0:27

my

0:29

first thousand , one

0:33

sixty nine hi

0:37

my name is series now and joining me

0:39

tonight as always mr

0:41

andrews tell it

0:43

good afternoon or evening or morning as

0:45

a case may be juri i'll reserve i

0:47

am fantastic are you

0:49

i'm good i'm good

0:50

it's so you're going on

0:52

today the some

0:55

we are

0:56

two months left summer

1:00

indeed but duel and

1:03

by fast can't believe it or i just the

1:05

a reminder the thoughts and

1:07

opinions we express on the show or

1:09

hours and do not represent those a of

1:12

our employers and by the way we are not

1:14

despite what some

1:16

marketing firms might want you to believe we are

1:18

not

1:19

who was sitting

1:21

for pay

1:23

yeah

1:24

that was a crazy story that team interested

1:27

them

1:27

the or flags out there are telling people

1:30

that there are certain amount of money that they

1:32

pay they can get them on our show

1:34

that was news to us

1:36

definitely news to us but hey

1:38

look let you know this be honest like

1:40

you come with a big enough check and

1:42

we could time

1:44

the same

1:46

everything in life is negotiable for not

1:48

ashamed to say we can be bought

1:50

that's right

1:51

for it might be expensive might be more than

1:54

the most people are willing to pay but certainly

1:56

not worth it that's for sure but don't yeah definitely

1:58

not worth it

1:59

but there it is

2:02

there's some interesting stories for the

2:04

sydney one quick follow up that i wanted

2:06

to mention from the last either lesser

2:09

than the one before that microsoft

2:11

has a reasonable macroblocking

2:13

so

2:14

they breed re-enabled

2:17

macroblocking

2:17

turn

2:23

off, turn on, zoom that somebody

2:26

maniacal laughing at a conference room

2:29

watch lists i dig the real answers

2:31

they got some feedback and the sperm something

2:33

important somewhere in l a go april back

2:35

on school fix added and roll back out i'm

2:38

quite certain to read about that

2:41

all right so the first

2:43

story or to night comes

2:45

from bleeping computer dot com

2:47

the title is cosmic

2:50

strained you yeah fi mil were found

2:52

in gigabyte

2:54

the aces motherboards we've

2:56

talked a bit about this in

2:58

the past but it is really

3:01

starting to become a thing now

3:03

story here is about a simple

3:05

year old piece of

3:08

mail where the impacts

3:10

motherboards which has been

3:12

seen most recently in an updated

3:14

formed impacting

3:17

apparently still old for motherboards

3:20

it's again we're starting

3:22

to see the worst case scenario here

3:24

because there is no easy

3:26

way who either detect

3:29

or clean a system that has

3:31

been compromised in this way know

3:33

that that particular piece of malware

3:36

here is here is a pretty rudimentary

3:39

what it does is it it uses

3:41

a vicious eight forces the

3:43

forces windows civically the

3:46

tax windows it forces windows into

3:48

a an older model oldest

3:50

older style model in

3:52

it injects kernel modules into

3:55

windows to maintain persistence if

3:58

you read through the article this actually

4:00

i wish i was not

4:02

really where

4:03

there's some significantly more advanced

4:06

this is of you yeah five

4:08

malware that are much much more

4:10

sophisticated they don't rely

4:13

on putting the boot

4:15

process into a legacy mode which

4:17

i presume will be easier to detect

4:19

and and i think maybe with

4:22

like windows eleven it me not

4:25

be possible anymore because i think

4:27

i think some of the new operating systems

4:30

actually rely on secure boot which

4:33

i don't think this the

4:35

specific piece of malware would work with some

4:38

of the others that are described player

4:40

and in the article actually would and

4:42

a again this is a centrist

4:44

thing they talk about

4:46

in from at it though

4:47

referenced articles about how the people

4:50

are realizing that they're in infected

4:52

with is because they're just they

4:54

suddenly see windows accounts created

4:58

and

4:59

re re occurs after a

5:02

fresh fresh reinstall

5:04

though it is again pretty pretty

5:07

much worse case scenario now is very

5:09

much

5:11

the unclear how this is actually happening

5:13

there's no indication of exactly

5:16

what mechanism is

5:18

been used to plant the the malware

5:20

into the motherboard but there's

5:22

and there's some other he

5:25

says of of similar

5:27

malware that are actually known to be

5:29

looking for vulnerabilities and us

5:32

you yeah probably

5:35

not far fetched thought that

5:37

this is also doing that

5:39

i'm not saying it was aliens what

5:42

it was a reads the now

5:44

this is an interesting was we danced around

5:46

this topic before

5:48

that

5:49

the real me detection and defense

5:51

mechanism here is the

5:53

detected downstream impacts of it whether

5:56

that's at the never clear whether that's and

5:58

the behavior of us doing things that should

5:59

do which

6:02

the as heck about the game to play

6:04

because of how still see the adversary

6:07

me want to be or could be

6:09

so it's a tough one i'm certainly

