Speaker 0: His list.

Speaker 1: Yeah. There the Nsa had a list of, like, software, you can... Or programming language. I was like, cool. I already got 1.

I'm good on... I'll call the on the sega of the job later. You know?

Speaker 0: If you get hired at a company and they're like, we use the Nsa standards programming. You're like, is this... Am I a government contractor now? Like, I'm scared.

Speaker 1: I have a Starbucks over here, like double shot. Dirty Chai latte, and it did not pet me up. I tried to.

Speaker 0: Double shot, dirty Chai latte.

Speaker 1: That's you.

Speaker 0: That's a guaranteed pep.

Speaker 1: Right. Right? That's why I'm like, oh my god. What do I

Speaker 2: just gross.

Speaker 1: You? Gross how dare you?

Speaker 0: Now it good. Shot I don't adding to almost anything makes it better. I mean, we know

Speaker 3: makes. What makes Chi dirty.

Speaker 1: Adding espresso. Adding espresso. I I did 2 espresso shots, and I'm still just like, at at cruising altitude. I'm not definitely rant.

Speaker 0: And what you need is an a avocado. That's what you need.

Speaker 1: An alpha. What is that?

Speaker 0: A avocado is ice cream with this espresso on

Speaker 1: What? Okay. I'm freaking amazing. Why haven't I had that. I...

If you aren't...

Speaker 2: You're upgrading down all just please.

Speaker 0: If you aren't just taking a scoop of vanilla ice cream and shooting espresso onto it. You're doing life wrong. I iphone breakfast.

Speaker 1: I even went to, like, an ice cream festival last week. And I did admit. I've never heard of that before, but I... I... Now I'm googling.

Ice cream and espresso because I can't spell alpha avocado.

Speaker 0: It's an Italian thing. Like, like all coffee and food things it's an Italian thing.

Speaker 3: 1 of my favorite ice cream flavors was was and Jerry's coffee coffee buzz buzz buzz.

Speaker 0: Coffee ice cream is delicious.

Speaker 2: Yeah. It is amazing.

Speaker 3: I don't think they make that anymore. At least, I I was haven't seen it in years.

Speaker 4: I saw... I know It got it last year. I don't... I haven't taken a look this year.

Speaker 2: It wasn't ben in Jerry's but me. 1 of the most dangerous things, you know, some won't say how many years ago passed back in university at the the the dining hall in my 1 campus was the the bottomless ice cream dispenser and coffee was 1 of the available for.

Speaker 0: My god. That would break me. The freshman 15 would be the freshman 01:50.

Speaker 2: It was, like, freshman 40. It was hiking... It was no joke.

Speaker 0: Yeah.

Speaker 5: Ford... Here's a full habit 15.

Speaker 0: Here's a fun here's a fun ice cream fact for everyone. Does anyone know the biggest ice cream company in the United States? It's ben in Jerry's. Isn't that crazy?

Speaker 6: Really? Is there there a big...

Speaker 3: I would have assumed it's something that Nest owned.

Speaker 0: Right? You think it's, like, I think it's they're just a small brand No. They are the biggest ice cream company in the.

Speaker 1: A lot of Nestle ice cream doesn't classify ice cream because it has to have a search frozen

Speaker 0: dairy product.

Speaker 1: It's frozen dairy product. Yeah. I

Speaker 3: think how they get

Speaker 1: away with. I forget the exact percentage. It's like, it's either somewhere in the teens or, like, 20 percent of butter fat. That needs to

Speaker 0: be A shameful low bar to pass and they somehow down.

Speaker 1: Have you ever... There's like that video of people leaving a nestle ice cream out in the sun. And it doesn't melt.

Speaker 0: Like just like, whip plastic

Speaker 1: yeah. It's just... Yeah. It's it's flat. And then their argument is like, well, you don't want your ice cream to melt when you're eating it and I'm like, Well, then it's not I thought.

Like, what what is going on. I'm like, I guess that's a little bit of logic, but

Speaker 0: wait tell sequence. What was a sequence of events that caught you to go into an ice cream festival? Like, were you depressed? Was it a boot was it a power? I know.

Was it a good thing or was it great thing? Were you so sad that you had to go to an ice cream festival.

Speaker 1: It was also the hottest day. Of the year so far in San Diego, So it was, like, absolutely horrible because It was like, oh, it was outside. It it's was like, probably in the high nineties, which is hot for San Diego. Right? And it was a birthday present.

So my wife got us tickets to this ice cream festival.

Speaker 0: Smart I

Speaker 1: brought the baby. Right? Went tall, tried to ask And then here's the best part. There was ass bowls for free. Like, this company just giving them out.

So I just literally, like, did my ice cream tour and just stood by the ass bowls and just ate, like, for those because those are good and healthy.

Speaker 0: Oh, yeah. They're expensive too. So that's a good move.

Speaker 6: Yeah. This sounds like the kind

Speaker 3: of festival I would like to go to honestly. Yeah. I really give it out free

Speaker 6: ice cream.

Speaker 1: San Diego has, like, these festivals every now and then that are total scams like you get there, and they're, like, not ran well at all and, like, you realize you just paid to get in. Now you have to pay for things while you're in and tacos and stuff like that. Yeah. So I was super skeptical when my wife said she got tickets this and then we went. And it was pretty good.

There was, of course, like, humongous lines for all the ice cream, but it it was well worth it. I would... I I would recommend it again next year.

Speaker 0: Here's another trivia before we get started. You know that... But ice cream paradox. It's like that they actually eat more ice cream in cold places and they do in hot places. Kind counter.

Speaker 1: Is that all?

Speaker 0: Yeah. It's a real. I think. I mean, I could be lying, but I'm pretty sure thrilled. I'm pretty sure they eat more...

Like, I don't know. They eat more... They they eat more ice cream in colder climate. Like, if you look at it, but I don't know.

Speaker 2: Something in solar I fax code.

Speaker 3: I I can speak a little bit to of experience from that because I'm from maine during the summer is, like, that's ice cream season that's when all the local ice cream shops open up. So when I first moved here to Florida, I was expecting to have ice cream shots like ice cream shops everywhere because it's always summer. There's never...

Speaker 0: It's always summer. Always Got time.

Speaker 3: It's so disappointing. There there was almost no ice cream shops around when I first... There's some now, but when I when I first moved at back down here. It was crazy to me that there was no ice cream. But it's, like,

Speaker 1: you gorge yourself on ice cream over summer summer when you're in maine to, like, fat up for the winner and then you don't have ice cream at all. What you're saying.

Speaker 3: That's what I should do. Hi.

Speaker 1: I I will tell you that, like, San Diego, I go to the ice cream shops, like, bi weekly, at least, I go to a fan... Like, not like, bed and jerry's or, like, but, like those fancy hole the wall ones that are... Yeah. But there's 1 that makes a... It's called strawberry crumble.

But it's... You know those short... The the strawberry short cake bars that the ice cream truck used to have. Like, imagine that, but like, on, like, the tenth level, like, made.

Speaker 0: But like, good. Yeah. Yeah. But like, it's like Bo pop tart, you go to something like. Fancy bakery and they're like, pop tart and you're like, oh, and then it's, like, really good, like, Croissant or something.

