. Email phishing never even reached parody with RTP. It's it's it's gone up and down, but RDP is holding its own which I think is one of the one of the things that I it's GonNa spend some time talking about here in their report emphasis soft explained what's happened this year they said in recent months, organizations across every sector have come to rely heavily on remote desktop protocol to maintain business continuity while respecting social distancing and back up a little bit Leo, just to address your your your your comment remember that. There have been a series of really bad. Authentication problems with RTP. Don't they use VPN's and other solutions WHO's using? E. That's there are eighty, eight, hundred, thousand, eight, zero, thousand exposed RTP services on the Internet. It is absolutely crazy but they're just assuming that you know Oh. Yeah you know it must be secure because Microsoft says we can turn it on well. Microsoft said that once about Windows Printer and file sharing Cemil how that mean Barracuda in their ad says ninety one percent of all. ransomware attacks comes through a phishing email spear phishing emails, and everyone I heard about is a spear phishing email I can't imagine canon or carnival or any of these people's using RDP. That's crazy. In. In terms of number I'm sure it's the smaller guys that are deploying that technology that they need to. Anyway so so MC soft said however the rapid shift to remote. To remote working has also provided a unique opportunity for ransomware groups. Threat Actors predicted that many organizations would not have the time or resources to securely implement RDP during the mass transition to working from home, and as a result may be vulnerable to compromise. They were right according to a McAfee report, the number of Internet exposed. RDP. Ports grew from approximately. Oh, boy I under buy low balled it. From approximately are you sitting down Leo? Three, million in January of two, thousand, twenty, two more than four point, five, million in March so. In. In less than three months. An additional one and a half million additional RTP ports became publicly exposed. Later. In their report, they note that while the threat is not new and of course, as we know all too well on this podcast. The global shift to remote working has revealed many organizations do not adequately secure our DP and that the bad guys are taking advantage according to a report by Kaspersky. At the start of March twenty twenty, there were about. Two hundred thousand daily brute force. Attacks in the US. But by mid April just six weeks later. That number had grown from two hundred thousand to nearly one point three million brute force attacks per day. Now today RDP is added as the single biggest attack vector for ransomware. So. So, all of these four point five million RDP ports are publicly exposed and they are being actively attacked and and what is to me shocking is that Even, now Microsoft has not stepped up and offered better security. and so you know, of course, this obviously underscores the point I've been making, which is that RDP simply cannot be safely exposed to the Public Internet. And there are two reasons It's no longer sane to trust that Microsoft hasn't or won't make a mistake in their prevision of the RDP service they've done so over and over in the past, and as we'll be learning in a few minutes, they just released an emergency patch for two more privilege elevation flaws in windows remote access service, which is what RTP as part of. The second reason we cannot trust RTP is that its native authentication mechanism are pathetic I went looking for something that I that I thought I might not know about RDP authentication thinking Microsoft had must have fixed this and I found a a very recent. It was only a couple months old best practices advisory from Microsoft on securing our DP authentication it amounted to be sure to use a strong password. There is zero multi factor support for RTP, which is unconscionable. There are multiple third parties who have responded to this need created by Microsoft by creating their own much more secure RDP gateways which are laden with authentication features so You know if you don't feel like rolling your own solution and you do have money to burn because none of these third party solutions are inexpensive. You could simply throw some money at the problem and by yourself. This much-needed security. or You could get a bit clever and roll your own. If the clients you have connecting have fixed Ip's. Restricting access to the RTP port from only those Ip's is an immediate proven fast insecure solution. If. The IP's are largely fixed as with the typical residential broadband service the use of A. DNS solution can allow for tracking their infrequent but possible changes. And typical changes may be so infrequent that updating the access firewall from dying. DNS. Doesn't even need to be automated I i. know that the you know the IP's that I maintain in my two locations. They're essentially static they. They haven't changed like in years. But if highly dynamic roaming access is needed, then no form of IP based access restriction will suffice. This lifts the requirement for authentication from the network layer to the application layer again, history teaches. That what we must avoid is public access to an RDP end point just there's no safe way to protect it we can't trust Microsoft and we can't allow for this brute force brute forcing of our authentication. You know one point, three, million attacks per day is ongoing right now. So that requires the use of something in front of the RDP an point I've talked about using a VPN offering some form of. And That we're the VPN offer some form of strong multi factor authentication either a time based one time password or certificate based but I wanted to add another option to the pot. By noting that SSH is widely available. Almost off all almost always offers the very strong authentication options that we're looking for and it can be used to tunnel RDP. In fact, if you Google tunnel RDP over SSh, you'll be rewarded with all the suggestions you might need and for all os platforms. The only. As I was thinking about this, the only theoretical downside is that as a purist both RDP he an ssh used TCP long ago when we were first covering the operation VPN's in this podcasts. Deep. History I noted that there can be some tunnel confusion when t C. P. is tunneled inside. TCP. Since then you have two sets of TCP's error recovery and packet retransmission. The theoretical optimal solution is for the VPN tunnel to use dumb old you DP packets and for the tunneled protocol. for for an to use UD packets for the tunnel protocol and then RDP, over TCP, which is carried by the UDP tunnel. So that way the RDP's TCP. Protocol. Handles any packet losses and re transmission, and those are carried over UDP. I did find some SSH UDP tunnelling systems, but there is so much apparent success with simply tunneling RDP over standard SSh TCP tunnels that it appears my theoretical concerns be nothing more than that just theoretical. So anyway, I wanted to propose another option to the need for somehow hiding RDP end points from the outside world. It's clearly necessary to add some other layer of security in front of RTP. Somebody in our chat whose company uses it say this they use a proxy server in front of it. So it's not publicly available IP address. Yeah which makes you just have to hide it yeah. And I'll I'll. I'll mention one more Microsoft issue and then we'll take our second break last Thursday. Microsoft issued an emergency out of cycle update for Windows eight point one, eight point, one RT, and windows server that the matching server instance of a point one which was Windows Server Twenty twelve are to. The emergency update patches a pair of recently disclosed security vulnerabilities. I have a link in the show notes because. From my reading of this doesn't look like this is going to be an automatic update maybe they'll roll them out next month. What's interesting is they're both high severity privilege escalation vulnerabilities residing in the remote access service, which is obviously a particularly vulnerable area of a server. Interestingly, both of these vulnerabilities were patched as part of the previous weeks August patch Tuesday. But that was for windows ten windows seven for those on extended support and Windows Server two, Thousand Eight, Twenty Twelve Twenty Sixteen Twenty nineteen and windows server versions