Speaker 0: The Corey will jump in last second. Save me from being host. I really don't wanna host. I'll... Corey always

Speaker 1: shows up the last minute. It's probably in a meeting. Mid being, maybe.

Speaker 2: Okay. Mean many it's been a calls today so we don't have no idea why anybody would be in a bunch of meetings.

Speaker 0: I'm not. I wasn't that totally. We're not gonna talk about that. Alright? Like I really...

I I agree with Sean, like, I just, like, stop going on any type of, like, Twitter or Linkedin stuff because I... It's everyone just, like, they're 2 sets

Speaker 3: the wall.

Speaker 0: Wall at the wall. Just so... Everybody's got

Speaker 3: an opinion. And Like who have it.

Speaker 2: Yeah. There's there's 2 prevailing stories right now, and it's just sort of like, okay. Can we...

Speaker 1: And White several having Snooze withdrawals apparently. We'll have Have.

Speaker 0: We have those other good stuff, but I just don't wanna talk about the event. I I do think 1 thing I do think that's interesting. Did you guys read how, like Mca feed did something similar in 20 10. And it was the same.

Speaker 3: It was same Ceo.

Speaker 0: The same. Was like 0YII did see a good conspiracy there.

Speaker 1: Okay. At at risk of going and actually talking about it. I did see a statistic that there were something like 8500000.0 points impacted. Yeah. By this 1.

Something Yeah. I don't know if that number of endpoints was impacted by the Mca 1.

Speaker 0: Let's see. Someone... Well, let me ask Chad Eb real quick. How many endpoints were taken down in the mca feed, 20 10 event. Of course, Crowds is the first thing that comes up.

Speaker 2: Really?

Speaker 1: Well, yeah of course.

Speaker 0: Well, because it's it's because the link. The link between the 2. Right like, it's just articles everyone talking about that.

Speaker 1: How many cats do you have, Sean?

Speaker 3: 2 right now. Although my daughters are begging for number 3 and I'm like, when the house is in better order?

Speaker 4: Those are Rookie numbers.

Speaker 0: Was right I thank God you're here.

Speaker 3: I have 11:11.

Speaker 4: But only 3 your mind?

Speaker 0: I was about to say how many are permanent? I know I know you're secret.

Speaker 4: Are you 3 permanent. Pre permanent, 9 foster.

Speaker 1: Once upon a time, I went through our house, we had over 30 indoor outdoor cats, and I think my mom... I stopped counting the number of house plans at at 333 because I liked the number. I come by my Ocd honestly, Okay. Your video, Sean. I, don't know.

Speaker 4: I think the rest you're being very upset if we start our own so we're still accounting.

Speaker 3: Still, even though

Speaker 0: get you.

Speaker 3: Just turn the resolution

Speaker 0: that you're... I don't know if that.

Speaker 1: What are you set to?

Speaker 0: 4 k or bus. It it should

Speaker 3: only be...

Speaker 1: Doesn't do anything 80.

Speaker 0: May your only I paid for rest stream plus.

Speaker 1: Alright. Using Gpu or acceleration

Speaker 0: Yeah. I went to stream dot r u, and they're like, yeah, Free upgrade. Here you go. I was like, alright. Cool.

Speaker 1: You to

Speaker 4: call, But I

Speaker 0: just had to give like my source number, You know, that's it. And I like right. My name

Speaker 1: address. K.

Speaker 0: There's some good stuff, Corey. Good news. There's what is too.

Speaker 4: No. Right That's no. There's nothing happened.

Speaker 0: We don't wanna talk about the event. There's a couple good articles about

Speaker 4: Crowds stroke.

Speaker 3: We're not gonna talk

Speaker 4: about that. I'm pretty sure we are That's stroke.

Speaker 0: Feel like that... What what can we really do minimum hasn't been said. We should... We should have someone collecting memes? Like, like, you got have an

Speaker 4: do, like, meme? Like of. I mean, Crowds stroke is the only meme that I thought was worth Aaron.

Speaker 0: Did you see the kit kat tweet?

Speaker 1: Guys No. That actually was pretty cool.

Speaker 0: Kicked back a choice. It was, like, your computer's taking a break, so Why don't you, and then it had the P, like, f and I was like, that was golden.

Speaker 1: Good It was a red.

Speaker 0: It was

Speaker 1: a red screen of death.

Speaker 0: Yeah. Good job Kat.

Speaker 1: Red screen of kit kat.

Speaker 4: Red cat green?

Speaker 0: That was good. There's a couple other good ones that We're floating around. Yeah. Cat.

Speaker 1: Oh, no. No. Victim of crowds strength.

Speaker 4: Well, now we can't joke about it. Dang it. Yeah. And we still joke that Kelly. It's just a joke at Kelly's expensive.

Now. Before it was a joke at just the general public's been. Let's see I'm I'm gonna pull the politician, feel and say, now it... Now it affects me so I care. Wow.

So other than Crowds, I mean, nothing else happened.

Speaker 0: Those dude, like, like, 4 4 different ransom wire actors were, like, arrested from 3 different teams. Oh, I

Speaker 4: thank God, I didn't get arrested.

Speaker 0: I know. Right?

Speaker 4: That I just

Speaker 0: dodged that 1.

Speaker 4: Should we do, like, a off hours betting pool of who's gonna be the next vp on the demo democrat side?

Speaker 0: No. I thought you're gonna... You're gonna

Speaker 1: cross that barrier.

Speaker 0: That's... Yeah. That's... No.

Speaker 1: It's what. We can't

Speaker 4: talk. It's not political. We

Speaker 1: can't call it.

Speaker 4: It's when don't we... It's not talking about politics. It's just meme about who could be the Vp. I mean, I said Tiger king. And that...

I I mean, I think there's a chance.

Speaker 0: We're gonna see some cross party removal and Elon gonna go for it.

Speaker 4: Is Tiger King and Jail? Yes. Does that matter? Also not yet. He did ask trump for pardon in.

He had the limo standing by. Yeah. And john that Limo is gonna be standing by again for the Vp nomination. Alright. Yeah.

The rock all the fingers.

Speaker 0: The the rock looking the rock.

Speaker 2: Roll finger.

Speaker 1: The rock. Remember ancient Chinese

Speaker 4: George clooney George clooney times. And Okay. George Clooney is a genuine possible pick. K? Just throwing that out there.

Speaker 0: He doesn't like please know.

Speaker 4: Been supporting act blue and all that stuff. It could happen.

Speaker 0: Just imagine that there'd be like, cranks all over the White House because he's owned to like, throw prank and stuff

Speaker 4: Ocean 13 White House edition.

Speaker 0: I love it. 40 clooney.

Speaker 4: Hello, and welcome to black hills information securities talking about news is 07/22/2024? Crowds strike. The apocalypse is now over. To Monday. Nothing.

There's no cleanup. Everything's been resolved. You were out all weekend and now everything's fixed. It's fine. There's nothing.

There's no further actions needed. I'm sure nothing bad could ever happen ever again. So just just relax. Come.

Speaker 1: That's. Just hits hits the reset button on there. Game console and it's all good again.

Speaker 0: This is the first time we've ever had, like, a specialty, like, in our news board. I know other people don't see. There's usually like. Threat actors, big news, Microsoft, but this time, the top 1 is crowds strike, and there's just millions of things. And I think that's the first time we've ever had that.