They're like, whoa. Pop tart gotta level up. I can't wait for that sign. Fun told Pop parts movie when?

Speaker 6: I think that's out now.

Speaker 5: Okay. It actually hours.

Speaker 3: Yeah. There's a pop tart

Speaker 0: un netflix Un trusted.

Speaker 1: I thought that was about cereal. It's about pop tart.

Speaker 0: Yeah. Well. It's about pop tart. Yeah.

Speaker 1: I I legit thought It was about frosted flakes versus corn flakes or...

Speaker 0: That's what Jerry Seinfeld decided the world needed to hear. Too.

Speaker 1: I thought we're were gonna wait for John. He said 5 minutes, like,

Speaker 0: We're waiting for John. We're stalling. I'm doing my best. I'm I'm breaking out all the trivia. I'm breaking out all kinds of trivia.

We could probably get started Ryan. You know what Wait for John.

Speaker 3: Okay. He can ramp about we

Speaker 0: can rant about see and memory save programming when he gets here what they'll just arrive like, a freight train. Hey kids. What hear about every safe programming? Like the Cool Am just start... Oh, yeah.

This is. They're good.

Speaker 3: Alright. We're gonna roll it.

Speaker 0: Roll it. Hello and welcome to Black hills information security talking about news. It's the first of July Happy Canada day if you're from Canada. I don't know why you're here instead of drinking beers with the buds a, But you're here. Team got hacked.

That's what we're gonna talk about first. Bam, straight to the hot tape.

Speaker 1: Damn dude. That was... That's rough.

Speaker 0: I'm using team viewer. I'm using Team viewer right now to connect to the news articles. Does that be a problem.

Speaker 1: I didn't make you guys, so you're gonna have to tell me what happened. I just know they said Apt hacked them and that stuff okay.

Speaker 0: In pt hack them... What does that even mean?

Speaker 1: I don't know. I need... I don't know him...

Speaker 4: It's supposed

Speaker 0: to be...

Speaker 4: It's the same group that Hacked Microsoft and Microsoft's doing the Ir on this 1?

Speaker 0: Wait Really? Hold on. Okay. So Mike is the 1 who actually knows things.

Speaker 2: How wasn't the guys who hit Microsoft in January. And then Microsoft also recently disclosed that the scope of that was a bit bigger than originally expected.

Speaker 0: So it's storm 0558 or whatever or is it another?

Speaker 2: Midnight midnight midnight blizzard?

Speaker 0: Midnight blizzard? Oh, that sounds like a good flavor of ice for you you me to? What I was gonna stop. What would it be? What would it be?

Like, coffee. No. It have to be, like, berries. But by Story.

Speaker 2: You got mid midnight in coming dark. Like...

Speaker 0: Yeah. Dark maybe chocolate, budge on fudge anyway. Let's how much worries. Yeah.

Speaker 4: Sorry. So basically, how this whole all wanda pep was Friday. There was a tweet out there about team viewer being hacked from the Nc group. There was an... There...

It was sort of hinted that it was their production environment, and not the corporate environment. Team viewer came out very quick very not long after saying. No. It was our corporate environment that was hacked. And as of today, I was reading 1 of the stories on it that said, Yeah It was our corporate environment.

Thank God that we've got segmentation because That prevented them from getting over to our production slash customer environment, but take... I I still take that with a grain of salt until they are able to actually give us more information. The other thing that was revealed today is Microsoft 2 got hacked by the same Apt group is the 1 doing the Ir on it? Oh, that

Speaker 1: ways they got experience. Right? Where do we still...

Speaker 4: She's got experience. Oh girl. Gonna be in.

Speaker 0: Couple questions for anyone that doesn't, I don't know. Does Microsoft normally do I? Or is this just a special case. So they like, you know what? Worst screwed so Come on in.

Come into

Speaker 1: the war everything. They have everything cybersecurity. So... The... Yeah.

Professional service.

Speaker 6: I think get a special case.

Speaker 1: Is it? Really? No. All don't say. God with hot good?

Speaker 6: No. No No. Interesting. Yeah. I'm still fighting all of this stuff, while you guys continue to talk about because all of my stuff is messed up.

Speaker 0: I okay.

Speaker 6: Actually.

Speaker 0: Yeah. John, Let me use Team pure connecting to your computer? I'll fix your settings for you. No problem?

Speaker 6: Oh, yeah. So what did I miss about team viewer guys. That's totally here.

Speaker 0: Well, you don't know much is.

Speaker 2: Securely with Russia.

Speaker 1: Yeah. Is well,

Speaker 6: as long as someone securing it.

Speaker 5: Well, I, you know, I know we've talked about this before, but yet again, it's still pretty frightening that the number of organizations and especially considering the number of healthcare care organizations that use team viewer to manage their It assets You know, we've become a bit jade about these sorts of attacks, but, remote connection software, it is still a a big threat to organizations, especially for organizations that don't invest a lot of money in other tools to manage their assets. So it... It's did... It's disturbing, a that that they'd specifically mentioned that health ice, ice sac on this. Second of all, we all know that healthcare care organizations are dramatically underfunded.

And b this comes right around a holiday weekend. So, I I I'm disturbed and concerned about seeing the fallout of this. It's gonna be the a rough half of the of the next year or so, as we see what happens from this.

Speaker 1: On on the plus side, I will admit, like, most of these team viewer es stuff is pretty easy to build out detection for. Right? If you have any type of software inventory, which we say you don't. But then you still have firewall logs. Right?

Like, nobody you just say, okay, No team fewer or whatever that third party connection website is. You just block all those. And then hope this is, like, detection wise. Hopefully, you're not already using them, or you build something out to look that if stuff is trying to connect to 1 of those. A lot of times, firewalls will actually have signatures based on, like, third party remote software and you could just, like, block all those.

Hopefully, if you're using the right firewalls. Right?

Speaker 4: The the interesting thing about it is that, and I was just double checking enable, which is 1 of the big Rm software out there. Uses team viewer for their for the connectivity on it. Supposedly secure, but that opens up a whole new can of worms for small that are using Ms isps that have enable on them.

Speaker 6: Well, and this isn't... I I think that 1 of the problems that we run into as a trap is its team viewer. It's Kiss. It's, you know, what was the 1 that was dragon naturally speaking software. They had it set up.

It... It's all of them. Right? And none of these programs are inherently bad in and of themselves. And I feel like we get into the trap of saying that it's inherently bad.

Whereas a better approach is to say, do we at least know where these software, like, programs are in our environment. And this becomes my point where it's like, hey, check out Ac hunter, because it's designed to find this stuff. Like, that's that's what it does. Whether it's team gear or what other crock pot crappy, RAM store of, like, software out there, like, Ab view or any of those. It's designed to find these things.

So I I think that taken away from just being a team viewer problem, making it a much larger issue and saying, what kind of remote management software do you have in your environment? Probably a little bit more of an important conversation to have from an inventory perspective.

Speaker 0: Well, I can also just give some little bit of market world contact. So... It's because anyone wanna guess the annual revenue of Aim viewer.