nineteen o three nineteen o nine and two thousand and four systems in other words everything other than windows eight point one and its corresponding server twenty twelve are too. So as near as I can determine. That these patches for those two operating systems just weren't ready in time to make you know whatever quality control. If any Microsoft is applying to the monthly patch cycle. But at the same time, they were critical for Microsoft to leave them hanging since somebody examining the patches and we now though that, no, that happens somebody examining the patches for the other. Oh S.'s could probably figure out what it was that was fixed and note that they had not been fixed in Windows Server Twenty twelve are two and then perhaps. Go attack it. By reverse engineering what had been fixed in all the other platforms. So as I said, it may be that they need to be manually patched and installed. It wasn't clear. Assuming that they'll be part of next month's patch batch. I would say that end users probably don't need to worry because you know windows eight point one probably doesn't have. Any remote access services publicly exposed in the typical end user environment behind a NAT router. So Unless you're were unless you're actually running windows server two, thousand, twelve or two you probably don't need to worry. But if you are I would sir I would certainly think that worth going to get that or making sure that it isn't already updated. Microsoft. This covert I think tells you why it's so big because is one particular kind of ransomware phobos that focuses on RTP and it's ransomware is a service. Oh, any idiot. And and all the credentials are available online for pennies. So any idiot can go either do a show Dan or get some credentials, and then you don't have to know what you're doing whereas any spear phishing attack anything more sophisticated is gonNA take a lot more effort. So is low-hanging fruit. You probably don't make a lot of money with it. You know these are the hundred dollar two, hundred dollars three, hundred dollar ransom. Back half-million. Yes, and in fact it that you what you have just said is exactly where we're headed right after our second break and I even use the phrase low hanging fruit because Yeah Yup now I understand it doesn't counter intuitive. But of course is not because lots of people who don't know what they're doing or putting RTP. Out in the public which xactly. So When there's so many better solutions out there. But it's you know it comes with windows way you know it's available. Why not? And turned on yeah. Wow and then they're using monkey. one-two-three is the Password I. Mean Saturday the same people, right? Johnny Buddy. That's my. of course, you're getting bit it's. On the first. Not Very lucrative. Wow. You're. You know if you really want the money, you're going to go out and. Find a company and target them and take some time, and then that's when you can exfiltration data do all those fun things. you know. Make a lot more money I would imagine. Wow. Wow. I can't believe that in this day and age. That's that's what's going on. That's why you need the security scorecard our sponsor. Not only you want the security scorecard on your company by the way, we gotta be which I'm pretty happy about You're going to want to get a security scorecard for any company you're doing business with because as we know, that's part of the problem. What was it? Was it a target the got attacked because their HVAC partner had access to the network, and so somebody hacked the maybe the HVAC guys using RTP they hacked the Hvac guy and then got into the bigger breach. You you. You're you're giving people access to your network. You're paying people you're using people you want to check their security scorecard. It's the global leader in cybersecurity rankings. The only service that is continuously rating one and a half million companies. So it almost guaranteed if you go to security scorecard. By. The way that security scorecard dot com slash twit. If you go to security scorecard and look up an organization, you'll be able to see their scorecard right there. Because, they're rating everybody. This is their mission is to empower every organization with collaborative security intelligence. Because you're only secure is the companies you work with right? So for us, it was important. We ran our security scorecard and it gives you details on why you scored lower in certain areas. By the way, we are fairly highly ranked among businesses that are in our business, but I still I didn't want to be, and so we went and we fixed the problems associated. With with the lower ranking, squeak an F. in one score, which was APPs, and that wasn't much. We can do about that actually. But but at least we know where the weaknesses are. So security scorecard is a really great idea. Give you a three hundred sixty degree view of your cybersecurity health through a single pane of glass there patented rating technologies used by over a thousand organizations for lots of different reasons self monitoring, of course. Just as we did, you can evaluate your organization cyber security risk using real data driven objective and and continuously updating metrics. The provide visibility into your information security control weaknesses right. It's also good though for third party risk management, you can see how any company you want to do business with partners. Vendors. Suppliers are treating their cybersecurity enhance how they might impact you you wanNA value at all the risks and your ecosystem. It can also allow companies to fix and find security risks and vulnerabilities across their sternly facing digital footprint. It's also great because it's so easy to read. They use those letter grades, ABCD NF just like you learned in school, everybody understands them. So it's great for board or executive level reporting. It's great if you're getting cyber insurance underwriting in the insurance space very useful. Everybody likes this idea that you can get the grade. And by the way companies with the C. D. or F.. Are Five Times more likely to be breached and I don't know I have to check. But I bet you anything they look at RTP I'm sure they would. The data's used to calculate scores across ten key risk factor groups. Things we talk about all the time on security now patching cadence application security DNS health. Network security endpoint security, you may be using individual tools, individual areas DNS health is always one that we talk about, but this does it all. And you get a great in every one of those ten key risk factor groups. So, let's companies easily understand and continuously monitor. Their cyber security posture in the posture of the people they deal with. And then there's the security scorecard atlas. which is the leading cyber security questionnaire invalidation solution cut through the questionnaire noisy could find your score. And make your. Business Cybersecurity it's a centralized platform leveraging machine learning to automate the cybersecurity questionnaire exchange process for senders and receivers. I actually didn't know anything about this but I've learned about this since this is one way companies work with other companies with a cybersecurity questionnaires. They've got a great process for this, which makes it two times faster. It makes it more accurate and most importantly that makes it more secure. Security scorecard is atlas is the only platform in the market that instantly maps out cyber security rating data, individual responses. So you could see immediately they're great all the way across the board you get a real three, hundred, sixty degree view of the risk you're taking on you can also cut the questionnaire cycle in half. Because, they've got twenty plus industry standard questionnaires. They also have accustomed question here wizard. So it's easy to create these questions. You can collaborate easily and securely with your team and with third, parties. Look security scorecard was founded with the notion that every business. Has a right to its own security rating. That's why they give these away. You can get yours right now in fact, you can check the score of your business up to five others at security scorecard dot com slash twit absolutely free best product security ratings twenty by twenty twenty Se magazine, they just got that award. The combined power of security scorecards, ratings, and their atlas gives organizations. A A three hundred sixty degrees of cybersecurity for