Speaker 4: Yeah. I mean, I I guess to be clearly, to be more specific. There are still people who are... In trouble because of this, 1 of them is our very own Kelly who's stranded in Salt Lake City because her airline is loose screening

Speaker 3: at Apparently.

Speaker 0: She should have flown southwest.

Speaker 4: Yeah. Southwest is known to be very not have any tech day.

Speaker 1: Nice signal to the first. Windows 3 1 would be there to save the day. Yeah.

Speaker 3: Yeah. I heard... I mean, they're the text there also play a lot of, Dia 1 on the systems when they're not being used?

Speaker 0: Why not?

Speaker 4: So for anyone that doesn't know, we did a kind of emergency webcast on Friday, which if you're interested, go ahead and watch the recording. I'm sure Ryan will be able to find it. But... Kinda just running through the history of Ed. What...

I mean, most of... I I got asked about dinner. I I was at a dinner party over the weekend, and people were asked me like, how is your day on Friday And I was like, well, fine because, you know, we're the hacker. So, like, we're just like, oh, okay. Well, we already did our jobs.

Good luck. Me But a lot of people had a horrible day on Friday. We did an emergency webcast. People don't know what Ed is. Now they do.

People don't know what. Blue screens are now they do. Basically, know, watch that webcast if you want the background edge. But we're now we're gonna talk about fallout, Apparently, Tech debt is good. So Southwest, I don't know.

Is this like confirmed? Like, out how do we know this? That's what I wanna know. Did Southwest tweet. We use Windows from 19 92.

Were good.

Speaker 3: Well, the article had a link to an earlier article. So I guess this... Came out before and Southwest was getting black for it. And so, like, was just, like, hey by the way.

Speaker 4: I see.

Speaker 3: Black cloud silver lining You know?

Speaker 4: Sure. Yeah. I mean, basically, for anyone that doesn't know. If you're using Windows 3.1, there is not a crowds psych Falcon sensor for that version of windows. So you were good to go.

But also probably horribly insecure. Apparently, a lot... It it was... I think the most interesting thing from my perspective not being... I didn't do any.

I didn't stay up all night. I didn't, you know, have to do any real work. But It was fun seeing who uses Crowds strike? Like, I'm always curious. Who's using Crowds right now.

We know pretty much a list of it. Company might crowds right.

Speaker 1: Yeah.

Speaker 0: So so the yahoo links to a Cnn article claiming claiming like, oh, Southwest is has 3.1. You go to the Cnn article. They just said Southwest told Cnn, the outage hasn't impacted its operations. So who knows where this information really came forward. Show.

Speaker 1: You, 1. The international space station is using what Windows 7.

Speaker 0: 0, so they're on Mca.

Speaker 1: So Yeah. There's there's a lot of legacy systems out there. And unfortunately, I think this is gonna send the wrong message to a lot of people.

Speaker 4: I mean, secured out security. Kinda landscape. So this is roughly what 8 and a half million computers. Is that, like, the current estimate that I've heard?

Speaker 2: That was per mark... Microsoft.

Speaker 4: I mean, that's a lot. I I guess I would say that's not that many, but it is also, I think the thing to note is that those 8 ports... 5000000 computers are usually the most important computers. Crowds is a product that companies pay millions of dollars for. And so point you know, the companies that are shelling up millions of dollars for security products are often oftentimes the ones that are doing important things are at least feel they are.

So I feel like, you know, there might be 8500000.0 Android phones in India that didn't get affected, but this... These computers are the ones that make planes fly and did all kinds of crazy stuff.

Speaker 0: So...

Speaker 4: There's... I mean, what is the market share? Like, is... Is is there data on this?

Speaker 0: So 1 1 thing to think about crowds

Speaker 3: strike versus other Ed or.

Speaker 4: Anyone else. Yeah.

Speaker 0: Anyone else. They... From what I've learned in my history of, like, blue teaming is usually crowd strike because, like, the number 1, At

Speaker 4: least Agree. I feel the same way, but I don't have any real data to back that up. Like, it seems like it would it's either them. Md. I feel I.

Speaker 0: I won't confirm my data, but I... Yeah. I exactly agreed to see there their M md or your crowds striker right at The all the others fall a little bit behind.

Speaker 4: No 1 like maybe 5 percent per or 10 percent?

Speaker 0: Yeah. Well crowds has, like, a ko aid effect. Right? They have, like, a million different products. And then if you buy them all, just like Microsoft it, everything works perfectly.

Speaker 1: Or Right.

Speaker 0: But the 1 thing I know we always talk about is stock prices. And if they will go up. So if you check out, I think last time I checked crowds strikes. Stock prices. What are they at right now?

They're. Yeah They're at 2 63 right now.

Speaker 4: Minus 41 dollars today. They were percent.

Speaker 0: They were at, like, 3 3 90 beforehand, almost 400.

Speaker 4: Geez time buy.

Speaker 0: I was talking to some other people like, oh, will they bounce back that type of deal. And Yes.

Speaker 4: I... This is a matter greed overrule anything else.

Speaker 0: Yes. But they're like, alright. So maybe it'll bounce back, but let's look at solar wins. As a as more of a trial. And if you look at solar winds, they did not bounce back

Speaker 4: Well, but solar winds, I think wasn't it... Yeah. I mean... I this is total speculation We don't know. But, I mean, solar winds a different

Speaker 0: stock advice.

Speaker 4: Solar winds had more Although, I guess you could argue this is I don't this indicates a systemic issue. But I think the other the other article I wanna point out is the 1 that that, blame the dev who pressed deploy. Not the 1 who wrote the code. Yeah. I I agree with article.

Speaker 2: Like, yeah. I read that article a few times because if you just read, like, the article title, it's, like, it says, you know, let's blame the dev who pressed the button. But if you read the article, it's Yeah. Kind of the... No.

We're not we're not blaming the dev. I read through the article a couple of times, and I came away with the... Okay. So there's a lot that we can. Fault.

Like, it says in there, like, let's start with the Ceo and go, well, you know, the Ceo, they get... Why do they get paid so much? Because they assume the risk. Okay. As so let's blame them and they go, well, That's not really the fair point.

So let's do we... Because if you blame the Ceo, If you go, okay. Let's blame the Ceo, In 20 10, Mca if he had a similar outage, but

Speaker 0: let Ceo.

Speaker 2: He, you know, Kurt left Mca and found a

Speaker 4: up as a Ceo. Right. Yeah.

Speaker 2: He was he was totally held accountable by wiping his tier that was money.

Speaker 0: So there was there was some Hearsay reports from another news cast I listening to that. Devs at Crowds strike can push to production. That You

Speaker 3: mean like single key by themselves?

Speaker 4: Yeah. Okay. Yeah. Here here's what I'll say. Here's how I feel about that.

You have... Like, this is... Should not be a problem. This does indicate... An issue with the way that Crowds does Ci cd or whatever you wanna call it development, Sd, whatever you wanna, you know, use an acronym of your choice, but code needs to either be, like, there's basically 2 ways to approach it.

1 is, we push code to production all the time and we assume it's going to break and we're fault tolerant. That's 1 option. That's fine. That's like the chaos monkey strategy. I'm okay with that.