Speaker 6: Oh, no. Oh, no. No. No. How much are we talking here?

Speaker 0: It's a hundred and 61000000 euros. So what's that? Yeah. Freedom bucks.

Speaker 6: Yeah what's the user bucks?

Speaker 0: So that's like what Hundred a hundred and 50000000 or something Don't know. Hundred and 80000000 whatever. It's it's a lot of money. Basically, what my... What I'm my...

What I'm trying to get at is, I think from our perspective in the world of High end cybersecurity team viewer might feel like a policy exception. It's like a don't do it. But I think, like Kelly alluded to, in the world of large or medium Ms p's or smaller businesses, I think team viewers is really ubiquitous. This is really scary for all those companies that are using it. Whether they know they're using it or not is a different story.

But I think it's... I mean, a hundred and 61000000 dollars is a lot of money. Yes. So that's, like, they're a big player. That's a big company.

Their latest statement says, don't worry. The attack was contained to our an internal corporate It environment, but good.

Speaker 6: Oh, good.

Speaker 2: That developers never leave secure anything lying around

Speaker 6: or go never.

Speaker 2: That's nothing like that. I.

Speaker 0: Yeah. I'm sure there's no way to pivot from the team corporate environment into the customer environments in any...

Speaker 1: I'll tell you if there is a way, it definitely was the intern who acts accidentally left.

Speaker 6: It was the internet. Or it was the 1 loan systems administrator that made a mistake. Oops jeez.

Speaker 0: Yeah. I I mean, we don't know the impact yet, but

Speaker 4: see turn the intern was the 1 loan systems administrator and he left it hard coded inside of a text file on his desktop that said, password.

Speaker 6: Here I thought I was being jade. You are are clearly more cheated than I. What?

Speaker 0: They're also a German company. I don't know if that affects anyone's.

Speaker 1: I know that

Speaker 0: world, but...

Speaker 6: No. Yeah.

Speaker 0: I mean I would guess it's...

Speaker 2: They have a procedure at least.

Speaker 0: I think they also own some other brands didn't they own log... Or there... They're... They they own some other brands. Like they're...

I don't anyway. Basically, it's a big It's a big breach, and I'm sure we'll see more updates on the show. So subscribe or whatever you do to podcast podcasts.

Speaker 6: Yeah. You should click that like subscriber whatever. Our chicken. Please subscribe to our Rs feed. Wait.

Speaker 0: Please. Click our chicken. What what did you just say? Rip that with that llama.

Speaker 6: No. Damn it.

Speaker 0: John, You just got, like, vaporize off the news. Alright.

Speaker 6: I know. My audio. I'm still here. My camera keeps coming. This is my life right now.

I... Everything's just so messed up. But that's okay. Keep rolling rolling rolling.

Speaker 0: Yeah. I mean, does... Kelly, You had a G government fun story about privacy laws or, I guess, social media laws. What happened why... Am I allowed to use Tiktok or am I not allowed to stick tiktok.

I. Just... Oh, wait. I don't

Speaker 5: wanna talk about Tiktok, but I do wanna talk about the Supreme court. So today, there's kind of a big news story that the Supreme Court tossed out the, state of Florida and the state of Texas social media laws. Both Florida and Texas had restricted laws about social media, companies moderating content. Now what what does this all mean? Basically...

I'll summarize for you. Does the intersection of social media need and free speech need a stop like? Well, some people think it does. Basically, these states were saying that the platforms like Facebook needed to be treated like a business and be should be restricted from removing posts. It...

I'll give you an analogy. Do you remember newspapers and he used to write a letter to the editor, and it... There used to be, a guideline or a practice that said every letter that came into the editor needed to be print it. So states in Texas and and in Florida we're saying, hey, every post that goes up on Facebook or social media needs to be put up there. You can't restrict people's content.

Speaker 6: Basically, they're saying that this is the commons. Right? Because social media, like Facebook and Twitter is the commons, if you're restricting access to the commons in any way, that is a restriction on free speech. Correct?

Speaker 5: Exactly. So the platforms pushed back on the state of Florida and the state of Texas saying that their first rights where the first amendment rights were being denied because by forcing them to publish all of the contents, they were being forced to publish speech that they didn't want to necessarily dis 7. So it went all the way up to the supreme court and the supreme court vacated this decision, which basically tossed it out. And the interesting part was they they tossed it out because they felt that the lower coat courts didn't actually do a proper analysis of the first amendment rights. So I just thought it was kind of interesting that it went all way up to the supreme court, and they tossed it back to the states saying he didn't actually look at the first amendment issue.

Speaker 6: And this helps mediated back. This doesn't mean it's decided. This just means it was mediated to the lower ports with additional... Said.

Speaker 0: This isn't good enough to be worth reviewing check your work and send it back again.

Speaker 6: Yeah. But the but this is an interesting thing. Right? I mean, you know, however, people wanna go away. I think that Once again, it sucks that we get politics wrapped into it.

Right? Like people are like, oh my God, they're they're limiting conservative speech or I can't see pictures of hunter Biden We or whatever. But or we can go the other way. It's like, now Elon Musk is running Twitter. And it's like, oh, my God.

I've got deal with Nazis. Why doesn't somebody do something about this? Like, hey. So take all of that away, but it is an interesting dilemma for a tech company. You're going to end up where you're going to create a platform where people are going to do stuff.

Right? What is the line that you're going to set to try to, like, kind of protect your user base? Right? And I think that somebody once said it was really, really fun, kind of quote with Twitter. Twitter's is not selling like an open form.

They're actually selling content moderation. What do they do to keep this form from having tons of child pornography and just tons of pornography... This before Elon Musk. But tons of pornography being thrown out there? People go there because they feel safe.

Right? Like, they're not gonna get just like nailed with all of these, you know, porn sites and things like that. Because there's gonna be some level of content moderation. There's gonna be some type of, well, content moderation is not censorship. They're 2 different things, So I I think that this is an interesting interesting thing, but I think it's really funny how the court just punt on it.

And this was a mix. Decision. This was 5 4 if I remember correctly. Right? I'm going through.

There was so many Supreme Court things going around. This was 5 4. Right?

Speaker 5: Control up. Yes. Yes. 5 4.

Speaker 6: Yep. There we go. And this isn't over. It's gonna get remediate back to lower courts and it's going to come back up. But I don't know.

It... It's all kinds of interesting things are gonna be rolled up in this. So it it'd be nice, like I said, if we could have conversations about. What these media companies need to do, like Facebook and Linkedin and Twitter and all this stuff? Like, what where are the bounds that we're going to have them do and it had nothing to do with political issue to shore.

Because I think that the politics of it is mud this and it's making it incredibly difficult to find a path forward

Speaker 0: Oh, that's so much Nuance, John. I thought we were a headlines, show. Let's go back to Hot.

Speaker 6: Okay. Porn, lots of it. If you want porn, you go to here at Twitter. I guess. I don't know.

Speaker 0: Okay. Let's talk about that Ssh Check, what. They feel like, Ssh. Those those 3 words when you say Ssh now. Yeah.