company in the world there's or the companies they deal with and get the score of Your Business and up to five others right now to learn more sign up for your free account security scorecard, dot com slash twit he at least should check your company right now security scorecard dot com slash twit. If you're doing business with other companies, you can't say you guys secure. Yeah we're secure. Okay. Good. No. No you need security scorecard, security scorecard, dot, com, slash twit This is one letter grade. You're really gonNA WANNA find that. back to the show we go with Mr Steve Gibson. So speaking of low hanging fruit is Iranian script kitties are using RTP to deploy the Dharma ransomware. This was some interesting and disturbing research by a group known as group one be I'm sorry I, Be Group B. they detailed the collision of RDP and ransomware the explained that apparently like from all the forensic evidence, these look like low skilled hackers will explain why in a second likely from Iran have joined the ransomware business targeting companies and Russia India China and Japan. They're going after the new low hanging fruit represented by casually or hastily deployed RDP servers using publicly available tools. The group is deploying the Dharma ransomware and based on the forensic artifacts of the attacks it appears to be. A non sophisticated purely financially as opposed to example, politically or state level motivated group, which is new to cybercrime their extortion demands range. They're pretty modest from one to five bitcoin, which puts it at around eleven thousand, seven, hundred up to maybe sixty thousand dollars and they locate targets. The old fashioned way by scanning Ip address ranges for exposed. Remote desktop protocol RDP and points. Their tool of choice is a freely available open source port scanner called Mass Scan we've talked about before. once they've located a potential target they which is to say they found port three, three, eight, nine, open they launch a brute force authentication attack using another tool NFL brute, which is a utility that simply repeatedly attempts to authenticate against RDP using a list of username and passwords attempting to find a combination that works if they get in they sometimes attempt to elevate their privileges by exploding old vulnerability which exists in windows seven through ten. And researchers at this. Company Group. IB learned about the new group A couple of months ago in June during an incident response engagement at a company in Russia that had been attacked based on that forensic analysis and the artifacts from that, they determined that the attacker to probably be a Persian speaking newbie. The the conclusion is supported by clues from the next stages that they found of the attack. which appear to lack the confidence that you would expect from an actor who knows essentially what to do once they've gotten in. I be. Like Oh. What are you recommend? Group IB wrote interestingly, the threat actors likely don't have a clear plan for what to do with the compromise networks. Once they've established the RDP connection, they decide which tools to deploy to move laterally. For instance, to disable Bilton, a software, the attackers used defender control, and your uninstall her. Who which are you know? Tools available sort of generic in order to to get done what they want nothing sophisticated they're. Further evidence that the operation is the work of a script Kiddie from Iran comes from search queries in Persian. To find other tools necessary for the attack like, okay. Let's see. What should we search for? Now to probably twelve year old. US anyway those those searches were were turned up in Persian language telegram channels which provide those tools or. The number of victims compromise so far by this attacker is not known. Nor is the path that led the threat actor to the Dharma ransomware service operation. You know are a s but. Given that the Dharma operators provide a toolkit that makes it easy for anyone to become a cyber criminal. It should not come as a surprise that inexperienced individuals are deploying this file encrypting malware is like oh? Oh Yeah. Wait. Now, we're supposed to launch the Dharma. Once they get in. So, the senior analyst at group IB. A guy named Oleg Skull skulking said that the Dharma ransomware source code which was leaked in March likely explained the increasing use of this model wear strain Oleg indicated that quote it's surprising that Dharma landed in the hands of Iranian script kitties who are using it for financial gain as Iran has traditionally been a land of state sponsored attacks engaged in espionage and sabotage. So in other words. You know I maybe it's not that surprising because it's sort of now available for everyone not just a state level actors. And of course, we've talked about how this new ransomware as a service model is allowing many hackers who would never be in the ransomware game to become players. And I I don't given that we have ransomware as a service. Now I don't see how this problem is ever going to go away. So again. No exposed open RDP ports. Okay. Not For our listeners. Arrange to put something anything in front of our DP so that you or your company are not open to exploitation. You know this is not as bad as Microsoft's original wide open windows file and printer sharing, which is what drove me to create GRC's shields up service. So many years ago, but it does definitely need a tension. No exposed RTP ports. Zero Day initiative. Zdi that we've also referred to recently turned fifteen. As I mentioned the top of show, it turns out that there's a bit of a synchronized fifteenth birthday since last Thursday postponed to owns founding parent the Zero Day initiative also turned fifteen. Just, as podcast did our first podcasts as I mentioned was August, Fifteenth Two thousand, five one day before the founding of these E D I program that's interesting on yeah. One day on last week's occasion of their Fifteenth Birthday Zdi. Announced that more than twenty five, million dollars in bounties had been paid to security researchers over the past decade and a half. Those monies went to more than ten thousand security researchers across more than seventy, five hundred since successful bugs submissions. In explaining the genesis of Zdi they said starting in two thousand five. Three com remember them three COM announced a new program called these zero day initiative. The plan was to financially reward researchers researchers who discovered previously unknown software vulnerabilities and disclose them responsibly. The information about the vulnerability would be used to provide early protection to customers through tipping points I s their intrusion prevention system. The filters for that while Best Zero Day initiative then worked with the affected products vendor. To fix the vulnerability. So. That's an interesting angle here that the commercial tipping point I P S would benefit from providing immediate awareness of a vulnerability and could offer their proprietary customers, their commercial customers, unique early protection. Thanks to the IP S.'s being immediately updated before any fix was available from the vendor, which as we know, could take like. Ninety days or more. That would then of course, the the vendor would then fix the problem downstream of the IP S. eventually. But even after the vendors problem was fixed, there's certainly some value in knowing when attacks are being launched against ones Ip s protection even when there's no. Back in vulnerability any longer. So anyway, that's that's sort of that's how this happened is that three com said, let's let's Get in the business of collecting this information from hackers that will allow us to much to mature our intrusion protection system. In advance of any vendors vulnerabilities being fixed, we offer our protected customers, this window of safety. For their own back end systems and we're going to turn this into a commercial venture. So, they ended up saying that first year, the Zdi published a total of one advisory. Pertaining to semantics Veritas Net backup. Fifteen years later they said we've now published as I said at the top fifteen hundred advisories as we evolved into the world's largest vendor asking. Bug Bounty Program. To say, it's been a journey is an understatement. It certainly had some ups and downs, but the program is stronger than ever and on track for our largest year ever as we begin our sixteenth year as they did last week