If you're allowed to push go to production, but production is not something that's monolithic and can break across every user, every endpoint, everything, then that's fine. Or you have very close and careful inspection and validation and testing of whatever code you are pushing. I think in crowds case because of the nature of a driver on in the kernel on an endpoint on 8500000.0 endpoint. I think it's... You need to have very close testing validation checks.

Like, you can't just send it. So I feel like... Yeah. I mean, it's it's a mess up, and I I do think they deserve any hit to their stock price because this is systemic issue. This is not like a 1 off issue.

Speaker 1: Okay. Wait. That it's systemic on both the deployment end, but also on the end of the clients because I've I've worked the companies at test and production and things always end badly, and then I, perhaps. I worked with the guy who routinely took down our entire suite of web apps and still managed to keep his job because he was good at other things. But I've also worked at companies where before any mass deployment of an update is done, they have a limited bank of representative systems that they test that deployment on.

So not mean it's not rocket strike fail, to to check their stuff, but also the the companies that got hit, they also failed to check their stuff

Speaker 4: Oh no No From from...

Speaker 3: What I understand on the Crowds side. Yeah. They have their sensor updates and channel updates. Yeah. The sensor update is more the definition stuff around what Ed for the channel update is a lower level thing.

This was a channel update, and while sensor updates you can toggle and say I want n or n minus 1 or n my minus 2, so you can phase those in or you channel updates just magically flow through whenever crowds. Yeah.

Speaker 4: So no 1 had any control In there was no 1 at something on unless you have

Speaker 3: firewall infrastructure or something, Like... Yeah. You got.

Speaker 2: You have your critical systems on n minus 3. And the which still come through. And there's there's... I think to get get to the point on the article that we're we're discussing, yeah. It does also get into the...

Well, let's let's blame the the customer, and it's, like, well, you know, but are they are they to blame because, like, you know, United and Delta is... Decided to run Ed, on it just displays flight details. You have M Ed on it. And I'm betting that a lot of people even decided in a chat, not reading the article would go, okay. Why would you have Ed r on all of your endpoints.

And the answer is, like, you have some regulations that go. I need to I need to fill out a checkbox. Like, it needs to be everywhere.

Speaker 0: If anybody asked me why don't we have... Why do we have Ed and My. Plants some

Speaker 2: just like.

Speaker 0: I said something... Do you

Speaker 3: I mean, more often than not, it's regulations. Or things like that. It really is

Speaker 4: Yeah mean

Speaker 2: or do you? It it it good... It... The article flows into that too and go, well do you plan the regulations then.

Speaker 0: Not we blame.

Speaker 4: I I guess I would say, I think he blame Crowds strike because the regulation doesn't require that it auto updates without any approval from the client. And it also doesn't require that the, you know, update isn't validated and checked before deployment. The reason this is affecting Crowds strikes bottom line is not just because of sentiment. It's because... People are realizing from the perspective of companies who purchase Crowds.

We know from the graph that someone sent in discord. Thank you whoever sent that I didn't. See It was r a

Speaker 2: 50.

Speaker 4: R set graph. So Crowds track is actually 15 percent of the market. Microsoft is a bigger player in the market, and there's a lot of other competitors. Rest of market, meaning basically other is actually the biggest shareholder. So essentially, there is a lot of Ed vendors out there is what that graphs says and that what the data says.

Speaker 0: That graph has from Microsoft too though. Just...

Speaker 4: It's from 20 22. It's... It's it's a little outdated it's from Microsoft, but I would believe that. There are a lot of options you can easily switch between vendors and that's always gonna be the k or maybe not easily, but you can affect... It's not something that is, like, it is easily switch.

It might be in... It might incur costs, but it isn't like non compatible or something You know what I mean? They're they're all very equivalent compatibility. And the thing is Crowds strike left all the companies holding the bag of who's gonna do the cleanup, Thing you who's gonna do the, like, who's gonna remediate. It wasn't them.

They didn't remediate anything. They said, alright. Here's you just delete this driver file and you're good to go. That was That... So I think from the perspective of the consumer who's buying Crowds, you messed up, you left us holding the bag, Why don't we just switch?

Right? Like, I think that's why they're... That that that's how I would feel as the It admin is product's incredibly expensive. You left us holding the bag and I can just click enable Microsoft defender for enterprise in Microsoft And it'll just magically.

Speaker 0: Contract negotiations. Are gonna be real interesting coming up. Right?

Speaker 4: Yes they are.

Speaker 0: But...

Speaker 4: So or whoever just signed last week. Yeah. I... I'm so sorry.

Speaker 0: On... But our On on that point, though, like, crowds does... Like, we said, Crowds does offer everything. Right? So it's...

It probably... It is not is if... If you did drink the Ko aid. It's not gonna be as easy as just flipping the Ed or pushing the executable for new ed.

Speaker 2: That's true.

Speaker 4: Right. They do have the overwatch. And all the other managed search, Services? Does Microsoft have a version of that. Yeah So

Speaker 0: they have and pretty much. Right?

Speaker 4: Yeah. So that's the thing. It's just... Oh, you... You're chevy blue up so you switched to ford.

Like it like Got.

Speaker 0: But but then look at the Microsoft side. Right? Like, we've been talking about Microsoft and their licensing fees for the past. Gear for years. Right?

Like, how much... I don't know what is it like, an E 5 or something like that licensing fee is? And, like, you don't get all the logging unless you pay for it type of deal? I also think Yeah.

Speaker 4: I mean, Crowds is insanely expensive, No one's like, oh, the Ed budget isn't big enough Yeah. Like, if you're coming from Crowds, the budget is big enough. Like.

Speaker 0: Another thing is I... The Ed market, like, maybe Alex, Alex, I know Alex does blue team more than just as much as me, at least he used to. But I feel like the Ed markets kinda like s. Right now as much like there

Speaker 4: isn't really so many. Yeah.

Speaker 0: There's so many of them, there isn't, like, a big contenders as much as they're used to be Right? Especially with, like, Broad combine out carbon black recently. But, like, the 2 biggest I believe are gonna be carbon black and Md just like we've been talking about to But even then Strike? Crowds dried ga I might might mad it. Well, like, what what else do you, like, really look at?

Like, they're central 1? Maybe there's some... What else do do you think you guys think? That other other products?

Speaker 4: I I said no 1 is for sure in the Make, cortex? We see a lot Our customer base. And, like, other, like, I guess I would say, like, it's tough because, like, security products are all just made up products what they actually. Like, what is Ed? What is Av?

Speaker 0: What is?

Speaker 4: El. What is ransom wear protection, like, I don't know. But basically, like, I will say, I do think, on an It level, this also makes the case for, like, minimalist Ed r's. Right? Like, something that isn't internal integrated.

Oh, yeah. And, ed Elastic is really good too. It came from endgame, which was an old small 1. 0, there's a lot. Basically, there's a ton.

But I guess I would say, like, The biggest thing is it sucks for crowds because you could be doing almost everything right and still mess up. Something critical and have it just destroy your entire image.

Speaker 1: Like guess. That's true life. That's...

Speaker 4: Yeah. It is. Yeah. Like, they're doing... From from my perspective, like, they're doing almost everything right?