That, like, Ssh and exploit is a scary thing to hear, but this 1 isn't... Doesn't seem to be as scary. At least from the continuous pen testing side. We're not seeing a whole lot of traction with this. We're seeing...

Obviously, you know, there's some vulnerable systems on the Internet, but on the... I guess, corporate, attack surface that we tend to go against, which are, no, are not necessarily representative of the whole Internet, but in corporate security, we're not seeing a huge impact on the Internet, it seems like it's kind of a... You know, it's a race condition. It's Rc, but it requires, like, a continuous connection for 6 to 8 hours or whatever. So there's like a export...

It's not just like, a... Oh, run this Poc. Yeah. You can see there. It says successful exploitation.

Oh, roll up a little bit. Sorry.

Speaker 6: There we

Speaker 0: Have us demonstrated, Again 32 bit linux systems with As, Under lab conditions, the attack requires on average 6 to 8 hours of continuous connections up to the maximum the server will accept. So Yeah. It's not like a cool.

Speaker 6: From a gap.

Speaker 0: But in a lab environment doesn't get a lot of people's blood pumping. Right? So I guess, if you have old 32 bit systems on the Internet, don't do that.

Speaker 6: Well, and also, you know, be monitoring login attempt if you have 6 to 8 hours if someone trying to log in, I'm hoping you would be able to detect that. I'm hoping. Okay.

Speaker 0: That's a lot of... Network. What do they called Wade. What's the Logs? Net flow.

That's what absolutely. That's what I'm thinking.

Speaker 1: That loading?

Speaker 0: Wait. What are you logging through? Logging 4? What are you waiting?

Speaker 6: Rad brought up failed ban? No. Yeah. This... Is this multiple login attempts or is this just like, 1 berry mel form login a attempt?

Speaker 0: I think it's not login a attempt. I think it just it's an connection at attempt.

Speaker 6: Yeah. So...

Speaker 1: So I'm trying to think about how you would build the detection logic for 1 log long network connection. Right? And I I will definitely tell you that's not, like something that I have ever built.

Speaker 0: Well, I don't think I long next... Or is it just like not long. It's many, many, many repeated over a long period of even.

Speaker 1: Even then if it's hanging off the Internet. Right, like, most stuff hanging off the Internet, I'm not gonna like, hopefully, I'm not gonna really care as much if these connections are coming in because you're hoping like, firewalls were block. You're gonna expect it to be scanned by a fire by the Internet.

Speaker 0: Yeah. Yeah. But I thought... Yeah. You don't we have

Speaker 1: association open the Internet anyway, Like, anything with them. Yeah. Nothing with Mfa Right? So...

Speaker 0: No 1 would do that.

Speaker 6: On bernstein bureau away from me. Now you're taking away Ssh. What's your head left, man?

Speaker 4: You get... You could

Speaker 1: use Rd p You're fine. Alright? You're so fast on.

Speaker 0: Just wanted out the something. Yeah. Now Love me and children. I think the maybe the use case for this will be, like, Iot and other... Like, we see a lot of our customers in...

With Cp. We see customers that have, like, Isp network telecom gear that just they can't touch and it's just in their networks and, you know, that it can't be updated or easily or... Like, edge case. I don't think anyone's, like, core firewalls are gonna be vulnerable to this, but...

Speaker 6: Yeah. Nope. Alright. The the story that I really, really, really wanna get to is the Sis most critical open source projects not using memory save code.

Speaker 0: This is the most anticipated rant of the day.

Speaker 6: I am going to jump all over this. This is 1 of the dumbest effing things I have ever seen. Full stop. On the Internet. III know that some people put a lot of effort into this, you wasted a tremendous amount of time.

You might as well just be putting out there. Oh, my god. Code written by humans has vulnerabilities. And, you know, you know, this is 1 of those things that comes up you know, I... I've been doing this a long...

I think I say that a lot. I think there should be a super cut of every time I've said. I've been doing this a long time. And I remember whenever... But this is a long long time ago, people were, like, you should use Java because Java does garbage collection properly.

You don't have to worry about memory vulnerabilities underneath the hood in Java. And if you look inside this article, they actually reference Java is 1 of the coding languages that is a good coding language that people should be using. Right? Like right there. Other languages like Go Java C Python, manage memory through garbage collection, automatically reclaiming freed memory.

And they immediately flip around and then they say memory unsafe languages, and they say examples of these are C c plus plus objective c, assembly like, what the living hell? Like, oh, god. Oh, jeez.

Speaker 0: Okay. No no writing and assembly allows anymore.

Speaker 6: An assembly allowed.

Speaker 0: Roller coaster Ty is banned from the corporate environment. Done.

Speaker 6: Done. No roller close to fight ty on this. And I'm sure that there's somebody, like I said, they put a lot of effort into this, but this is dumb for so many reasons. Right? And they even mention in that that there are certain languages that you have to use for certain use cases for performance or specific use cases for application.

But whenever you're going through and you're saying, oh, well, if something's written in c. Therefore it's inherently insecure from a memory perspective, here use Java, You just basically shut off, like 50 percent of the security community. Because let's be honest for a while, Java was having a security vulnerability, flat d code, U3D, all of these different compression decompression algorithms inside of Java, were just like blowing up with vulnerabilities all over the place. So this doesn't help anything. Right?

This doesn't help anything at all. This is very similar to a number of years ago where somebody went through the Ssl libraries, and they did a code audit it, and they said, here's a whole bunch of vulnerabilities we discovered. And they didn't even bother talking to the people at Open Ssl that just kind of dropped them. Right? Just dropped it right on top of them.

And III don't know what what's to take this. And seriously, if we're looking at this entire situation, what says should be spending its time on, Sis should literally be spending its time teaching people to patch their shit. And this includes Ci, because we have a story a little bit later about vulnerabilities that Sis got nailed with because they didn't get patched in time. So if we're trying to say, what are we going to focus on. Right?

You have all these different things like let's say, speculative execution code attacks. We get all worked up over speculative execution attacks. And those are really ethane cool from a technical perspective, but it didn't move the needle ahead anywhere. Like no 1 was like, well, I'm really glad that we got rid of all of the specter vulnerabilities that we have no No. No.

No. Everyone got worked up over at what's nailing organizations is they're not patching their stuff. So now you have Sis come out and you start saying that, you know, literally thousands of organizations using critical software that's written in C c plus plus. Of course, they are. Right?

And once again, I come back to, you're not helping because what's going to have and now is you're going to have a bunch of executives that are gonna go in they're gonna go to their It staff, and they're gonna say, yeah, we need to go through. Is anybody using c programs anywhere. And they're gonna go well, sir, yes. There... There's a number of us that are using.

Programs written in see. We need to remove c because This is thing said that they're using unsafe memory. Where where is this? How do I get rid of it, sir, you're using windows. Windows is written at cease.

Sir. We also... Well, let's get rid of Let's go to Linux then.

Speaker 0: No, sure. That's.