as we did last week let's take a look at some of the more notable happenings in the life of the ZDI program. So I read through the entire posting and it provided such a useful and synchronized perspective and walk through the fifteen years of this podcast I. decided I wanted to share it with our listeners. So here's what they said. Fraught through the years of two, thousand, five through twenty, ten, their first five years they wrote looking back at our activities through these years induces nostalgia as it reminds us of the bugs we bought in products and companies that are no longer with us. We can also see the rise of research into different products and technologies. For example, we bought only to apple bugs in two thousand six, that number rose to fifty, two by two, thousand ten. Java bugs particularly sandbox escapes or also popular during this time, and of course, we were talking about them on this podcast all the time. They wrote it's a bit odd to look back at the progression from buying bugs in what was simply known as. To buying bugs in Sun Microsystems Java to buying bugs in Oracle's Java. This time period also saw the first pony to own contest, which was in two, thousand, seven, the contests, the contest launched at the time when I'm a Mac I'm a PC commercials dominated the airwaves. Devices. Remember that. Yeah. Yeah Yeah and apple devices had an aura of invincibility about them. Astute security researchers new better and DINO DIS OH v proved it winning himself a Mac book and ten thousand dollars. The contest has grown exponentially since then there are now three different competitions pawn to own Vancouver though the main one that we often come up yet we always cover which focuses on enterprise software phone to own Tokyo which focuses on consumer devices and Pony own Miami introduced this year with a focus on scatter products prone to own also served as a coming out for many high profile researchers who after winning the contest went on to work on various prestigious teams and projects. So from twenty, ten to twenty fifteen, their second five-year block they said, this was a transitional period for the program as three COM together with ZDI was purchased by Hewlett Packard. Then later split off as part of HP enterprise. However, the core principles upon which the program was founded remained the core principles we operate by today four of them encourage the responsible disclosure of zero day vulnerabilities to the affected vendors. Fairly Credit and compensate the participating researchers including yearly bonuses for researchers who are especially productive within the program. Hold product vendors accountable by setting a reasonable deadline for remediating reported vulnerabilities and remember we talked about a six month Zdi the patients that I had for six months and then finally disclosed publicly. Microsoft's one of those two zero days that Microsoft didn't fix until Zdi disclosed it, and then they thought, oh, because they just drag their heels and finally protect our customers and the larger ecosystem. So they said by this time, the Zdi was large enough to have an impact on the overall ecosystem it was during this period that we grew to become the world's largest vendor? Agnostic Bug Bounty Program title we still hold in twenty eleven. We had our first public zero day disclosure when a vendor failed to meet the patch deadline over the years holding vendors accountable has helped lowered their response time from more than one hundred and eighty days to less than one, hundred twenty even though we reduce start disclosure window, the rate of zero day disclosure stayed relatively consistent. Another big change during this period was the increase in research work done by the vulnerability researchers employed by the zd program. There have always been great people working on the program doing root cause analysis on submissions, but an increase in the size of the team allowed for members of Zdi to begin reporting their own bugs as well. ZDI researchers increasingly published their findings and expanded their speaking at high profile conferences including black hat and DEFCON. The increased size also helped spot some trends in exploitation. It was during this time that we saw a surge in submissions of Java bugs during or rather however once browsers implemented click to play practical exploitation became much more difficult bud bugs exploiting use after free conditions in i. e were also quite common until the isolated heap and meme G. C. Mitigation were silently introduced by Microsoft. ZDI researchers found a way to exploit the mitigations and were awarded one hundred, twenty, five, thousand dollars from Microsoft for their submission. Interestingly, Microsoft chose not to fix all the submitted bugs. So a portion of the report ended up as a public release zero day in they said in case you're wondering all of the money was donated to various stem charities. During this timeframe, the bug bounty landscape became normalized and broadened vendors such as Microsoft and Google started their own bounty programs and bug bounty programs were created that allowed companies like starbucks and Uber to offer bowties. And as we know by the bounty programs were created what they mean with. Them. Of course, is hacker one which we have spoken of often and just recently. They wrote the idea of crowdsourcing research entered the mainstream not every program was successful as some vendor suddenly realized that if you offer money for bug reports, you get bug reports. This left some companies scrambling to react after starting their program with mixed results. It was definitely a time of growth and learning throughout the industry pawn to own continued to grow as well. Twenty ten saw pawn to owns first successful mobile device exploit demonstrated by Ralf Philipp Weinmann and Vincenzo I-. Ozo-. Against the iphone the apple iphone three gs we also started seeing vendors release large patches just. Before the contest since the rules require the latest version for all exploits, contestants pawn to own contestants often found themselves patched out just before the contest. It also meant the Zdi had to scramble to get the targets up to date with all the latest patches often staying up all night installing updates in twenty twelve a second contest mobile phone to own was added to focus on phones and tablets. And finally, the Final v The final five years fifteen twenty to present. In two thousand, fifteen trend micro acquired the HP tipping point APS, and the program along with it. This opened a new world of opportunity for Zdi as the vulnerability intelligence produced by the ZDI program could now be used to improve not only the tipping point, I- ps, but other products within trend Micros line of security solutions as well. ZDI's association with trend micro also resulted in a massive increase in interest in vulnerabilities in trend micro products themselves to their credit trend micro produced Sorry Trend Micro product teams have not shied away from the work of fixing the bugs submitted by independent Zdi researchers, and we have established a targeted initiative program just for select trend products. The threat landscape shifted as well. Before two thousand twelve, we rarely saw an adobe reader submission outside of Po to own. Once we reached twenty twelve, there were more than one hundred submissions. Many of those reports were submitted by ZDI researchers overall in internal fines represent about twenty percent of all the cases we process every year bugs effecting Acrobat Fox it and other PDF readers continued to be prevalent but we've also seen the rise of De serialisation bugs and a sharp increase in Scada vulnerabilities. Home Routers have also become a popular target says they can be compromised on mass to be used in botnets and De dos attacks as a result, the ZDI adapted and began accepting. Related. Submissions especially those related to IOT devices. The production of the. The Wassenaar Arrangement. Posed some challenges especially when purchased bug reports from member countries however, we were able to navigate the paperwork needed to transfer cyber arms and stay on the right side of the law. The virtualization category was introduced to pawn to own in twenty sixteen, and since that time we've had several guest to host escapes demonstrated, and of course, we've talked about those on the podcast. The contest celebrated its tenth anniversary in twenty seventeen by acquiring fifty one zero day