But then they're, you know, like... And, yeah, people... You know, people talking about pricing. I mean, I can tell you you're gonna be paying probably a thousand dollars in and endpoint. Something like that or more for Crowds with, like, the Falcon complete, which I've never talked to a single customer that doesn't have Falcon complete.

No one's buying Falcon go like, that doesn't even... That might as well not even exist. Like, it it's always the big boy, the Md r, the... Hey, you know, because, like, Wade said, Part of the selling point of crowds strike is it does everything. Right Oh, they respond.

They automatic contain. They do this. They do that, which maybe people stick around for that. Because they do they do that pretty well. But when it takes down your entire It infrastructure, maybe it's not worth I know.

Speaker 0: Okay. I got I got a good pivot about taking about... Taking down your entire It infrastructure, which I believe it was an article that's not about Crowds strike and goes right into our conspiracy theory souls and

Speaker 3: heart. D has.

Speaker 0: D dhs

Speaker 3: So has

Speaker 0: a robot to d ddos. They're to dos. I'm sorry. All of the Internet of things in your house.

Speaker 4: We'll explain how?

Speaker 0: What So so I put the article in private chat, So the department of Homeland Security has a robot like dog, think of the whole Boston dynamics dog thing that pretty much has a bunch of cool antennas on its back. And they don't really tell you how it works, but it's pretty much meant to roll up to a house, take out the internet of things. Like ring doorbell bells or cameras

Speaker 4: or that

Speaker 0: type of stuff. In order to prevent boob traps for any federal law enforcement that are coming

Speaker 4: Sure. Boob trap. That's 24.

Speaker 0: They do give they do give an active... They do give an acc explanation of an Fbi rate that was in Florida. Where they saw the the the the person living there saw the Fbi agents coming in via the ring doorbell belt and then killed 2 of them. Right? So total makes sense that this was happened.

I wanna know how you how you toss or ring doorbell. They do not go into that?

Speaker 2: It doesn't, but there... There's been there's been, criminals or, burglar that have been using... Ddos technology in order to take down your front door cameras as well. Yeah. So there's some knowledge and technology out there that I haven't looked into yet, but I've seen the the articles of the alerts going, hey, there's physical burglar so are like, okay.

We'll, just knock your security cameras offline and Rob your house, you're not gonna know.

Speaker 4: Yeah. I mean, I guess, how is it gonna work for wired cameras.

Speaker 0: Bam. Don't watch through everything Yeah.

Speaker 3: Windows 3.1 and a hard wired camera. We're not we're sick we're so safe. Tying it all together everybody.

Speaker 4: Bring it together. Oh, yeah. I mean, I don't know. I I... The concept of, like, a criminal being smart enough to set up a boob trap.

That uses Iot devices this see a little bit.

Speaker 3: The the wasn't trap is the big Boom.

Speaker 4: You. Think of the children a boob trap What is it like a smart Wifi air cannon or something.

Speaker 0: I just imagine imagine If

Speaker 1: they're jamming, if they're jamming, what's likelihood that they might... Triggers some of the boob traps.

Speaker 4: That's fair. It's like waiters or a signal driving before they go in though. That's probably fine. Ron when... Turn on switch.

They turn on the dog and, like, 5 bombs go off in a car nearby.

Speaker 0: Yeah. I wanna know why isn't there a Goo boob trap gift? Oh, here go.

Speaker 2: What you because it's like... And I I gonna say it's like, what is it like, the the federal government needs to... Start watching movies more modern than, you know, 19 90 nine's matrix because I think we're on a news cast. And they they named some other project Morph, and they're naming this 1 Neil, and it's like, Okay.

Speaker 0: He's the 1.

Speaker 2: Yeah. It will we'll mail you, like, you know, updated hacker movies if you want to, like,

Speaker 4: Also, like, I, I mean, what if you just live on, like, the third floor apartment. Yeah. They just how high how he'll go.

Speaker 3: Send everybody there's is incidental casualties he's

Speaker 4: lots of out. What's going? Sorry. Sorry. Everyone else.

Your neighbor is getting raided. So... Ddos for the whole. No internet for you.

Speaker 0: Yeah. It's a cool 7500 dollars for that quote.

Speaker 4: Palm link to the stream boob traps. Are gonna be. Iot. Yeah. Alright.

Enough crowds. Let's talk other stuff.

Speaker 3: Amen.

Speaker 4: Let's talk about a law enforcement picking down doors since we're already on that topic. So how many ransom in where... How many ransom were people got called into

Speaker 0: 4. Org, I but 3 got arrested. 1 got sent. I think 3 got sentenced, I believe. And it's all from different threat actor groups too, which is kind of...

Speaker 4: Start with king... Let's start with tank. Tank. Tank. I'm.

Thomas the to almost the tank engine is now going to jail for 18 years. Sorry.

Speaker 1: To the matrix again.

Speaker 4: Yeah. So this is this is the leader of the zeus now gang, which, I guess if you don't remember Zeus, you're lucky. Really good is old 1. Right? This is an old 1.

Speaker 0: Yeah. So he got sentenced to 2, I believe 9 year sentences, not consecutive, so he's gonna have to serve 18, I believe, which it's pretty good. Right? It It's a lot

Speaker 4: you're paying more than 73000000.

Speaker 0: I'm sure

Speaker 4: imagine getting, like, 3 dollars in the mail, and it's like, your Pc got malware 18 years ago. Here you go. Like, No. I'm assuming it's companies, but it is funny to imagine just getting a bitcoin transaction from Zeus or whatever and it's like, hey, here's your 3 dollars. Sorry.

I hacked computer.

Speaker 0: So he was indicted in 20 12, so it's been a minute.

Speaker 4: I think it took them a while. I mean, it's, like the normal thing where they ind indictment, and then they have to wait for them to enter an extradition country, and they eventually they did.

Speaker 0: He he was... He got caught in Geneva in 20 22. Man that sucks.

Speaker 4: So he... He successfully didn't go on vacation until 10 years later. Whoops.

Speaker 0: That was a quick sentence scene at least so November 20 22 a little bit, a year and, like, 9 months. Right? That's not bad.

Speaker 1: Well since he was indicted originally... 20 years before that. They had time to get all the paperwork in order.

Speaker 4: The got matrix printer was able to print within those 10 years.

Speaker 0: Not lady ddos.

Speaker 4: Yeah. Alright. Well, that's good news. We'll count that as good news. I mean, I don't think this is really that.

It's controversial, hopefully But I guess, if you have if you have free tank shirt, just let us know.

Speaker 0: The other the other good 1 is coming from the Uk. But they didn't give us they didn't give us. Any information on how they did it. I'm looking for the article. Scattered spider operator caught.

Speaker 4: Oh, where is it?

Speaker 0: I read it I swear.

Speaker 1: Where... Too arts article? Names for these things. I swear.

Speaker 0: Scattered spider the the crowds.

Speaker 2: Yeah. Crowds strike martin.

Speaker 4: Microsoft crowds strike. I mean, that's the whole reason to be an Ed threat intel company.

Speaker 0: Police. Here we go. Here we go.

Speaker 3: This is the teenager. Right? Yeah.