6:12

one of the manufacturers have done

6:14

things to make this harder to pull

6:17

off and harder to to offer a

6:19

different were but was to say the next

6:21

supply chains attack couldn't go after some the

6:23

firmware updates at the factory

6:26

the this the as the exact concerned

6:29

and you're right in this particular case

6:31

in a few like it

6:33

the reason that was detected was because they

6:35

were they were using the you if you

6:37

yeah fi the know

6:39

where to install more traditional

6:42

pay for me pay more traditional persistence

6:45

at the operating system level that

6:47

doesn't necessarily have to be the case

6:50

yeah it does make some sense because i don't think the u

6:52

e of i

6:54

memory space is huge to pry can

6:56

do much of his he'd worked

6:58

there but you can easily plants

7:00

and persistent back to worst that can load

7:02

more sophisticated malware very

7:04

true

7:05

it's interesting and we used to we say what's

7:07

hoses compromise you can never trust the less again

7:10

when you start seeing what's the hoses comprise you

7:12

can never trust the hardware again

7:15

i think in it's current

7:17

the incarnation i think that's becoming

7:20

crew

7:22

i suspected over time the

7:24

the hardware manufacturers are going

7:26

to start having to open things up a bit

7:28

so that they can be wiped her

7:31

or new types of detection and protection

7:33

mechanisms implemented that

7:35

i think is it exists today we

7:38

have very limited abilities to

7:40

every flash the the parts of the

7:42

system that are actually being impacted

7:44

here

7:46

and sixty one scary

7:49

but hopefully not terribly widespread

7:51

pardon me so same emir option is to go to

7:53

plot environment with has to work spaces that awfully

7:56

are susceptible to this is why been rebuilt

7:58

months and week

7:59

that's overkill

8:04

right the second story comes

8:06

offer from bleeping computer him in the title

8:08

here is hackers scan for vulnerabilities

8:11

within fifteen minutes of disclosure

8:14

we know

8:15

for a long time that

8:18

the amount of time from

8:20

winner of vulnerability is announced

8:22

to win

8:24

under active attack has been shrinking for

8:26

long periods time

8:28

this story here is about a

8:30

unit forty two report

8:33

that indicates in in their analysis

8:35

it takes about fifteen minutes on average from

8:38

a software vendor releasing details

8:41

about a vulnerability who

8:44

some number of actors don't

8:46

know that is a malicious or are

8:50

benign scanning the internet looking for those

8:52

on abilities and they point out a couple specific

8:54

examples one of the most recent five

8:57

a guy p vulnerabilities

8:59

and it

9:01

purposes the by the way i should say

9:04

backing up or so note

9:06

that necessarily these adversaries

9:08

are these actors are are exploiting

9:11

within fifteen minutes they're scanning

9:14

looking for systems looking

9:16

to identify systems that are are

9:18

connected to the internet that have that vulnerability

9:22

the and

9:24

power one assumption is that that

9:27

list of the own

9:29

affected systems provides an easy

9:31

said any the set of targets once seat

9:33

the adversaries have a list of

9:36

are you have a means the exploit

9:38

these new vulnerabilities

9:40

it's also interesting to that and deeper

9:42

in the report the talk about

9:45

what is most commonly exploited

9:47

which are things that are also heavily skyn

9:49

forks ah but are very old

9:53

exploits

9:56

so i i think we see a couple things

9:58

we see folks looking for new ones very

9:59

the

10:00

which who knows maybe they could do

10:02

something with it later in or sell access to

10:04

it or whatnot but at the same time will we see most often

10:07

the exploited or relatively

10:10

old patched vulnerabilities

10:13

which makes you wonder in some point

10:15

the

10:16

that patched folks are just on for the hid

10:18

war is there some self selection

10:20

heroes hey if they're not to date and patches

10:22

maybe they've got weaker security overall or

10:24

wheels turning mindset tweeters could investment

10:27

that makes him is that a leading indicator

10:29

the

10:31

the vulnerability overall of an organization

10:33

of them to go after that makes it a safe

10:35

for target

10:36

the tension and you want gaming out some psychology

10:38

or but makes you wonder if not it's

10:41

probably not an unreasonable thought they

10:43

did you point out that the exploitation

10:46

is a means of initial entry is only

10:49

exploitation of suffer vulnerabilities is

10:51

only a little less than a third

10:53

of the initial method of compromise

10:55

to the predominant

10:57

that it still remains fishing

10:59

and i suspect what

11:01

you said a lot of the more interesting companies

11:04

more sophisticated companies are probably

11:06

pretty good it addressing

11:08

most of the older vulnerabilities

11:12

but obviously it's pretty

11:14

pretty pervasive problem i think

11:16

that when you look at something like log for j

11:18

which they said the can is for

11:20

fourteen percent the

11:23