vulnerabilities over the Three Day contest and twenty nineteen we partnered with Tesla to award a model three to a pair of researchers who exploited the car's infotainment system Zdi. Researchers also demonstrated their own exploit of the infotainment system. The contestants have changed over the years as well in the beginning individual researchers made up the majority of entries but with. Only a few with only a few teams participating at one point. This shifted to most participants being teams sponsored by their employers there have been instances of teams filling bug reports with vendors before the contest in the hopes of killing their competitors exploits in the past couple of years that has shifted back towards individuals and small independent teams, and we've never stopped growing. We hit our peak of fourteen hundred and fifty published advisories in twenty eighteen and were set to eclipse that this year. In fact, we've been recognized as the world's leading Vulnerability Research Organization for the past fifteen years according to according to. A mighty AH, the ZDI was responsible for over half of all measured vulnerability disclosures and twenty nineteen more than any other vendor. And, finally, moving forward, they said over the past fifteen years, we've seen trends in exploit economy, vulnerability marketplace come and go. But through it, all we've been laser focused on one thing making the digital world more secure one. CVA, at the time through the tireless work Zdi researchers and the wider community, we've determined to continue disrupting the vast cybercrime economy and raising the Bar for enterprise software security for the next fifteen years in the on. So anyway interesting walk through the past fifty years. which corresponds with the PODCAST and we've covered all this stuff along the way completely parallel. Very cool. Yeah. So a couple of bits of miscellany. I mentioned that I had finally found a what I consider to be a useful bloat war where remover for windows ten I actually knew about it before and I had forgotten about it and I was reminded of it from up by a tweet for something else this company does and I thought Oh. Yeah. I. Remember Owen Oh anyway there there. Oh, amber sand. Oh. Oh no and The one I like is Owen. Oh App buster if you just Google oh anchor sand. Oh space APP buster. You'll find it from Owen Oh software it's free they have some various commercial offerings. So I think this is sort of a you know a a bit of a loss leader for them. But of all the things I've tried I like this one, the best it. Is Comprehensive it. Let if if if you enable the display of hidden things which you probably should not. Then you are able to to really you know get yourself in trouble but anyway, I just wanted to point our listeners at owing. Oh, apple buster as a it's a nice utility. You don't need to install it. It just runs standalone so you can if you just. Drop it on your desktop. If you make changes, it will create a little companion file outside of itself where it stores those changes but that allow that also allows you to move them around Anyway. I like it a lot and it's what I been using and I will continue to use what I want to. D-, CRAP AFFI-, a new installation of windows ten with. All this ridiculous animated tiles and and Candy Cane. Crap I just. Again I can't believe what what's been done to windows. On a serious note. I've been using something now for about a year that I can honestly say I have fallen in love with. It is a modest program. Called Remote Utilities. Four windows It is paid. And it's a commercial APP. It is. It's a remote control APP I've looked around at all and. And got through a went through a period about a year ago of trying them all the the in my case, the need was that. Lori but my significant other whom you've all heard me mention from time to time we wanted to set her up with the ability to do remote neuro feet remote neuro feedback. What that meant was that she would send out a laptop, a an eeg amplifier and the required eeg electrodes. In that, laptop would be a bunch of software which would provide real time feedback about her clients, some aspects of her clients brain functioning. and. It works like regular you know any sort of Feedback where? You see the exposes something that your brain is doing, and you learn to push it in the direction you're supposed to and you're able to death thus modify the function of your brain works. She's had a whole bunch of interesting. Heartwarming successes. especially with kids but the point is she needed remote access to these laptops she needed to be able to work with the person remotely. Change settings. Basically remote control. I looked at everything and this is what we've been using for the last year and it is such a win. I just wanted to put it on our listeners radar As I said, it's commercial it is not a subscription. Being an old fart myself. I would not consider it if you ha- if it had to pay by the month and everything is turning into a subscription model which just irks me so they have a number of different licenses. To suit enterprise needs if you're just. if you have modest needs, they have A. Free license that will allow you to put the the connection settings for up to ten remote machines in your viewers. Address Book I purchase a license because an fact. Greg, my my own tech support guy. Has a little business on the side. Hell helping his clients. He completely fell in love with it and switched to using it Laurie is. been using it for a year. So how am I it's it's it's not expensive. You can find if there have like. Pricing plans again, you can use free. For Free, you can put ten remote computers under control. There's A. The host APP. is what goes on the remote machine what they call the viewer is used by you that tack in order to get access to the remote machines. You can use their infrastructure in order to knit the machines together. But if that makes you feel uncomfortable, you can also use a self hoped hosted server, which you put somewhere, which allows these things to. Connect to each other through nat. So this all does Nat you know nat routing and and and rendezvous services. There's also an agent which can be used for spontaneous access to remote system without installation you adjust if you some if you immediately needed to get access to remote system, you just send this agent to that person who would run it on their machine, and then you would have access to it with the proper security. PC world in their review of remote utilities wrote for power users there's plenty to like about remote utilities. Several connection modes are offered beyond the full remote desktop experience. There's also file transfer mode, remote device manager, a registry viewer remote webcam access, and a terminal mode, which is excellent excellent way to perform simple command line tasks remotely. There's an MSI configure to create custom host installers for unintended for unattended access or to customize the remote agent module where you can put your own. Company logo and welcome text for a for attended support. It supports power control mode allowing you to remotely restart a PC either a normal or safe mode shut it down lock it put it to sleep active directory support. You can fat you could fetch an active directory tree, add new domain controllers and access active directory workstations and servers with one click. got. Two factor authentication time based token for access for access to specific or every remote. I mean, it just goes on and on all the connections are are not L. S. one point to it that cannot be turned off encryption always on. You can encrypt your address book. In case, the viewers workstation was ever compromised to keep a bad guy from using that to get into the system that you have access to host identity is certification based to ensure you're not yet that you are connecting to the same host that you intend to. some. Sort of spoof. Deploy it in a totally isolated environment over a land where you have direct connection or over the Public Internet, which is why how, for example, Lori and and I use it blank passwords are not allowed there there. No default passwords either I mean, these guys clearly understand security they did everything right? It's got built in protection against brute. Force cracking. Would an excessive number of incorrect password attempts to seen the system automatically begins decreasing the amount of or increasing the amount of time required and will lock out an that