Speaker 0: Yeah. Yeah. So 17 year old Mgm. I dude, I honestly wanna know how they caught him Like, this is this is pretty legit. So, Uk police announced in a joint operation with the country's national crime agency, the Us Fbi.

They arrested a 17 year old suspected of being connected to the Ransom wear group attack against Mgm resorts last year. Right? So he is 17. So the the Uk is pretty good about not releasing any information on minors that are caught and hacking. It's really good once again, another really good dark diary is actually about that.

Speaker 4: I mean, it had to be an ops offset mess up or maybe, like, Uk's national firewall. I will say, like, 17 year old kid does not usually bring up images of strong ops.

Speaker 0: That's good point. Yeah.

Speaker 4: I mean, it's like you're... You're being your criminal because you're not thinking, which means you're probably not gonna be super sexy safe.

Speaker 3: Think guys remember from

Speaker 0: back. Got another 1 too, though. Right? Like, another under...

Speaker 4: I think you was 1 in Florida that was, like, unknown possibly related to the group, but not hundred percent confirmed under

Speaker 0: telling. If you need more security budget, you just point to this and, like, 17 year old kids or hacking Canadian and Gm, we need more money.

Speaker 4: Yeah. I mean, after that... After the Scattered spider alfie, people started doing their thing, we completely changed what we were doing and we're like, let's do this instead because it's way easier than all the hacking we were doing before, which call him on the phone, say, hey, my name Bob The admin. I need a new password. And they're, like, no problem.

It works super well.

Speaker 3: So is called a help desk.

Speaker 4: Yeah. Are we gonna say something about

Speaker 3: previous... Was gonna say to year to your comments about, you know, 17 year olds not really. Bringing up the image of ops sec, I don't know you guys remember about back when the Mgm hack was actually going on, like the actual thumbs that they were sending back and forth, we're very, very much tongue and cheek and, kinda like bra boasting and, you know, giving a lot of, shit to the, the the folks on the Mgm side. So it's... And that level not really shocking that somebody would screw up, like, on the the Side.

Speaker 4: The question is, will they get the bitcoin wallet or not? 15000000, a lot of money or house. I the ransom was somewhere. It was a significant sum of money.

Speaker 0: And the same 1, same vein. Some charges against some lock actors. Right?

Speaker 4: According the just water anyone?

Speaker 0: Wait that it again.

Speaker 4: At the water facilities. There's so many criminal.

Speaker 0: No. Dude Like, everyone got arrested in the last week. They're like, crowds strike happened and no 1 realized. Like, Fbi is doing good work.

Speaker 3: Was the 2 lock? Oh right?

Speaker 0: Yeah yeah. Yeah. You can try to say their names. I can't Mi mikhail.

Speaker 1: Oh, let's see here. Cecilia.

Speaker 4: And go.

Speaker 3: I used to take Russian back.

Speaker 0: I tried. I failed.

Speaker 3: I a bit feed, and arthur. These are for previous folks, but... Was the current guy.

Speaker 4: So these are... They put guilty, which means they were arrested. They actually ended up in... Arizona somehow. And were charged.

Oh, no They were sorry. They were extra expedited.

Speaker 3: Yeah. In June it wasn't it?

Speaker 4: From, yeah, from Canada.

Speaker 0: In the crazy, there's 1 more article too, but that's just an indictment of some people. So.

Speaker 4: And indictment is like, hey, you're bad. Pleading guilty is more like, you're bad and we can prove it. Yeah.

Speaker 0: You're bad. You're going jail. But, yeah, Some great.

Speaker 4: How long how long does 1 go to? Like, what does a potential sent to your lock bit? 2500 decryption fees? But is between... What...

Actually charged with. Yeah. Let's see... Charge with... It says charged with the deploying lock bit ransom, but I'm gonna go ahead and say that's not a criminal code right there.

Speaker 3: Yeah.

Speaker 4: So he's been... He's also been sentenced already in Canada or to 4 years. So... I guess I'll be able give a quick review of Us versus Canadian Prison.

Speaker 3: Conspiracy to commit to transmit ransom demands. Admit wire fraud and intentionally damage protective computers, free actual legal shark. Let's see here. 20 years for wire fraud maximum 25 Yeah. 5 years for the others.

So 25 total.

Speaker 4: So if you do 25 years in Us Prison, then you have to queue get out, and then you have to do 4 more years in Canadian Prison, Like, is that... Is that like, detox from jail or, like, I don't know how that works. Or do you... Like, I'm assuming you would still have to, like, go to Canada and still go to jail. Like, it doesn't count as time served because you were in the different country.

Speaker 0: These are all federal crimes too, so it's completely different. Set of criminals you're gonna be with. Right? Little federal... Usually federal prison is a whole different animal than state.

Speaker 1: Club fit? Or...

Speaker 0: Don't ask me how I know that.

Speaker 3: Or that just gonna be.

Speaker 4: Yeah. Well, okay. Let's talk about this. We we love talking about This. Let's talk about Fizz.

Speaker 0: Which... Is this is this D dhs? Talking in the D dhs.

Speaker 4: That the title includes Rebuke?

Speaker 3: I love that 1.

Speaker 1: 0, yeah. So the

Speaker 4: title is Dhs watchdog, which I'm sure I really understand what that means, but I'm just gonna go with it. Dhs watchdog Rebuke is and law enforcement. Training center for failing to protect data. So it's basically someone being, like... You got breached with the hell man.

You said not to get breached.

Speaker 0: This isn't even... This is actually about like other party.

Speaker 3: Yeah. Vendor risk. It's pretty egregious just if you actually look at the details of the article. The had a vendor that they were using for training. Yeah.

And they have the actual findings. It just there's, like, a bullet list part way through the article of the the findings that Dhs had against the vendor. And then told, Sis said to stop using them val, look at this stuff. This is ridiculous.

Speaker 0: So to stopped using them the day the day after they just paid them, like, 1500000.0 to keep using them.

Speaker 3: No. Yeah. It's brutal.

Speaker 1: You suck. Here's a paycheck.

Speaker 4: Yeah. The Ap team didn't talk to the security team on that 1. Yeah I mean, I guess, like, it's interesting to think about, like, You would think the government of all places would have extreme vetting required for, like, third party vendors. But I guess not.

Speaker 3: But I don't guess you've got standards like Fed, which I'm... Admittedly not personally familiar with having worked in the government space, but I would think it would cover basic, Hygiene, like, the stuff they're calling out article here. But...

Speaker 4: Yeah. Literally the hygiene issues to to clarify for listeners. It says, here's what the contractor... It, they did not actively monitor their data center or hardware health alerts. They deployed hardware at the end of its useful life.

They failed to take snapshots for months before that it was a hard drive failure Pt dub did not meet log retention, audit at long girls and did not obtain authorization, but shared data with the third party recovery service.

Speaker 1: Yeah. Out so.

Speaker 0: I'm gonna tell you those, like, all the all the hardware stuff though, that's not. Federal I don't know. That's not a huge... Who who... As a security person, I'm gonna tell you, I'm not monitoring hardware alerts.

Usually. And

Speaker 4: debating hard security person someone should be. Yeah.

Speaker 3: I thought... I think of... Like, between that and the and, like, the... Funneling data over. Like, it's just...