exploited flaws in the first half of twenty

11:25

twenty two that's gonna be here for a long time

11:27

we i think it was said those the

11:30

us department of homeland security recently

11:34

the indicated that they considering

11:36

log for j heard that the like for

11:38

show vulnerability says basically

11:41

endemic they're gonna be here with us for

11:43

a very long time the

11:46

just so many places

11:48

to we don't even realize anymore

11:51

yeah it's interesting idea

11:54

the also wonder about i

11:56

don't have any waited to stop this should

11:58

i think that the few

12:01

wanted to avoid the bad guys

12:03

for scanning for new vulnerabilities you'd have to be more

12:06

secretive about the gonna release are out there and been

12:08

patched and i don't was answers anybody

12:11

well so i think this is one of those the

12:13

negatives the come with the positives of widespread

12:17

notification that

12:20

is and exploits and problems that exist out

12:22

there but certainly we do inform the bad

12:24

guys when we patched us then i

12:26

don't know the move really gonna get away from

12:28

that tickets mourn for the more people be notified

12:31

and aware

12:32

then i don't know that any way you could

12:34

really up he skated couldn't be quickly defeated

12:36

any won't notice that is for sure

12:39

the only time that you really have

12:41

that is that we we see it working i

12:43

think

12:44

the we see it working relatively well

12:47

when

12:48

software manufacturers have an embargo

12:51

and they work with a set of of providers

12:53

and we see the

12:54

quite often and like with club provider

12:57

where they get it out to will idea where you

12:59

know

13:00

intel or microsoft or the

13:02

linux group will release like

13:04

this really gnarly vulnerability in the cloud

13:06

providers will all say today

13:08

and we're already patched and

13:10

in then everybody else's

13:13

is scrambling trying to

13:16

the save themselves

13:18

that's an interesting problem bread

13:20

or interesting

13:22

the the classes i'm around volubly

13:24

disclosure what you've also got

13:26

such concentration of risk and com runners i get

13:28

it and they so far

13:30

have an think leaked and the an adder

13:32

been

13:33

the unreliable in their embargo

13:36

of that information so

13:38

i don't know but it makes me a little leery or

13:40

little uncomfortable

13:42

yeah it's like you said

13:45

i don't think this is emily deceived a

13:47

great answer to this it's to stay at the

13:49

a problem insisted we have in

13:51

the industry

13:52

there enough

13:55

right the were story this was

13:57

one that i had been watching over

13:59

for a kind of

13:59

all over the course of the past

14:02

the two weeks

14:04

there's

14:05

the company in

14:08

india called pay to mall

14:11

i think it's called payton plus

14:13

peyton

14:14

the a y t m

14:16

the and

14:18

very recently a data

14:20

breach had been reported to

14:23

have i been toned

14:25

and another organization called firefox

14:28

monitor picked up the data breach from

14:31

have i been poland the

14:33

and is started warning your customers

14:35

of this paid him mall organization

14:39

paid a mall came out with their their fangs

14:43

we we say no this is a absolutely

14:45

false then at a time

14:47

i remember thinking gosh this is gonna

14:49

be interesting to watch unfold because we

14:51

seen as a lot of times in the past where

14:54

in organization is in denial that they were

14:56

in fact but what

14:59

appears to have happened here is that this

15:01

group is apparently right

15:03

the they were

15:05

hacked or really

15:08

they were it wasn't it wasn't the the result

15:10

of this what apparently happened was

15:13

some some actor in the

15:15

past i guess was movie about

15:17

two years ago apparently

15:19

cobbled together like girls data

15:22

of about three point four billion

15:24

the counts

15:26

and asserted that it was

15:28

from paid more

15:30

then reported it to have i been

15:33

poland to end it was off to the races

15:35

from there and in

15:37

anything it kind of points to some of the challenges

15:40

with

15:40

validating especially when the

15:42

allegedly breach organization isn't necessarily

15:45

super forthcoming by a would imagine

15:48

that it in organizations have i been poland

15:50

has to make some assumptions

15:52

otherwise they're like they're never

15:54

going to that they're never going to assert

15:56

that something is real

15:59

what is their verification requirement

16:02

there and to be be fair have i been

16:04

honed his been excellent

16:05

iran and organization and

16:08

a not disparaging them at all

16:10

trounced and a great job with and then there's

16:12

been very helpful very meaningful so we'll

16:15

things like this happens sometimes i'm sure the bad

16:17

guys like as thin as sounds

16:19

like what can happen here with enough

16:22

veracity to make it seem real

16:25

it it exactly and is good to

16:28

see that through some means obviously

16:30

that that there's no details

16:32

on the back and forth between eight

16:35

a mall and and to have i been

16:37