is is failing at multiple requests, and of course, there is no ability to brute force. Because most systems are behind nat. So there's no open ports either anyway, it goes on and on. Just called remote utilities. I am in love with it. I wanted to make sure our listeners knew about it. The other thing I wanted to put make sure that I sort of reminded people of I'm still in love with sink dot com but it's limited to synchronizing a single folder tree among one or or while among two or more windows devices. It's perfect for what it does. I'm using it I'm loving it. For for that it's great but. In another aspect of what we needed for for lorries deployment we wanted. A little directory tree that's underneath each of these neuro feedback APP. that are out in each of these deployed laptops and there's twenty of them out at the moment we wanted a little snippet of a directory tree to get synchronized back to the DRO that we have in our location and sink thing. Again it's I mentioned it before I want to just remind people of it I I was asked by somebody in twitter who had a couple of q nap servers, how he how he and his buddy could synchronize them to back each other stuff up and I was reminded of sync thing which just does that perfectly that you can run sing thing on Q. Nap I'm running it all my dro bows you know runs on Mac and windows and Lennox free bsd Solaris and open bsd it's open everything protocol Source. Open? Committee I mean it's it's It's a great tool and it supports a far more flexible. Like, you can get yourself lost you can create something so complex. So I have all of the machines that are out there synchronizing a snippet of of their directory structure back to a a compound directory structure on the drove. Oh, which Lori is able to see some of the folders are one way synchronizing so that for example, logs that are that are external synchronized back to us. Some of them are are the other one way in the other direction so that Lori drops a media file that she wants to go out to everybody. She just drops it in the media folder on the job Oh and the next time everybody connects they get updated automatically. And then some things are bidirectional synchronize so that the most current copy is synchronized anyway sink thing dot net is that and it's it. There's an investment you need because it's Kinda funky the way it works it took a while for me I was going for a while but once you understand the way it works, there's just nothing it can't do in terms of of like options and features and and the the complexity that you're able to maintain and again, all nap penetrating you can open a port if you want, you can allow to you to you too UPNP if you want or you can allow it to use external relay servers. And it will do that as well as you see I ferry happy user for the last five or six months. I didn't know that. I love sing thing because you don't need a third party clouds coverage if you have enough to. them all in fact, after you mentioned sink dot com kind of was looking for other things I tried other third party stuff. Then I found sink thing I said Oh, that's exactly what Steve Needs I've been meaning I mean. FOR SOME TIME But it's really great. All My systems are on it, which is nice. If you have multiple systems because then Yup keep stuff in in sync. Hands on Macintosh piece on it this past Saturday ironically. So you, you know I'm in me and ask you because I really like this idea that each device has its unique identifier plus each folder has its unique identifier and even though I just showed both of those secure because if you. Entered into your same thing, I want to join Leo's W six, M Ucla Nine F. Folder I'd still have to give you permission to do it so it's correct. In that what happens is? If somebody were to grab that and drop it into their sink thing and try to create tr try to create a connection. You a a request on your end would would pop up saying, Hey, somebody. Got Your I d. do you want to allow it but that's also the cool thing is that you can sure easily create a directory and share it with a friend they use that and then you link those two things together. It's just I mean they just nailed. It reminds me of our old friend bittorrent sync except it's done right? It's. It's really it's it's I think it's just exactly and it's open. Source so we don't have to guess what the Protocols Open source air everything is certificate based. That's basically a large fingerprint of the certificate that identify that uniquely identifies that machine but and and and and you're able to do things like say if a new fold if a new sub folder appears or if a machine I'm connected to creates a new folder I, want to automatically grab it and start sinking it or I don't and. Again. There's so many features that you can get yourself a little tangled up but for for a power user it, they nailed it and massively cross platform it runs on every. That's why I use it. It's on my Lennox machines. It's a demon that runs in the background on all of my machines Lennox, MAC and windows I love file version, and you have lots of choices of filed version and I often We'll do it send only. So don't have to worry about sinking deletions you send it send only that's basically a backup it. Change here will be synchronized but nobody else's changes will be synchronized. So it does take a little time to kind of figure it all out but I was. I'm supremely impressed with it I'm glad you agree. Mean to ask you about it. Yeah good. Good good. And it's free. Okay. Yes and free. It's yes. Very, much world world. So. Over the weekend using digits entirely Automated Self Service System I re keyed. All of GRC's certificates ahead of the next Tuesday September first deadline after which search can only have a three hundred and ninety seven day life rather than twice that. And among those that I re keyed was GRC's revoked dot GRC DOT COM Sirte. Which I mentioned last week had expired so that it was being dishonored due to expiration rather than revocation so that for those listeners who had been using the that service and I learned that there were. Five hundred eighty, some a day are going to the revoked dot GRC, dot com page that system is up and running again. So I bought it. I bought myself an extra year before I need to do all of that again but I also realized benefit of having the expiration date of all of my search now. Is. If we're going to be needing to do this annually as I will starting two years from now because from now on certificates after are going to be expiring annually. Doing that certificate renewal work in a single. We'll. We'll at least be much more convenient than being interrupted multiple times per year. You have a new holiday on your calendar, cert- Renewal Day and you just do it every year. Yeah. Now, of course, it is the case that it's only necessary because I'm using lovie sorts. Organization. Validation route as as a class above the DVD search the domain validation, which can be and I recognize this. Fully automated and a lot of a lot of people are just GONNA say okay. Gibson you know I, don't care. I'm just going to use the academy protocol with let's Encrypt and let my server keep itself updated and I and I get it maybe someday that'll happen. But for now I did you know digit cert has made this so simple for me that it's something that I enjoy and all my circuits are now synchronized and I just wanted to mention that revoked DOT GSI DOT com is back up and running again. Oh and one last bit. I meant to mention last week Leo and I know you'll appreciate this that as a result of all the benchmarking rnd we've done we have learned a great deal about SSD's operating in the real world. I Samsung Kingston, OCC VERTEX crucial and others. And what has surprised us? All is the non uniformity that many of them show in their operation. It's not what anyone would expect from something with the seeming purity of solid state memory that their operation was kind of all over the map and varied widely at the five different points where we are benchmarking them the thing I meant to note. was that one single brand stood out from all others? Samsung was by far the most rock solid. And every one of those that we saw followed like there were many of them in represented in the population that had been looked at so far they all followed the governing specifications to the letter which many did not but also the the performance was just solid there. There's favorite verse Yeah Yes really. Love That I just wanted to want to