It's more about the hygiene that that indicates. Right? Let's deploy some end of life hardware. Like, let's not monitor anything. Like, they're that bad on infrastructure like, how bad have they be it will they be on security.

Speaker 0: Do you think they they didn't house... They didn't house any federal. Data then, that's what I... It would be shooting at at this. Since it...

Because it talks about training information, I wonder if that training information doesn't directly it's been up. Yeah.

Speaker 3: That's a good thought. That might explain what the the dis. The disconnect we're all experiencing right now.

Speaker 0: Because I'm sure the Fed right, The Fed guy was probably like a 2800000.0 dollar contract, but this was the lowest bidder.

Speaker 4: Who, knows. All we know is they're right to complain.

Speaker 1: We're using sample data.

Speaker 4: They're right to complain and they should... Be held accountable because...

Speaker 3: The the real pillar

Speaker 1: is hand out that data.

Speaker 3: Because the pillar is where it says that the Cio this... Initially cut ties with the contractor only to re it used 3 days later as per the article. And then that the Cio further recommended accepting the risk because not having used not having the learning management software would be an inconvenience to many users. This good good decision making progress?

Speaker 4: Was there actually a breach? Or is this just a theoretical breed? Is it like, So this is a data leakage thing, but there was no actual breach. Right? It's like they've sent the data to third parties, but third parties never actually got breached?

Or was there a real breach?

Speaker 3: No breach mention.

Speaker 1: It's hard to tell this article has... Is missing so many details.

Speaker 0: I think it's like that on purpose. Right? They don't even mention. The Yeah. Contractor.

Speaker 3: Right it's...

Speaker 1: Yeah. Don't mention the contractor Don't mention who the watchdog organization was. What else? I mean, they've they've... Why do I feel like this is a Bait switch?

It feels like clickbait because, yeah, we're gonna we're gonna say that the Dhs watchdog dog is somebody. We're not gonna to tell you who it is or who the watchdog is or anyway, It just part of what frustrate me when I read articles like this, especially in the wake of of what's going on in the last week. Is that So much of this stuff is avoid. So much of these issues if you just stop and do it right? Am I crazy?

For sales?

Speaker 4: No. You're not. You're a hundred percent. I mean, I would say 80 percent of what we talk about on the show could be remediate by someone at some point being, like... Is this the right way to do things?

Or should we maybe rethink it?

Speaker 1: I mean, I thought it was bad back in the nineties? And people were asking me to send a credit card information over email. It hasn't gotten any better.

Speaker 4: No. Not really.

Speaker 0: Speaking of a not getting better. Boats boats, boats. For ransom wire ransom wire ransom wire.

Speaker 1: U home. Again?

Speaker 0: No. They didn't get they get they didn't get ransom, but they had. So Mer max self described the world's largest recreational boat and yacht retailer. Yeah notified over a hundred and 23000 individuals whose personal information was stolen in March security breach claimed by, Ransom gang. So This data is actually...

So 1 when I first read this, I I didn't even see recreational boats. I just saw yachts, And the first thing I think a yachts is just rich people. I'm like, god, I don't care it's rich people. Like, but that would be an excellent list of whales. To fish and try to get money off of.

That was my, like, number 1 thought about this. Pretty much they got in. They did catch them within, 10 days of the actual breach, which good for them. Like 10 days is I would say not it's not like the shining star, but at least they weren't in there forever. 10 days is pretty good.

And then they were able to ex fill everything out, and if you want all that information on the dark web somewhere.

Speaker 4: Yeah. I mean, I feel like this could be exposure of high net worth individuals and other people that are like, really don't like having their data exposed. Yes. But I don't know. I never really know what a yacht actually is that that picture and the article didn't

Speaker 0: That's you're still me.

Speaker 4: Things are probably still ridiculously expensive, but it'd be funny if someone, you know, there there could be fallout from something like this. Right? Like, who has a yacht and says they don't... Who's using a shell corp to buy their yachts, like, who's, you know, using someone else's yacht or who got a specialty day put in their yacht that gold. I don't know.

There could be some fun details on this. I hope a journalist takes it on and find some fun little tidbits. Who doesn't wanna see photos of inside of weird people's yachts.

Speaker 0: Boats boats are expensive, man. They're secrets

Speaker 3: Have another thousand. Yeah.

Speaker 0: There you go. You said it before I did. Right? It's a good 1. Alright.

What next?

Speaker 4: I don't know. Sean, you got anything you wanna talk about? Gotten art.

Speaker 3: You're gonna... I was gonna say, near and dear to my heart was the update on solar winds. What?

Speaker 2: Yeah. That was it? Yeah.

Speaker 3: There's a new new ruling on all the solar ones suit the Sec versus solar ones case. Yes. No. This 1 is actually what worth we're talking about because it it it gets into you know, dropping a lot of the the charges against solar winds and also, the interesting thing that not a lot of the articles on are talking about is they haven't fully exon the cease. Where is that article.

It's on the...

Speaker 4: They tossed out some charges. They talked about charges.

Speaker 3: Talking in a nutshell, it was, basically what they said was there was... There were statements made by solar winds in the Cis prior to the actual, you know, breach, and then there were things that happened after after it was revealed. They basically threw out everything from after the fact and said it was mostly hearsay say another nonsense. But they're actually still said that the Sec can continue with its suit or or statements made in advance of the breach. I guess, the logic being something like, statements misleading prior.

Speaker 4: Yeah.

Speaker 3: They are still misleading, and therefore, would impact stock price, And therefore comes under the Sec purview, which is

Speaker 4: really for Sec are the ones taking this on, not another Doj. Price type of entity, but or like a state. I don't know someone else.

Speaker 3: Yeah. That that was actually 1 of the interesting parts of this is that the Sec was basically alleging most of its claims based on a couple of old laws around, it's the for reps, foreign practices Act. I'm, I'm probably garbled that a Happy to go find it. But anyway,

Speaker 4: well, there a much of it was... You can't... Like, the c the Cis or the Ceo made statements that were, like, we're totally secure when if they had information that indicated otherwise,

Speaker 2: Yeah.

Speaker 4: They... You know, they could be... But the week... I mean, this made... Like, we talked about this on the show when it first came out because it's actually kind of a crazy precedent to set.

It basically set the president that any Cis cell has to always say either of the securities terrible or they can never see any Pen test reports.

Speaker 3: Well, that's actually the interesting takeaway. Right? So there were there were 2 2 things that the Sec was basing on. 1 was, whether you're making misleading statements that would impact your stock price. And the other more crazy 1 is, there's a section of the, Sec code that basically says, you must...

Make, controls around assets, and my are supposed to be financial assets in the original wording law, but around your company assets, such that they can only be controlled by management. And so the Sec was... The Sec was trying to argue that the code base was its primary asset. And that, therefore, the fact that somebody was malicious able to access the code base meant that they were in violation of that particular clause. The judge through that whole section out completely and said that's nonsense something.

Yeah.

Speaker 4: That would be the same price that would would be, like, every developer is violating this act. 24. Yeah. Right? Like, that'd be.

Speaker 3: And great. Yeah. Exactly. And to tie this all back together for fun. You remember we were talking about the Chevron ruling a few weeks back, and The idea that under Chevron, you defer to the agency, well, this is a case where if you defer to the agency, you would go with what the Sec said.