poland or firefox monitor the

16:40

not say they were able to work it out somehow the

16:42

rebel does it to establish that know intact

16:45

that wasn't then i assume

16:48

that the the legitimately

16:50

come to that conclusion in that wasn't the result of

16:52

crazy amounts of of legal

16:54

threats but how hard is it to prove a negative

16:57

item level of the sun like know we

16:59

really didn't get hacked so bit but at

17:01

the same time i think it is also or

17:04

is also interesting that

17:06

he the mall released a statement

17:08

that said something some effect

17:11

their customer data is absolutely

17:13

safe

17:15

it

17:17

the

17:18

now some is going to to go sir test and that

17:21

yeah i read a lot of somebody

17:23

i bet that

17:26

statement concerned me a little bit because

17:28

at that is asserting things that

17:30

they may not actually

17:32

they may not actually know but but regardless

17:35

it's interesting i have seen in

17:37

i have had personal experience by the way

17:40

the

17:40

malicious actors making

17:43

are unsubstantiated and

17:45

and actually false threats

17:47

ago teenagers do not count in the story

17:49

well this

17:51

true

17:52

they didn't super frustrating by the way

17:54

when that happens because the at the presumption

17:57

in the media these days is that

17:59

for right or wrong

18:01

the the the hackers are

18:04

right that they are they

18:07

whatever they say is correct

18:09

in has been interesting

18:11

hey because well

18:13

there by nature somewhat criminal

18:16

organization

18:17

in were in what will

18:19

typically trusting what they say interesting

18:21

stuff interesting did you think that think large

18:24

measure most of the time it's time

18:26

it's unfortunately there's a

18:28

just a

18:30

significant number of data breaches that

18:32

that happen all the time so

18:36

that saying that we we have to back

18:38

off trusting anything

18:40

like that because we know it's happening it

18:42

isn't interesting nuance

18:45

and i think as time goes on we're going to see

18:47

more of these because as easier if we think about

18:49

it if you're a militia sector looking the

18:51

make a name for yourself the let easier to

18:54

make into unfounded claims that you

18:56

affect somebody

18:57

the actually heck them

18:59

or you just want to disrupt some buddies operations

19:01

are their stock price or whatever exactly

19:03

as he i'd say that we see this

19:05

as well with ransom were realization starting

19:07

to posts to their victims

19:09

are to force them to comply and

19:12

it's not much of a stretch for them to start lying

19:14

about that hundred percent absolutely

19:17

so it's so simple it keeps it interesting

19:19

indeed lead is or that is the show

19:21

for today so little abbreviated

19:24

hope everyone is doing great the

19:26

summer or winter this year

19:29

on the other side of the planet

19:32

if with that we will catch up

19:34

with the next time nanny closing thoughts maybe

19:36

we'll talk about the next time but i was just

19:38

reading an article just before we started recording

19:40

that it wasn't prepared to really talked about buds

19:43

it was about all the hacktivismo it's a going

19:45

on against russia due to the ukraine conflict

19:47

and a massive amounts of data dumps that

19:50

are coming out of it

19:51

and whether or not something interesting or to

19:53

she's in air but the the people who are trying to

19:55

come through it or so overwhelmed by the

19:57

data they don't know what the heavier

19:59

retreating come to that he

20:02

added this i think there's

20:04

i hope i've seen some headlines about that there's

20:06

also been a recent revelation

20:09

that the us federal court

20:11

system was apparently breached

20:13

the u n and not well

20:15

publicized that i'm

20:18

looking do is looking forward to

20:20

how that unfolds and we should by the way because

20:23

if a government agency we should get a lot

20:25

more details about howard

20:27

and in what happened then

20:29

you it what we've talked about in the past

20:31

with regard to some other i

20:34

guess a call activism

20:36

the

20:37

software open source software maintain

20:39

years continuing by the way

20:42

who

20:43

the poison their own works it as

20:45

as part of a protest

20:47

against the a particular the war in ukraine

20:50

more we more to come on those

20:52

topics and will will be looking at that for next

20:55

time

20:56

sounds good to have a great week everybody

20:58

always fun talking tune can freezes

21:00

up on the twitters that lurks

21:03

l year g there is an wishes

21:05

link casually on

21:07

the twitters occasionally

21:11

has turned into a crazy cesspool of

21:13

anger so i limit

21:16

my interaction myself

21:18

i've had to

21:19

for for the sake of mental health i

21:22

said

21:23

who limit my conception of twitter

21:26

yeah it's crazy eyed and absurd to realize that

21:28

your outrageous their business model

21:31

in so

21:32

that doesn't lead to good things as a great

21:34

way to have it like that

21:37

anyway a regular of

21:39

thank you all have a great week see

21:42

below