Speaker 6: That's said that's... There's a lot of c there too, sir, A lot of effing see. There's see everywhere because see is how computers work. So I I just think that this is just a waste of time and it's kind of, like, get back on track, Sis, Get back on track and trying to spread the good word about patching, trying to spread the good word about core security practices and really try to get us back to where we need to be. Because the more you start doing shit like this, the more you're gonna have people start tuning you out and stop listening to you.

Oh my god.

Speaker 1: Totally right. We monthly this. We need to clip this, Ryan go to the link I sent you go to page 20. We are gonna send it to Sis at this email.

Speaker 0: For feedback on this.

Speaker 1: I'm gonna release contact secured by design at sis DIS dot gov. Yeah. See I wanna mean official response.

Speaker 2: I'm a more serious note net though. I I will say, I I think, you know, it's a good example of, like, the top down governmental. Like, we have an objective and we're just gonna march towards that thing. Because if you look, like, this is big thing right now as this a whole secure by design initiative. Like, that's been the thing since like October, and everything is going against that.

And so, like, where are they putting the month, their energy. It's secure by design. Like, whatever the hell that means to them. And so, like, this is clearly 1 of those. Right?

It's like, oh, this thing is unsecured because it's written in a certain language. And, like, I guarantee III

Speaker 6: guarantee there's a bunch of Phds behind this that have in on an enterprise environment ever in their lives. Right.

Speaker 2: Yeah. It just re of theory where

Speaker 0: Yes. III think

Speaker 4: maybe can maybe they should be, reminded that whatever they used to go ahead and write up this report. Was written in sea.

Speaker 0: You're saying Latex is it... Yeah. And I to read

Speaker 6: and Mike, Mike. Let's not forget that the protocol stack that transmitted across the Internet? Also written in see. No. No.

It was. Yeah. The firmware on switching on that router. At in sincere. I, I...

There's gonna be c there. Jackie.

Speaker 0: Yeah. I mean, the threes John so worked up about this and any, like, person security team member would be too is because it bur the lead on real threat. Yes. I mean, or there's no data that I could find easily that says, this percentage of vulnerabilities is memory corruption. This percentage of big breaches was memory corruption related, but I did some kind of off offhand research I did that end day podcast.

That her webcast I did for Black Hills a couple months ago and like, most big vulnerabilities we see are not memory corruption. Most big breaches are not the result of memory corruption, especially not if we look at, like, a year rolling window, Let's think about the last 4 big we've talked about or even the ones we're talking about today. Social engineering, patch management. Business logic flaws. Actually like it's it doesn't matter what language you write it in.

If I can pick up the phone and reset the It admins help desk Mfa tokens. I don't care what language I'm using to do that. It's gonna work.

Speaker 6: This is what what gets me. Like, you know, our problem is we're so far behind, like, let's get see out of our lives. We're so far away from getting to that. And... Oh, m mfa.

Thank you. Good God. M mfa. Can we actually get that a hundred and 10 percent.

Speaker 0: No. Says it doesn't care about that. It's not written Rust.

Speaker 6: But it's not written in the last seas is for a computer. But when we're looking at this type of stuff,

Speaker 2: Thanks Exchange.

Speaker 6: They really need to be doing more out outreach. Like, how do you get to the people that don't even know what Sis stands for? That don't know what Ci is. You know, what... How do we start reaching these people that aren't even securing their systems.

Like, seriously. That's what their initiatives should be doing out there. They should be going town to town, setting up big pizza gatherings handing out beer and just saying, hey, can we talk to you a little bit about our Lord and savior computer security and really try to get the word out there as much as we can rather than having people go through and say, you know what? I found out, things written and see can have memory vulnerabilities. It's like, yeah.

Thank you.

Speaker 0: Yeah. And I will say, like, to be clear, I don't think any of us are against secure by design. It's just if you prioritize that, it's number 8 on your list of 10 things that security should care about. And prioritize by, like, real risk. Yeah.

No like,

Speaker 6: and 9 ish sharks and 10 clouds. That's how low it is.

Speaker 0: It's... Yeah. It's just not that it's shouldn't be on people's radar and I agree with John that, like, part of Sci job is to cut through all the noise and give a little bit of signal on. Hey. K.

This is known exploited vulnerability. You should patch this now. Not Just like... Yeah.

Speaker 6: But I got a question. This what happens when they start getting budget. Like, you know, and Sis has done some amazing things. Let's just kind of

Speaker 2: focus on on this here.

Speaker 6: Sis has done a lot of amazing things. But do they get budget? They're, like, Yeah. Let's start throwing it at the. Like, is this what happens when Phds and Bureau start taking over the process.

Speaker 0: I think that's a great research project. I think it's cool. I think Ci just doesn't have a good way of everything they release, feels like it's a... Hey. Cis.

Go read this right now and respond and react. I I think they need maybe an angle to publish research, and, you know, like, instead of it being uni initiative, Why can't it just be, hey, here's a research paper? Kinda like how science works. And scientists who publish research papers aren't like, and by the way, go to your doctor right now and ask for Crispr whatever. Like, that's not a thing.

They're just like, hey, we did the thing. We did an analysis. Here was the results. Deal with it what you will instead of it being an initiative. Oh, hey, Push this.

Do this. It's just like a, here's the research.

Speaker 1: Is is there anybody else like, really po and secured by design? Though? Right? Like, I I

Speaker 0: vendor out there?

Speaker 1: Every vendor, but I've seen like Sis hitting on this so hard, Very very hot... Like, I don't see it as much anyway, like, I feel like it's a topic that's not as talked about. At least at least in my point of view very much, so they're just trying to catch eyes with this and, like, you come in for the secure by design, but you stay for the Mfa paper that we write later. Like, that guess.

Speaker 0: But that important. That's

Speaker 2: it's backward. Yeah.

Speaker 1: It's backwards, but the thing is if If you're pounding this type of stuff where you're trying to get the Cis to buy and at least to sis a little bit even though it is the wrong thing. I'm playing totally playing devil's advocate here

Speaker 0: John getting that

Speaker 2: much is evident.

Speaker 0: Right? John is like, I do. I'm.

Speaker 6: I look at it, like, We got you hooked on fentanyl. Now have some broccoli.

Speaker 0: Peter Yeah. Yeah. Hey. Go redesign all your code. The the tech debt bill is a hundred billion dollars.

Good luck, but don't worry about patch management. Don't worry about Mfa. All that stuff is low grade. What you need to do is write everything in rust. Maybe this you know, to make the science analogy a little bit further?

Is this like the the paper that says, Pepsi cures cancer sponsored by Pep or whatever, Like, is that what it is like

Speaker 6: times. Right? So... Yeah. And and and look, you you know, if I'm sitting around at at a conference God helped me.

I'm out at night talking computer security at a conference anymore. I've done that. I paid my epic dues. This is a great conversation between a bunch of security people to have about which coding language the most secure. Actually, no.

Those languages suck, avoid them. Don't ever get in them. Don't party with people that have those types of conversations because it doesn't matter. At the end of the day, the only thing that matters whenever you're looking at security with a coding language is who's writing that code. And, you know, what...

You can write secure Python. You can write secure c. You can write secure c plus plus objective c. You can write it in rust. Yes.