And the Sec interpretation of, well, no. We're actually allowed to regulate this would be the default under that. And so in the new paradigm, you don't have to defer to that and a little bit of common sense can come in here and say, does not apply. So... Yeah.

This 1 was really interesting. That the the the real killer is they did not completely throw out the charges against their Cis. So... U He is still potentially liable. Yeah.

So that is still a major shift, you know, in terms of... If you guys remember, this is the first time Cis has been put up reliability. Particularly given that he's not actually on the board, and therefore it doesn't have a fiduciary responsibility to clients which. That is the traditional deli litigation between a lot of board members and and other they're just folks is whether you have a direct financial obligation or not. And that's yeah.

Usually shielded people outside that now that we got this weird thing where we're including Cis in that even when they're not an the board, which is very strange.

Speaker 4: I mean, I would say, I... I'm can't blame about to defend Cis, but I got I got a defend Cis because the I mean, the president is insane. The president is like, although, I guess, you know, to to dis instill it down even further. I actually am okay with companies just giving... As we'd have to...

It would be a cultural ship. Companies would have to say, here's the legitimate state of site of cybersecurity. Like we have issues that we're working resolve. It be much more it would be less dog whistle of, like, everything's fine. We're super secure.

We use military grade encryption and more like, we're aware of some threats that have been presented by our security team. We're working to address them. Like, but every company would just say that, so it would kind of, like, reduce down to, like, the same that we're at. Now.

Speaker 0: Boiler plate.

Speaker 4: But that's... So that's 1 option. If if they... I guess if it gets put in, that's what they'll have to do. The other option would be just be complete head ins now San, the Cis knows nothing.

So we can't make any... Or here. She can't make any statements that, you know, are misleading or inaccurate to investors and the Cis is basically just like, a, golden parachute fire position if there's a breach. But I mean, if we're assuming the Cis has to actually be useful and can't be super transparent about the security state of things, which there's a legitimate argument to be made that if the Cis is, like, we have major issues with our exchange servers that that's actually like a security threat. Right?

Like, it's like that you shouldn't probably be talking about that publicly. So you have to have the ability, like, in the article, another Cis comes in to defend kind of this what precedent this would set essentially meaning, like, you wouldn't be able to discuss the state of cybersecurity and still keep your job, which is totally fair. And I I feel like if this if this got if this got pushed all the way through, it'd be kinda damaging to security teams. I because we'll see

Speaker 3: as is a lot of people are talking about, you know, be careful about what you publish about your company's security posture because it might come back to haunt you. And even be careful about you say internally because that's part of what the basis of the Sec lawsuit buzz Was that internal communications did not match external communications. Which is Wow. What is scary world to live where, like, do you have to worry about? Was a problem.

Speaker 4: Yeah. I mean, I think it's, like, I think the biggest problem with it from a security industry perspective is that it takes security out of the conversation 1 way or the other. Right? It takes the security considerations that need to be made out of the conversation for liability reasons that And I feel like that just makes it more difficult for security to operate and do our jobs, Which is really all we're trying to do. We're not trying to make shareholder value.

We're just trying to keep everyone from getting hacked. So, like... Anyway, that's a good article. That

Speaker 3: we'll check. Excuse me being a lawyer. Oh, no.

Speaker 4: Subscribe subscribe to the show or whatever you do and we'll talk about solar ones the next 5 years until that poor case get resolved. Sorry.

Speaker 1: Will it ever be... I mean, what. I don't think it'll ever go away.

Speaker 4: Yeah.

Speaker 1: It just is it just me or just... Does it seem like doing security well keeps getting harder? Because I mean, we even had the the Supreme Court. I can't read the entire article from wired because it's behind a pay wall. But it it it looks like we are fighting that's the 1.

We're not only fighting the Sec. Now we're fighting the Supreme court, and we're just fighting the general inertia of of people. It just Like I said it.

Speaker 4: So what is this article? What do they knee cap? Tell me what happened?

Speaker 1: I couldn't read

Speaker 3: the chevron ruling.

Speaker 4: Oh, that's the Chevron which chevron...

Speaker 3: You all know. I disagree with the take that that 1 is the end of, you know, regulations as we know it, But I seem to be the minority voice on that 1, although... There's a lot of fun going around if you asked me.

Speaker 4: Yeah. I don't know. I guess I would say, like, to answer Braun one's question is security getting easier harder. I think... A lot of ways it's getting better.

It's just changing. The landscape is changing. It's more coming... I think security in at least in the 10 years, I've been in the industry. Has been more coming into the light which is good and bad at the same time.

Right? Like, no longer are we hiding in the basement just secretly patching systems and no 1 knows what we're doing but, like, hopefully we're doing our jobs, helps, you know, security as an industry is being brought way more into the focus of, like, this matters. Let's get some transparent transparency. Let's get regulations. Let's get things pushed.

Let's get like, fix this law, make that new law. I think there's gonna be good things about that, like, 1 good thing that I think about the top of my head is the whole, like, security researcher thing. Like, Doj basically said years ago, we're not prose security researchers like stop trying. And I think that's a positive for sure. I mean, we also talked earlier on the company call about how you used to have to install software with Floppy disc.

So I think... In that respect, it's gotten a little bit easier. But, I mean, I think it's just being brought to the light also means now we're in the light. So there's... People are gonna say, wait.

This is how you do things. Don't do that. You're not allowed to do that. That's illegal or that's against regulations. And so I think it's just getting more complex if nothing else, but that's just the nature of industry.

Like, when when doctors started being doctors, they were just, like, what's washing your hands? I don't know about germs off like you know, It was they were just like, putting people's arms off because they couldn't figure out what was wrong. You know,

Speaker 0: Reading Reading logs is a lot easier. There's just a lot more of them, so it's harder.

Speaker 4: Yeah. I, like it... Exactly. And, like, I don't know. That's my first all take.

I don't know, other people might have different take. But I think it's just more complex. It's more... There's more... We...

Security has more of a role to play, and I think that adds complexity and I'll there's also the legal and regulatory landscape to mess around with.

Speaker 0: And not just... And the overall landscape of an organization. Right? Like, what the tools they're using. There's more things we have to like, look at snowflake, right or the cloud or other other stuff vectors that can all be taken advantage of the get in.

Manages personal phones and stuff like that too.

Speaker 4: I mean, that's true, but also, like, think about when people used to design horrible Mvc apps, and they all add tons of security bot. People's plates Yes. We you can get snowflake hacked but at least you didn't roll your own encryption and, like, forget to do that for

Speaker 1: your whole company...

Speaker 4: You know what I mean? Like... Well,

Speaker 1: yeah. Sorry.

Speaker 0: I have

Speaker 4: Mean it's just the threat the threat landscape changes over time. Just this just the nature of the security.

Speaker 2: Yeah. I think I think it's it's much more complex for for staying up to speed than it was years ago. Like, years ago, you could just kind of... Get a, security training, get a security cert, and you could just, like, sit in that knowledge for years and nothing really required that update. And now you just...

You really just needs to to stay on the cutting edge. A lot. You need a lot lot of the updates you needed a dial a lot of dynamic trainings. And So in 1 way it has gotten better, but you need to put that time into you know, learning and staying up to data and things which... Hey.