say that I'm sure that ev the gang who were working with me in the spin right dot Dev group all will see their future purchases biased all things being equal toward Samsung because we all were going. Wow. Because I mean, we're all sharing all of our results and is like, whoa. Okay. Let's take. Let's take our last break. I. Have Sipa Coffee, and then we're GonNa talk about a very cool high-tech hack on low tech hardware. I don't know what that is, but it sounds good. Let me. Get our final sponsor queued up here, and we will give Stephen chance to hydrate while I tell you a little bit about something I call. Extra hop well, actually they call it to that too. So it's it's Nice I mean it's it's some synchronicity. Their extra hops an interesting company because they started by doing performance monitoring they put extra hop sensors all over. The network everywhere out there your network clients networks, the cloud networks for performance monitoring. It turns out there's a real benefit to doing that. So not only do you see performance, but you also see. Threats and risks. The new it reality. And it's funny that we should have been talking about this today's remote access right on a massive scale. Rapid Cloud and multi cloud adoption a steady increase in internet of things devices. Everything we talk about on the show including huge rising cybercrime. More, important than ever that that organizations can see what's going on in their environment and when I say in their environment I mean everywhere. From your systems to the cloud data center to the customer. And in order to protect your business nor to scale your business in a unified visibility. You need the context for your detections intelligent response workflows. So your teams can collaborate easily and act fast you need extra hop. This is the best way to gain insight everything that's going on on your network from you to your customer and back extra helps businesses stop reaches seventy percent faster. Let me explain. That is because extra hop eliminates blind spots and detects threats that other tools completely miss that they can keep your business secure and available as a sast based cloud native network detection, and Response Solution used by a lot of people. For instance we talked to wizards of the coast's their chief architect and information security officer damage, Dale Wizards of the coast you know they do the. The the magic, the gathering, and all of that they secure and support their cloud their on aws. Using, extra up Dan said, there's no other company that aligns to supporting the devops model that is the speed, the lack of friction the next drop. You've probably seen the name ULTA beauty. There's one in our our local mall over here they use extra help to secure their Google cloud as well as keeping their network and security teams closely aligned. You know when you've got a lot of outlets, you've got ECOMMERCE your engineers have a lot to work on, but you want them to focus on innovation to. A We talked to senior it engineer John Crazy says quote before extra hop, we had limited visibility into what was going on in the cloud but now we quickly identify vulnerabilities and exploits and understand how our applications are performing in the cloud. You WanNa take control of your clad security and you want to do with a tool. It's been around it's a proven track record that really really works. That's extra hop. You. WanNa know more about how extra hops stops breaches seventy percent faster. There's a free trial you could try it yourself extra hop dot com. Slash. Security now, extra hop. Think of a little bunny taking one extra hop hop dot com slash security. Now, this is a solution that has evolved to really provide exactly what its customers need some of the biggest companies in the world it and you will want to two extra hop dot com. Slash security now now back to Steve. So. We already know. That smartphone cameras now have sufficient resolution. Yes, and our software's become sufficiently clever. That a photo of a traditional house key at a distance can be used to reconstruct a working physical key. Yes and we also know that the vibrations of objects in a distant room we've talked about balloons, a bag of potato chips, light bulb, or even the leaves of plant. Can Be observed optically by laser or similar technology at a distance to reconstruct the acoustic waves those objects are being subjected to to eavesdrop on conversations occurring that. And now. With, the publication of some intriguing new research. Another piece of our traditional perception and assumption of security. has just fallen to the wayside. The research paper which. Documents the detailed and painstaking work by three quite enterprising students in the department of Computer Science at the National University of Singapore bears the title. Listen to your key. Towards. Acoustic. Based physical key inference. Oh no no no. No. Oh my guess. Okay. The abstract of the paper reads physical locks are one of the most prevalent mechanisms for securing objects such as doors. While many of these locks are vulnerable to lock picking. They are still widely used as lock picking requires specific training with tailored instruments and easily raises suspicion. In this paper, we propose spiky. A novel attack that significantly lowers the bar for an attacker as opposed to the lock picking attack. By requiring only the use of a smartphone microphone to infer the shape of the victims key namely bitings or cut depths which form the secret of a key. When a victim inserts his or her key into the lock, the emitted sound is captured by the attackers microphone. spiky leverages the time difference between audible clicks to ultimately infer the biting information I e the shape of the physical key. As a proof of concept, we provide a simulation based on real world recordings and demonstrate a significant reduction in search space for May pool of more than three hundred and thirty thousand keys. To three candidate keys for the most frequent case. Okay. So, in other words Yes Leo. These researchers have shown that just capturing the sound of a traditional physical key being slid into its lock is all that's needed to recreate that key. With a high level of confidence, a nearby smartphone or even the houses nearby. SMART. Doorbell microphone. provides. Audio, which is sufficiently accurate to provide the clues. We all know how a traditional physical lock and key work. Inside the lock are a series of six spring loaded pins. which are each split at a different location along their length. When the proper key is inserted into the lock. The ridges on the key. Pushing against those internal springs positions, each of the pins such that the splits in the pins line up with the edge of the locks cylinder. Thus, no pin prevents the cylinder from then freely rotating the lock. And I suppose. Because, I'm a bit odd. Throughout my lifetime, I have often stopped to appreciate the sheer beauty of that simple invention. Iroquois no power. It is durable and largely weatherproof except in the face of extreme freezing. And it's extremely reliable so much so that its failure is vanishingly infrequent and when it does eventually fail. Typically, after decades of reliable use and wear. It does. So in a fail soft fashion only after providing ample clues that it's need for servicing is becoming cute. So such that jiggling the key in the lock is a long standing name. But mostly, it achieves all this in an example of a brilliant tradeoff. We get all of that in return for accepting that it's not perfect protection. Is it cryptographic Lee secure of course not can it be picked and defeated by anyone skilled in the art with a few simple lock picking tools Yup Are there sufficient combinations that no one else is key will open it. No. A famous hack is just to try locks with keys. They don't belong to sometimes you just get lucky specifically because the universe of all possible combinations comparatively small. But likelihood of any random key working in any random lock is low enough that no one bothers to try. But it's exactly that comparatively small universe possibilities that allows this research to succeed. Wants the audio of a key insertion has been obtained spike's inference software gets to work filtering the signal to extract the comparatively strong metallic cliques as the keys ridges hit the locks pins the click occurs when one of the spring loaded pins crosses over the top of any of the keys ridges I have a picture, a