There are certain languages that give you better guard rails for protect yourself. But whenever you're looking at Ide today, and a lot of the compile, whenever you're trying to use something like Get ace or get or string copy, a string copy, all of these different things. A lot of the modern compile will tell you flat out as soon as you do something stupid, Don't do that stupid thing. Like you literally have to go out of your way to make these vulnerabilities in a lot of modern development environments. So yes, you absolutely have some coding languages that are better at handling into the data.

But I go back to the java thing. For years, everyone was saying things like Well, Java secure, that was wrong.

Speaker 0: Oh, it's in the paper. In the paper, they say memory Safe language languages is like Java. I mean, it's like, it's right there. I mean, I I also think to kind of, like, I think this... They could have been a little bit better if they had given, like, I do agree with the logic, like, if you writing something from scratch.

If you are starting a new coding project today and you're doing it in see, I would be like, but why? Rust is in the windows Rust is in the Windows kernel Rust is an Linux kernel. Yep. There's... Like, if you're starting something from scratch, I do agree, But that wasn't the angle.

The angle is. Here's a bunch of open source projects, And also let's talk about Who does the work on open source projects? Not Ci. It's after hours developers that are busting their butts, so do this stuff for, like, the common and good. Like, they're not like, oh, great.

Now I have to rewrite and rust. Thank God.

Speaker 6: I'm gonna rewrite the Tcp Protocol stack for Bs and what.

Speaker 0: Yeah.

Speaker 6: Which may have already been done. Those People at Bs are weird, but we love them. But Charles you know just to fix this, like, and I would wanna fix I don't wanna say that because I hate that. I talk to people all the time they're like, I've got a security solution that's gonna solve all security problems. Through a mathematical formula.

And my eyes glass over, and I start remembering nursery rhymes from Sesame Street when I was 8. But whenever I'm looking at these things really what I would recommend is we focus on the compile. Where are the compile for the code that people are using? The Ide ease and, like, really focusing on them having the warnings, like, you know, hey, you're you're using this function and see. This is the right way to do it.

Because those are gonna be the gateway to actually getting that compiled code down. I think it's much easier to do that than it is trying to say, well, we need to strip out all coding languages and start over. God, Brian's dropping the Os I model is in rust. Thank you. But He's trying to trigger me, man.

I'm already pissed about this. And and I think the reason why I'm so mad about this is I've seen this before. Every time there's a new coding language, it comes up that everyone should use that coding language because it's inherently more secure and they're gonna not gonna have any security vulnerabilities, and we still have lots of exploits happen. We're missing the point. We're missing what the center masses is and information security for you.

Speaker 0: Yeah. It's... I mean, even in the even in the code security space, it's oftentimes visit logic flaws, authentication, and improper authentication. Like, it's not always just memory corruption. Yes.

Memory corruption can lead to huge bot and worms and stuff. But overall, like, it's... You know, we talk about layered defenses for a reason. Like, you should expect your code to be insecure and still operate. Right?

Like... Mh. Anyway.

Speaker 6: Alright. So getting back to old things, there was another vulnerability, the 4... What is it Forte, file catalyst workflow sequel injection flaw. And I think that this is another example of, like, a vulnerability category that just refuses to die. It's a vulnerability class.

I was at a conference a couple of weeks ago, and I was teaching some stuff, and I brought up web application security testing. And how to how to get started learning web application security assessments. And I was talking about... I think it was damn vulnerable linux. And 1 of the students was like, yeah.

Well, I noticed that their sequel injection in here. He was polite. He did it afterwards. And he said, sequel injection is solved. Isn't it?

And it's like god, no. It's not solved. These vulnerabilities still exist. They still exist in a major way. I actually think of in all of our new stories, I think there's 2 sequel injection vulnerabilities in the new stories that exist.

So, yes, this is an example of how these types of vulnerabilities continue to persist. And this vulnerability is not an issue in insane. This is a vulnerability in the way that the application was built the way it's passing that those variables that you get from the web server back to the back end data There was a a vulnerability in 1 of the wear clauses where you could basically split off and start executing more code. Standard sequel injection. So, yeah, this is a file catalyst workflow of vulnerable to sequel injection.

Once again, old is new. What's new is old. We just keep repeating ourselves around and around and around again. Well, but 10 did sit on this 1 for quite a while. They did finally release their exploit.

But I think it was well after file catalyst had the patch.

Speaker 0: Yeah. They did a nice little simultaneous patch and, you know, they they posted a bulletin and kind of release the exploit same day. So of a nice little coordination.

Speaker 6: Yeah. Then that's the way it should be. That's the way we should work together. I'm hoping it went well. I don't know anybody at 10 anymore, but I'm hoping it went well on their side.

Those are 2 stories that I was really wanted to talk about.

Speaker 4: I I think as far as... And and and I've seen this from other people the whole, I thought we'd had fixed this. Years ago.

Speaker 6: Right?

Speaker 4: None of it's actually been fixed. I mean, all you have to do is look at the Top 10 and how infrequently it changes and how much of stuff from 10:15 years ago are still sitting in that top 10. Mh. Never solved it.

Speaker 0: No, Mike, We have a w.

Speaker 6: Yeah. Right. Oh, god.

Speaker 0: John, there was an another of article you wanted to talk about.

Speaker 6: Oh, yeah. This korean. Yeah This is pretty gnarly.

Speaker 0: This is an interesting 1.

Speaker 6: This is really, really nasty. So, there was some file sharing over bit to. And it was using a tremendous amount of data that this Isp was very frustrated about. And it went up to the courts in South Korea, and they went back and forth. And finally, just basically, the court's ruled that Kt was right that the company that was using this bit warrant to do these files, syncs and transfers.

Shouldn't be doing it without getting pay payments back to Kt. So Kt had a number of options that they could choose. Right? They could have, you know, just simply started blocking bit torrent. They could have been blocked...

Try to block the specific type of bit torrent, from the traffic that was being generated for it. They could have employed sharks. They could have gotten some clowns. They could have done a number of different things. But they skipped over all of those logical things.

And they went straight into infecting the users that were using this service with malware. And on some of the computer systems, they nuke those systems as well. So they basically right here, it says it nuke grid service users with malware. Unfortunately, most of them were individuals not business corporations to and they had no idea what was going on. A moved to send and install Malware on hundreds of thousands of grid services users, seems like a for a financial move.

And is it likely just wanted to stop them from continually using the... What is it? Web hard, bit torrent file sharing service? But oh, my god. They went straight to injecting malware.

And this is what...

Speaker 0: They wrote a patch, and then they were, like, you are being patched. Please do not resist and they just deleted the problem.

Speaker 6: Oh, yeah. God.

Speaker 0: The the malware... I mean, it is malware because it there are... It isn't authorized by the user to do what it does. So it's still technically malware. But all the malware does is just nuke the program that generates the traffic.

Right? So it's like, kind of I mean, it's weird. I think the weirdest part of this to me is that somehow the courts backed the company that, like, just was like, Hey, user's computer, we can delete stuff too bad and, like, somehow that's okay. Like, that's... Seems...

I mean, I don't know how would that go here? I don't think it would go the same.

Speaker 1: Think about the those Sony. This is... This is what Sony did. Right? Pretty much.