Listen to our news and D his and oh, create Yeah.

Speaker 4: I mean, I think, like, the... What's happening, a lot of the bridges we talk about are people are just running at a really fast. Ace and aren't stopping to ask questions like, like, you know, to talk about the is a third party 1. It's like, no 1 stopped. They were, like, we need backup.

Okay. How are we gonna do? Oh, we'll just send it to the third party. No 1 said, hold on. We can't send this or Dhs data to a third party.

We need to, like, we no 1 like, stop and said, Hold on, I actually know the regulations. You can't do that. Right? Like, you can't just be sending data to third party. Or like, with Crowds.

They were running, They were, oh, Ai, machine learning, batches, features, sales, money, and they were like, hold on. Did anyone like, read the code that of that last patch that went out, and then they're like, oh, 0, did you read it? I thought you read. Like, you know, it's, like, that pace and complexity does lead to things getting forgotten her overlooked. I...

And we all need to just... I mean, who knows, but there's gotta be a fix for that.

Speaker 2: Yeah. Right on.

Speaker 4: Alright. Last article. Our favorites our favorite government Si up War thunder. So

Speaker 0: I didn't realize how many times They've done it. But Oh, it's like every week. At that's like article. It's... The European typhoon jet fighter, the A h 64 d Apache Long bill attack helicopter, the Chinese V, the 4, the M2A4 Bradley, and then I also know they did the f 15 and the f 35.

So once again, someone is leaked class if I had Russian tank information on a War thunder to prove a point.

Speaker 4: It's kind of a meme. It's kind of memorized point.

Speaker 0: So study... If

Speaker 4: I think it's just marketing for the military. That's my opinion. They're just leaking these documents so people wanna go fly these planes and then enlist and there.

Speaker 0: So you're saying War thunder is p your propaganda game.

Speaker 4: That's why that's my that's my conspiracy security content.

Speaker 0: I believe it. I believe it.

Speaker 4: But it is... I mean, it is kind of funny. It's just like, a sufficiently motivated threat actor. With enough time will eventually gain access. But is something they should not haven't been able to.

Speaker 0: So it was leaked was 3 russia 3 of Russia's main battle tanks, which were the t 90 m, the t 90 s, and the T80B vm, which are all currently deployed in the Ukraine.

Speaker 3: So those are some of their most recent designs actually.

Speaker 0: So theoretically, we could go get those user guides. Right? And then drive a tank. III already have a link to the Pdf if anybody wants it. Please fill...

Speaker 3: Does it

Speaker 4: have, like, an operators manual to see how to drive a tank by yourself? Yeah. Turn page 782.

Speaker 0: The... This is just great stuff. I couldn't believe how many times they've leaked before, like, this the this community is just great. That is interesting like

Speaker 4: like, okay. Other games, This is like, specifically about military, Yeah. Combat simulation. Right? It it makes you think about the subject matter, does actually have an influence on what ends up getting discovered about the subject matter.

Right? Like, if the subject matter was, you know, hacking or whatever, that would be interesting to see all the classified data that would get leaked about hacking because, like, you know, it would be... It's just funny to think about, like, they happen to pick military combat as the, like, subject matter. But, I mean, we talked about it last week, Disney. Like, people are...

If people are willing to hack Disney just to see those juicy chats about, you know, the next Star Wars or whatever. So. I don't know. It's weird. Like, you get a sufficiently interested of audience and weird stuff happens.

Speaker 2: Oh, it's, you know, white side that, you know, leaks are because of the sweaty nerd fights. And, yeah. That's it because you get into like, a fight and somebody goes, like you don't know what you're talking about and you're, like, the hell I don't. Like, here's the here's the document. It's like, else I do the class files.

Like, you know, I... It's like, you know, represent I know I know what I'm talking about. Here's the files And Yeah.

Speaker 4: I mean, the question is what percentage of worth under players are actual x... Operators of the equipment they... Like, is it, like, once you know how to drive a tank, you just keep 1... You never wanna stop driving a tank or something? I don't know.

Speaker 3: If you see that with pilots, a lot, fighter pilots. A lot of them go into commercial aviation.

Speaker 4: Sure. Yeah. I mean, I don't know. Or thunder keep you to you. I mean, I I will say there's also the argument of, like, should some of the stuff still be classified or is it just stand classified because it is because it...

I guess it's still in muse.

Speaker 0: So did anybody watch the a... The A light on Star Wars?

Speaker 2: Yes.

Speaker 0: Yeah. Yeah. What it will... So so there's a big fight because 1 of the big star Wars guys said, like, Si didn't exist at that point. Right?

And he's technically... In the newer newer... The most recent trilogy. Monday. K.

Adam claimed there's no so everyone freaking could blew their mind because, like, hey, he would, like, how does he not know sis with that? He says it about, like, hundreds of years later, like Sis haven't been there for a millennia? What if the Disney hack occurred? Because someone was trying to prove Coyote Moon. Correct?

Trying to find the data, find it trying to cheat the tank manual for Star wars. That's all I'm saying. Sure.

Speaker 4: No. I mean, yeah. You're right. Like, I I guess... Yeah.

I mean, all I can... The only other thing I can think about is just laughing about a company coming in for. And we're like, okay. What's your like, worst case scenario? And they're like, lots leak.

Well, the... Our chat logs leak is a normal scenario because you just assume that do damage but it's like, our worry is that our fans will post classified documents to our servers because they're arguing with each other. Can

Speaker 0: do Yeah.

Speaker 4: Just An interesting threat model. It's, like, obviously, they're the ones hosting the content. Right? It's like, oh, crap. It never happened.

The threat is gone.

Speaker 0: The power of 1.

Speaker 1: Regarding to the Regarding the Disney breaches, don't underestimate the power of greed in the movie industry. I mean, industrial espionage is just really bad. I've had to resign enough Nda, over the years just to be able to not even look at a script, but look at software that might come in contact with a script. It's scary.

Speaker 4: Yeah. Alright. On that note, it's scary. I think we should should we should we call it?

Speaker 0: Yeah. I think we're gonna call it.

Speaker 2: Where right.

Speaker 0: We we did a lot of... A lot of news today. This was actually, like, we ran through some stuff.

Speaker 1: No through... We didn't stay free of the crowds stroke issues, but We did keep it limited.

Speaker 0: We talked about it enough, I think.

Speaker 3: Because it was new angles too, you know, it wasn't just dunking on, you know, like, everybody else.

Speaker 1: I do I do feel sorry for the the It technicians who have to go and Yes. Update and fix all of those systems because that is it would be so nice if a fix could just be pushed out, but having to manually go, that is just Yeah.

Speaker 3: Yeah. It's sold. I can think was.

Speaker 4: I mean, there's also, like, to give a fun little thought experiment for the last? Like, how many people are gonna be provisioned with Admin act? Us this weekend and they're never gonna have it revoked.

Speaker 0: Oh, that's like Find. That's a good point.

Speaker 1: I get potter right there

Speaker 4: How how many Okay How many, like, let me leave everyone with this horrible thought. How many users are gonna give be given local admin this week and are never gonna have it taken away.

Speaker 0: Alright.

Speaker 3: That'll be the headline for a month from now We'll be talking out.

Speaker 4: Yeah. All the figures everyone. Have a good week.