photo diagram from their PDF, which shows that in the instance of the Click occurring on the six pins. They explain as I just did how the lock works mechanically then the event of the Click and I actually I made they had they have a a photo Graham of the audio. and which plays from Google which you can hear Lee you should probably put this into the podcast. It's GRC's shot cut of the week. So it's GRC DOT SC slash seven eight one. And there it is. Of course we've all heard this, but you don't pay any attention to it right and it is. Clear But I guess modern. Phone microphones are good enough. They could pick IT S. Yes so so basically they say as well so Don't do don't do the daily. It's correct. It's just the teeth. The right the bidding now. Okay. So the grooves in the side do create classes of keys which will work in the law right and those do differ from a among brands and within brands. So so that does create subsets. But you can easily there probably aren't that many sets I would exactly there are not. Yeah and so for example, many times your key won't even go in and then if it does then go in but it won't turn. Right Soy the, the the clicks drive the inference analysis. It's the time between the clicks which allows the spiky software which they've developed to Compute the keys Inter Ridge distances. And what locksmiths refer to as the biting depth of those ridges, which is how deeply they cut down into the key shaft and where they plateau out. If, a key were to be inserted at a non constant speed. The analysis would be defeated though the software can compensate for small insertion speed variations. So but if you're like if this freak you out and you are at high risk, you felt, then you could simply start inserting your key at a non constant pace and you would defeat this but given all the available acoustic information complete disembark beauity cannot. Be obtained. So they end up with multiple possible KHIING's in the best case, and this is why the papers abstract noted that this spiky software will output the three most likely key designs to fit the lock that was used in the audio provided by that file, which does reduce the potential search space. As I said from three hundred, thirty thousand, which is is is the universe of possible combinations down to just three. They said when victim inserts a key into the door lock. An attacker walking by records, the sound with a smart phone microphone spiky detects the timing of these clicks from the sound. We then utilize the click timestamps to compute the adjacent interreligious distances given a constant insertion speed. We use the computer distances to infer the relative differences of adjacent Biting Depths, which spiky exploits to ultimately obtain a small subset of candidate keys that includes the victims key code. They said, we detect all click events from the audio recording. They do subject it to a high pass filter to reduce the impact of low frequency ambient noise retaining only frequencies above fifteen kilohertz that contains the information, the acoustic information about the clicks. And they said subsequently, we identified the starting point of each click or its onset in the pre-processed signal by applying change point detection algorithm on short time windows around the computed peaks to account for their millisecond granularity. They said, it finds the least some of standard deviations across to regions that transition from low to high amplitude that is in terms of the the amplitude of the click sound. So they got they did some some serious acoustic processing to just absolutely nail down the time event of the Click. For anyone WHO's interested I've got the PDF link to their research in the paper. It goes onto explain exactly how they convert the click onset timings into a few possible candidate. KHIING's. So, anyway, I just thought you know one more longstanding time honored piece of real world technology has just fallen. No longer insert. Into a lock without the I without the possibility of somebody simply eavesdropping and you could imagine Leo if you had a a telephoto microphone at a distance. Aimed at that lock, and you know if somebody were to insert the key, it would be able to pick it up at a distance with the big parabolic. Mike, and. Capture the sound and that would be enough is then amazing. Isn't that cool estimating. He how doable you think that is. I. Mean I know it's theoretically of course but. I mean they they did it they. They recorded it. They were A. They wrote the software it designed three keys at one of those three open the lock. Isn't that great. I, I just you've got to admire the ingenuity and the cleverness involved. Whether the out say. I could see a big three letter agency using this. We should write this into the next Jason Bourne script or something I. think that'd be so. It would be useful in a situation where the you would be observed picking the lock. Certainly, a three letter agency would have people who can you know pick a lot I can pick a lock. You can lock a of techies know how to do that. It's just you know it's not that difficult but during the process. You're observable. So if you had a scenario where someone posing as at. A cable TV service man or maybe the house cleaner you know needed to just be able to walk up quickly insert the key and enter you'd WANNA be prepped ahead of time, and so this would allow you to produce one of three keys where they could look like they were fumbling for the right key among their key ring. But in fact, they were trying the you know the subset of possibilities and then say oh. Yeah there it is. Wall Street in with. All standing around watching them That's wild. Steve Dented again, I always do it's fascinating stuff and that's why we listen each and every Tuesday to security. Now, you can get Steve's famous spin right? The world's best hard drive maintenance and recovery utility at his website G. R. C. Dot Com version six is out six one is on its way by six today you'll get six one for free and you could participate in the in the building of six point one which is moving apace. That's all GRC DOT com. We also find the show there. He's got sixteen kilobits and sixty four kilobytes versions of the show, the Audio and got transcriptions which are very handy. If you like to read along while you listen he also has lots of other free stuff there. So check it out GRC DOT com you can leave feedback there G. dot com slash feedback or leave it for them on twitter Steve is a yes a twitter user and his twitter handle is at s g GR CD respond to people though as much as just. If people leave you a message or get it I do when I can. But frankly there's Overwhelming. Yeah, it is. Yeah I. I figure people would rather I got spin right six one done. Then spend a day responding to private tweet so I try to meet them. Yeah I get a lot of email every day. And it it breaks my heart because it's always for me. It's people who listen to the Tech Guy who have fairly basic questions suffering and they can't find help but. If I answered that email I wouldn't be able to do anything else. So, what's all we do? We do what we do. Yep as best we can. Of course, what you should do is you just come back here every Tuesday route about one thirty Pacific, that's four thirty, eastern twenty, thirty ut see that's when we record the show. You can watch us do it live at twit dot TV slash lives there's audio and video there. If you're doing that chat with US chatrooms IRC, dot twit dot TV, you can also get on demand versions of the show. Not, just Steve Site but at our site in this case, twit dot TV slash S, and of course, on Youtube and you can always subscribe. Get your favorite podcast APP and subscribe to security. Now 'cause you don't. WanNa. Miss an episode. You want a complete set collect all nine, hundred, ninety, nine. Eventually, that's the number. This is episode seven, hundred, Eighty one. And I. Thank you Steve. Have a great week. We'll see next. Bread radio. One More twit well, checkout smart tech today at dot TV slash t t it's the show where Matthew. Cover everything. There is to know about smart tech it's automation it's connected devices it's smart home it's all those goodies and so much more. We get the news, we get the latest devices we do reviews everything you got to check it out twit dot TV slash. S FOR SMART Tech Today.

Microsoft RTP Sabi Sabi Dot Com Amazon Google Jack Daniels Mr Steve Gibson Leo Carnival cruise lines University of Utah US US Securities and Exchange Com