They wrote Yeah. Software onto the discs. And whenever you burned a copy, it would actually stop you from burning copies. Sony Sony did that wine all the way went to the court and Sony lost. Like, you can't put software on a user's computer like that.

I think another interesting 1 with this is Youtube and Google right now or trying to, like, block the ad blockers. Right? And try to figure out a way. And there were... There there was drumming around that.

The only way for them to do that officially would be able to run something on the host. That isn't technically officially the Chrome browser? At least that's what I

Speaker 0: was reading, which, come comes back in

Speaker 1: this whole thing, like, how much power should these organizations have in order on your computer. Right? I think in the is definitely

Speaker 6: Isn't Youtube just straight up blocking brave as a browser now? Are they

Speaker 1: we uses this brave here?

Speaker 6: Like, I do I do wanna use for. I can't... Like, a lot of Youtube videos when I'm on Brave. Like they do not load. It's working for you.

Maybe Brave got around it, but they did...

Speaker 0: 1 of those. Yeah. I don't know. I mean, I think it's a weird situation. III also...

I kinda wanna get people's takes on, like, peer to peer. Well, I guess it it does kinda make sense. The whole peer to appear like, I I feel mixed feelings about that. On 1 hand, it's not servers that you have to own and operate, so that's kind of like efficient. But on the other hand, it's also, like, the Isp does have to own and operate all the exchange data.

Speaker 1: It's gonna be way different in Korea. Right? Because Korea can actually charge service providers based on the amount of bandwidth they're...

Speaker 6: They're using.

Speaker 1: Yes. So Net like, the the service provider can literally charge Netflix, But like, you're using more bandwidth than anyone else. So either you have to pay. Or gonna have to get away for your customers to pay to use your service, which is completely different than anywhere anywhere else I've heard at least for Internet. Yeah.

So when... So by using Bit torrent or definitely getting around that in a particular way. So I I agree with you. It is super interesting. I don't know.

I... Torn are a thing of the past for me. Right? Like, there's enough streaming website on the Internet. Don't have to or do think anymore.

Speaker 0: Yeah. But presumably, this was presumably, this was This was the bit torrent protocol being integrated into legitimate software. Yeah.

Speaker 1: It doesn't doesn't blizzard. Use Bit torrent quarantine software to for

Speaker 6: it's did. I thought did. Because it's it's more of a protocol now. Right, than it is.

Speaker 0: Yeah. Yeah. I mean, it always was. Right? But we associate time with, like, pirate bay and, you know, like, downloading Torrance.

But at the end of the day, Bit torn is just a peer to peer file transfer protocol. You could you could wrap it into any number of different pools. I mean, I don't know. I I think it's... I guess my question is, like, So based on how bit torrent works, based...

I feel like it would overall reduce the load on the Is b's network. Right? Because you could have plenty of scenarios where like, let's say it's a college. Am Not just downloading from D swarm, like local people. I'm not actually hitting the Isp.

I feel like if it was centralized It like, 10 the data.

Speaker 6: If it is restricted to just local, that would be fine. But whenever you're looking at most of the... Whenever you have torrance, it's not that. I mean, it's based.

Speaker 2: It's going the place.

Speaker 0: Yeah Yeah.

Speaker 6: And then the biggest problem is whenever you have Cedar that are have really, really, really fast connections. It just consumes a tremendous amount of volume, of traffic. And and a lot of times people didn't know it. Like, I remember years ago Larry Pe myself, camera who wells. There's some other people.

We were doing research on what was actually being leaked via torrance. And like you could find people's past ports and personal documents and all this different stuff. And the vast majority of people had no idea at all what they were actually sharing. And there was just, you know, gigabit of data that was just being, like, shovel off of their.

Speaker 0: That's like the lime era. Right? Where, like, by default, it just shared your entire c drive. That's why I

Speaker 1: always set my seating to 0. Now that's that's what you do right off the.

Speaker 0: So you're the problem. You don't how many copies and don't valid let look. Listen. Do you know have.

Speaker 1: You don't get back.

Speaker 6: That's 1

Speaker 1: of. I don't have up and down the same speed where I live. Alright? I only have so much up, why you think I crash on the news so much. They're they're throttle me.

I have to turn off every computer

Speaker 6: in my house in order to do. My excuse. Oh wait. No. That's...

Speaker 0: You have a fiber line.

Speaker 1: Alright. I I know.

Speaker 6: That's not Don't you.

Speaker 0: Yeah. You just want to data until...

Speaker 6: I had to use my backup. I had to use my backup.

Speaker 0: Yeah. Anyone else have articles. We could we could follow up to the whole drones as first responders. I don't think we got John's take on this. Do you this, John?

Speaker 6: Yeah. I don't know. What is the do

Speaker 0: you know about symptoms first responders. So here's the scenario. You're just calmly doing heroin in your backyard. And then someone calls?

Speaker 4: Calls it...

Speaker 0: Someone calls the cops and says, a guy walking around Naked in the grocery store. And I mean,

Speaker 6: How did I go from peacefully doing heroin in my backyard to walking around naked in the groceries.

Speaker 1: No I didn't know some other guys. Some other guys.

Speaker 0: Here's the thing, John. I don't know, but I live in Portland and I can tell you that's the experience that happens to a lot of people where I I don't think they know where they are or what they're doing. So Anyway, you're walking around naked in the grocery store looking for pulled milk because it's a great choice. And you... Someone calls the cops on you, so rude, but whatever.

And instead of the cop showing up because, you know, you could be armed and dangerous. It's just a little drone. And they're using the drone to kind of get eyes on the situation. These D drone and as first responder programs are They started... I the 1 we talked about already was in San Diego was little to wade.

But they're kind of, like taking over, Las Vegas, Lewis, New York City, Are kind of messing around with it. I guess San Diego is the furthest that we've talked about, but I think there's other cities as So I guess, like,

Speaker 1: there's a list further down the article Yeah.

Speaker 0: See huge list.

Speaker 1: Go scroll up. Scroll go. I wanna kinda shout out. Doesn't that guy look like Blake?

Speaker 0: It does look like... God's look like like. Like, what are you doing? Are you under your companies are working worth?

Speaker 6: Oh my god.

Speaker 1: The thing it... The 1 thing to mention, these drones aren't so little. Like, they're... They do have little ones, but these are these are some big daddy drones that...

Speaker 0: Do They have taser. Yeah.

Speaker 1: Not yet. They have lasers. Remember like there's a guy that says that lasers

Speaker 6: situation down. Once again? Hypothetically. I'm naked in my backyard drinking ice cold melt doing heroin. And drone shows up.

We've just gone to bad trip territory very quickly. Right?

Speaker 0: The robot The robot hands on.

Speaker 6: You have 5 seconds to comply. What do?

Speaker 0: I I guess I don't know. I I think this could go either way. It could actually be beneficial if the data isn't misuse in any way, shape or form, but I don't think I'm willing to make that

Speaker 6: Like is.

Speaker 0: I don't know. It's gonna be

Speaker 2: misused never not misused by any agency.

Speaker 0: Yeah. And they're gonna be, like, oh, we're flying over, you know, John Be house and he was drinking cold milk and his underwear and now they take that and put it on tiktok. Like, because it's not gonna happen in, like, a week.

Speaker 6: I but you III guess if it works and it's working for them. Like, it's 1 of the things. I mean, if it is working, then let's roll with it. Right? Because if I have a choice of at some type of drone.

However, the hell that works whenever I'm stoned and drinking bolton mel, dealing with a situation. I'd rather have somebody trained on the other side of that than a police off whenever sir that is only trained and force and restraint and arrest True. You know.

Speaker 0: That's a good point.

Speaker 6: I I know that I sound like a hippie, but sir we've gotta get a little bit more creative with some of these things. And if this... I I don't know how a drone works into it. But if it if it's if it's that, or an armed police officer that had 9 months of training on how to use his gun in his nights stick showing up, I'm going to take the drone every single time.

Speaker 0: I mean, the other thing to think about, on the... Like, this is really important, obviously. Will this ruined police chase scenes and movies? Oh, what run place Chase like blues? Come on.

Come How are you gonna out the stupid drone? Or is it easier to out run drone than even drone swarms

Speaker 2: Sick man.

Speaker 6: Drone swarms, not just a drone swarm.

Speaker 0: I'm not, it's a you're that seems harder, but

Speaker 1: we we make a drone For the police chase, then it has like explosive charge at the top of it that then lands on the hood of your car and blows your engine you're good. There we go. All police chases are done with drones. We're fine. If that sounds back like a bad idea.

Probably...

Speaker 6: It sounds like a horrible idea. Was gonna suck is someone's going to roll with that. They're gonna be low. That really his

Speaker 2: They already tried something similar. And it it was ruled to be not usable. They they... I what police department was that they were looking into base a vehicle inter predictor that basically launched this little thing that would go under the car, and I think it was designed to fry the electronics on modern vehicles. It basically, didn't either as short range range something rather with electricity Friday electronics but the problem is.

Of course, that completely throws vehicles in the chaos. You would do this in the high speed chase situation. You're at cars would be veer all over the place. Never saw the light of day for some reason.

Speaker 3: And that's custom

Speaker 6: because that's this that's the problem they have with all high speed chases. They're like, no. These are fun. Yeah. They are.

They're great. They're awesome. Did you notice

Speaker 0: that a

Speaker 6: lot of people die, you know, when we do this. Let's not do the high speed, Jason thing. Yeah. I could see how drones then escalate that up. But...

Yeah.

Speaker 0: I I don't know. I think I guess my, like, final take on this is it's happening. This is... I mean,

Speaker 4: this this is... This

Speaker 6: is Yeah.

Speaker 0: Is this... So I mean, I guess we'll see? Follow along. We'll talk about it. You know, like, I I

Speaker 6: I'm I'm going to tell you guys. This is all shit that we're talking about in the comic series the future is? Like, you know, what what is all of this going to be like, you know, in the in the near future. Like, and this is, you know, I don't know. Like, I I hate it whenever people ask me.

They're like, john. What is your take on Ai. I'm like, it's bad. No. It's good.

No. It's bad. No. It's good. It's like, but you're an expert in this No.

I'm not. Well, no. Yeah. Like, all of this stuff is just weird and strange and it's getting weirder, Or is it just a factor of us getting old? I I don't know.

Speaker 5: Yes. Both.

Speaker 0: Yeah. I think it's all of the above. I also think

Speaker 6: Neil suarez, great book recommendation kill decision. Absolutely fantastic. Freedom trademark, Damon, influx, great author, Daniel Suarez is

Speaker 1: is talked about it on so many times. Yeah. It's monday.

Speaker 5: Gentlemen, I would like to take the last few minutes of our time together before the fourth of July to celebrate July first and give you an update on some of the new privacy laws that have gone into effect around the United States. There's like I wanna mention today.

Speaker 6: Idea if Bart go with it.

Speaker 5: Being sorry to rain on the parade, but, I I wanted to, leave with a little bit of helpful information. In addition to the other helpful information we shared earlier today. Corey, you mentioned Portland, Oregon, and I never say it right. Because I used to live in all in Oregon, Wisconsin. So I if I put...

It's oregon pronounce wrong. Anyway, It's okay.

Speaker 0: Or gods trail.

Speaker 5: That stayed out there that, put into effect a new undue privacy law, and I actually wanna draw attention to it because they actually did it right. They didn't write it for the lawyers. They wrote it for small businesses and consumers, and they actually came up with an acronym called. Locked. L, a list of entities that has your personal information.

O, teaches consumers how a lock, how to opt out, c, you can get a copy of your of your, personal sensitive data, k know what, information a business has on you, e, edit any inaccuracies in your personal data, and d delete information businesses hasn't have on you. So the the Oregon Oregon, Sorry. I never get it right. Privacy law is actually really good and they've got some great resources on there. That came into effect today.

Another 1 I wanna mention is the Texas Data Privacy and Security Act. The interesting part of this 1 is small businesses are generally exempt. It also, businesses have 45 days to respond to a consumer request. They're asking businesses to conduct a business protection. Excuse me, they're asking businesses to conduct data protection assessments.

You know, do you know where your data is, is it encrypted? What kind of data is it is it sensitive? Is it Phi Pii? That sort of thing? 1 thing that they've done that's kinda interesting is they're giving businesses 30 days to make right if they find a violation.

Not only is there this 30 days to cure or fix the violation. They've actually listed a monetary penalty of 7500 dollars for each violation. So Texas is putting some skin in the game when it comes to their data privacy and Security Act that went into effect today July first. The last 1 I wanna mention is Florida, actually, the governor signed a digital bill of rights this will send it bill to 62. This one's interesting because it...

We talked about this a little bit in a previous news cast. We were talking about biometric data? And I think Corey was asking, well, what is biometric data Or what, you know, how are we talking about it or classifying it, Well, they actually did identify what is biometric data in this particular bill of rights, fingerprints, voice, retina, iris, and then they left it a bit, open ended it open ended and called it unique bio patterns. And the other thing I wanna point out with the Florida data privacy law is companies cannot sell sensitive data on children. Without receiving a prior, consent from parents.

And this is the first time a state has actually said, you have to have prior consent before you sell sensitive data on children. So while we are talking about earlier stories, you know, kind of some doom and gloom. We are seeing 1 and more data privacy laws popping up in the states because there is no federal data privacy law, and they're probably will be for, at least a few months till after the election. That's all I got.

Speaker 6: That is a great rundown. Thank you very much. Alright. Can we can we wrap this up? Because it is, you, in in addition, but being the first of July.

It is my anniversary.

Speaker 1: So oh

Speaker 5: yeah. The grab anniversary.

Speaker 6: Anniversary be 4 years. Pretty excited about that.

Speaker 1: You got you got

Speaker 0: What's your 24 privacy laws? What do you...

Speaker 6: Your 24 is the privacy law. Yep. Nice. We made it right past the restraining order year. It's great.

Feeling real strong about all of this. But and then also, everybody enjoy the fourth safely, and, I... With that, Ryan take us out.